SBM4304 IS Security and Risk Management Assignment
| Assessment Task | Type | Weighting | Due | Length | ULO |
|---|---|---|---|---|---|
| Assessment 1: Case Study
Write a report to discuss recent type of information security attacks, protection mechanism and risk management. |
Individual | 30% | Week 6 | 2500 words | ULO-2
ULO-3 ULO-4 |
| Assessment 2: Applied project Discuss and implement IS security protection techniques, and
implementing access control under Linux. |
Group | 30% | Week 12 | 2500 words | ULO-1
ULO-2 ULO-3 ULO-4 |
| Assessment 3: Laboratory
Practicum Weekly quizzes and lab activities and exercises assess students’ ability to understand theoretical materials. The quiz will be either multiple choice questions or short questions which are relevant to the lecture materials. |
Individual | 40% (30%
quizzes, 10% lab work activities) |
Week 3, 4, 6, 8, 10 | 3000 words | ULO-1
ULO-2 ULO-3 ULO-4 |
Assessment 1: Case study
| Due date: | Week 6 |
|---|---|
| Group/individual: | Individual |
| Word count / Time provided: | 2500 |
| Weighting: | 30% |
| Unit Learning Outcomes: | ULO-2, ULO-3, ULO-4 |
Assessment Details:
Today’s Internet has its roots all the way back in the late 1960s, but it was only used by researchers and the military for almost a quarter of a century. The Internet has opened the door for threat actors to reach around the world invisibly and instantaneously to launch attacks on any device connected to it.
Answer the following questions related to the case study:
- Identify and examine all types of the malicious cyber activities identified by ACSC and summarize them in a table.
- Identification and categories assets, including all elements of an organization’s system (people, procedures, data and information, software, hardware, and networking)
- Create a table to identifying and prioritizing threats against each type of asset identified in item (2). You have to demonstrate the way you follow to prioritizing threats with justification.
- In general, the security defences should be based on five fundamental security principles: layering, limiting, diversity, obscurity, and simplicity. The ACSC proposed eight strategies to prevent malware delivery and limit cyber Security incidents. Analyse these principles with the strategies proposed by the ACSC. In your analysis, you have to clearly demonstrate how each mitigation strategy is related to fundamental security principle with justification.
Create a report to answer the above questions, your report must include introduction and report summarisation in addition to a cover page that includes your details.
Marking Criteria and Rubric: The assessment will be marked out of 100 and will be weighted 30% of the total unit mark
| Marking Criteria | Not satisfactory (0-49%) of the criterion mark | Satisfactory (50-64%) of the criterion mark | Good (65-74%) of the criterion mark | Very Good (75-84%) of the criterion mark | Excellent (85-100%) of the criterion mark |
|---|---|---|---|---|---|
| Introduction (10 marks) | Poor Introduction with irrelevant details | Introduction is presented briefly with some relevance and missing elements. | Introduction is generally presented in good fashion, however missing one element. | Introduction is well written with clear discussion. | Introduction is very well written with very clear background, discussion. |
| Types of the malicious cyber activities identified by ACSC and summarize them in a table (20 marks) | Poor discussion with irrelevant information and table | Brief discussion about some threats with general information in the table. | Generally good discussion with general information in the table. | Very clear discussion about threats with good information in the table. | In-depth and very clear discussion about threats with very good information in the table. |
| Identification and categories assets (20 marks) | Poor discussion with irrelevant information | Brief identification and categories assets. | Generally good identification and categories assets | Very clear identification and categories assets | A very detailed and very clear identification and categories assets |
| Identifying and prioritizing threats against each type of asset (20 marks) | Poor identifying and prioritizing threats against each type of asset | Brief identifying and prioritizing threats against each type of asset | Generally good identifying and prioritizing threats against each type of asset | Very clear identifying and prioritizing threats against each type of asset | A very clear and in-depth identifying and prioritizing threats against each type of asset |
| Analysing the five fundamental security principles with the security mitigation proposed by the ACSC (20) | Poor Introduction with irrelevant details. | Brief discussion of the five fundamental security principles with the security mitigation proposed by the ACSC. | Generally good discussion of the five fundamental security principles with the security mitigation by the ACSC. | Very clear discussion of the five fundamental security principles with the security mitigation proposed by the ACSC. | In-depth and very clear discussion of the five fundamental security principles with the security mitigation proposed by the ACSC. |
| Summary (10 marks) | Summary not relating to the report | Brief summary of the report with some relevance | Generally good summary of the report | clearly summarizing the overall contribution | very clearly summarizing the overall contribution |
Assessment 2: Applied Project
| Due date: | Week 12 |
|---|---|
| Group/individual: | Group |
| Word count / Time provided: | 2500 words |
| Weighting: | 30% |
| Unit Learning Outcomes: | ULO-1, ULO-2, ULO-3, ULO-4, ULO-5 |
Assessment Details:
This assessment is designed to assess your technical skills in applying information security tools. In this assignment, you have to study and apply steganography techniques to embedded data within a file. In addition, you have to understand Linux file systems and apply access control technologies. The assessment is also assessing your skills to analyses information security principles against security techniques including steganography and access control. In completing this assessment successfully, you will be able to investigate IS security, risk threats and propose the suitable security controls, which will help in achieving ULO-1, ULO-2, ULO-3, and ULO-4.
Task Specifications
This assessment includes three tasks as follows:
Task-1:
Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. Use Steghide tools available in Kali Linux/Linux to hide a text file that includes your group students IDs on audio file. You have first to create audio file with no more than 30 second to record your group students IDs only. Then, you have to create text file to include group details include first and last name for each student in your group. Finally, use Steghide tools (use security as passphrase) to embedded your text file into the created audio file.
In your report, you have to provide screenshot demonstrate the steps with the commands you followed during the process of installation of Steghide, and the way use used to hide group information text file into audio file and finally the steps to extract the text file from audio for verification of your work.
Task-2:
Access control is granting or denying approval to use specific resources. Technical access control consists of technology restrictions that limit users on computers from accessing data.
In this task you have to work in a group to understand Access Control List (ACL) and files system security using Linux environment. You have to complete the followings tasks using kali Linux or any Linux OS:
- Fill the following table with the information related to all member of your group:
| Sn.No | APIC Student ID | First Name | Last Name | |
|---|---|---|---|---|
| 1 | {Student-ID1} | {FirstName-1} | {LastName-1} | |
| 2 |
2. Create main directory named BIS3004 and set it permission to full access, fill the following table:
| Task | Command/s |
|---|---|
| Create directory named :BIS3004 | |
| Set full access to BIS3004 directory |
3. Create sub directories within BIS3004 directory according to Table-3:
| Task | Command/s |
|---|---|
| – Create directory {FirstName-1}
– Set read and write access permission only |
|
| – Create directory {FirstName-2} | |
| – Create directory {FirstName-3}
– Set read and execute access permission only |
Please note, {FirstName-x} is the first name of the APIC student according to Table-1.
- Create users, with names according to the group member student IDs for of your group as shown in Table-4
| Task | Command/s |
|---|---|
| – Create user {Student-ID1}
– Write ACL to enable:
{FirstName-2} and |
|
|
|
| – Create user {Student-ID2}
– Write ACL to enable:
{FirstName-1}
|
4. Create two groups and fill Table-5:
| Task | Command/s |
|---|---|
| – Create group {LastName-1}
– Add {Student-ID1} and {Student-ID2} users to {LastName-1} group – Write ACL that {LastName-1} group users will get full access to {FirstName-1} directory and read access to {FirstName-2} directory. |
|
| – Create group {LastName2}
– Add ‘{Student-ID2} and {Student-ID3} to {LastName-2} group – Write ACL that {LastName-2} group users will get full access to {FirstName-2} directory and write and execute access to {FirstName-1} directory. |
Use the commands available in Linux or Kali Linux to complete the above tables. In your report, you have to provide screenshot to demonstrate the steps you followed during the process of conducting the assignment tasks and requirements according to your group details provided in Table-1 (student ID, first name and last name).
Task-3:
Discuss with clear demonstration, how the steganography and access control techniques that you conducted in Task-1 and Task-2, respectively, can achieve confidentiality, integrity, and availability (CIA). You have to provide justification during your discussion.
Submission
- You have to submit a report in word format file include your answers for Task-1, Task-2 and Task-3 with the required screenshots for Task-1 and Task-2. You have to include cover page that include group student ID and full name.
- You have also to submit the created audio file that embedded your group information text file for Task-1 (make sure to use: security as passphrase)
The two files must be submitted separately not in single compress file.
Marking Information: The applied project will be marked out of 100 and will be weighted 30% of the total unit mark.
| Marking Criteria | Not satisfactory (0-49%) of the criterion mark) | Satisfactory (50-64%) of the criterion mark | Good (65-74%) of the criterion mark | Very Good (75-84%) of the criterion mark | Excellent (85-100%) of the criterion mark |
|---|---|---|---|---|---|
| Audio file embedded text file (10 mark) | Lack of evidence of using the Steghide for Steganography with no audio file submission | Audio file not includes the embedded test file | Audio file includes text file but with irrelevant information to student group. | Audio file includes text file but didn’t include all the group information. | Audio file correctly includes group details. |
| Steganography steps and Screenshot (15 mark) | Lack of evidence of understanding of the process of Steganography with no screenshot | Screenshot is provided with not complete or not using Steghide. | Screenshot is provided using Steghide with settings errors | Screenshot is provided using Steghide with some incorrect settings. | Screenshot is provided using Steghide with correct result. |
| Directory creation (15 mark) | Lack of evidence of understanding the Linux commands for directory creation and access. | Very brief demonstration of using Linux commands for directory creation and access. | Evidence of good understanding and demonstration of using Linux commands for directory creation and access. | Very clear understanding and demonstration of using Linux commands for directory creation and access. | Excellent understanding and demonstration of using Linux commands for directory creation and access. |
| Users creation (15 mark) | Lack of evidence of understanding of the process of users creation and required permission | Very brief demonstration of using Linux commands for users creation and required permission | Evidence of good understanding and demonstration of using Linux commands for users creation and required permission | Very clear understanding and demonstration of using Linux commands for users creation and required permission | Excellent understanding and demonstration of using Linux commands for users and required permission |
| Group creation (15 mark) | Lack of evidence of understanding of the process of group creation and required permission | Very brief demonstration of using Linux commands for group creation and required permission | Evidence of good understanding and demonstration of using Linux commands for group creation and required permission | Very clear understanding and demonstration of using Linux commands for group creation and required permission | Excellent understanding and demonstration of using Linux commands for group creation and required permission |
| Achieving CIA in Steganography (15 marks) | Poor discussion with irrelevant information. | Brief discussion about achieving CIA in Steganography with limited demonstration and justification. | Generally good discussion about achieving CIA in Steganography with good demonstration and justification. | Very clear discussion of achieving CIA in Steganography with clear demonstration and justification. | A very detailed and very clear discussion of achieving CIA in Steganography with very good demonstration and justification. |
| Achieving CIA in access control list (15 marks) | Poor discussion with irrelevant information. | Brief discussion about achieving CIA in access control list with limited demonstration and justification. | Generally good discussion about achieving CIA in in access control list with good demonstration and justification. | Very clear discussion of achieving CIA in in access control list with clear demonstration and justification. | A very detailed and very clear discussion of achieving CIA in in access control list with very good demonstration and justification. |
Assessment 3: Laboratory Practicum
| Due date: | Lab work submission: Weekly; Quiz: Week 3, 4, 6, 8, 10 |
|---|---|
| Group/individual: | Individual |
| Word count / Time provided | 3000 |
| Weighting: | 40% (30% quizzes, 10% lab work activities) |
| Unit Learning Outcomes: | ULO-1, ULO-2, ULO-3, ULO-4, ULO-5, ULO-6 |
Assessment Details:
Practical exercises assess students’ ability to apply theoretical learning to practical, real world situations on a weekly basis. The practical exercises will improve student’s ability to practice information security using Linux/Kali Linux platform such as phishing attack, encryption and steganography and other functions.
This assessment also includes invigilated quiz that will assess your ability to understand theoretical materials and your knowledge of key content areas. The quiz will be either multiple choice questions or short questions which are relevant to the lectures of lecture materials. For successful completion of the quiz, you are required to study the material provided (lecture slides, tutorials, and reading materials) and engage in the unit’s activities. The prescribed textbook is the main reference along with the recommended reading materials.
Students will be required to complete the practical exercises and sit the quiz during the workshop and therefore, attendance is required as part of this assessment. Students will not be assessed on work that not produced in workshop so that attendance is required as part of this assessment. Students are required to submit the work that they have completed during the workshop session only. The details of the lab work and requirements are provided on the online learning system.
Marking information: The assessment will be marked out of 100 and will be weighted 40% that includes: 30% weight for five quizzes (6 % for each quiz). In addition, 10% lab work participation and submission for ten weeks ( 1% for each lab work).
