Assessment Details and Submission Guidelines
Trimester T3 2020
Unit Code HS3011
Unit Title Information Security
Assessment Type Individual Assignment
Assessment Title Security Hands-On Projects
Purpose of the
assessment (with ULO Mapping) The purpose of this assignment is to exercise and develop skills required in implementing and testing different security tools and configuration.
Students will be able to:
1. Understand the challenges and impact of factors that relate to Information Systems security management
2. Demonstrate an understanding of security frameworks, models and standards and their application to different business scenarios,
3. Communicate effectively, information systems’ security concepts and controls to both technical and non-technical stakeholders
Weight 25% of the total assessments
Total Marks 25
Word limit 1500 - 2000 words
Due Date End of Week 07
Submission
Guidelines • All work must be submitted on Blackboard by the due date along with a completed Assignment Cover Page.
• The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2 cm margins on all four sides of your page with appropriate section headings.
• Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using Harvard or IEEE referencing style.
Assignment Requirements:
You are required to follow the instructions in each project and provide screen shots for the outcomes in addition to the answers to any provided questions.
PROJECT 1: Examining Data Breaches
The Privacy Rights Clearinghouse (PRC) is a non-profit organization whose goals are to raise consumers’ awareness of how technology affects personal privacy and empower consumers to act to control their own personal information. The PRC maintains a searchable database of security breaches that impact consumer’s privacy. In this project, you gather information from the PRC website.
1.Open a web browser and enter the URL www.privacyrights.org (if you are no longer able to access the site through the web address, use a search engine to search for “Privacy Rights Clearinghouse data breach.”
2.First spend time reading about the PRC by clicking LEARN MORE.
3.Click Data Breaches at the top of the page.
4.In the search bar enter a school, organization, or business with which you are familiar to determine if it has been the victim of an attack in which your data has been compromised.
5.Click Data Breaches to return to the main Data Breaches page.
6.Now create a customized list of the data that will only list data breaches of educational institutions. Under Select organization type(s), check only EDU- Educational Institutions.
7.Click Search Data Breaches.
8.Read the Breach Subtotal information. How many breaches that were made public pertain to educational institutions? How many total records were stolen?
9.Scroll down and observe the breaches for educational institutions.
10.Scroll back to the top of the page. Click New Data Breach Search.
11.Now search for breaches that were a result of lost, discarded, or stolen equipment that belonged to the government and military. Under Choose the type of breaches to display, check Portable device (PORT) - Lost, discarded or stolen laptop, PDA, smartphone, portable memory device, CD, hard drive, data tape, etc.
12.Under Select organization type(s), check GOV - Government & Military.
13.Click Search Data Breaches.
14.Read the Breach Subtotal by clicking the Download Results (CSV) file.
15.Open the file and then scroll down the different breaches. What should the government be doing to limit these breaches?
16.Scroll back to the top of the page. Click New Data Breach Search.
17.Now create a search based on criteria that you are interested in, such as the Payment Card Fraud against Retail/Merchants during the current year.
18.When finished, close all windows.
19. Write a summary of your experience in gathering information from the PRC website PROJECT 2: Analyzing Files and URLs for Viruses Using VirusTotal
VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs to identify potential malware. VirusTotal scans and detects any type of binary content, including a Windows executable program, Android, PDFs, and images. VirusTotal is designed to provide a “second opinion” on a file or URL that may have been flagged as suspicious by other scanning software. In this project, you use VirusTotal to scan a file and a URL.
1. First view several viruses from 20 years ago and observe their benign but annoying impact. Open your web browser and enter the URL archive.org/details/malwaremuseum&tab=collection
(if you are no longer able to access the site through the web address, use a search engine to search for “Malware Museum”).
2. Click several of the viruses and notice what they do (all of the viruses have been rendered ineffective and will not harm a computer).
3. When finished close your web browser.
4. Use Microsoft Word to create a document that contains the above paragraph (written in blue colour) about VirusTotal. Save the document as VirusTotal.docx.
5. Now save this document as a PDF. Click File and Save As.
6. Under Save as type: select PDF (*.pdf).
7. Save this file as YourName-VirusTotal.pdf.
8. Exit Word.
9. Open your web browser and enter the URL www.virustotal.com (if you are no longer able to access the site through the web address, use a search engine to search for “Virus Total”).
10. If necessary, click the File tab.
11. Click Choose File.
12. Navigate to the location of YourName-VirusTotal.pdf and click Open.
13. Click Scan it!
14. If the File already analysed dialog box opens, click Reanalyse.
15. Wait until the analysis is completed.
16. Scroll through the list of AV vendors that have been polled regarding this file. A green checkmark means no malware was detected.
17. Click the File detail tab and read through the analysis.
18. Use your browser’s back button to return to the VirusTotal home page.
19. Click URL.
20. Enter the URL of your school, place of employment, or another site with which you are familiar.
21. Click Scan it! If the URL already analysed dialog box opens, click Reanalyse.
22. Wait until the analysis is completed.
23. Scroll through the list of vendor analysis. Do any of these sites indicate Unrate site or Malware site?
24. Click Additional information.
25. Answer the following questions:
a. How could VirusTotal be useful to users?
b. How could it be useful to security researchers?
c. Could it also be used by attackers to test their own malware before distributing it to ensure that it does not trigger an AV alert?
d. What should be the protections against this?
26. Close all windows.
PROJECT 3: Preventing Vishing Attacks
Vishing, or voice phishing, continues to increase as an attack against users. First, access the online SoundCloud repository by NumberCop that contains several different recordings of vishing attacks (soundcloud.com/numbercop). After listening to several of the recordings to understand what attackers typically ask and how they craft their attacks, create guidelines for not falling prey to these attacks:
a. What would you do to help prevent users from becoming victims?
b. What messages do the attackers commonly use?
c. How do they trick users into entering their information?
d. What social engineering effectiveness reasons do they use?
Then write a series of steps that would help users resist these attacks. Write a one-page paper on your research.
PROJECT 4: DoS Attacks
Denial of service (DoS) attacks can cripple an organization that relies heavily on its web application servers, such as online retailers:
a. What are some of the most widely publicized DoS attacks that have occurred recently?
b. Who was the target?
c. How many DoS attacks occur on a regular basis?
d. What are some ways in which DoS attacks can be prevented?
Write a half-page paper on your research.
Submission Guidelines
Create a business report with:
Cover page
• Document Title
• Author(s) information
Table of contents
• You have to use Microsoft Word build-in function to create a Table of Contents.
Executive Summary
• What this assignment is about and what you want to achieve (should be about 100 words, ES is differed to compare with Introduction).
Introduction
• You are required to list the major responsibilities which you should take on to help in solving the business’ problem. What is your basic plan? Where do you start from? What do you want to achieve?
• The purpose of your work
• The structure of your report
The assignment submission should take the form of a report that thoroughly details the challenges. All information sources must be appropriately acknowledged and a full bibliography is required.
PLEASE NOTE
Your submission document should be a single word or pdf document containing your report.
All submissions are to be submitted through the safeAssign facility in Blackboard. Submission boxes linked to SafeAssign will be set up in the Units Blackboard Shell. Assignments not submitted through these submission links will not be considered.
Submissions must be made by the due date and time (which will be in the session detailed above) and determined by your unit coordinator. Submissions made after the due date and time will be penalized per day late (including weekend days) according to Holmes Institute policies.
The SafeAssign similarity score will be used in determining the level, if any, of plagiarism. SafeAssign will check conference web-sites, Journal articles, the Web and your own class members submissions for plagiarism. You can see your SafeAssign similarity score (or match) when you submit your assignment to the appropriate drop-box. If this is a concern you will have a chance to change your assignment and resubmit. However, resubmission is only allowed prior to the submission due date and time. After the due date and time have elapsed your assignment will be graded as late. Submitted assignments that indicate a high level of plagiarism will be penalized according to the Holmes Academic Misconduct policy, there will be no exceptions. Thus, plan early and submit early to take advantage of the resubmission feature. You can make multiple submissions, but please remember we only see the last submission, and the date and time you submitted will be taken from that submission.
Academic Integrity
Holmes Institute is committed to ensuring and upholding Academic Integrity, as Academic Integrity is integral to maintaining academic quality and the reputation of Holmes’ graduates. Accordingly, all assessment tasks need to comply with academic integrity guidelines. Table 1 identifies the six categories of Academic Integrity breaches. If you have any questions about Academic Integrity issues related to your assessment tasks, please consult your lecturer or tutor for relevant referencing guidelines and support resources. Many of these resources can also be found through the Study Sills link on Blackboard.
Academic Integrity breaches are a serious offence punishable by penalties that may range from deduction of marks, failure of the assessment task or unit involved, suspension of course enrolment, or cancellation of course enrolment.
Table 1: Six categories of Academic Integrity breaches
Plagiarism Reproducing the work of someone else without attribution. When a student submits their own work on multiple occasions this is known as self-plagiarism.
Collusion Working with one or more other individuals to complete an assignment, in a way that is not authorised.
Copying Reproducing and submitting the work of another student, with or without their knowledge. If a student fails to take reasonable precautions to prevent their own original work from being copied, this may also be considered an offence.
Impersonation Falsely presenting oneself, or engaging someone else to present as oneself, in an in-person examination.
Contract cheating Contracting a third party to complete an assessment task, generally in exchange for money or other manner of payment.
Data fabrication
falsification and Manipulating or inventing data with the intent of supporting false conclusions, including manipulating images.
Source: INQAAHE, 2020