Information Security Officer Tasks: Vulnerabilities, Social Engineering, BCM, and Ethical Hacking

Task 1: Security vulnerabilities You are an Information Security officer working for InfoIT Limited. You have been informed of some vulnerabilities in your company's web server. These can be seen in the following list: Missing authorisation Download of codes without integrity checks Broken Authentication and Session Management Missing data encryption Cross-site-scripting vulnerabilities Give a detailed explanation of how each vulnerability from the above list can be exploited and give recommendations on what should be done against each of them. You have been told that one of your application has a "SQL injection" vulnerability. What tool/techniques can be used to detect and exploit "SQL injection"? Perform a SQL injection using an appropriate tool and demonstrate steps with brief explanation. Task 2: Social Engineering According tarracuda Networks (2020), phishing emails have spiked by over 600% since the end of February as cyber-criminals look to capitalise on the fear and uncertainty generated by the COVID-19 pandemic. The security vendor observed just 137 incidents in January, rising to 1188 in February and 9116 in March. Around 2% of the 468,000 global email attacks detected by the firm were classified as COVID-19-themed. These attacks used widespread awareness of the pandemic to trick users into handing over their log-ins and financial information, and/or unwittingly downloading malware to their computers of the COVID-19 phishing attacks, 54% were classed as scams, 34% as brand impersonation attacks, 11% blackmail and 1% as business email compromise (BEC) (Infosecurity Magazine, 2020). Assess different methods (4) employed by social engineers in terms of their effectiveness to ‘trick users into handing over their log-ins and financial information'. Demonstrate how hackers use social-engineering tools to carry out their attacks. In other words, what strategies do hackers use and how they exploit them? Task 3: Business Continuity Management Despite the progress made on the implementation of Business Continuity Management (BCM) within organisations for nearly over two decades, the depth and breadth of planning in smaller firms remains a cause for concern. Over the past 10 years, there has been a greater focus on the risks associated with supply chains.  Additionally, due to the pressure from larger customers, some SMEs have implemented BCM programmes which increase certification and compliance expectations. However, there is much scepticism about whether or not international standards for BCM, such as ISO 22301, can be applied to the SME marketplace. Keeping this in mind: Give a detailed explanation of what BCM is and its functions (purpose and benefits). Evaluate the types of sites that an organization can use for backup. “BCM: A key element in the fight against cyber security attacks” – Critically evaluate this statement  Task 4: Ethical hacking      [20%]   With the aid of a diagram, outline the phases of ethical hacking steps. The first step of hacking is also called Footprinting and information gathering Phase. Name the types of Footprinting and explain this by giving examples. Perform network scanning using any appropriate tools (such as Nmap/Zenmap) and analyse their result. Choose 1 tool to do this task.