In this week’s tutorial led by Fernando Silva, the LLM students enrolled in the “EU and Global Cybersecurity Fundamentals” course will put their knowledge acquired during Monday’s lecture to the test! 

Today’s interactive, problem-based learning assignment consists of carrying out a risk assessment for a fictional Dublin based software development company, located on the top floor of an office block in the city center. 

In the scenario, the fictional company is fitted with network cables, power, and its own computer room, which has an Uninterruptible Power Supply that can keep the current level of servers up and running for 15 minutes. An Internet Service Provider for the company provides 100 Mbps over a fiber connection. The company hosts its own website within its own computer room and is protected using a firewall. The company has 100 users who have either a desktop or a laptop computer running the latest version of Windows, and 25 staff members have business mobile phones. Furthermore, the company has its own email server running up-to-date versions of Microsoft Exchange Server and Microsoft Windows Server. It also has a file and print server and a server used to host the company’s source code for its products. All servers are running up to date versions of Microsoft Windows Server. 

50 employees work in the software development team and each developer has local administrator access to computers, which allows them to install and uninstall software they need for their job. While all computers have anti-virus software installed, each computer is running the anti-virus software that came bundled with the computer when it was purchased, meaning that there are multiple types of anti-virus software installed.

The company develops a software package that is used by its banking clients to assess their clients’ mortgage requests. The software package is currently installed on site with each individual customer. As the information security manager of the company, the students will work to design and present a solution to reduce the likelihood of the company being a victim of malware and DDoS attacks. Specifically, students will outline the solutions they selected and prioritize them based on the level of risk they are trying to control, the impact the solution will have (high, medium, low), the ease of implementation (high, medium, low), and finally, highlight any potential negative impacts of each proposed solution.