SUMMATIVE ASSESSMENT BRIEF
|
Author |
Duncan Greaves |
|
Assessment Type |
Summative assignment |
|
Weighting |
100% |
|
Release |
Week 3 |
|
Deadline |
Monday following Week 8, 13:00 (UK time) * |
* If this date falls on a UK public holiday or a University of York closure day, the submission date will change. Please check the submission point in the ‘Assignments’ area of the module in Canvas for the exact submission deadline.
I. Module Learning Outcomes
The module learning outcomes for this module are as follows:
MLO 1. Identify and analyse major threat types in a variety of systems.
MLO 2. Propose an appropriate high-level security management approach for a security-sensitive system in a defined regulatory environment.
MLO 3. Critically evaluate and apply a standard risk assessment approach/tools to identify threats to a system.
MLO 4. Critically assess the relative merits of specific solution approaches for particular contexts.
MLO 5. Critically discuss leading edge research in cyber security and the challenges faced.
MLO 6. Critically evaluate the legal and ethical issues in cyber security.
This assessment addresses all the module learning outcomes listed above.
II. Assessment Background/Scenario
The York Satellite Navigation Company (YSNC) is a fictional commercial satellite company who are planning to operate a number of Low Earth orbit (LEO) navigation satellites to provide an alternative to existing satellite services like the Global Positioning System (GPS) and the Global Navigation Satellite System (GNSS). The service being proposed by the company is “Providing a reliable satellite navigation service”.
The required satellites have been successfully launched into orbit, and the company is preparing a Risk Management Plan prior to launching the new service. This involves assessing potential risks, threats, and weaknesses in the Ground Based systems, the Communications systems, and the Satellites.
You have been asked to produce a cyber security risk management plan for the service for the company board of directors, and to comment on any additional issues and technical areas relating to cyber security, which may need further consideration or research activity to allow the service to succeed and develop.
To do this, you will need to make assumptions about the business scenario or design in order to propose solutions; this is acceptable provided any such assumptions are realistic and clearly stated.
Assume that the Board members are already broadly familiar with the scenario and documents that have been cited here. However, you should state the details that are important to your arguments.
In assessing the potential service offering, you should pay particular attention to any security specifications, requirements and documentation relevant to the service being proposed. You are advised to consult additional external sources such as:
· The CCSDS “Security Threats Against Space Missions” document, available from (https://public.ccsds.org/Pubs/350x1g3.pdf)
· The Cybersecurity Body of Knowledge (CYBOK)
· National or international standards and legislation to inform and support your work.
instruction