Assessment Details and Submission Guidelines Trimester T3 2020 Unit Code HS3011 Unit Title Information Security Assessment Type Group Assignment Assessment Title Security Hands-On Projects Purpose of the assessment (with ULO Mapping) The purpose of this assignment is to exercise, analyse and to assess information security risks for business applications and recommend appropriate security mechanisms. Students will be able to: 1. Understand the challenges and impact of factors that relate to Information Systems security management 2. Demonstrate an understanding of security frameworks, models and standards and their application to different business scenarios, 3. Communicate effectively, information systemsâ€™ security concepts and controls to both technical and nontechnical stakeholders 4. Analyse and to assess information security risks for business applications and recommend appropriate security mechanisms. 5. Work autonomously as well as within group to develop a solution to a business scenario. 22/01/2021 62884 â€“ Assessment Details and Submission GuidelinesTrimester https://www.australiabesttutors.com/Recent_Question/62884/Assessment-Details-and-Submission-GuidelinesTrimester 3/7 6. Understand the ICT profession and the expectations of ICT professionals in information security roles. Weight 40% of the total assessments Total Marks 35% report + 5% Video Demonstration Word limit 2500 â€“ 3000 words Due Date End of Week 11 Submission Guidelines â€¢ All work must be submitted on Blackboard by the due date along with a completed Assignment Cover Page. â€¢ The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2 cm margins on all four sides of your page with appropriate section headings. â€¢ Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using Harvard or IEEE referencing style. Assignment Requirements: You are required to follow the instructions in each project and provide screen shots for the outcomes in addition to the answers to any provided questions. PROJECT 1: Case Study Peter Hayes, CFO of Sequential Label and Supply, was working late. He opened an e-mail from the manager of the accounting department. The e-mail had an attachmentâ€”probably a spreadsheet or a report of some kindâ€”and from the file icon he could tell it was encrypted. He saved the file to his computerâ€™s hard drive and then double-clicked the icon to open it. His computer operating system recognized that the file was encrypted and started the decryption program, which prompted Peter for his passphrase. Peterâ€™s mind went blank. He couldnâ€™t remember the passphrase. â€œOh, good grief!â€ he said to himself, reaching for his phone. â€œCharlie, good, youâ€™re still here. Iâ€™m having trouble with a file in my e-mail program. My computer is prompting me for my passphrase, and I think I forgot it.â€ â€œUh-oh,â€ said Charlie. â€œWhat do you mean â€˜Uh-ohâ€™?â€ â€œI mean youâ€™re S.O.L.â€ Charlie replied. â€œSimply outta luck.â€ â€œOut of luck?â€ said Peter. â€œWhy? Canâ€™t you do something? I have quite a few files that are encrypted with this PGP program. I need my files.â€ Charlie let him finish, then said, â€œPeter, remember how I told you it was important to remember your passphrase?â€ Charlie heard a sigh on the other end of the line, but decided to ignore it. â€œAnd do you remember I said that PGP is only free for individuals and that you werenâ€™t to use it for company files since we didnâ€™t buy a license for the company? I only set that program up on your personal laptop for your home emailâ€”for when your sister wanted to send you some financial records. When did you start using it on SLS systems for company business?â€ â€œWell,â€ Peter answered, â€œthe manager of my accounting department had some financials that were going to be ready a few weeks ago while I was traveling. I sort of told him that you set me up on this PGP crypto thing and he googled it and set up his own account. Then, I swapped public keys with him before I left, and he sent the files to me securely by e-mail while I was in Dubai. It worked out great. So, the next week I encrypted quite a few files. Now I canâ€™t get to any of them because I canâ€™t seem to remember my passphrase.â€ There was a long pause, and then he asked, â€œCan you hack it for me?â€ Charlie chuckled and then said, â€œSure, Peter, no problem. Send me the files and Iâ€™ll put the biggest server we have to work on it. Since we set you up in PGP with 256-bit AES, I should be able to apply a little brute force and crack the key to get the plaintext in a hundred trillion years or so.â€ Charlie was getting ready to head home when the phone rang. Caller ID showed it was Peter. â€œHi, Peter,â€ Charlie said into the receiver. â€œWant me to start the file cracker on your spreadsheet?â€ â€œNo, thanks,â€ Peter answered, taking the joke well. â€œI remembered my passphrase. But I want to get your advice on what we need to do to make the use of encryption more effective and to get it properly licensed for the whole company. I see the value in using it for certain kinds of information, but Iâ€™m worried about forgetting a passphrase again, or even worse, that someone else forgets a passphrase or leaves the company. How would we get their files back?â€ â€œWe need to use a feature called key recovery, which is usually part of PKI software,â€ said Charlie. â€œActually, if we invest in PKI software, we could solve that problem as well as several others.â€ 22/01/2021 62884 â€“ Assessment Details and Submission GuidelinesTrimester https://www.australiabesttutors.com/Recent_Question/62884/Assessment-Details-and-Submission-GuidelinesTrimester 4/7 â€œOK,â€ said Peter. â€œCan you see me tomorrow at 10 oâ€™clock to talk about this PKI solution and how we can make better use of encryption?â€ Questions: 1. Was Charlie exaggerating when he gave Peter an estimate for the time required to crack the encryption key using a brute force attack? 2. Are there any tools that someone like Peter could use safely, other than a PKI-based system that implements key recovery, to avoid losing his passphrase? Suppose Charlie had installed key logger software on all company computer systems and had made a copy of Peterâ€™s encryption key. Suppose that Charlie had this done without policy authority and without anyoneâ€™s knowledge, including Peterâ€™s. 3. Would the use of such a tool be an ethical violation on Charlieâ€™s part? Is it illegal? 4. Suppose that Charlie had implemented the key logger with the knowledge and approval of senior company executives, and that every employee had signed a release that acknowledged the company can record all information entered on company systems. Two days after Peterâ€™s call, Charlie calls back to give Peter his key: â€œWe got lucky and cracked it early.â€ Charlie says this to preserve Peterâ€™s illusion of privacy. Is such a â€œlittle white lieâ€ an ethical action on Charlieâ€™s part? PROJECT 2: Web Search Exercises 1. Go to a popular online e-commerce site like Amazon.com. Place several items in your shopping cart, and then go to check out. When you reach the screen that asks for your credit card number, right-click on the Web browser and select â€œProperties.â€ What can you find out about the cryptosystems and protocols in use to protect this transaction? 2. Repeat Exercise 1 on a different Web site. Does this site use the same or different protocols? Describe them. 3. Perform a Web search for â€œSymantec Desktop Email Encryption (powered by PGP Technology).â€ Download and install the trial version. Using the tool and your favorite e-mail program, send a PGP-signed email to your instructor. What looks different in this e-mail compared with your other e-mails? 4. Perform a Web search for â€œAnnouncing the Advanced Encryption Standard (AES).â€ Read this document, which is a FIPS 197 standard. Write a short overview of the development and implementation of this cryptosystem. 5. Search the Web for â€œsteganographic tools.â€ What do you find? Download and install a trial version of one of the tools. Embed a short text file within an image. In a sideby-side comparison, can you tell the difference between the original image and the image with the embedded file? PROJECT 3: Defense in Depth Network Design In this project you will design a new network infrastructure for a five-hundred-employee education & training firm. The design of the network should incorporate several elements that demonstrate a defense in depth architecture. TASK: The design of the network should incorporate protection against the following threats: 1. Malicious software 2. Phishing 3. Spam 4. Non-company-owned devices on the internal network (â€œbring your own device,â€ or BYOD) 5. Rogue access points For each type of threat, indicate the controls or features in the architecture that reduce or eliminate the threat. PROJECT 4: Research Biometric Access Controls As a consultant with the Risk Analysis Consulting Co., you have been asked to research biometric access controls for a chemical company, Colorful Plastics. A number of security incidents in the past year has prompted Colorful Plastics to consider using biometrics for its building access control system. TASK: Using online research, identify several biometric access control products that could be used. Consider systems that are based on fingerprint, iris scan, and hand print. Recommend two finalists that Colorful Plastics should consider testing on-site. GROUP DEMONSTRATION (5%) â€¢ Each group is required to develop 8-10-minute-long video recorded demonstration using any software they 22/01/2021 62884 â€“ Assessment Details and Submission GuidelinesTrimester https://www.australiabesttutors.com/Recent_Question/62884/Assessment-Details-and-Submission-GuidelinesTrimester 5/7 feel convenient. â€¢ All group members are required to speak during the demonstration. â€¢ Each member will demonstrate the tasks that he/she been assigned and completed throughout the project Group Members Participation You will be assessed individually on group contribution. Every member must fill in the Group Members Participation (available on Bb). In addition, all the group members have to agree on the contribution hours for every member. Submission Guidelines Create a business report with: Cover page â€¢ Document Title â€¢ Author(s) information Table of contents â€¢ You have to use Microsoft Word build-in function to create a Table of Contents. Executive Summary â€¢ What this assignment is about and what you want to achieve (should be about 100 words, ES is differed to compare with Introduction). Introduction â€¢ You are required to list the major responsibilities which you should take on to help in solving the businessâ€™ problem. What is your basic plan? Where do you start from? What do you want to achieve? â€¢ The purpose of your work â€¢ The structure of your report The assignment submission should take the form of a report that thoroughly details the challenges. All information sources must be appropriately acknowledged and a full bibliography is required. PLEASE NOTE Your submission document should be a single word or pdf document containing your report. All submissions are to be submitted through the safeAssign facility in Blackboard. Submission boxes linked to SafeAssign will be set up in the Units Blackboard Shell. Assignments not submitted through these submission links will not be considered. Submissions must be made by the due date and time (which will be in the session detailed above) and determined by your unit coordinator. Submissions made after the due date and time will be penalized per day late (including weekend days) according to Holmes Institute policies. The SafeAssign similarity score will be used in determining the level, if any, of plagiarism. SafeAssign will check conference web-sites, Journal articles, the Web and your own class members submissions for plagiarism. You can see your SafeAssign similarity score (or match) when you submit your assignment to the appropriate drop-box. If this is a concern you will have a chance to change your assignment and resubmit. However, resubmission is only allowed prior to the submission due date and time. After the due date and time have elapsed your assignment will be graded as late. Submitted assignments that indicate a high level of plagiarism will be penalized according to the Holmes Academic Misconduct policy, there will be no exceptions. Thus, plan early and submit early to take advantage of the resubmission feature. You can make multiple submissions, but please remember we only see the last submission, and the date and time you submitted will be taken from that submission. Academic Integrity Holmes Institute is committed to ensuring and upholding Academic Integrity, as Academic Integrity is integral to maintaining academic quality and the reputation of Holmesâ€™ graduates. Accordingly, all assessment tasks need to comply with academic integrity guidelines. Table 1 identifies the six categories of Academic Integrity breaches. If you have any questions about Academic Integrity issues related to your assessment tasks, please consult your lecturer or tutor for relevant referencing guidelines and support resources. Many of these resources can also be found through the Study Sills link on Blackboard. Academic Integrity breaches are a serious offence punishable by penalties that may range from deduction of marks, failure of the assessment task or unit involved, suspension of course enrolment, or cancellation of course enrolment. Table 1: Six categories of Academic Integrity breaches Plagiarism Reproducing the work of someone else without attribution. When a student submits their own 22/01/2021 62884 â€“ Assessment Details and Submission GuidelinesTrimester https://www.australiabesttutors.com/Recent_Question/62884/Assessment-Details-and-Submission-GuidelinesTrimester 6/7 work on multiple occasions this is known as self-plagiarism. Collusion Working with one or more other individuals to complete an assignment, in a way that is not authorised. Copying Reproducing and submitting the work of another student, with or without their knowledge. If a student fails to take reasonable precautions to prevent their own original work from being copied, this may also be considered an offence. Impersonation Falsely presenting oneself, or engaging someone else to present as oneself, in an in-person examination. Contract cheating Contracting a third party to complete an assessment task, generally in exchange for money or other manner of payment. Data fabrication falsification and Manipulating or inventing data with the intent of supporting false conclusions, including manipulating images. Source: INQAAHE, 2020
Assessment Details and Submission Guidelines Trimester T3 2020 Unit Code HS3011 Unit Title
by Manilla | Aug 3, 2022 | Uncategorized | 0 comments
Why work with us?
Authenticity:All of our papers are authentic, as each paper of ours is composed according to your unique requirements. Confidentiality: We value you data. Our company is extremely efficient in guarding the privacy of our clients. 100% Money Back Guarantee: In the event you cancel your order, you get your money back as soon as possible, we give a 100% refund. 24/7 Support: Our team members are available via email, live chat, and phone. Revision Policy: You can apply for a revision if you think your paper could be better. In this case, your paper will be revised either by the specialist assigned to you or by another writer.
How the Platform Works
- Click on 'Place Your Order' tab on the menu or click on 'Order Now' tab at the bottom and a new order page will appear
- Fill in your requirements depending on your needs under the 'PAPER DETAILS' area
- In the next section, fill in the academic level, required number of pages, paper deadline as provided in the drop-down menus.
- To enter your registration details, click on 'CREATE ACCOUNT & SIGN IN'. This step allows you to create an account with us for purposes of record-keeping. Click on 'PROCEED TO CHECK OUT' at the bottom of the page
- The next section requires you to fill in the payment details. Follow the guided process and soon your order will be available for our team to work on.