SBM4304 IS Security and Risk Management Assignment 

Assessment Task Type Weighting Due Length ULO
Assessment 1: Case Study 

Write a report to discuss recent type  of information security attacks,  protection mechanism and risk  management.

Individual 30% Week 6 2500 words ULO-2 

ULO-3 

ULO-4

Assessment 2: Applied project Discuss and implement IS security protection techniques, and  

implementing access control under  Linux.

Group 30% Week 12 2500 words ULO-1 

ULO-2 

ULO-3 

ULO-4

Assessment 3: Laboratory  

Practicum 

Weekly quizzes and lab activities and  exercises assess students’ ability to  understand theoretical materials.  The quiz will be either multiple  choice questions or short questions  which are relevant to the lecture  materials.

Individual 40% (30%  

quizzes, 10%  lab work  

activities)

Week 3, 4, 6, 8, 10 3000 words ULO-1 

ULO-2 

ULO-3 

ULO-4

Assessment 1: Case study

Due date: Week 6
Group/individual: Individual
Word count / Time provided: 2500
Weighting: 30%
Unit Learning Outcomes: ULO-2, ULO-3, ULO-4

Assessment Details: 

Today’s Internet has its roots all the way back in the late 1960s, but it was only used by researchers and the military for almost a quarter of a century. The Internet has opened the door for threat actors to reach around the world invisibly and instantaneously to launch attacks on any device connected to it.  

Answer the following questions related to the case study: 

  1. Identify and examine all types of the malicious cyber activities identified by ACSC and  summarize them in a table.  
  2. Identification and categories assets, including all elements of an organization’s system  (people, procedures, data and information, software, hardware, and networking) 
  3. Create a table to identifying and prioritizing threats against each type of asset identified in  item (2). You have to demonstrate the way you follow to prioritizing threats with  justification.
  1. In general, the security defences should be based on five fundamental security principles:  layering, limiting, diversity, obscurity, and simplicity. The ACSC proposed eight strategies to  prevent malware delivery and limit cyber Security incidents. Analyse these principles with  the strategies proposed by the ACSC. In your analysis, you have to clearly demonstrate how  each mitigation strategy is related to fundamental security principle with justification. 

Create a report to answer the above questions, your report must include introduction and report  summarisation in addition to a cover page that includes your details.

Marking Criteria and Rubric: The assessment will be marked out of 100 and will be weighted 30%  of the total unit mark

Marking Criteria Not satisfactory (0-49%) of the criterion mark Satisfactory (50-64%) of the criterion mark Good (65-74%) of the criterion mark Very Good (75-84%) of the criterion mark Excellent (85-100%) of the criterion mark
Introduction (10 marks) Poor Introduction with irrelevant details Introduction is presented briefly with some relevance and missing elements. Introduction is generally presented in good fashion, however missing one element. Introduction is well written with clear discussion. Introduction is very well written with very clear background, discussion.
Types of the malicious cyber activities identified by ACSC and summarize them in a table (20 marks) Poor discussion with irrelevant information and table Brief discussion about some threats with general information in the table. Generally good discussion with general information in the table. Very clear discussion about threats with good information in the table. In-depth and very clear discussion about threats with very good information in the table.
Identification and categories assets (20 marks) Poor discussion with irrelevant information Brief identification and categories assets. Generally good identification and categories assets Very clear identification and categories assets A very detailed and very clear identification and categories assets
Identifying and prioritizing threats against each type of asset (20 marks) Poor identifying and prioritizing threats against each type of asset Brief identifying and prioritizing threats against each type of asset Generally good identifying and prioritizing threats against each type of asset Very clear identifying and prioritizing threats against each type of asset A very clear and in-depth identifying and prioritizing threats against each type of asset
Analysing the five fundamental security principles with the security mitigation proposed by the ACSC (20) Poor Introduction with irrelevant details. Brief discussion of the five fundamental security principles with the security mitigation proposed by the ACSC. Generally good discussion of the five fundamental security principles with the security mitigation by the ACSC. Very clear discussion of the five fundamental security principles with the security mitigation proposed by the ACSC. In-depth and very clear discussion of the five fundamental security principles with the security mitigation proposed by the ACSC.
Summary (10 marks) Summary not relating to the report Brief summary of the report with some relevance Generally good summary of the report clearly summarizing the overall contribution very clearly summarizing the overall contribution

Assessment 2: Applied Project

Due date: Week 12
Group/individual: Group
Word count / Time provided: 2500 words
Weighting: 30%
Unit Learning Outcomes: ULO-1, ULO-2, ULO-3, ULO-4, ULO-5

Assessment Details: 

This assessment is designed to assess your technical skills in applying information security tools. In  this assignment, you have to study and apply steganography techniques to embedded data within a  file. In addition, you have to understand Linux file systems and apply access control technologies.  The assessment is also assessing your skills to analyses information security principles against  security techniques including steganography and access control. In completing this assessment  successfully, you will be able to investigate IS security, risk threats and propose the suitable security  controls, which will help in achieving ULO-1, ULO-2, ULO-3, and ULO-4. 

Task Specifications 

This assessment includes three tasks as follows: 

Task-1: 

Steganography is the practice of concealing a file, message, image, or video within another file,  message, image, or video. Use Steghide tools available in Kali Linux/Linux to hide a text file that includes your group students IDs on audio file. You have first to create audio file with no more than  30 second to record your group students IDs only. Then, you have to create text file to include group  details include first and last name for each student in your group. Finally, use Steghide tools (use  security as passphrase) to embedded your text file into the created audio file.  

In your report, you have to provide screenshot demonstrate the steps with the commands you  followed during the process of installation of Steghide, and the way use used to hide group  information text file into audio file and finally the steps to extract the text file from audio for  verification of your work.  

Task-2: 

Access control is granting or denying approval to use specific resources. Technical access control  consists of technology restrictions that limit users on computers from accessing data. 

In this task you have to work in a group to understand Access Control List (ACL) and files system  security using Linux environment. You have to complete the followings tasks using kali Linux or any  Linux OS: 

  1. Fill the following table with the information related to all member of your group: 
Sn.No APIC Student ID First Name Last Name
1 {Student-ID1} {FirstName-1} {LastName-1}
2

2. Create main directory named BIS3004 and set it permission to full access, fill the following  table:

Task Command/s
Create directory named :BIS3004
Set full access to BIS3004 directory

3. Create sub directories within BIS3004 directory according to Table-3:

Task Command/s
– Create directory {FirstName-1

– Set read and write access permission only

– Create directory {FirstName-2}
– Create directory {FirstName-3

– Set read and execute access permission  only

Please note, {FirstName-x} is the first name of the APIC student according to Table-1. 

  1. Create users, with names according to the group member student IDs for of your group as  shown in Table-4
Task Command/s
– Create user {Student-ID1}  

– Write ACL to enable: 

  1. full permission to {FirstName-1}  
  2. read and write permission to  

{FirstName-2} and

  1. read permission only to other directories.
– Create user {Student-ID2

– Write ACL to enable:  

  1. full permission to {FirstName-2}  
  2. read and execute permission to  

{FirstName-1}  

  1. read permission only to other directories.

4. Create two groups and fill Table-5:

Task Command/s
– Create group {LastName-1} 

– Add {Student-ID1} and {Student-ID2} users  to {LastName-1} group 

– Write ACL that {LastName-1} group users  will get full access to {FirstName-1}  

directory and read access to {FirstName-2}  directory.

– Create group {LastName2} 

– Add ‘{Student-ID2} and {Student-ID3} to  {LastName-2} group 

– Write ACL that {LastName-2} group users  will get full access to {FirstName-2}  

directory and write and execute access to  {FirstName-1} directory.

Use the commands available in Linux or Kali Linux to complete the above tables. In your report, you  have to provide screenshot to demonstrate the steps you followed during the process of conducting  the assignment tasks and requirements according to your group details provided in Table-1 (student  ID, first name and last name).  

Task-3: 

Discuss with clear demonstration, how the steganography and access control techniques that you  conducted in Task-1 and Task-2, respectively, can achieve confidentiality, integrity, and availability (CIA). You have to provide justification during your discussion.  

Submission  

  1. You have to submit a report in word format file include your answers for Task-1, Task-2 and  Task-3 with the required screenshots for Task-1 and Task-2. You have to include cover page  that include group student ID and full name. 
  2. You have also to submit the created audio file that embedded your group information text  file for Task-1 (make sure to use: security as passphrase)

The two files must be submitted separately not in single compress file. 

Marking Information: The applied project will be marked out of 100 and will be weighted 30% of  the total unit mark.

Marking Criteria Not satisfactory (0-49%) of the criterion mark) Satisfactory (50-64%) of the criterion mark Good (65-74%) of the criterion mark Very Good (75-84%) of the criterion mark Excellent (85-100%) of the criterion mark
Audio file embedded text file (10 mark) Lack of evidence of using  the Steghide for Steganography with no  audio file submission Audio file not includes the embedded test file Audio file includes text file but with irrelevant information  to student group. Audio file includes text file but didn’t  include all the group  information. Audio file correctly  includes group details.
Steganography steps and Screenshot (15 mark) Lack of evidence of understanding of the  process of Steganography with no  screenshot Screenshot is provided with not complete or  not using Steghide. Screenshot is provided using Steghide with  settings errors Screenshot is provided using Steghide with  some incorrect settings. Screenshot is provided using Steghide with  correct result.
Directory creation  (15 mark) Lack of evidence of understanding the Linux  commands for directory  creation and access. Very brief demonstration of  using Linux commands for directory creation  and access. Evidence of good understanding and demonstration of using Linux commands for directory creation and access. Very clear understanding and demonstration of using Linux commands for directory creation and access. Excellent understanding and demonstration of using Linux commands for directory creation and access.
Users creation (15 mark) Lack of evidence of understanding of the process of users creation and required permission Very brief demonstration of using Linux commands for users creation and required permission Evidence of good understanding and demonstration of using Linux commands for users creation and required permission Very clear understanding and demonstration of using Linux commands for users creation and required permission Excellent understanding and demonstration of using Linux commands for users and required permission
Group creation (15 mark) Lack of evidence of understanding of the process of group creation and required permission Very brief demonstration of using Linux commands for group creation and required permission Evidence of good understanding and demonstration of using Linux commands for group creation and required permission Very clear understanding and demonstration of using Linux commands for group creation and required permission Excellent understanding and demonstration of using Linux commands for group creation and required permission
Achieving CIA in Steganography (15 marks) Poor discussion with irrelevant information. Brief discussion about achieving CIA in Steganography with limited demonstration and justification. Generally good discussion about achieving CIA in Steganography with good demonstration and justification. Very clear discussion of achieving CIA in Steganography with clear demonstration and justification. A very detailed and very clear discussion of achieving CIA in Steganography with very good demonstration and justification.
Achieving CIA in access control list (15 marks) Poor discussion with irrelevant information. Brief discussion about achieving CIA in access control list with limited demonstration and justification. Generally good discussion about achieving CIA in in access control list with good demonstration and justification. Very clear discussion of achieving CIA in in access control list with clear demonstration and justification. A very detailed and very clear discussion of achieving CIA in in access control list with very good demonstration and justification.

Assessment 3: Laboratory Practicum

Due date: Lab work submission: Weekly; Quiz: Week 3, 4, 6, 8, 10
Group/individual: Individual
Word count / Time provided 3000
Weighting: 40% (30% quizzes, 10% lab work activities)
Unit Learning Outcomes: ULO-1, ULO-2, ULO-3, ULO-4, ULO-5, ULO-6

Assessment Details: 

Practical exercises assess students’ ability to apply theoretical learning to practical, real world  situations on a weekly basis. The practical exercises will improve student’s ability to practice  information security using Linux/Kali Linux platform such as phishing attack, encryption and  steganography and other functions.  

This assessment also includes invigilated quiz that will assess your ability to understand theoretical  materials and your knowledge of key content areas. The quiz will be either multiple choice  questions or short questions which are relevant to the lectures of lecture materials. For successful  completion of the quiz, you are required to study the material provided (lecture slides, tutorials, and  reading materials) and engage in the unit’s activities. The prescribed textbook is the main reference  along with the recommended reading materials.  

Students will be required to complete the practical exercises and sit the quiz during the workshop  and therefore, attendance is required as part of this assessment. Students will not be assessed on  work that not produced in workshop so that attendance is required as part of this assessment.  Students are required to submit the work that they have completed during the workshop session only. The details of the lab work and requirements are provided on the online learning system. 

Marking information: The assessment will be marked out of 100 and will be weighted 40% that  includes: 30% weight for five quizzes (6 % for each quiz). In addition, 10% lab work participation  and submission for ten weeks ( 1% for each lab work).