BIS3004 IS Security and Risk Management

FIND A SOLUTION AT Academic Writers Bay

Assessment Brief: BIS3004 IS Security and Risk Management
Trimester-1 2021
Assessment Overview
Assessment Task
Type
Weighting
Due
Length
ULO
Assessment 1: Case Study
Write a report to discuss recent type
of information security attacks,
protection mechanism and risk
management.
Individual
30%
Week 6
2500
words
ULO-2
ULO-3
ULO-4
Assessment 2: Applied project
Discuss and implement IS security
protection techniques, and
implementing access control under
Linux.
Group
30%
Week 12
2500
words
ULO-1
ULO-2
ULO-3
ULO-4
Assessment 3: Laboratory
Practicum
Weekly quizzes and lab activities and
exercises assess students’ ability to
understand theoretical materials.
The quiz will be either multiple
choice questions or short questions
which are relevant to the lecture
materials.
Individual
40% (30%
quizzes, 10%
lab work
activities)
Week 3,
4, 6, 8,
10
3000
words
ULO-1
ULO-2
ULO-3
ULO-4
Assessment 1: Case study
Due date:
Week 6
Group/individual:
Individual
Word count / Time provided:
2500
Weighting:
30%
Unit Learning Outcomes:
ULO-2, ULO-3, ULO-4
Assessment Details:
Today’s Internet has its roots all the way back in the late 1960s, but it was only used by
researchers and the military for almost a quarter of a century. The Internet has opened
the door for threat actors to reach around the world invisibly and instantaneously to launch
attacks on any device connected to it.
Read the case study titled: Threat Update COVID-19 Malicious Cyber Activity that available at:
https://apic.instructure.com/files/148477/download?download_frd=1
Answer the following questions related to the case study:
1. Identify and examine all types of the malicious cyber activities identified by ACSC and
summarize them in a table.
2. Identification and categories assets, including all elements of an organization’s system
(people, procedures, data and information, software, hardware, and networking)
3. Create a table to identifying and prioritizing threats against each type of asset identified in
item (2). You have to demonstrate the way you follow to prioritizing threats with
justification.
4. In general, the security defences should be based on five fundamental security principles:
layering, limiting, diversity, obscurity, and simplicity. The ACSC proposed eight strategies to
prevent malware delivery and limit cyber Security incidents. Analyse these principles with
the strategies proposed by the ACSC. In your analysis, you have to clearly demonstrate how
each mitigation strategy is related to fundamental security principle with justification.
Create a report to answer the above questions, your report must include introduction and report
summarisation in addition to a cover page that includes your details.
Marking Criteria and Rubric: The assessment will be marked out of 100 and will be weighted 30%
of the total unit mark
Marking
Criteria
Not satisfactory
(0-49%) of the
criterion mark
Satisfactory
(50-64%) of the
criterion mark
Good
(65-74%) of the
criterion mark
Very Good
(75-84%) of the
criterion mark
Excellent
(85-100%) of the
criterion mark
Introduction
(10 marks)
Poor Introduction with
irrelevant details
Introduction is
presented briefly
with some
relevance and
missing elements.
Introduction is
generally presented in
good fashion,
however missing one
element.
Introduction is well
written with clear
discussion.
Introduction is very
well written with very
clear background,
discussion.
Types of the
malicious cyber
activities identified
by ACSC and
summarize them in
a table
(20 marks)
Poor discussion with
irrelevant information
and table
Brief discussion about
some threats with
general information in
the table.
Generally good
discussion with
general information in
the table.
Very clear discussion
about threats with
good information in
the table.
In-depth and very
clear discussion about
threats with very good
information in the
table.
Identification and
categories assets
(20 marks)
Poor discussion with
irrelevant information
Brief identification
and categories assets.
Generally good
identification and
categories assets
Very clear
identification and
categories assets
A very detailed
and very clear
identification and
categories assets
Identifying and
prioritizing threats
against each type
of asset
(20 marks)
Poor identifying and
prioritizing threats
against each type of
asset
Brief identifying and
prioritizing threats
against each type of
asset
Generally good
identifying and
prioritizing threats
against each type of
asset
Very clear
identifying and
prioritizing threats
against each type of
asset
A very clear and
in-depth
identifying and
prioritizing threats
against each type of
asset
Analysing the five
fundamental
security principles
with the security
mitigation
Poor Introduction with
irrelevant details.
Brief discussion of the
five fundamental
security principles
with the security
mitigation proposed
by the ACSC.
Generally good
discussion of the five
fundamental security
principles with the
security mitigation by
the ACSC.
Very clear discussion
of the five
fundamental security
principles with the
security mitigation
proposed by the ACSC.
In-depth and very
clear discussion of the
five fundamental
security principles
with the security
proposed by the
ACSC
(20)
mitigation proposed
by the ACSC.
Summary
(10 marks)
Summary not
relating to the
report
Brief summary of the
report with some
relevance
Generally good
summary of the
report
clearly
summarizing the
overall
contribution
very
clearly
summarizing the
overall
contribution
Assessment 2: Applied Project
Due date:
Week 12
Group/individual:
Group
Word count / Time provided:
2500 words
Weighting:
30%
Unit Learning Outcomes:
ULO-1, ULO-2, ULO-3, ULO-4, ULO-5
Assessment Details:
This assessment is designed to assess your technical skills in applying information security tools. In
this assignment, you have to study and apply steganography techniques to embedded data within a
file. In addition, you have to understand Linux file systems and apply access control technologies.
The assessment is also assessing your skills to analyses information security principles against
security techniques including steganography and access control. In completing this assessment
successfully, you will be able to investigate IS security, risk threats and propose the suitable security
controls, which will help in achieving ULO-1, ULO-2, ULO-3, and ULO-4.
Task Specifications
This assessment includes three tasks as follows:
Task-1:
Steganography is the practice of concealing a file, message, image, or video within another file,
message, image, or video. Use Steghide tools available in Kali Linux/Linux to hide a text file that
includes your group students IDs on audio file. You have first to create audio file with no more than
30 second to record your group students IDs only. Then, you have to create text file to include group
details include first and last name for each student in your group. Finally, use Steghide tools (use
security as passphrase) to embedded your text file into the created audio file.
In your report, you have to provide screenshot demonstrate the steps with the commands you
followed during the process of installation of Steghide, and the way use used to hide group
information text file into audio file and finally the steps to extract the text file from audio for
verification of your work.
Task-2:
Access control is granting or denying approval to use specific resources. Technical access control
consists of technology restrictions that limit users on computers from accessing data.
In this task you have to work in a group to understand Access Control List (ACL) and files system
security using Linux environment. You have to complete the followings tasks using kali Linux or any
Linux OS:
1. Fill the following table with the information related to all member of your group:
Sn.
No
APIC Student ID
First Name
Last Name
1
Student-ID1
FirstName-1
LastName-1
2
3
Table 1: Group information
2. Create main directory named BIS3004 and set it permission to full access, fill the following
table:
Task
Command/s
Create directory named :BIS3004
Set full access to BIS3004 directory
Table 2: Create Directories APIC
3. Create sub directories within BIS3004 directory according to Table-3:
Task
Command/s
– Create directory FirstName-1
– Set read and write access permission only
– Create directory FirstName-2
– Set read access permission only
– Create directory FirstName-3
– Set read and execute access permission
only
Table 3: Create Student ID directories
Please note, FirstName-x is the first name of the APIC student according to Table-1.
4. Create users, with names according to the group member student IDs for of your group as
shown in Table-4
Task
Command/s
– Create user Student-ID1
– Write ACL to enable:
1. full permission to FirstName-1
2. read and write permission to
FirstName-2 and
3. read permission only to other
directories.
– Create user Student-ID2
– Write ACL to enable:
1. full permission to FirstName-2
2. read and execute permission to
FirstName-1
3. read permission only to other
directories.
Table 4: Create users
4. Create two groups and fill Table-5:
Task
Command/s
– Create group LastName-1
– Add Student-ID1 and Student-ID2 users
to LastName-1 group
– Write ACL that LastName-1 group users
will get full access to FirstName-1
directory and read access to FirstName-2
directory.
– Create group LastName2
– Add ‘Student-ID2 and Student-ID3 to
LastName-2 group
– Write ACL that LastName-2 group users
will get full access to FirstName-2
directory and write and execute access to
FirstName-1 directory.
Table 5: Create groups
Use the commands available in Linux or Kali Linux to complete the above tables. In your report, you
have to provide screenshot to demonstrate the steps you followed during the process of conducting
the assignment tasks and requirements according to your group details provided in Table-1 (student
ID, first name and last name).
Task-3:
Discuss with clear demonstration, how the steganography and access control techniques that you
conducted in Task-1 and Task-2, respectively, can achieve confidentiality, integrity, and availability
(CIA). You have to provide justification during your discussion.
Submission
1. You have to submit a report in word format file include your answers for Task-1, Task-2 and
Task-3 with the required screenshots for Task-1 and Task-2. You have to include cover page
that include group student ID and full name.
2. You have also to submit the created audio file that embedded your group information text
file for Task-1 (make sure to use: security as passphrase)
The two files must be submitted separately not in single compress file.
Marking Information: The applied project will be marked out of 100 and will be weighted 30% of
the total unit mark.
Marking
Criteria
Not satisfactory
(0-49%) of the
criterion mark)
Satisfactory
(50-64%) of the
criterion mark
Good
(65-74%) of the
criterion mark
Very Good
(75-84%) of the
criterion mark
Excellent
(85-100%) of the
criterion mark
Audio file
embedded text file
(10 mark)
Lack of evidence of using
the Steghide for
Steganography with no
audio file submission
Audio file not includes
the embedded test file
Audio file includes
text file but with
irrelevant information
to student group.
Audio file includes
text file but didn’t
include all the group
information.
Audio file correctly
includes group details.
Steganography
steps and
Screenshot
(15 mark)
Lack of evidence of
understanding of the
process of
Steganography with no
screenshot
Screenshot is provided
with not complete or
not using Steghide.
Screenshot is provided
using Steghide with
settings errors
Screenshot is provided
using Steghide with
some incorrect
settings.
Screenshot is provided
using Steghide with
correct result.
Directory creation
(15 mark)
Lack of evidence of
understanding the Linux
commands for directory
creation and access.
Very brief
demonstration of
using Linux commands
for directory creation
and access.
Evidence of good
understanding and
demonstration of
using Linux commands
for directory creation
and access.
Very clear
understanding and
demonstration of
using Linux commands
for directory creation
and access.
Excellent
understanding and
demonstration of
using Linux commands
for directory creation
and access.
Users creation
(15 mark)
Lack of evidence of
understanding of the
process of users creation
and required permission
Very brief
demonstration of
using Linux commands
for users creation and
required permission
Evidence of good
understanding and
demonstration of
using Linux commands
for users creation and
required permission
Very clear
understanding and
demonstration of
using Linux commands
for users creation and
required permission
Excellent
understanding and
demonstration of
using Linux commands
for users and required
permission
Group creation
(15 mark)
Lack of evidence of
understanding of the
process of group
creation and required
permission
Very brief
demonstration of
using Linux commands
for group creation and
required permission
Evidence of good
understanding and
demonstration of
using Linux commands
for group creation and
required permission
Very clear
understanding and
demonstration of
using Linux commands
for group creation and
required permission
Excellent
understanding and
demonstration of
using Linux commands
for group creation and
required permission
Achieving CIA in
Steganography
(15 marks)
Poor discussion with
irrelevant information.
Brief discussion about
achieving CIA in
Steganography with
limited demonstration
and justification.
Generally good
discussion about
achieving CIA in
Steganography with
good demonstration
and justification.
Very clear discussion
of achieving CIA in
Steganography with
clear demonstration
and justification.
A very detailed
and very clear
discussion of
achieving CIA in
Steganography with
very good
demonstration and
justification.
Achieving CIA in
access control list
(15 marks)
Poor discussion with
irrelevant information.
Brief discussion about
achieving CIA in access
control list with
limited demonstration
and justification.
Generally good
discussion about
achieving CIA in in
access control list with
good demonstration
and justification.
Very clear discussion
of achieving CIA in in
access control list with
clear demonstration
and justification.
A very detailed
and very clear
discussion of
achieving CIA in in
access control list with
very good
demonstration and
justification.
Assessment 3: Laboratory Practicum
Due date:
Lab work submission: Weekly; Quiz: Week 3, 4, 6, 8, 10
Group/individual:
Individual
Word count / Time provided:
3000
Weighting:
40% (30% quizzes, 10% lab work activities)
Unit Learning Outcomes:
ULO-1, ULO-2, ULO-3, ULO-4
Assessment Details:
Practical exercises assess students’ ability to apply theoretical learning to practical, real world
situations on a weekly basis. The practical exercises will improve student’s ability to practice
information security using Linux/Kali Linux platform such as phishing attack, encryption and
steganography and other functions.
This assessment also includes invigilated quiz that will assess your ability to understand theoretical
materials and your knowledge of key content areas. The quiz will be either multiple choice
questions or short questions which are relevant to the lectures of lecture materials. For successful
completion of the quiz, you are required to study the material provided (lecture slides, tutorials, and
reading materials) and engage in the unit’s activities. The prescribed textbook is the main reference
along with the recommended reading materials.
Students will be required to complete the practical exercises and sit the quiz during the workshop
and therefore, attendance is required as part of this assessment. Students will not be assessed on
work that not produced in workshop so that attendance is required as part of this assessment.
Students are required to submit the work that they have completed during the workshop session
only. The details of the lab work and requirements are provided on the online learning system.
Marking information: The assessment will be marked out of 100 and will be weighted 40% that
includes: 30% weight for five quizzes (6 % for each quiz). In addition, 10% lab work participation
and submission for ten weeks ( 1% for each lab work).

READ ALSO...   Variable declarations
Order from Academic Writers Bay
Best Custom Essay Writing Services

QUALITY: 100% ORIGINAL PAPERNO PLAGIARISM – CUSTOM PAPER