Analyse Information Security Threats- QAC020X352S

Preview text

Page 1 of 9
Cyber Security Assignment 2 Brief
Academic year and term: 2022/2023 Year 3, Semester 1
Module title: Cyber Security
Module code: QAC020X352S
Module Convener: Amjad Alam
Learning outcomes
assessed as agreed at
the programme level
meeting
Students who successfully complete this module will be able to:
1. Identify and critically analyse information security threats to
computer networks and management information systems.
(management of information systems | Managing information
systems)
2. Critically evaluate the range of effective security controls used
to protect system and user data.
3. Synthesize solutions to security problems through effective
information security governance.
Create understanding of professional, social, ethical and legal
issues associated with cyber security.
Type of assessment:
2. Individual Assessment: Individual examination (2500
words)
Assessment deadline: C o u rsework 2: Individual Assessment 60%
Due on 6th/Jan/23, via Turnitin (no later than 2pm)
Specific submission requirements: document format
(doc)
Kind reminder: You MUST make a reasonable attempt at your assignment and
submit it. Failure to do so may result in CAPPED Resit and/or failure of the module.
It is also students full responsibility to ensure that all assignments are submitted on the
correct link and on time before the submission date.
Page 2 of 9
Assignment Support and Guidance
Assignment support:
Although you will be guided throughout the module by your lecturer, you can get
extra support for your assignment, just make an appointment with the ACE team for
any language, research and study skills issues and/or talk, email the Computing
ACE expert for any advice on how to approach your assignment. REMEMBER: they
are not here to give you the answers!
Deliverables:
Coursework 2 is an individual report and will be submitted as a MS Word document
(2500 words in total excluding all diagrams, documentation and description) via
Turnitin on Moodle and must include all the required components.
Coursework 2 is worth 60% of the overall assignment. The assignment preparation
guidelines are outlined below:
1. All components of the assignment report must be word processed (hand-written text
or hand-drawn diagrams are not acceptable), font size must be within the range of 12
point to 13 point including the headings, body text and any text within diagrams.
2. Standard and commonly used fonts such as Times New Roman, Arial or Calibri
should be used.
3. Your document must be aligned left or justified with line spacing of 1.5.
4. All figures, graphs and tables must be numbered and labelled.
5. Material from external sources must be properly referenced and cited within the text
using the Harvard referencing system.
6. All components of the assignment (e.g. text, diagrams, code etc.) Must be submitted
within a single MS Word document.
Page 3 of 9
Submission instructions:
Submit in due time in Turnitin on Moodle. Late submission, where the student submits
work up to 14 calendar days after the deadline (up to 2pm) will be accepted and
marked. For Late submissions, percentage mark for the component of assessment
will be capped at 40%.
Kind reminder: it is students full responsibility to ensure that all
assignments are subm itted on the correct link and on tim e before the
subm ission date. Failure to do so m ay result in CAPPED Resit and/or
failure of the m odule.
Page 4 of 9
Assignment Brief
Attempt all the following tasks set in the assignment. Marks are provided in order to
produce a documented system that meets the requirements as specified below. Please
specify the task number in your assignment.
T ask 1: Security vulnerabilities [25%]
You are an Information Security officer working on InfoIT Limited. You have
been informed of some vulnerabilities in your company’s web server. These can be
seen in the following list:
Improper Authentication
Cross-site-scripting vulnerabilities
Sensitive Data Exposure
a. Give a detailed explanation of how each vulnerability from the above list can be
exploited and give recommendations on what should be done against each of
them. (15 marks)
b. You have been told that one of your applications has a “SQL injection”
vulnerability. Explain two tools/techniques which can be used to detect and
exploit “SQL injection”? Perform a SQL injection using an appropriate tool and
demonstrate steps with brief explanation. (10 marks)
T ask 2: Security tools/T echniques [25%]
You are an Information Security officer working on TechnoIT Limited. The
managing director calls you one day; he looks concerned and says “The festivities will
soon be upon us and we have a new range of products ready for market. For
operational reasons, all product files need to be kept on the local server for use by our
managers. However, I fear our competitors will hire hackers to access our servers and
steal or corrupt our files.” The managing director outlines the need for three different
methods of protections and requires expert opinion on a relevant technology for each.
Page 5 of 9
a. For each of the following instances, choose a technology that would best
serve the required need, describe its operation and justify your choice. Each instance
should describe a different technology. (12 marks)
i. Prevent hackers from finding a file. Evaluate and justify your answer
using literature for the scenario above.
ii. Prevent hackers from reading a file. Evaluate and justify your answer
using literature for the scenario above.
iii. Enable alteration of a file by a hacker to be detected. Evaluate and justify
your answer using literature for the scenario above.
b. For each of the three choices of technology discussed in (a) above, critically
analyse how a hacker might attempt to counteract your protection. (6 marks)
c. Demonstrate how you can use Steganography tools to hide images. You can
use any standard tool such as SEToolkit. (7 marks)
T ask 3: Social Engineering [20%]
According to Barracuda Networks (2020), phishing emails have spiked by over 600%
since the end of February as cyber-criminals look to capitalise on the fear and
uncertainty generated by the COVID-19 pandemic. The security vendor observed just
137 incidents in January, rising to 1188 in February and 9116 so far in March. Around
2% of the 468,000 global email attacks detected by the firm were classified as COVID-
19-themed. These attacks used widespread awareness of the pandemic to trick users
into handing over their log-ins and financial information, and/or unwitting ly
downloading malware to their computers of the COVID-19 phishing attacks of which
54% were classed as scams, 34% as brand impersonation attacks, 11% blackmail and
1% as business email compromise (BEC) [Infosecurity Magazine March 2020].
a. Assess five different methods employed by social engineers to trick users
into handing over their log-ins and financial information’ in terms of their effectiveness .
(10 marks)
b. Demonstrate how hackers can use social-engineering tools to carry out their
attacks. (10 marks)
Page 6 of 9
T ask 4: Ethical hacking [20%]
1. With the aid of a diagram, outline the phases of ethical hacking steps (5
marks).
2. The first step of hacking is also called Footprinting and informatio n
gathering Phase. Name the types of Footprinting and explain this by giving examples.
(7 marks)
3. Explain the concepts of Hashing and any two applications of it. (8 marks)
Presentation, Report Layout and References [10%]
Assignment Checklist
TASKS COMPLETED tick
Cover sheet completed
Table of Content done
Introduction
Task 1: Business Continuity Management
Task 2: Security tools/Techniques
Task 3: Security Controls
Task 4: Social Engineering
Conclusion and future direction
Grammatical errors check completed
In-text citations correctly written
Reference list on a separate page, completed and in the correct format
Page 7 of 9
M arking Criteria
Functionality Criteria /Deliverables Marks
T ask 1:
You have explained exploitation methods for each
vulnerability listed. You have also outlined the suitable
countermeasures against each of them (15)
You have evaluated a tool/technique can be detected and
exploited SQL Injection vulnerability such as SQLMAP using
snaps and explanations (10)
25
T ask 2:
You have discussed three different security tools and
techniques such as steganography, encryption and hashing
(12)
You have discussed what hacker might attempt to do to get
round your protection (6)
You have managed to demonstrate the use of any
steganography tools to hide images (7)
25
T ask 3
You have discussed different techniques of social
engineering with examples and literatures. (10)
You have managed to demonstrate the use of any social
engineering tools to perform any kind of social-engineering
attack (10)
20
T ask 4
You have discussed details of Ethical hacking life
cycle/stages with the aid of diagram/s and examples (5)
You have outlined the Footprinting and its classification with
explanations and example (7)
You have managed to perform network scanning using any
appropriate tools (e.g Nmap/Zenmap) and analyse the
results (8)
20
Introduction,
Conclusion,
References and
Report layout
Your report is well laid out and formatted according to the
given requirements. Your report is free from grammatical
and spelling errors. The Harvard system has been used to
cite work where necessary and a list of references is also
provided.
10
Total 100
Page 8 of 9
Assignment Preparation Guidelines
All components of the assignment (text, diagrams. code etc.) must be submitted in one Word
file (hand-written text or hand drawn diagrams are not acceptable), any other accompanie d
materials such as simulation file, code, etc. should be attached in appendices.
Standard and commonly used fonts such as Arial or Calibri should be used and font size must
be within the range of 10 to 15 points including the headings, body text and any texts within
diagrams,
Spacing should not be less than 1.5
Pay attention to the Assessment criteria / Marking scheme; the work is to be concise and
technical. Try to analyse, compare and evaluate rather than simply describe.
All figures, screenshots, graphs and tables must be numbered and labelled.
Material from external sources must be properly referenced and cited within the text using the
Harvard referencing system,
The assignment should be logically structured; the core of the report may start by defining the
problem / requirements, followed by the proposed solution including a detailed discussion,
analysis and evaluation, leading to implementation and testing stage and finally a conclusion
and/or personal reflection on learning should be provided.
Screenshots without description / discussion does not constitute understanding and maybe
assumed irrelevant.
Please access your Turnitin Test Page via Dashboard or My modules to learn more about
Turnitin and to make a test submission and to check your similarity score before uploading your
final version
You will have the opportunity to submit as many times to your module pages as you want up
until the deadline.
Make sure to make backup of your work to avoid distress for loss or damage of your original
work, use multiple storage media (memory stick, cloud and personal computer).
Plagiar ism and Collusion
Aca de mic Inte grity is a matter that is taken very seriously at the university and student should
endeavour to enforce it to all their assignments. In other words, plagiarism, collusion (workin g
and copying from another student) and ghost writing will not be tolerated and will result in
sanctions e.g.: capped resit, suspension and/or withdrawal. Correct referencing demonstrates
your academic and professional skill. It also reflects your academic honesty and thus to some
degree protects you from cases of plagiarism.
Plagiarism: occurs when you present somebody elses work as your own, whether that work is
an idea, graphs, figure, illustration or a pure text. Be it available in web, textbooks, reports or
otherwise.
Plagiarism will be dealt with firmly and can lead to serious consequences and disciplinary
procedures.
You must write your assignment in your own words to demonstrate your understanding of the
subject.
Collusion: occurs when copying another students report (Text, Figures, Illustration etc.) and
submitting it as your own.
W holesale use of text and diagrams from websites is considered as plagiarism when not
acknowledged.
You are required to follow the Roe ha mpton Ha rva rd re fe re ncing Syste m. Please refer to
Moodle for the latest version of the Roe ha mpton Ha rva rd re fe re ncing Syste m or ask the
library.
An accompanying list of references (on a se pa ra te pa ge a nd in a lpha be tica l orde r) must also
be provided as part of your work.
Page 9 of 9
Submission and Late submission
Students must ensure that their work is satisfactory and fit for purpose, both academically and
free from any plagiarism.
Students must use an appropriate coversheet, which must include the subject, assignment title,
student ID and date-time.
Tutors, lecturers and module convenors do not have the authority to extend the submission
deadlines nor the exam time/date. In case of any mitigating circumstances, students should fill
in the relevant mitigating circumstances form(s) available at
[email protected]
The marking of the assignment will be capped to 40 if the assignment is submitted within first
fourteen (14) days after the deadline. Any submission later than 14 days will be ignored.
The Submission File should be appropriate to the topic/title of the assignment and contain the
Student ID, (Student ID-Assignment title)
All coursework related material must be attached as an appendix in the final
coursework/assignment document, including any computer-generated document, software /
code, simulation file etc.
Resit submission date: TBC
For students, who are offered a resit, you are required to improve and resubmit your original work.
You must resubmit your work using the specific resit Turnitin link on Moodle. Please check the Moodle
page and your emails for more information.
You should:
1. Review your previously submitted work and read carefully the feedback given by the marker.
2. Use this feedback to help you revisit and rewrite your work, improving it in the areas identified
as weak in the original marking process.
If you did not submit work at the first opportunity you cannot reflect on your feedback. However, you
are still required to submit your work. Please note that a non-submission will result in a Qualified-
Fail. The original marking criteria will still apply, please refer to the marking criteria.
Mitigating circumstances/what to do if you cannot submit a piece of
work or attend your presentation
The University Mitigating Circumstances Policy can be found on the University website – Mitigating
Circumstances Policy. Please contact the MITIGATING CIRCUMSTANCES TEAM ON:
[email protected]

WE WRITE ESSAYS FOR STUDENTS

Tell us about your assignment and we will find the best writer for your paper.

Get Help Now!