Assessment type: Practical and Written Assessment, Individual assignment (2000 words).
Purpose: The purpose of this assignment is to assess the students’ understanding on identifying the risks, vulnerabilities and awareness of current industry and research trends in the field of information security.
Students need to exercise operational, analytical, and critical skills in order to reduce the potential security risks involved in the given case study. Analyze and evaluate the organizational adoption of security controls. Design solutions for concrete security problems for distributed applications. This assessment contributes to learning outcomes a, b, c, d.
Value: 35% Due Date: Report submission Week 11; Demonstration Week 12Submission requirements details: All work must be
submitted on Moodle by the due date.
Reference sources must be cited in the text of the report and listed appropriately at the end in a reference list using Harvard Anglia referencing style.
Assessment topic: Risk identification, assessment and treatment
Task details: This Assignment requires you to perform risk identification, assessment and treatment based on the given case study. Also, it is required to implement ethical hacking (which does not do any malicious activity) on your own virtual machine. This is just for demonstration purposes and focusing the risk identification, assessment and treatment accordingly and you should not implement it on any other computers.
The assignment’ requirements are Kali Linux and the required tools.
Case Study for the Assignment: A small family-owned construction company made extensive use of online banking and automated clearing house (ACH) transfers. Employees logged in with both a company and user-specific ID and password. Two challenge questions had to be answered for transactions over $1,000. The owner was notified that an ACH transfer of $10,000 was initiated by an unknown source. They contacted the bank and identified that in just one-week cyber criminals had made six transfers from the company bank accounts, totaling $550,000. How? One of their employees had opened an email from what they thought was a materials supplier but was instead a malicious email laced with malware from an imposter account.
Part A:
The business had no dedicated security team and therefore till now no security policy is in place. Recently, the governing body of this business forms a security team and makes following two goals that they would like to achieve in six months –
- Assessing the current risk of the entire business
- Treat the Risk as much as possible Task I: Risk Identification
In achieving the above two goals, you will do the followings –
Find at least five assets
- Find at least two threats against each asset
- Identify vulnerabilities for the assets Task II: Risk Assessment
At the end of the risk identification process, you should have i) a prioritized list of assets and ii) a
prioritized list of threats facing those assets and iii) Vulnerabilities of assets. At this point, create Threats-Vulnerabilities-Assets (TVA) worksheet. Also, calculate the risk rating of each of the five triplets out of 25.
TASK III: Risk Treatment
In terms of Risk Treatment, for each of the five identified risk, state what basic strategy you will take. Justify for each decision. Also, Advise all possible protection mechanism and corresponding place of application.
Part B:
For better understanding of the above tasks, implement threat on your own virtual machine and consider tasks I,II, and III of part A:
Tips: You may implement XSS attack or SQL injection or any other attacks that you can run it on your own system
Expert's Answer
Chat with our Experts
Want to contact us directly? No Problem. We are always here for you
Get Online
Assignment Help Services
