Module Assignments: Security vulnerabilities, Social Engineering, Business Continuity Management, an

On successful completion of this module students will be able to:

1. Identify and critically analyse information security threats to computer networks and management information systems. (management of information systems | Managing information systems)
2. Critically evaluate the range of effective security controls used to protect system and user data.
3. Synthesize solutions to security problems through effective information security governance.
4. Create understanding of professional, social, ethical and legal issues associated with cyber security.

Assignment support:

Although you will be guided throughout the module by your lecturer, you can get extra support for your assignment, just make an appointment with the ACE team for any language, research and study skills issues and/or talk, email the Computing ACE expert for any advice on how to approach your assignment. REMEMBER: they are not here to give you the answers!

Deliverables:

Coursework 2 is an individual report and will be submitted as a MS Word document (suggested word count: 2000 words in total excluding all diagrams, documentation and description) via Turnitin on Moodle and must include all the required components.

Coursework 2 is worth 60% of the overall assignment. The assignment preparation guidelines are outlined below:

1. All components of the assignment report must be word processed (hand-written text or hand-drawn diagrams are not acceptable), font size must be within the range of 12 point to 13 point including the headings, body text and any text within diagrams.
2. Standard and commonly used fonts such as Times New Roman, Arial or Calibri should be used.
3. Your document must be aligned left or justified with line spacing of 1.5.
4. All figures, graphs and tables must be numbered and labelled.
5. Material from external sources must be properly referenced and cited within the text using the Harvard referencing system.
6. All components of the assignment (e.g. text, diagrams, code etc.) Must be submitted within a single MS Word document.

Submission instructions:

Submit in due time in Turnitin on Moodle. Late submission, where the student submits work seven calendar days after the deadline up to 2pm, will be accepted and marked. The percentage mark for the component of assessment will be capped at 40%.

Coursework Brief

Attempt all the following tasks in the assignment. Marks will be awarded for producing a documented system that meets the requirements as specified below.

Please specify the task number in your assignment.

Task 1: Security vulnerabilities

You are an Information Security officer working for InfoIT Limited. You have been informed of some vulnerabilities in your company's web server. These can be seen in the following list:

• Missing authorisation
• Download of codes without integrity checks
• Broken Authentication and Session Management
• Missing data encryption
• Cross-site-scripting vulnerabilities

a.Give a detailed explanation of how each vulnerability from the above list can be exploited and give recommendations on what should be done against each of them.

b.You have been told that one of your application has a "SQL injection" vulnerability. What tool/techniques can be used to detect and exploit "SQL injection"? Perform a SQL injection using an appropriate tool and demonstrate steps with brief explanation.

Task 2: Social Engineering

According to Barracuda Networks (2020), phishing emails have spiked by over 600% since the end of February as cyber-criminals look to capitalise on the fear and uncertainty generated by the COVID-19 pandemic. The security vendor observed just 137 incidents in January, rising to 1188 in February and 9116 in March. Around 2% of the 468,000 global email attacks detected by the firm were classified as COVID-19-themed. These attacks used widespread awareness of the pandemic to trick users into handing over their log-ins and financial information, and/or unwittingly downloading malware to their computers of the COVID-19 phishing attacks, 54% were classed as scams, 34% as brand impersonation attacks, 11% blackmail and 1% as business email compromise (BEC) (Infosecurity Magazine, 2020).

1. Assess different methods (4) employed by social engineers in terms of their effectiveness to ‘trick users into handing over their log-ins and financial information'.
2. Demonstrate how hackers use social-engineering tools to carry out their attacks. In other words, what strategies do hackers use and how they exploit them?           

Task 3: Business Continuity Management

Despite the progress made on the implementation of Business Continuity Management (BCM) within organisations for nearly over two decades, the depth and breadth of planning in smaller firms remains a cause for concern. Over the past 10 years, there has been a greater focus on the risks associated with supply chains.  Additionally, due to the pressure from larger customers, some SMEs have implemented BCM programmes which increase certification and compliance expectations. However, there is much scepticism about whether or not international standards for BCM, such as ISO 22301, can be applied to the SME marketplace. Keeping this in mind:

1. Give a detailed explanation of what BCM is and its functions (purpose and benefits).                                             
2. Evaluate the types of sites that an organization can use for backup.
3. “BCM: A key element in the fight against cyber security attacks” – Critically evaluate this statement

Task 4: Ethical hacking

1. With the aid of a diagram, outline the phases of ethical hacking steps.
2. The first step of hacking is also called Footprinting and information gathering Phase. Name the types of Footprinting and explain this by giving examples.
3. Perform network scanning using any appropriate tools (such as Nmap/Zenmap) and analyse their result. Choose 1 tool to do this task.