Microsoft Word - CMP71001_Assignment_2-S3 2019 CMP71001-Cybersecurity Assignment-2, S3 2019 CMP71001-Cybersecurity Assignment-2, S3 2019 CMP71001-Cybersecurity Assignment-2, S3 2019 School of Business...

1 answer below »

Microsoft Word - CMP71001_Assignment_2-S3 2019 CMP71001-Cybersecurity Assignment-2, S3 2019 CMP71001-Cybersecurity Assignment-2, S3 2019 CMP71001-Cybersecurity Assignment-2, S3 2019 School of Business and Tourism Unit Cybersecurity Unit code CMP71001 Assignment 2 Security consultation report and guideline. Due Date Learning Sunday 2nd February 2020 23:59:59. Outcomes Graduate 3 – 6 Attributes 3, 4 & 5 Weight 30% of overall unit assessment Suggestion This assignment is developmental and cumulative. You are strongly advised to start doing this assignment from Week-7 in your study. Leaving your starting date to the week before the due date is a very poor strategy for success in the unit. Marks A marking scheme is provided here and will be posted on MySCU to help you direct your efforts successfully. Task Description You are hired by Southern Cross University as a cybersecurity consultant to work on a security program to address the contemporary and emerging risks from the cyber threats the university is facing. Your tasks are the following: · Task 1: the university is currently using a password based authentication system to control the user access to the university’s information system. However, the Bring Your Own Device (BYOD) policy recently implemented by the university has raised some security concerns. As there is no SCU BYOD policy given, you can include as one of your assumptions that the SCU BYOD policy was developed in line with the Australian Cyber Security Centre guidelines that have been provided. As a security consultant, assess the risk from the BYOD policy to the university's information system. · Task 2: After the assessing the risk from the BYOD policy, you suggest the university to replace the current password-based authentication scheme with a Certificate-Based Authentication. To justify your suggestion, write a technical report to explain the working principle of the Certificate-Based Authentication mechanism and discuss why the university should use the mechanism in this case by comparing it with the password-based authentication mechanism. Use figure when necessary to support your answers. · Task 3: You have identified Spamming is among the top cybersecurity threats facing by the university. Use the Spam Act 2003 and available online resources to develop a guideline for the university students and staff to combat with the threat. The guideline will include the following: · Definition of spam and its distinctive characteristics. · At least three (3) real examples of spams showing the spam characteristics. o An instruction to the users of how to recognise and safely handle a spam. o An instruction to the IT administrator of how to minimize the spam threat. Assignment-2 guideline Task 1: BOYD risk assessment To complete this task, use the following guidelines: · Identify the most critical components of the university's information system - the critical information assets. · Identify what threats the BYOD policy may bring to the identified critical assets. · Identify potential vulnerabilities of each asset against the identified threats. · Assess the risk to the university's information system using either quantitative or qualitative risk assessment approach and document the risk assessment process. Task 2: Certificate-based Authentication To complete this task, use the following guidelines: · Perform necessary research to understand the working principle, pros and cons of the Certificate-based Authentication mechanism. Document all reference sources. · Write a technical report to explain the working principle of the Certificate-based Authentication mechanism. Compare the certificate-based authentication against the password-based authentication and highlight the features you think are useful for combating the threats from the BYOD policy. · Note that you are not allowed to cut and paste from online resources. Use your own words and figures. Acknowledge all reference sources. Task 3: Anti-spam Guideline To complete this task, use the following guidelines: · Read and understand Spam Act 2003. The Spam Act 2003 document is available at: The Act will help you to define what type of electronic messages should be treated as spams, what are the distinctive characteristics of a spam and what act is considered as spamming? · Search for 3 representative examples of spams or use your own spams as examples. · Use samples from reputable online resources to help you with the development of spam handling instructions. The instructions should be clear, concise and precise. Assignment-2 Marking Rubric The following marking rubric will be used for the marking of your submission. It contains a detailed breakdown of the marking criteria for this assignment. Make sure you read CAREFULLY this to understand how your work would be graded against each of the defined criteria. Criteria Marks Note to the student Task1 12 Identify the most critical components of the university's information system - the critical information assets 3 Access control is a critical component of any information system from security perspective. WFA can help to identify the most critical component. If you don't use WFA, provide arguments to justify your choice of the critical components. Identify what threats the BYOD policy may bring to the identified critical assets 3 Do not bring in any threats. Think about BYOD policy that allows many devices to connect to the network. Identify potential vulnerabilities of each asset against the identified threats 3 Use TVA worksheet to document this process. Assess the risk to the university's information system. 3 You can use either quantitative or qualitative risk assessment method. Task 2 10 Clearly explains the working principle of the certificate-based authentication. 3 Compare and contrast the certificate-based authentication and password-based authentication. 3 Correctly identify and highlight the useful features of the certificate-based authentication for BYOD policy. 3 Quality of references 1 Reference from reputable sources e.g. textbook, research papers, technical reports. Task 3 7 Correctly identify the characteristics of a Spam and Spamming act. 2 Provide three representative examples of Spams 2 Spam handling instruction 3 Documentation 1 Professional presentation. 1 Arguments are well and logically supported; Correct grammars and spelling. Total 30 Format, Presentation and length There is no report template to be used in this assignment, so you can design your own template or refer to online resources. However, the report should be well presented in a standard report format. Due to the system setting constraint, the report 1 length was set with 1500 words in the unit UIG. You are advised that there is no formal word limit for the report. However, a good report is expected to be somewhere in the vicinity of 2,000 - 3,000 words from Introduction to Conclusion. Note that this is a very rough estimate and there will be no penalties imposed based on the number of words (no real ceiling if the content is precise and relevant!) Submission Format When you have completed the assignment, you are required to submit your assignment in the PDF/DOC format. The file will be named using the following convention: filename = FirstInitialYourLastName_CMP71001_A2.pdf (i.e. FJones_CMP71001_A2.pdf) Original work It is a University requirement that a student’s work complies with the Academic Policy, Chapter 4.20 on Student Academic Integrity. It is a student’s responsibility to be familiar with the Policy. Failure to comply with the Policy can have severe consequences in the form of University sanctions. For information on this Policy please refer to Chapter 4.20 on Student Academic Integrity at the following website: As part of a University initiative to support the development of academic integrity, assessments may be checked for plagiarism, including through an electronic system, either internally or by a plagiarism checking service, and be held for future checking and matching purposes. A Turnitin link has been set up to provide you with an opportunity to check the originality of your work until your due date. Please make sure you review the report generated by the system and make changes (if necessary!) to minimise the issues of improper citation or potential plagiarism. If you fail to follow this step, your report may not be graded or may incur late feedback. Retain duplicate copy Before submitting the assignment, you are advised to retain electronic copies of original work. In the event of any uncertainty regarding the submission of assessment items, you may be requested to reproduce a final copy. School Extension Policy In general, I will NOT give extension unless where there are exceptional circumstances. Students wanting an extension must make a request at least 24 hours before the assessment item is due and the request must be received in writing by the unit assessor or designated academic. Extensions within 24 hours of submission or following the submission deadline will not be granted (unless supported by a doctor’s certificate or where there are exceptional circumstances – this will be at unit assessor’s discretion and will be considered on a case by case basis). Extensions will be for a maximum of 48 hours (longer extensions supported by a doctor’s certificate or alike to be considered on a case by case basis). A penalty of 5% of the total available grade will accrue for each 24-hour period that an assessment item is submitted late. Therefore, an assessment item worth 20 marks will have 1 marks deducted for every 24-hour period and at the end of 20 days will receive 0 marks. Students who fail to submit following the guidelines in this Unit Information Guide will be deemed to have not submitted the assessment item and the above penalty will be applied until the specified submission guidelines are followed. Marks and Feedback All assessment materials submitted during the semester will normally be marked and returned within two weeks of the required date of submission (provided that the assessment materials have been submitted by the due date). Marks will be made available to each student via the MySCU Grade book. 1 1 1
Answered Same DayJan 27, 2021CMP71001Southern Cross University

Answer To: Microsoft Word - CMP71001_Assignment_2-S3 2019 CMP71001-Cybersecurity Assignment-2, S3 2019...

Neha answered on Feb 02 2021
136 Votes
Student Name:
Student Id:
Task 1                                    2
BYOD risk assessment                        2
Threats                                 3
Vulnerabilities                            3
Qualitative Risk Assessment                    4
Task 2                                    5
Certificate-Based Authentication                    5
Compare Password based and certificate based            6
Advantages of Certificate-Based                    6
Task 3                                    7
Spam Act 2003                            7
Examples of Spam mail                        9
References                                10
BOYD Risk Assessment
An information system
can be defined as a system which consists of hardware, software, data and people. For the university the people are the students, teachers and other members of university. Data is the most critical and important part of a university. The Southern Cross University uses the password-based authentication system. The university has implemented the Bring Your Own Device (BYOD) policy. According to this policy the users have to bring their own device and can access the information system of university by entering the used id and password. Users will have the right to perform operations on data after entering the correct password. But as we all know that password-based authentication system is not secure. There are many talented hackers who can break the password and enter into the system. As there are many passwords, users may also forget these passwords.
Critical Assets of the information system
1) Software: It is a set of instructions which informs the hardware about the actions need to be performed. But it is a very intangible. Software should not be disturbed. The programmers write the code as lines of instructions which should not be altered [1].
2) Data: This asset is the most important for any organization or university. The university stores data about the students and employees since the day when university started. Data is the base for any case. Data is the most powerful and important tool. If anyone attacks the system then data is the first thing which gets affected. If data gets altered then complete result will be affected.
3) Process: A process can be set of steps which are used to execute any operation. The information system is becoming more integrated with the organizational process. The process helps to get more productivity and better control over the system.
Threats to the assets
1) Software: When everybody will bring their own device to use the university system, then there is no check for the virus the device may contain. If any virus enters the system, it can destroy the software [2]. Worms are also self-replicating by their nature. Bots are the advanced form of worms. They directly enter the system through the internet and they even don’t need the human interaction. Attackers can also drop the spyware in the system via virus and trojans. There are different types of viruses which can enter the system and destroy it.
2) Data: Passwords can be hacked easily by anyone. Others can also look into other person’s system while he is entering the password. Passwords are difficult for anyone as there can be multiple passwords. Passwords are easy to guess and can be shared. As the passwords are saved in the system, if anyone uses other’s system then the password can get leaked. If unauthorized user enters the system then there are chances that he can make the changes or takes the data.
3) Process: If any unauthorised person enters the system then he can either enter the back end of the system. The process is defined by the developer according to which the whole system will work but if even one of the process gets changed or removed then whole system will be hampered.
Potential vulnerabilities
Vulnerability can be defined as the weak point of any asset which will be affected by the threat. In the case of software risk, the most important thing which will get affected by it is the system. The software is the costliest part of an information system and if it gets affected by the risk then the whole system will come to a pause. It is important to keep the software secured and away from all threats. Data is another important aspect of an information system. The database of any organization or university consists data about each and every aspect which is related with it. In the case of university, it has data about the students, employees, subjects, courses, fees structure and many more. The data is the only base using which they can take action on anything. The data decides which course should be taught to the students and which staff members...

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here