Module on Information Security Management: Coursework 2 Brief

On successful completion of this module students will be able to:

1. Identify and critically analyse information security threats to computer networks and management information systems. (management of information systems | Managing information systems)

2. Critically evaluate the range of effective security controls used to protect system and user data.

3. Synthesize solutions to security problems through effective information security governance.

4. Create understanding of professional, social, ethical and legal issues associated with cyber security.

Assignment support:

Although you will be guided throughout the module by your lecturer, you can get extra support for your assignment, just make an appointment with the ACE team for any language, research and study skills issues and/or talk, email the Computing ACE expert for any advice on how to approach your assignment. REMEMBER: they are not here to give you the answers!

Deliverables:

Coursework 2 is an individual report and will be submitted as a MS Word document (suggested word count: 2000 words in total excluding all diagrams, documentation and description) via Turnitin on Moodle and must include all the required components.

Coursework 2 is worth 60% of the overall assignment. The assignment preparation guidelines are outlined below:

1. All components of the assignment report must be word processed (hand-written text or hand-drawn diagrams are not acceptable), font size must be within the range of 12 point to 13 point including the headings, body text and any text within diagrams.

2. Standard and commonly used fonts such as Times New Roman, Arial or Calibri should be used.

3. Your document must be aligned left or justified with line spacing of 1.5.

4. All figures, graphs and tables must be numbered and labelled.

5. Material from external sources must be properly referenced and cited within the text using the Harvard referencing system.

6. All components of the assignment (e.g. text, diagrams, code etc.) Must be submitted within a single MS Word document.

Submission instructions:

Submit in due time in Turnitin on Moodle. Late submission, where the student submits work seven calendar days after the deadline up to 2pm, will be accepted and marked. The percentage mark for the component of assessment will be capped at 40%.

Coursework Brief

Attempt all the following tasks in the assignment. Marks will be awarded for producing a documented system that meets the requirements as specified below.

Please specify the task number in your assignment.

Assignment support

Task 1: Security vulnerabilities

You are an Information Security officer working for InfoIT Limited. You have been informed of some vulnerabilities in your company's web server. These can be seen in the following list:

·Missing authorisation

·Download of codes without integrity checks

·Broken Authentication and Session Management

·Missing data encryption

·Cross-site-scripting vulnerabilities

a.Give a detailed explanation of how each vulnerability from the above list can be exploited and give recommendations on what should be done against each of them.

b.You have been told that one of your application has a "SQL injection" vulnerability. What tool/techniques can be used to detect and exploit "SQL injection"? Perform a SQL injection using an appropriate tool and demonstrate steps with brief explanation.

Task 2: Social Engineering                      

According to Barracuda Networks (2020), phishing emails have spiked by over 600% since the end of February as cyber-criminals look to capitalise on the fear and uncertainty generated by the COVID-19 pandemic. The security vendor observed just 137 incidents in January, rising to 1188 in February and 9116 in March. Around 2% of the 468,000 global email attacks detected by the firm were classified as COVID-19-themed. These attacks used widespread awareness of the pandemic to trick users into handing over their log-ins and financial information, and/or unwittingly downloading malware to their computers of the COVID-19 phishing attacks, 54% were classed as scams, 34% as brand impersonation attacks, 11% blackmail and 1% as business email compromise (BEC) (Infosecurity Magazine, 2020).

a. Assess different methods (4) employed by social engineers in terms of their effectiveness to ‘trick users into handing over their log-ins and financial information'.                                        

b. Demonstrate how hackers use social-engineering tools to carry out their attacks. In other words, what strategies do hackers use and how they exploit them?                                      

Task 3: Business Continuity Management

Despite the progress made on the implementation of Business Continuity Management (BCM) within organisations for nearly over two decades, the depth and breadth of planning in smaller firms remains a cause for concern. Over the past 10 years, there has been a greater focus on the risks associated with supply chains.  Additionally, due to the pressure from larger customers, some SMEs have implemented BCM programmes which increase certification and compliance expectations. However, there is much scepticism about whether or not international standards for BCM, such as ISO 22301, can be applied to the SME marketplace. Keeping this in mind:

a. Give a detailed explanation of what BCM is and its functions (purpose and benefits).                                             

Deliverables

b. Evaluate the types of sites that an organization can use for backup.

c. “BCM: A key element in the fight against cyber security attacks” – Critically evaluate this statement.

Task 4: Ethical hacking

1. With the aid of a diagram, outline the phases of ethical hacking steps.

2. The first step of hacking is also called Footprinting and information gathering Phase. Name the types of Footprinting and explain this by giving examples.

3. Perform network scanning using any appropriate tools (such as Nmap/Zenmap) and analyse their result. Choose 1 tool to do this task.              

Task 5: Presentation, Report Layout and References

Marking Criteria

Functionality Criteria /Deliverables Marks

Task 1:

You have explained exploitation methods for each vulnerability listed. You have also outlined suitable countermeasures against each of them (15)  

You have evaluated a tool/technique can be detected and exploited SQL Injection vulnerability such as SQLMAP using snaps and explain the impacts (10) 25

Task 2:

You have discussed different techniques of social engineering with examples and literatures. (10)

You have managed to demonstrate the use of any social engineering tools to perform any kind of social-engineering attack (10) 20

Task 3 You have outlined Business continuity management (BCM)’s purpose and benefits with examples using relevant academic literature. (8)  

You have discussed different back up sites and outlined advantages and disadvantages with examples. (7)

You have evaluated how business continuity is a key factor in responding effectively to cyber security attacks and reducing the cost of a data breach (10) 25

Task 4 You have discussed details of Ethical hacking life cycle/stages with the aid of diagram/s and examples (5)

You have outlined the Footprinting and its classification with explanations and example  (7)

You have managed to perform network scanning using any appropriate tools (e.g –Nmap/Zenmap) and analyse the results (8) 20

Introduction, Conclusion, References and Report layout Your report is well laid out and formatted according to the given requirements. Your report is free from grammatical and spelling errors. The Harvard system has been used to cite work where necessary and a list of references is also provided. 10

Assignment Preparation Guidelines

·All components of the assignment (text, diagrams. code etc.) must be submitted in ….one-word file (hand-written text or hand drawn diagrams are not acceptable), any other accompanied materials such as simulation file, code, etc. should be attached in appendices.

Submission instructions

·Standard and commonly used fonts such as Arial or Calibri should be used, font size must be within the range of 10 to 15 points including the headings, body text and any texts within diagrams,

·Spacing should not be less than 1.5

·Pay attention to the Assessment criteria / Marking scheme, the work is to be concise and technical. Try to analyse, compare and evaluate rather than simply describe.

·All figures, screenshots, graphs and tables must be numbered and labelled.

·The assignment should be logically structured, the core of the report may start by defining the problem / requirements, followed by the proposed solution including a detailed discussion, analysis and evaluation, leading to implementation and testing stage, finally a conclusion and/or personal reflection on learning.

·Screenshots without description / discussion does not constitute understanding and maybe assumed irrelevant.

·Please access your Turnitin Test Page via Dashboard or My modules to learn more about Turnitin and to make a test submission and to check your similarity score before uploading your final version

·You will have opportunity to submit as many times to your module pages as you want up until the deadline.

·Make sure to make backup of your work to avoid distress for loss or damage of your original work, use multiple storage media (memory stick, cloud and personal computer).

·Please note file size limitation might apply. You work must be under 100MB.

Assignment support:  

·During the delivery of the module, you will have several opportunities to get formative feedback on your assessment during tutorials.

·Although you will be guided throughout the module by your lecturer, you can get extra support for your assignment, just make an appointment with the ACE team for any language, research and study skills issues and/or talk, email the Computing ACE expert for any advice on how to approach your assignment. REMEMBER: they are not here to give you the answers!

·Students will have access to formative feedback on each task set in workshops, thereby helping them to refine their approach to the summative tasks that have been set.

·However, please note that this feedback is limited to recommendations on improving your work. Lecturers will not confirm any grades or marks.

·The feedback can be one-to-one or in-group sessions.

·Finally, you will receive summative feedback within a month of your final submission. Please note that the summative feedback and the grades remain provisional until approval from the exam board.

·Academic Integrity is a matter that is taken very seriously at the university and student should endeavour to enforce it to all their assignments. In other words, plagiarism, collusion (working and copying from another student) and ghost writing will not be tolerated and will result in sanctions eg: capped resit, suspension and/or withdrawal. Correct referencing demonstrates your academic and professional skill. It also reflects your academic honesty and thus to some degree protects you from cases of plagiarism.

·You must write your assignment in your own words to demonstrate your understanding of the subject.

·Material from external sources must be properly referenced and cited within the text using the Harvard referencing system,

·You are required to follow the Roehampton Harvard referencing System. Please refer to Moodle for the latest version of the Roehampton Harvard referencing System or ask the library.

·An accompanying list of references (on a separate page and in alphabetical order) must also be provided as part of your work.

·Plagiarism: occurs when you present somebody else’s work as your own, whether that work is an idea, graphs, figure, illustration or a pure text. Be it available in web, textbooks, reports or otherwise.

·Wholesale use of text and diagrams from websites is considered as plagiarism when not acknowledged.

·Plagiarism will be dealt with firmly and can lead to serious consequences and disciplinary procedures.

Collusion: occurs when copying another student’s report (Text, Figures, Illustration etc..) and submitting it as your own.