College of Computing and Informatics

Assignment 1
Deadline: Tuesday 20/9/2022 @ 23:59
[Total Mark for this Assignment is 8]

Student Details:
Name: ### Taif Albadri ID: ### 180115759

CRN: ### 11011

Instructions:

 You must submit two separate copies (one Word file and one PDF file) using the Assignment Template on
Blackboard via the allocated folder. These files must not be in compressed format.

 It is your responsibility to check and make sure that you have uploaded both the correct files.
 Zero mark will be given if you try to bypass the SafeAssign (e.g., misspell words, remove spaces between
words, hide characters, use different character sets, convert text into image or languages other than English
or any kind of manipulation).
 Email submission will not be accepted.
 You are advised to make your work clear and well-presented. This includes filling your information on the cover
page.
 You must use this template, failing which will result in zero mark.
 You MUST show all your work, and text must not be converted into an image, unless specified otherwise by
the question.
 Late submission will result in ZERO mark.
 The work should be your own, copying from students or other resources will result in ZERO mark.
 Use Times New Roman font for all your answers.
Pg. 01 Question One

Learning
Outcome(s):
Question One 4 Marks

CLO3: Develop SEU webpage and its electronic services collect and retain Personal Information, such
security policies as when applying for admission or a job with SEU. The university is committed to
and put in place protecting your privacy in accordance with SEU Privacy Policy. Please visit the link
an effective (https://seu.edu.sa/en/policy/ ), read this Privacy Policy carefully, and answer the
security following questions:

architecture that
a. Who are the policy audiences? Note that the policy sometimes applies to people
comprises
outside the organization (i.e., business partners, service providers, contractors, or
modern hardware
consultants). [1 mark, 0.5 for each correct audience]
and software
technologies and
b. List and Identify at least two organizational roles and their responsibilities clearly
protocols. defined in the SEU privacy policy.
[2 mark total, 0.5 for each roles, 0.5 for each responsibility]

CLO6: c. Which one of the security requirements/properties of CIA Triad (i.e.,

Demonstrate Confidentiality, Integrity, Availability) the privacy policy seeks to preserve?
processes to Explain your answer. [1 mark total, 0.5 for the property, 0.5 for the explanation]
implement and
enforce policy. A. Target audiences:

Includes every one that has a relationship with the Saudi Electronic
university, which of course includes the workers within the university,
different business sides inside and outside the college.

B. Organizational roles and responsibilities:

- The personal information protector: The personal information protector

is liable for the legitimacy of the approaching information at "Personal
Pg. 02 Question One

Information Guide" persistently, and is answerable for all reviews to

guarantee following all frameworks and users of the operations and
directions of the guide.

- Deanship of IT: is in charge of defining a form of non-disclosure of

information pledge, including an obvious personal information, and
ensuring that the individual companies and contractors have approved the
form in writing.

C. Primary security requirement:

The primary security requirement that the SEU is trying to seeks to preserve
among the CIA triad is "Integrity” of the users’ information. In order to
prevent duplicate data from existing in many systems, the integrity of the
users' information is safeguarded.
Pg. 03 Question Two

Learning Question Two 4 Marks

Outcome(s):
Information Security Policies provide a framework that guides the organization and
CLO4: Analyze protects the assets of that organization. Consider the SEU privacy policy discussed in
problems related Question One, which aims to ensure the privacy of sensitive information. This sensitive
to the field of
information may be vulnerable to some information security threats.
Security and
Information
1. Choose at least one SEU information asset and identify the information
Assurance
sensitivity level based on SEU privacy policy (i.e., Low, Middle, or Highly
sensitive information).

2. List at least two security threats to the chosen sensitive information asset, two
vulnerabilities that might allow a threat to occur, and two risks resulting from the
threats and vulnerabilities.

Note: Write your answer in the table below. [4 marks total]

Information
Information Assets Sensitivity Threats Vulnerabilities Risks
Level
[0.5 mark] [1 mark] [1 mark] [1 mark]
[0.5 mark]

1)Internet/social 1) weakness in
attack the operating 1)Data damage/loss
Data Assets High system
2)System/information
2) Loss of Data 2) process breaches.
in the Cloud vulnerability
Pg. 04 Question Two

Reference:

- Saudi electronic university privacy policy. Retrieved from:

https://seu.edu.sa/en/policy/