Case Study : Assess the information security situation in one of the following systems and make
recommendations for improvements. Provide a brief description of the system before answering the
questions detailing out your assumptions. 20 marks
University Admission System / University Examination System / PAN card issuance system
You must address at least the following questions:
1. What are the main categories of information assets that have to be protected?
2. What are the main threats to and vulnerabilities of these information assets?
3. Which control measures are used to protect the information assets?
4. What recommendations (if any) can you make to improve the information security situation of the
system?
The marks would depend on quality of both the problems as well as their suggested solution. If you come up
with a severe security problem but may not provide a solution may be awarded better marks than coming up
with a trivial problem and then solving the same. However, this may vary from case to case basis.