Recent Question/Assignment
1. For this question you are required to make at least Four (4) forum postings concerning the following topic: Do you think the ''fear factor'', or FUD, is an appropriate strategy for increasing investment in security? You will be assessed on what you contribute to the debate in terms of quality not quantity (though your posting should at a minimum be a few sentences long). You may either create a new thread or reply to a previous posting. All new threads should contain the subject line 'FUD Debate'
2. Answer the following questions with reference to the case study below, which details the security layout of an airport (note: you only need to consider the departure process for this question, not the arrival process):
a. Use a diagram (with symbols like those in Inside the Security Mind, Fig.5.2) to describe the security layout below using a thinking in zones approach. The areas you need to classify as either untrusted, semitrusted or trusted are the main terminal area, the sterile area, and the apron. You should also indicate whether any filtering occurs between these zones, and the types of communication allowed. In doing so, you may have to extend the meaning of the communication symbols in Fig.5.2 so that they fit a human traffic scenario.
b. In each case, explain why you classified each area (the main terminal area, the sterile area, and the apron) as you did.
c. From your answers above, identify which area(s), if any, are high exposure, medium exposure, medium-low exposure, and low exposure.
d. Do you think the ''Thinking in Zones'' approach is equally applicable to an airport scenario as it is to a computer networking scenario? Why or why not?
Airport layout:
Airport details
• Anyone is permitted both to enter and leave the airport terminal at their discretion.
• Once inside the terminal, passengers check in at the airport counter to receive a boarding pass.
• To board a flight, passengers must first enter the airport's sterile area. To enter the sterile area, it is necessary to go through a security check. Once inside the sterile area, passengers are free to go back to the main terminal area (but they will need to undergo another security check to re-enter the sterile area).
• Passengers must move onto the airport apron to board their flight. In order to do this, it is necessary to have a boarding pass. A check is made at the flight gate to ensure passengers have a boarding pass.
• Once on the airport apron, passengers must board the plane. They are not permitted to re-enter any other part of the airport.
3. Explain what the author of Inside the Security Mind means by the following statement: 'As zoning functionality increases, exposure increases' (Day 2003, p.77). In addition, offer four practical examples in support of this statement.
4. When acquiring software from an external source (such as a web site), it is good practice to install and run it on a test machine that is isolated from any internal network. Use the -Thinking in Zones- approach described in the Day text to explain why this practice is recommended.(at least two recommendations)
5. You are asked to do a presentation on the topic of failing securely. Research the following concepts to be used as examples in your presentation. For each concept, prepare a brief description (at least two paragraphs) showing how it supports the concept of failing securely:
• The air-brake system on a railway carriage;
• The TTL count in a TCP/IP packet;
• A firewall access control list;
• A Java bytecode file that contains an arbitrary jump in the code that has been added by an attacker, and which points to a piece of viral code appended to the end of the file.
6. You download a piece of software (signed with a digital signature) from the Internet, and run it using the administrator account on your computer. Using Day's theory ofchained trusts explain any two ways why this is dangerous.
7. Explain the difference between the concepts of risk and uncertainty.
8. A risk manager evaluates whether or not to apply a countermeasure to control risk. The countermeasure may involve risk reduction, risk assignment, or risk acceptance. Briefly summarise these different approaches.
2. Answer the following questions with reference to the case study below, which details the security layout of an airport (note: you only need to consider the departure process for this question, not the arrival process):
a. Use a diagram (with symbols like those in Inside the Security Mind, Fig.5.2) to describe the security layout below using a thinking in zones approach. The areas you need to classify as either untrusted, semitrusted or trusted are the main terminal area, the sterile area, and the apron. You should also indicate whether any filtering occurs between these zones, and the types of communication allowed. In doing so, you may have to extend the meaning of the communication symbols in Fig.5.2 so that they fit a human traffic scenario.
b. In each case, explain why you classified each area (the main terminal area, the sterile area, and the apron) as you did.
c. From your answers above, identify which area(s), if any, are high exposure, medium exposure, medium-low exposure, and low exposure.
d. Do you think the ''Thinking in Zones'' approach is equally applicable to an airport scenario as it is to a computer networking scenario? Why or why not?
Airport layout:
Airport details
• Anyone is permitted both to enter and leave the airport terminal at their discretion.
• Once inside the terminal, passengers check in at the airport counter to receive a boarding pass.
• To board a flight, passengers must first enter the airport's sterile area. To enter the sterile area, it is necessary to go through a security check. Once inside the sterile area, passengers are free to go back to the main terminal area (but they will need to undergo another security check to re-enter the sterile area).
• Passengers must move onto the airport apron to board their flight. In order to do this, it is necessary to have a boarding pass. A check is made at the flight gate to ensure passengers have a boarding pass.
• Once on the airport apron, passengers must board the plane. They are not permitted to re-enter any other part of the airport.
3. Explain what the author of Inside the Security Mind means by the following statement: 'As zoning functionality increases, exposure increases' (Day 2003, p.77). In addition, offer four practical examples in support of this statement.
4. When acquiring software from an external source (such as a web site), it is good practice to install and run it on a test machine that is isolated from any internal network. Use the -Thinking in Zones- approach described in the Day text to explain why this practice is recommended.(at least two recommendations)
5. You are asked to do a presentation on the topic of failing securely. Research the following concepts to be used as examples in your presentation. For each concept, prepare a brief description (at least two paragraphs) showing how it supports the concept of failing securely:
• The air-brake system on a railway carriage;
• The TTL count in a TCP/IP packet;
• A firewall access control list;
• A Java bytecode file that contains an arbitrary jump in the code that has been added by an attacker, and which points to a piece of viral code appended to the end of the file.
6. You download a piece of software (signed with a digital signature) from the Internet, and run it using the administrator account on your computer. Using Day's theory ofchained trusts explain any two ways why this is dangerous.
7. Explain the difference between the concepts of risk and uncertainty.
8. A risk manager evaluates whether or not to apply a countermeasure to control risk. The countermeasure may involve risk reduction, risk assignment, or risk acceptance. Briefly summarise these different approaches.
Looking for answers ?
Recent Questions
Module code: BMA4005-20Module title: Professional PracticeAssignment: A1. Digital PosterWord count: 500Contribution to module mark: 40% of overall gradeAssessment type: IndividualWeight 40%Submission deadline:...Assessment Criteria for Written Report (20%)• Submission of a minimum 1500 to maximum 1800-words written report due from week 9. You will submit your written report one week after you have undertaken the...Assessment 2: (20%) Case Study Presentation Due Date weeks 10This assessment builds on your theoretical knowledge and tests your ability to apply this knowledge to practice.you are required to formulate...Assessment 2Assessment 2Report: 30%Word count: 1400 – 1600 wordsDue date: Sunday of Week 8DescriptionYou are playing the role of a community service worker supporting a young adult son who is 18 years...1500-1800 wordsInstructions From TutorPlease download the eTask3 spreadsheet from Canvas and save the eTask spread as an Excel file. The main content of the force method is taught in Lectures 6,7&8.eTask3.1 is a...ASSIGNMENT INSTRUCTIONSAssessment Practical assessmentAssessment code: 011Academic Year: 2023/2024Trimester: 2Module Title: Critical Perspectives on Cross-Border BusinessModule Code: MOD009194Level: 6Module...Show All Questions