Assessment 1: Case Study
Assessment Brief: BIS3004 IS Security and Risk Management Trimester-3 2021 Assessment Overview Assessment Task Type Weighting Due Length ULO Assessment 1: Case Study Write a report to discuss recent type of information security attacks, protection mechanism and risk management. Individual 30% Week 6 2500 words ULO-2 ULO-3 ULO-4 Assessment 2: Quiz quizzes assess students’ ability to understand theoretical materials. The quiz will be either multiple choice questions or short questions which are relevant to the lecture materials. Individual Invigilated 30% Week 3, 4, 6, 8, 10 700 words ULO-1 ULO-2 ULO-3 ULO-4 Assessment 3: Laboratory Practicum lab activities and exercises assess students’ ability to understand theoretical materials. Individual Invigilated 10% Weekly equiv. 2300 words ULO-1 ULO-2 ULO-3 ULO-4 Assessment 4: Applied project Discuss and implement IS security protection techniques and implementing access control under Linux. Group 30% Week 12 2500 words ULO-1 ULO-2 ULO-3 ULO-4 equiv. – equivalent word count based on the Assessment Load Equivalence Guide. It means this assessment is equivalent to the normally expected time requirement for a written submission containing the specified number of words. Assessment 1: Case study Due date: Week 6 Group/individual: Individual Word count / Time provided: 2500 Weighting: 30% Unit Learning Outcomes: ULO-2, ULO-3, ULO-4 Assessment Details: Today’s Internet has its roots all the way back in the late 1960s, but it was only used by researchers and the military for almost a quarter of a century. The Internet has opened the door for threat actors to reach around the world invisibly and instantaneously to launch attacks on any device connected to it. Open your web browser and enter the URL https://securityboulevard.com/2021/04/10-major-cyber-attacks-witnessed-globally-in-q1-2021/ Under the 10 Major Cyber Attacks Witnessed Globally in Q1 2021, there are a list of 10 Major Cyber-attacks. Your tasks include: 1. Identify and examine Five (5) Major Cybersecurity’s Attack types of activities identified by securityboulevard.com from the list and summarize them into a table (using your own words). 2. Identify and categorise assets, including all elements of an organization’s system (people, procedures, data and information, software, hardware, and networking) 3. Create a table to identifying and prioritizing threats against each type of asset identified in item (2). You must demonstrate the way you follow to prioritizing threats with justification. 4. In general, the security defences should be based on five fundamental security principles: layering, limiting, diversity, obscurity, and simplicity. Write your own proposal strategies to prevent malware delivery and limit cyber-Security incidents. Analyse these proposed strategies and provide clear demonstration (justification) to your approach. Create a report to answer the above questions, your report must include introduction and report summarisation in addition to a cover page that includes your details. Marking Criteria and Rubric: The assessment will be marked out of 100 and will be weighted 30% of the total unit mark Marking Criteria Not satisfactory (0-49%) of the criterion mark Satisfactory (50-64%) of the criterion mark Good (65-74%) of the criterion mark Very Good (75-84%) of the criterion mark Excellent (85-100%) of the criterion mark Introduction (10 marks) Poor Introduction with irrelevant details Introduction is presented briefly with some relevance and missing elements. Introduction is generally presented in good fashion, however missing one element. Introduction is well written with clear discussion. Introduction is very well written with very clear background, discussion. Types of the malicious cyber activities identified by Securityboulevard and summarize them in a table Poor discussion with irrelevant information and table Brief discussion about some threats with general information in the table. Generally good discussion with general information in the table. Very clear discussion about threats with good information in the table. In-depth and very clear discussion about threats with very good information in the table. https://securityboulevard.com/2021/04/10-major-cyber-attacks-witnessed-globally-in-q1-2021/ (20 marks) Identification and categories assets (20 marks) Poor discussion with irrelevant information Brief identification and categories assets. Generally good identification and categories assets Very clear identification and categories assets A very detailed and very clear identification and categories assets Identifying and prioritizing threats against each type of asset (20 marks) Poor identifying and prioritizing threats against each type of asset Brief identifying and prioritizing threats against each type of asset Generally good identifying and prioritizing threats against each type of asset Very clear identifying and prioritizing threats against each type of asset A very clear and in-depth identifying and prioritizing threats against each type of asset Analysing the five fundamental security principles with the security mitigation proposed by the Student (20) Poor Introduction with irrelevant details. Brief discussion of the five fundamental security principles with the security mitigation proposed by the ACSC. Generally good discussion of the five fundamental security principles with the security mitigation by the ACSC. Very clear discussion of the five fundamental security principles with the security mitigation proposed by the ACSC. In-depth and very clear discussion of the five fundamental security principles with the security mitigation proposed by the ACSC. Summary (10 marks) Summary not relating to the report Brief summary of the report with some relevance Generally good summary of the report clearly summarizing the overall contribution very clearly summarizing the overall contribution Assessment 2: Quiz Due date: Week 3, 4, 6, 8, 10 Group/individual: Individual-Invigilated Word count / Time provided: 700 Weighting: 30% quizzes Unit Learning Outcomes: ULO-1, ULO-2, ULO-3, ULO-4 Assessment Details: This assessment also includes invigilated quiz that will assess your ability to understand theoretical materials and your knowledge of key content areas. The quiz will be either multiple choice questions or short questions which are relevant to the lectures of lecture materials. For successful completion of the quiz, you are required to study the material provided (lecture slides, tutorials, and reading materials) and engage in the unit’s activities. The prescribed textbook is the main reference along with the recommended reading materials. Marking information: The assessment will be marked out of 100 and will be weighted 30%. Assessment 3: Laboratory Practicum Due date: Weekly (week-1 to week-10) Group/individual: Individual Word count / Time provided: 2500 Weighting: 10% Unit Learning Outcomes: ULO-1, ULO-2, ULO-3, ULO-4 Assessment Details: Practical exercises assess students’ ability to apply theoretical learning to practical, real world situations on a weekly basis. The practical exercises will improve student’s ability to practice information security using Linux/Kali Linux platform such as phishing attack, encryption and steganography and other functions. Students will be required to complete the practical exercises during the workshop and therefore, attendance is required as part of this assessment. Students will not be assessed on work that not produced in workshop so that attendance is required as part of this assessment. Students are required to submit the work that they have completed during the workshop session only. The details of the lab work and requirements are provided on the online learning system. Marking information: The assessment will be marked out of 100 and will be weighted 10%. Assessment 4: Applied project Due date: Week 12 Group/individual: Group Word count / Time provided: 2500 Weighting: 30% Unit Learning Outcomes: ULO-1, ULO-2, ULO-3, ULO-4 Assessment Details: This assessment is designed to assess your technical skills in applying information security tools. In this assignment, you have to study and apply steganography techniques to embedded data within a file. In addition, you have to understand Linux file systems and apply access control technologies. The assessment is also assessing your skills to analyses information security principles against security techniques including steganography and access control. In completing this assessment successfully, you will be able to investigate IS security, risk threats and propose the suitable security controls, which will help in achieving ULO-1, ULO-2, ULO-3, and ULO-4. Task Specifications This assessment includes three tasks as follows: Task-1: Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. Use Steghide tools available in Kali Linux/Linux to hide a text file that includes your group students IDs on audio file. You have first to create audio file with no more than 30 second to record your group students IDs only. Then, you have to create text file to include group details include first and last name for each student in your group. Finally, use Steghide tools (use security as passphrase) to embedded your text file into the created audio file. In your report, you have to provide screenshot demonstrate the steps with the commands you followed during the process of installation of Steghide, and the way use used to hide group information text file into audio file and finally the steps to extract the text file from audio for verification of your work. Task-2: Access control is granting or denying approval to use specific resources. Technical access control consists of technology restrictions that limit users on computers from accessing data. In this task you have to work in a group to understand Access