FACULTY OF INFORMATION TECHNOLOGY
Information Systems 512
2nd SEMESTER ASSIGNMENT
Name & Surname: VALENTINO KYLE NAIDOO ITS No: 402103668
Qualification: BACHELORS OF SCIENCE IN INFORMATION TECHNOLOGY Semester: 2
Module Name: Information Systems 512
Submission Date: 16-09-2024
ASSESSMENT CRITERIA MARK EXAMINER MODERATOR
ALLOCATION MARKS MARKS
MARKS FOR CONTENT
QUESTION ONE 30
QUESTION TWO 30
QUESTION THREE 30
TOTAL MARKS 90
MARKS FOR TECHNICAL ASPECTS
1. TABLE OF CONTENTS
Accurate numbering according to the numbering in text 2
and page numbers.
2. LAYOUT AND SPELLING
Font – Calibri 12
3
Line Spacing – 1.0
Margin should be justified.
3. REFERENCE
5
According to the Harvard Method
TOTAL MARKS 10
TOTAL MARKS FOR ASSIGNMENT 100
Examiner’s Comments:
Moderator’s Comments:
Signature of Examiner: Signature of Moderator:
Page 1 of 13
�QUESTION ONE [30 MARKS]
1.1 Discuss the various types of digital security risks mentioned in the text and their
potential impact on individuals and organizations. (10 Marks)
1.2 Explain the role of insider threats in compromising digital security. Provide examples of
both intentional and unintentional insider threats. (10 Marks)
1.3 What measures can individuals and organizations take to mitigate digital security risks?
Discuss at least three strategies in detail. (10 Marks)
QUESTION TWO – PRACTICAL POWERPOINT (30 MARKS)
Instruction: Use Microsoft PowerPoint Application to design your own presentation based
on the information provided below.
2.1 Assume you have just graduated, and you plan to start a new business. You are seeking
funding to launch your business and have been invited to present your business concept to
potential investors. Using your business concept, prepare 10 professional PowerPoint slides
for your pitch. Once your slides are complete, copy them and paste them into a Microsoft
Word document that will serve as your assignment submission. Use your creativity to design
an effective and engaging business concept pitch for the funders. (30 Marks)
QUESTION THREE (30 MARKS)
3.1 Explain the importance of system testing in the development of life cycle. Discuss different
types of testing (e.g., unit testing, integration testing, user acceptance testing) and their roles
in ensuring a successful system deployment. (15 Marks)
3.2 Analyze the impact of cloud computing on system development practices. How does the
cloud environment influence system design, deployment, and maintenance? Discuss with
reference to specific examples. (15 Marks)
Page 2 of 13
� Table of Contents
Assignment details ................................................................................................................. 1-3
Assignment Rubrik .................................................................................................................. 1
Assignment Questions ................................................................................................................. 2-2
Table of Contents ...................................................................................................................... 3
Question One (30 Marks) ..................................................................................................... 4 - 6
Question Two (30 Marks) ................................................................................................... 7 - 10
Question Three (30 Marks) .............................................................................................. 11 - 12
Bibliography ............................................................................................................................. 13
Page 3 of 13
� QUESTION ONE (30 MARKS)
1.1 - Discuss the various types of digital security risks mentioned in the text and their
potential impact on individuals and organizations. (10 Marks)
The emergence of the digital age has brought about numerous security weaknesses that
pose significant risks to both individuals and businesses. Among all of these, malware and
ransomware attacks are particularly noteworthy. These attacks can incapacitate entire
networks, leading to the possible loss of important data and potentially forcing victims to
pay substantial amounts to regain access. The widespread WannaCry ransomware attack in
2017 affected numerous computers worldwide, underscoring the substantial impact such
attacks can have on global activities (Symantec, 2017).
Phishing and social engineering attacks are often seen as a risk, as they manipulate human
behavior to obtain sensitive information or unauthorized system access. These attacks often
lead to substantial financial losses and exposure of personal data, making them highly
effective. In 2019, the Ponemon Institute conducted a study which revealed that 58% of
organizations recognized phishing as a significant threat they are facing.
The risk of data breaches and cyber spying is high because they could lead to the disclosure
of critical data and valuable assets. These breaches could lead to long-term consequences
like damage to reputation and financial losses. The widely publicized Equifax data breach in
2017, which exposed the personal information of over 147 million people, emphasizes the
severe repercussions of such incidents (Krebs, 2017).
Denial of Service attacks and Distributed Denial of Service attacks can flood systems,
rendering them unreachable and causing disruptions in operation. Businesses that rely
heavily on online services can experience serious damage from these attacks, resulting in
financial loss and decreased trust from customers. According to the 2019 Verizon Data
Breach Investigations Report, DDoS attacks remain one of the main forms of cyberattacks.
Inadequate passwords and authentication, outdated software, vulnerable networks, and
human errors often result in these risks. A Verizon study from 2019 revealed that 43% of
data breaches happened because passwords were weak or stolen. Additionally,
cybersecurity can be compromised by internal risks, whether they are intentional or not. In
2019, the IBM Cyber Security Intelligence Index reported that 60% of attacks originated
from employees within the company.
To minimize these risks, it is essential to establish robust security measures such as
encryption, access controls, and regular software updates. Additionally, educating users on
top security practices and leveraging threat intelligence can help prevent attacks and
protect sensitive information (NIST, 2018).
Page 4 of 13
�1.2 - Explain the role of insider threats in compromising digital security. Provide examples
of both intentional and unintentional insider threats. (10 Marks)
Insider threats are a major factor in jeopardizing digital security since they consist of people
within a company who can access important systems and data. These risks may be deliberate
or accidental and are typically harder to identify compared to external threats because of the
trusted nature of the insiders.
Intentional insider threats happen when people with access to a company deliberately
misuse that access to cause harm. In 2018, a former Tesla worker was alleged to have
caused disruption at the company by altering Tesla's Manufacturing Operating System
without permission and disclosing a significant amount of confidential information to
outside parties (Reuters, 2018). This situation shows the damage that can be inflicted on an
organization by a deceitful insider who abuses their position.
Conversely, unintentional insider threats often arise from mistakes or carelessness on the
part of individuals. Security breaches happen when employees, without realizing it, put
security at risk by not adhering to security protocols or being tricked by phishing or social
engineering strategies. In 2019, a significant data breach took place at the University of East
Anglia when a staff member mistakenly shared confidential student information with more
than 300 people (The Guardian, 2019). This example shows how insiders with good
intentions can unknowingly lead to major security breaches through small errors.
Internal risks may lead to severe outcomes like monetary setbacks, legal issues, and harm to
the image of a business. Therefore, it is important for organizations to develop efficient
strategies for recognizing and managing insider threats, including monitoring user actions,
enforcing stringent access controls, and providing regular security training for staff (CERT,
2016).
Page 5 of 13
�1.3 - What measures can individuals and organizations take to mitigate digital security risks?
Discuss at least three strategies in detail. (10 Marks)
Dealing with digital security risks entails combining proactive and reactive strategies in a
multi-layered approach. Both people and businesses can choose from a variety of tactics to
safeguard their digital assets. Enforcing strong access controls, regular software updates, and
comprehensive user education are three vital tactics.
Foremost, it is crucial to implement robust access controls to limit entry to sensitive data and
systems to individuals with a genuine need. This can be achieved through the use of multi-
factor authentication (MFA), which provides an additional layer of security alongside
passwords. Users are required to provide multiple forms of verification for MFA, such as a
password and fingerprint, or a one-time code sent to a mobile device. This significantly
reduces the risk of unauthorized access, even if a password is compromised (Microsoft, 2019).
Furthermore, it is important to routinely update software and handle patches in order to
safeguard systems from potential vulnerabilities that could be targeted by attackers. Keeping
software and operating systems regularly updated is crucial for both individuals and
organizations to defend against cyberattacks that target known vulnerabilities. Automated
tools for updates and patch management help maintain system security by applying the latest
security fixes promptly upon release (NIST, 2018).
Ultimately, comprehensive user training is crucial for reducing the chances of human error,
which is a major factor in many security breaches. Educating employees and customers on
security measures, such as recognizing phishing scams and creating strong passwords, can
help decrease common cyber risks. Continuously updated educational programs can enhance
understanding and preparedness for security by addressing emerging risks (Ponemon
Institute, 2019).
Utilizing these methods helps individuals and businesses reduce their exposure to online
security risks, protecting their sensitive information and maintaining the dependability of
their systems.
Page 6 of 13
�QUESTION TWO - PRACTICAL POWERPOINT (30 MARKS)
Page 7 of 13
�Page 8 of 13
�Page 9 of 13
�Page 10 of 13
� QUESTION THREE - (30 MARKS)
3.1 - Explain the importance of system testing in the development of life cycle. Discuss
different types of testing (e.g., unit testing, integration testing, user acceptance testing) and
their roles in ensuring a successful system deployment. (15 Marks)
Testing the system is vital in the SDLC because it verifies the software's functionality and
compliance with user needs prior to release. It enables developers to detect and correct
errors, guaranteeing the system's reliability and preparedness for practical application.
Failing to conduct comprehensive testing can result in undetected problems that may lead
to expensive repairs, harm to reputation, and user discontent after implementation.
Unit testing, a fundamental type of testing, entails testing isolated individual components or
functions within a system. The main goal of unit testing is to confirm that every segment of
code functions as intended. Testing at this initial phase can identify problems within the
code, ultimately leading to time and resource savings in the later stages of development
(Beck, 2016). For instance, a unit test can be created to ensure that a login function accepts
only correct credentials and denies incorrect ones, thereby safeguarding the security of a
system's authentication procedure.
Integration testing occurs after unit testing, involving the combination and testing of
individual modules as a whole. This stage is crucial in order to guarantee that various parts
of the system engage with each other accurately. Integration testing helps detect problems
caused by communication between modules, such as data flow issues or incompatible
interfaces (Myers, 2011). A system consisting of a payment gateway and an inventory
management module may pass unit tests but could fail integration testing if data is not
successfully transferred between them.
Ultimately, user acceptance testing (UAT) consists of actual users testing the system in a
setting that reflects production conditions, in order to confirm that it fulfills their
requirements and anticipations. UAT ensures that the system functions correctly from the
user's point of view, focusing on the end-user experience. A successful UAT confirms the
system's readiness for deployment and ability to deliver the desired business value (IEEE,
2014). In a retail system, users may test the checkout process during UAT to confirm its ease
of use and lack of errors.
Every test plays a crucial part in making sure the system is strong, operational, and easy to
use. Working together, they reduce risks, enhance quality, and ensure successful
deployment of the system with minimal issues.
Page 11 of 13
�3.2 - Analyze the impact of cloud computing on system development practices. How does
the cloud environment influence system design, deployment, and maintenance? Discuss
with reference to specific examples. (15 Marks)
Cloud computing has revolutionized system development practices by introducing new
approaches to system design, deployment, and maintenance. The adaptable, versatile, and
affordable aspects of this technology have changed how developers build and manage
systems.
Cloud computing has facilitated the shift to microservices architecture in system design.
Unlike conventional monolithic applications, microservices allow developers to build
systems by connecting a series of loosely connected services. Each service can be
individually developed, deployed, and scaled, providing enhanced flexibility and fault
tolerance. For instance, Netflix implemented microservices on AWS, enabling them to grow
their services as required and ensure durability during service disruptions (Gartner, 2019).
This adjustment in architecture has improved the system design's ability to scale and be
agile.
Deployment practices have been changed by cloud computing as well. Deploying software
with traditional on-premise setups demanded considerable manual labor and downtime.
Cloud platforms have implemented CI/CD pipelines, automating software update testing
and deployment. Cloud platforms such as AWS and Microsoft Azure offer tools that simplify
these procedures, enabling developers to efficiently and consistently deploy updates with
little interruption (AWS, 2020). An instance would be Spotify utilizing a CI/CD pipeline on
Google Cloud, enabling them to release thousands of updates daily with minimal
interruptions.
In conclusion, maintenance in cloud computing is greatly simplified with the use of
Infrastructure as Code (IaC). IaC enables developers to automate the provisioning and
management of resources by using code to manage infrastructure. This method guarantees
uniformity, minimizes mistakes made by humans, and eases the process of expanding.
Capital One is a prominent example, utilizing IaC for automating the deployment and scaling
of its cloud infrastructure, enabling swift responses to business requirements and security
updates (Forrester, 2018).
In general, cloud computing has changed system development by allowing for more flexible
designs, automating deployment processes, and streamlining maintenance tasks. This has
caused quicker development cycles, enhanced scalability, and decreased operational
expenses, providing businesses with a competitive edge.
Page 12 of 13
� Bibliography
IBM. (2019). Cyber Security Intelligence Index. IBM Security. Available at:
https://www.ibm.com/security.
Krebs, B. (2017). Equifax Breach Fallout: Your Dossier for Sale. Available at:
https://krebsonsecurity.com.
CERT. (2016). Common Sense Guide to Mitigating Insider Threats. CERT Insider Threat
Center. Available at: https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=484738.
Reuters. (2018). Tesla Sues Former Employee for Hacking and Theft of Trade Secrets.
Available at: https://www.reuters.com.
Microsoft. (2019). Multi-Factor Authentication (MFA) and Its Role in Cybersecurity. Available
at: https://www.microsoft.com/security.
National Institute of Standards and Technology (NIST). (2018). Framework for Improving
Critical Infrastructure Cybersecurity. NIST. Available at:
https://www.nist.gov/cyberframework.
Beck, K. (2016). Test-Driven Development: By Example. Addison-Wesley. Available at:
https://www.oreilly.com/library/view/test-driven-development/0321146530/.
IEEE. (2014). IEEE Standard for Software and System Test Documentation. IEEE Computer
Society. Available at: https://ieeexplore.ieee.org/document/4578383.
Myers, G. J. (2011). The Art of Software Testing. John Wiley & Sons. Available at:
https://malenezi.github.io/malenezi/SE401/Books/114-the-art-of-software-testing-3-
edition.pdf.
Amazon Web Services (AWS). (2020). Continuous Integration and Continuous Delivery on
AWS. Available at: https://aws.amazon.com/devops/continuous-integration/.
Forrester. (2018). The Total Economic Impact™ Of Using AWS For Infrastructure As A
Service. Available at: https://www.forrester.com/report.
Gartner. (2019). Netflix’s Journey with Microservices: A Case Study. Available at:
https://www.gartner.com.
Page 13 of 13
