ICT205 CYBER SECURITY T3
Assessment Details
Assessment 1
Type: Tutorial Weekly Submissions
Purpose: Students will be required to answer questions in weekly tutorial exercises based on the topics covered in lectures. This assessment contributes to learning outcomes a, b, c, d.
Assessment topic: weekly covered contents.
Task details: Weekly tutorial participation assessed during tutorial time. Students must complete the weekly tutorial exercises and upload the answers on Moodle. Tutors will provide feedback to the students during the activities conducted in tutorials
Assessment 2
Assessment type: Multiple Choice Quiz – individual assignment invigilated open book.
Purpose: This assessment will allow students to demonstrate their understanding of the topics discussed during tutorials. This assessment contributes to learning outcome a.
Task Details: The quiz will consist of a series of multiple-choice questions relating to subject content taught in weeks 1 – 3 inclusive.
Assessment 3
Assessment type: Practical and Written Assessment, Individual assignment (2000 words).
Purpose: The purpose of this assignment is to assess the students’ understanding on identifying the risks, vulnerabilities and awareness of current industry and research trends in the field of information security. Students need to exercise operational, analytical, and critical skills in order to reduce the potential security risks involved in the given case study. Analyse and evaluate the organizational adoption of security controls. Design solutions for concrete security problems for distributed applications. This assessment contributes to learning outcomes a, b, c, d.
Assessment topic: Risk identification, assessment and treatment
Task details: This Assignment requires you to perform risk identification, assessment and treatment based on the given case study. Also, it is required to implement ethical hacking (which does not do any malicious activity) on your own virtual machine. This is just for demonstration purposes and focusing the risk identification, assessment and treatment accordingly and you should not implement it on any other computers.
The assignment’ requirements are Kali Linux and the required tools.
Case Study for the Assignment: An educational institute suffers from very low information security in terms of maturity across many elements of infosec and information assurance, including cyber resilience and application of cybersecurity good practice. Data breaches could have the institute putting its reputation at risk, and students expect a high level of protection of their data. It is highly recommended that there is a need to impose a certain level of filtering for the network to be secure so as to sustain from threats and attacks. To add restrictions on a particular network it is necessary to identify the possible threats to the organization. For example, it is necessary to identify the important services that run on the network. In order to get this done, there is a need to perform scanning on the network to identify the services and ports of the applications. Furthermore, the firewall needs to be configured by adding rules to block and allow the services based on the requirements of the organization and the security perspectives of the network.
Part A:
The institute had no dedicated security team and therefore till now no security policy is in place. Recently, the governing body of this business forms a security team and makes following two goals that they would like to achieve in six months –
- Assessing the current risk of the entire organization
- Treat the Risk as much as possible
Task I: Risk Identification In achieving the above two goals, you will do the followings –
- Find at least five assets
- Find at least two threats against each asset
- Identify vulnerabilities for the assets
Task II: Risk Assessment
At the end of the risk identification process, you should have i) a prioritized list of assets and ii) a prioritized list of threats facing those assets and iii) Vulnerabilities of assets. At this point, create Threats- Vulnerabilities-Assets (TVA) worksheet and calculate the risk rating.
Task III: Risk Treatment
In terms of Risk Treatment, for each of the five identified risks, state what basic strategy you will take. Justify for each decision. Also, advise all possible protection mechanisms and corresponding place of application.
Part B:
For better understanding of the above tasks, implement threat on your own virtual machine and consider tasks I, II, and III of part A:
Tips: You may implement XSS attack or SQL injection or any other attacks that you can run it on your own system
NOTE: You should not run the attacks on any other systems as you are not allowed to collect a user’s personal information due to the cybercrime.
Assessment 4
Assessment type: Final Exam: individual– invigilated open book exam.
Duration: On-campus: 2 hours + 10 mins reading time. Online: 2 hours + 30 mins technology allowance.
Purpose: The purpose of the final examination is to test student understanding of all topics covered in this subject. This assessment contributes specifically to learning outcomes a, b, c, and d.
Topic: The examination may cover content from any part of the subject.
Task Details: Students will be expected to answer written response questions