Itc595- Information Security
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Itc595- Information Security as PDF for free.
More details
- Words: 1,740
- Pages: 6
This assessment aims to develop and gauge student understanding of the key topics covered so far by answering the following questions. Answering these questions will help you build some understanding for the next assessment item as well as for the entire subject. It is expected that answers to the assignment questions be succinct (i.e. precise and concise) with all sources of information fully referenced as per APA referencing style. You have to reference the text book and any additional material you have used in your answers. Note that the guide for APA referencing is provided in the resources section of Interact site of this subject.
Answers MUST be written in your own words. If an answer contains more than 10% direct quote (referenced or unreferenced), 0 marks will be awarded for this question. One or two sentence answers will be too short and only receive low marks. Answers longer than 1.5 pages (12 point font, single line spacing) may incur a penalty if too much non-relevant information is stated. For mathematical questions it is expected that you show intermediate steps of your working. Just stating the correct solution will result in low marks, on the other hand if the working is correct and you only made minor mistakes, you will still be awarded marks, even though the final answer is wrong. Question 1 [5 Marks] Automated Teller Machines (ATM) are designed so that users will provide a personal identification number (PIN) and a card to access their bank accounts. Give examples of confidentiality, integrity and availability requirements associated in such a system and describe the degree of importance for each requirement. Question 2 [5 Marks] A thief broke into an Automated Teller Machine (ATM) using a screwdriver and was able to jam the card reader as well as breaking five keys from the keypad. The thief had to halt the process of break-in and hide, as a customer approached to use the ATM. The customer was able to successfully enter their ATM card, punch in the 4 digit PIN and was able to draw out some cash. Since the card reader was jammed, the customer was however not able to withdraw the ATM card, and drove off to seek some help. In the meantime, the thief came back and decided to try to discover the customer’s PIN so that he can steal money from the customer. You are required to calculate the maximum number of PINs that the thief may have to enter before correctly discovering the customer’s PIN? Question 3 [5 Marks] Thinking about bio-metric authentication, list three reasons why people may be reluctant to use bio-metrics. Describe various ways of how to counter those objections. Question 4 [5 Marks] In bio-metric authentication, false positive and false negative rates can be tuned according to the requirement, and they are often complementary i.e. raising one lowers the other. Describe two circumstances where false negatives are significantly more serious than false positives.
Question 5
[10 Marks]
Transposition is one known method of encrypting the text. What can be one way that a piece of cipher text can be determined quickly if it was likely a result of a transposition? Utilising some of the decryption techniques (substitution and others) covered in the subject so far, you are required to decipher (find the plain text) the cipher text that will be provided to you closer to the assessment due date via the subject site. In order to present your solution, you need to demonstrate and explain the steps taken to decipher this text. Rationale back to top This assessment task will assess the following learning outcome/s:
be able to justify security goals and the importance of maintaining the secure computing environment against digital threats. be able to explain the fundamental concepts of cryptographic algorithms. be able to examine malicious activities that may affect the security of a computer program and justify the choice of various controls to mitigate threats. be able to compare and contrast foundational security policies and models that deal with integrity and confidentiality.
Marking criteria and standards back to top Question
Question1
Question 2
HD 100% - 85% In depth use of a good range of relevant literature to address the points. Provides an extensive range of examples of the CIA triad with sound evidence of synthesis of own research and prescribed readings in topics.
DI 84% - 75%
Evidence of using relevant literature to address the points. Provides a detailed range of examples of the CIA triad with evidence of synthesis of external readings and prescribed readings in topics.
The answer The answer is
CR PS 74% - 65% 64% - 50% Use of some relevant literature to address the points. Provides some examples of the CIA triad. Mostly cited the prescribed text. Evidence of synthesised concepts learned from topic readings
Limited evidence of using relevant literature to address the points. Provides limited examples of the CIA triad with little evidence of linkages or connection s to topic readings.
The
The
FL 49% - 0
No evidence of using relevant literature to address the points. No examples provided with extremely limited or no linkages or connection s to topic readings.
The
Question
HD 100% - 85%
DI 84% - 75%
is correct with a complete, clear, and detailed step-bystep working provided of how the answer was calculated.
correct with a complete, clear, and step-by-step working provided of how the answer was calculated.
CR PS 74% - 65% 64% - 50% answer is correct showing most steps of how the answer was calculated.
Question 3
Clear, comprehen sive description of biometric authenticati on and why general population may object to using this technique. Critical points identified & discussed.
Detailed description of biometric authentication and why general population may object to using this technique. Many critical points identified & discussed.
Good description of biometric authenticat ion and why general population may object to using this technique. Some critical points identified & discussed.
Question 4
Clear, comprehen sive description discussion of two circumstan
Detailed description discussion of two circumstances where false negatives are
Good description discussion of two circumstan ces where false
FL 49% - 0
answer is correct however the steps taken to reach the answer are not shown clearly.
answer is incorrect and the steps taken to reach the answer are not shown clearly.
Some description of biometric authenticat ion and why general population may object to using this technique. Some critical points identified & discussed with minor inaccuracie s or omissions.
Incomplete or inadequate description of biometric authenticat ion and why general population may object to using this technique. No critical points identified & discussed.
Some description discussion of two circumstan ces where false
Incomplet e description discussion of two circumstan ces where
Question
Question 5
HD 100% - 85%
DI 84% - 75%
ces where false negatives are significantl y more serious than false positives in biometric authenticati on listing all critical points.
significantly more serious than false positives in biometric authentication. Many critical points identified & discussed.
Correct identificati on of how to quickly identify if transpositio n techniques have been used. Correct decryption of the message has been provided along with a clear, concise and step by step explanation of the decryption technique used.
Correct identification of how to quickly identify if transposition techniques have been used. Correct decryption of the message has been provided along with a clear, and step by step explanation of the decryption technique used.
CR PS 74% - 65% 64% - 50% negatives are significantl y more serious than false positives in biometric authenticat ion. Some critical points identified & discussed.
Correct identificati on of how to quickly identify if transpositi on techniques have been used. Correct decryption of the message has been provided along with a step by step explanatio n of the decryption technique used.
FL 49% - 0
negatives are significantl y more serious than false positives in biometric authenticat ion. Some critical points identified & discussed with minor inaccuracie s or omissions.
false negatives are significantl y more serious than false positives in biometric authenticat ion. No critical points identified & discussed.
Correct identificati on of how to quickly identify if transpositi on techniques have been used. Correct decryption of the message has been provided with limited explanatio n of the decryption technique used.
incorrect identificati on of how to quickly identify if transpositi on techniques have been used. Inorrect decryption of the message provided along with little or no explanatio n of the steps detailing the decryption technique used.
Question
HD 100% - 85%
DI 84% - 75%
CR PS 74% - 65% 64% - 50%
FL 49% - 0
Presentation back to top
The assessment must be submitted electronically with a Cover Page that includes the following information: o Assessment No o Assessment Title o Student Name & ID o Subject Name and Code o Student Email Address Students must ensure that all tasks/questions are identified clearly with headings. Answers to the questions must be in your own words and should be precise but complete and informative. No marks will be awarded for any answer containing more than 10% direct quotes (referenced or un referenced). APA reference style must be used throughout the document with the bibliography at the end of the document. In-text citations should also follow APA style. APA referencing guide can be accessed via the following link. This also forms a part of the marking rubric. http://student.csu.edu.au/study/referencing-at-csu
Reading Resources
Stallings, W. (2013). Cryptography and Network Security; Principles and Practice, 6th edition: Pearson Education Inc. Stallings, W., & Brown, L. (2012). Computer security: Principles and Practice : Pearson Education Inc. Goodrich, M., & Tamassia, R. (2011). Introduction to computer security: Pearson Education Inc. Easttom, W (2011). Computer security fundamentals. 2nd edition, Pearson Education Inc.
Roundy, K. and Miller, B. (2010), Hybrid Analysis and Control of Malware, in 'Recent Advances in Intrusion Detection', Springer Berlin - Heidelberg, 317338. Samarati, P., & Vimercati, S. (2000) Access control: policies, models and mechanisms. Lecture Notes in Computer Science, 2171, pp.137-1 Masood, M. (2010) Conformance Testing of Temporal Role-Based Access Control Systems , IEEE Transaction on Dependable and Secure computing, 7,2,pp.144-158. Bishop, M. (2005). Confidentiality policies. In Introduction to computer security (pp.61-66). Boston: Addison-Wesley. Xie, T. (2006) Scheduling security-critical real-time applications on clusters, IEEE Transaction on Computers, 55,7, pp.864 - 879.
Answers MUST be written in your own words. If an answer contains more than 10% direct quote (referenced or unreferenced), 0 marks will be awarded for this question. One or two sentence answers will be too short and only receive low marks. Answers longer than 1.5 pages (12 point font, single line spacing) may incur a penalty if too much non-relevant information is stated. For mathematical questions it is expected that you show intermediate steps of your working. Just stating the correct solution will result in low marks, on the other hand if the working is correct and you only made minor mistakes, you will still be awarded marks, even though the final answer is wrong. Question 1 [5 Marks] Automated Teller Machines (ATM) are designed so that users will provide a personal identification number (PIN) and a card to access their bank accounts. Give examples of confidentiality, integrity and availability requirements associated in such a system and describe the degree of importance for each requirement. Question 2 [5 Marks] A thief broke into an Automated Teller Machine (ATM) using a screwdriver and was able to jam the card reader as well as breaking five keys from the keypad. The thief had to halt the process of break-in and hide, as a customer approached to use the ATM. The customer was able to successfully enter their ATM card, punch in the 4 digit PIN and was able to draw out some cash. Since the card reader was jammed, the customer was however not able to withdraw the ATM card, and drove off to seek some help. In the meantime, the thief came back and decided to try to discover the customer’s PIN so that he can steal money from the customer. You are required to calculate the maximum number of PINs that the thief may have to enter before correctly discovering the customer’s PIN? Question 3 [5 Marks] Thinking about bio-metric authentication, list three reasons why people may be reluctant to use bio-metrics. Describe various ways of how to counter those objections. Question 4 [5 Marks] In bio-metric authentication, false positive and false negative rates can be tuned according to the requirement, and they are often complementary i.e. raising one lowers the other. Describe two circumstances where false negatives are significantly more serious than false positives.
Question 5
[10 Marks]
Transposition is one known method of encrypting the text. What can be one way that a piece of cipher text can be determined quickly if it was likely a result of a transposition? Utilising some of the decryption techniques (substitution and others) covered in the subject so far, you are required to decipher (find the plain text) the cipher text that will be provided to you closer to the assessment due date via the subject site. In order to present your solution, you need to demonstrate and explain the steps taken to decipher this text. Rationale back to top This assessment task will assess the following learning outcome/s:
be able to justify security goals and the importance of maintaining the secure computing environment against digital threats. be able to explain the fundamental concepts of cryptographic algorithms. be able to examine malicious activities that may affect the security of a computer program and justify the choice of various controls to mitigate threats. be able to compare and contrast foundational security policies and models that deal with integrity and confidentiality.
Marking criteria and standards back to top Question
Question1
Question 2
HD 100% - 85% In depth use of a good range of relevant literature to address the points. Provides an extensive range of examples of the CIA triad with sound evidence of synthesis of own research and prescribed readings in topics.
DI 84% - 75%
Evidence of using relevant literature to address the points. Provides a detailed range of examples of the CIA triad with evidence of synthesis of external readings and prescribed readings in topics.
The answer The answer is
CR PS 74% - 65% 64% - 50% Use of some relevant literature to address the points. Provides some examples of the CIA triad. Mostly cited the prescribed text. Evidence of synthesised concepts learned from topic readings
Limited evidence of using relevant literature to address the points. Provides limited examples of the CIA triad with little evidence of linkages or connection s to topic readings.
The
The
FL 49% - 0
No evidence of using relevant literature to address the points. No examples provided with extremely limited or no linkages or connection s to topic readings.
The
Question
HD 100% - 85%
DI 84% - 75%
is correct with a complete, clear, and detailed step-bystep working provided of how the answer was calculated.
correct with a complete, clear, and step-by-step working provided of how the answer was calculated.
CR PS 74% - 65% 64% - 50% answer is correct showing most steps of how the answer was calculated.
Question 3
Clear, comprehen sive description of biometric authenticati on and why general population may object to using this technique. Critical points identified & discussed.
Detailed description of biometric authentication and why general population may object to using this technique. Many critical points identified & discussed.
Good description of biometric authenticat ion and why general population may object to using this technique. Some critical points identified & discussed.
Question 4
Clear, comprehen sive description discussion of two circumstan
Detailed description discussion of two circumstances where false negatives are
Good description discussion of two circumstan ces where false
FL 49% - 0
answer is correct however the steps taken to reach the answer are not shown clearly.
answer is incorrect and the steps taken to reach the answer are not shown clearly.
Some description of biometric authenticat ion and why general population may object to using this technique. Some critical points identified & discussed with minor inaccuracie s or omissions.
Incomplete or inadequate description of biometric authenticat ion and why general population may object to using this technique. No critical points identified & discussed.
Some description discussion of two circumstan ces where false
Incomplet e description discussion of two circumstan ces where
Question
Question 5
HD 100% - 85%
DI 84% - 75%
ces where false negatives are significantl y more serious than false positives in biometric authenticati on listing all critical points.
significantly more serious than false positives in biometric authentication. Many critical points identified & discussed.
Correct identificati on of how to quickly identify if transpositio n techniques have been used. Correct decryption of the message has been provided along with a clear, concise and step by step explanation of the decryption technique used.
Correct identification of how to quickly identify if transposition techniques have been used. Correct decryption of the message has been provided along with a clear, and step by step explanation of the decryption technique used.
CR PS 74% - 65% 64% - 50% negatives are significantl y more serious than false positives in biometric authenticat ion. Some critical points identified & discussed.
Correct identificati on of how to quickly identify if transpositi on techniques have been used. Correct decryption of the message has been provided along with a step by step explanatio n of the decryption technique used.
FL 49% - 0
negatives are significantl y more serious than false positives in biometric authenticat ion. Some critical points identified & discussed with minor inaccuracie s or omissions.
false negatives are significantl y more serious than false positives in biometric authenticat ion. No critical points identified & discussed.
Correct identificati on of how to quickly identify if transpositi on techniques have been used. Correct decryption of the message has been provided with limited explanatio n of the decryption technique used.
incorrect identificati on of how to quickly identify if transpositi on techniques have been used. Inorrect decryption of the message provided along with little or no explanatio n of the steps detailing the decryption technique used.
Question
HD 100% - 85%
DI 84% - 75%
CR PS 74% - 65% 64% - 50%
FL 49% - 0
Presentation back to top
The assessment must be submitted electronically with a Cover Page that includes the following information: o Assessment No o Assessment Title o Student Name & ID o Subject Name and Code o Student Email Address Students must ensure that all tasks/questions are identified clearly with headings. Answers to the questions must be in your own words and should be precise but complete and informative. No marks will be awarded for any answer containing more than 10% direct quotes (referenced or un referenced). APA reference style must be used throughout the document with the bibliography at the end of the document. In-text citations should also follow APA style. APA referencing guide can be accessed via the following link. This also forms a part of the marking rubric. http://student.csu.edu.au/study/referencing-at-csu
Reading Resources
Stallings, W. (2013). Cryptography and Network Security; Principles and Practice, 6th edition: Pearson Education Inc. Stallings, W., & Brown, L. (2012). Computer security: Principles and Practice : Pearson Education Inc. Goodrich, M., & Tamassia, R. (2011). Introduction to computer security: Pearson Education Inc. Easttom, W (2011). Computer security fundamentals. 2nd edition, Pearson Education Inc.
Roundy, K. and Miller, B. (2010), Hybrid Analysis and Control of Malware, in 'Recent Advances in Intrusion Detection', Springer Berlin - Heidelberg, 317338. Samarati, P., & Vimercati, S. (2000) Access control: policies, models and mechanisms. Lecture Notes in Computer Science, 2171, pp.137-1 Masood, M. (2010) Conformance Testing of Temporal Role-Based Access Control Systems , IEEE Transaction on Dependable and Secure computing, 7,2,pp.144-158. Bishop, M. (2005). Confidentiality policies. In Introduction to computer security (pp.61-66). Boston: Addison-Wesley. Xie, T. (2006) Scheduling security-critical real-time applications on clusters, IEEE Transaction on Computers, 55,7, pp.864 - 879.
Related Documents
Itc595- Information Security
August 2019 32
Information Security
October 2019 65
Information Security Program Success
May 2020 60
Information Security New Approach
April 2020 88
Information Security Management System
July 2020 45