simply just need the answers of the questions in the tutorial
Information Security 2018
Tutorial work for Week 2 Tutorial
We will start the tute with a quick discussion on any issues from the week 1 lecture and the week 2 lecture notes – no need to include anything about this in your submission; just a catchup.
1. Conduct a search for a recent information security breach that has been reported (other than the breach issues discussed in the week 1 lecture).
a. Write a paragraph or two outlining what you think this incident might mean for information security practice.
b. In your opinion, why did this breach happen?
c. What do you think the consequences might be for the target?
2. Using a web search engine (or some other approach), find an example of either a corporate vision statement, a corporate mission statement or corporate goals, that express concern for the security of corporate information (note that you are not looking for an information security policy document here – we will do more with this in week 3). Don’t spend too long looking for a relevant document, as it may be difficult finding something suitable.
a. briefly describe any difficulties you may have had in finding a suitable mission statement. Did you use any specific search strategies?
b. it should have been clear that many organisations don’t deal with information security at that level – do you see this lack of attention to information security at this level as an issue?
c. does the statement link to other security related documents, such as a security policy, standards of some sort (either internal or external), or an action plan of some sort? (you don’t need to analyse these documents here, but they may be helpful for next week)
Note that the primary document of concern here should be high level mission statement, not underlying security policies.
Locate the Shodun system: https://www.shodan.io/. Look for the search on -default password- as shown below.
a. Warning. Looking at default passwords using tools such as Shodun is legal. Attempting to access a system in an unauthorised manner is illegal.
b. Can you find any information about the highlighted organisations? See what you can find out about one of the highlighted organisations using Google or Bing to see if they have a web presence).
a. Do they have a published policy?
b. Do they have a published security policy
Think about the issues this might raise with respect to information security practice in organisations and include some brief notes about these in your submission
a. Include two technical and two human related security weaknesses.
b. Note a few of the actions that organisations could do to protect themselves from these types of attacks?
Please do not bring the security policies this week - this is something we will look at in week 3.]
Be prepared to discuss your findings and thoughts in the tutorial. This is where we can all learn about how organisations might manage (or not) their security.
Remember the tutorial assignment grading is assessed based on you summation and contribution in the tutorial, evidence of critical thinking (research) and writing. We are looking for 1~ 2 pages and remember to cite and reference any material you looked at the form your opinions.