Identify and examine all types of the malicious cyber activities identified by ACSC and summarize them in a table. 2. Identification and categories assets, including all elements of an organization’s system (people, procedures, data and information, software, hardware, and networking) 3. Create a table to identifying and prioritizing threats against each type of asset identified in item (2). You have to demonstrate the way you follow to prioritizing threats with justification. 4. In general, the security defences should be based on five fundamental security principles: layering, limiting, diversity, obscurity, and simplicity. The ACSC proposed eight strategies to prevent malware delivery and limit cyber Security incidents. Analyse these principles with the strategies proposed by the ACSC. In your analysis, you have to clearly demonstrate how each mitigation strategy is related to fundamental security principle with justification.
Assessment Brief: SBM4304 IS Security and Risk Management Trimester-1 2021 Assessment Overview Assessment Task Type Weighting Due Length ULO Assessment 1: Case Study Write a report to discuss recent type of information security attacks, protection mechanism and risk management. Individual 30% Week 6 2500 words ULO-2 ULO-3 ULO-4 Assessment 2: Applied project Discuss and implement IS security protection techniques, and implementing access control under Linux. Group 30% Week 12 2500 words ULO-1 ULO-2 ULO-3 ULO-4 Assessment 3: Laboratory Practicum Weekly quizzes and lab activities and exercises assess students’ ability to understand theoretical materials. The quiz will be either multiple choice questions or short questions which are relevant to the lecture materials. Individual 40% (30% quizzes, 10% lab work activities) Week 3, 4, 6, 8, 10 3000 words ULO-1 ULO-2 ULO-3 ULO-4 Assessment 1: Case study Due date: Week 6 Group/individual: Individual Word count / Time provided: 2500 Weighting: 30% Unit Learning Outcomes: ULO-2, ULO-3, ULO-4 Assessment Details: Today’s Internet has its roots all the way back in the late 1960s, but it was only used by researchers and the military for almost a quarter of a century. The Internet has opened the door for threat actors to reach around the world invisibly and instantaneously to launch attacks on any device connected to it. Read the case study titled: Threat Update COVID-19 Malicious Cyber Activity that available at: https://apic.instructure.com/files/148461/download?download_frd=1 https://apic.instructure.com/files/148461/download?download_frd=1 Answer the following questions related to the case study: 1. Identify and examine all types of the malicious cyber activities identified by ACSC and summarize them in a table. 2. Identification and categories assets, including all elements of an organization’s system (people, procedures, data and information, software, hardware, and networking) 3. Create a table to identifying and prioritizing threats against each type of asset identified in item (2). You have to demonstrate the way you follow to prioritizing threats with justification. 4. In general, the security defences should be based on five fundamental security principles: layering, limiting, diversity, obscurity, and simplicity. The ACSC proposed eight strategies to prevent malware delivery and limit cyber Security incidents. Analyse these principles with the strategies proposed by the ACSC. In your analysis, you have to clearly demonstrate how each mitigation strategy is related to fundamental security principle with justification. Create a report to answer the above questions, your report must include introduction and report summarisation in addition to a cover page that includes your details. Marking Criteria and Rubric: The assessment will be marked out of 100 and will be weighted 30% of the total unit mark Marking Criteria Not satisfactory (0-49%) of the criterion mark Satisfactory (50-64%) of the criterion mark Good (65-74%) of the criterion mark Very Good (75-84%) of the criterion mark Excellent (85-100%) of the criterion mark Introduction (10 marks) Poor Introduction with irrelevant details Introduction is presented briefly with some relevance and missing elements. Introduction is generally presented in good fashion, however missing one element. Introduction is well written with clear discussion. Introduction is very well written with very clear background, discussion. Types of the malicious cyber activities identified by ACSC and summarize them in a table (20 marks) Poor discussion with irrelevant information and table Brief discussion about some threats with general information in the table. Generally good discussion with general information in the table. Very clear discussion about threats with good information in the table. In-depth and very clear discussion about threats with very good information in the table. Identification and categories assets (20 marks) Poor discussion with irrelevant information Brief identification and categories assets. Generally good identification and categories assets Very clear identification and categories assets A very detailed and very clear identification and categories assets Identifying and prioritizing threats against each type of asset (20 marks) Poor identifying and prioritizing threats against each type of asset Brief identifying and prioritizing threats against each type of asset Generally good identifying and prioritizing threats against each type of asset Very clear identifying and prioritizing threats against each type of asset A very clear and in-depth identifying and prioritizing threats against each type of asset Analysing the five fundamental security principles with the security mitigation Poor Introduction with irrelevant details. Brief discussion of the five fundamental security principles with the security mitigation proposed by the ACSC. Generally good discussion of the five fundamental security principles with the security mitigation by the ACSC. Very clear discussion of the five fundamental security principles with the security mitigation proposed by the ACSC. In-depth and very clear discussion of the five fundamental security principles with the security proposed by the ACSC (20) mitigation proposed by the ACSC. Summary (10 marks) Summary not relating to the report Brief summary of the report with some relevance Generally good summary of the report clearly summarizing the overall contribution very clearly summarizing the overall contribution Assessment 2: Applied Project Due date: Week 12 Group/individual: Group Word count / Time provided: 2500 words Weighting: 30% Unit Learning Outcomes: ULO-1, ULO-2, ULO-3, ULO-4, ULO-5 Assessment Details: This assessment is designed to assess your technical skills in applying information security tools. In this assignment, you have to study and apply steganography techniques to embedded data within a file. In addition, you have to understand Linux file systems and apply access control technologies. The assessment is also assessing your skills to analyses information security principles against security techniques including steganography and access control. In completing this assessment successfully, you will be able to investigate IS security, risk threats and propose the suitable security controls, which will help in achieving ULO-1, ULO-2, ULO-3, and ULO-4. Task Specifications This assessment includes three tasks as follows: Task-1: Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. Use Steghide tools available in Kali Linux/Linux to hide a text file that includes your group students IDs on audio file. You have first to create audio file with no more than 30 second to record your group students IDs only. Then, you have to create text file to include group details include first and last name for each student in your group. Finally, use Steghide tools (use security as passphrase) to embedded your text file into the created audio file. In your report, you have to provide screenshot demonstrate the steps with the commands you followed during the process of installation of Steghide, and the way use used to hide group information text file into audio file and finally the steps to extract the text file from audio for verification of your work. Task-2: Access control is granting or denying approval to use specific resources. Technical access control consists of technology restrictions that limit users on computers from accessing data. In this task you have to work in a group to understand Access Control List (ACL) and files system security using Linux environment. You have to complete the followings tasks using kali Linux or any Linux OS: 1. Fill the following table with the information related to all member of your group: Sn. No APIC Student ID First Name Last Name 1 {Student-ID1} {FirstName-1} {LastName-1} 2 3 Table 1: Group information 2. Create main directory named BIS3004 and set it permission to full access, fill the following table: Task Command/s Create directory named :BIS3004 Set full access to BIS3004 directory Table 2: Create Directories APIC 3. Create sub directories within BIS3004 directory according to Table-3: Task Command/s - Create directory {FirstName-1} - Set read and write access permission only - Create directory {FirstName-2} - Set read access permission only - Create directory {FirstName-3} - Set read and execute access permission only Table 3: Create Student ID directories Please note, {FirstName-x} is the first name of the APIC student according to Table-1. 4. Create users, with names according to the group member student IDs for of your group as shown in Table-4 Task Command/s - Create user {Student-ID1} - Write ACL to enable: 1. full permission to {FirstName-1} 2. read and write permission to {FirstName-2} and 3. read permission only to other directories. - Create user {Student-ID2} - Write ACL to enable: 1. full permission to {FirstName-2} 2. read and execute permission to {FirstName-1} 3. read permission only to other directories. Table 4: Create users 4. Create two groups and fill Table-5: Task Command/s - Create group {LastName-1} - Add {Student-ID1} and {Student-ID2} users to {LastName-1} group - Write ACL that {LastName-1} group users will get full access to {FirstName-1} directory and read access to {FirstName-2} directory. - Create group {LastName2} - Add ‘{Student-ID2} and {Student-ID3} to {LastName-2} group - Write ACL that {LastName-2} group users will get full access to {FirstName-2} directory and write and execute access to {FirstName-1} directory. Table 5: Create groups