ICT 506 Fundamentals of Cyber Security

Assessment 2

Case Study (Individual)

Learning Outcomes Covered

ULO.1.7 Demonstrated understanding of the fundamental principles of cybersecurity and demonstrated capacity to interpret, apply, and evaluate the relevant security tools and approaches to identify and mitigate threats, attacks, and common vulnerabilities.

ULO.4.4 Demonstrated high level of written and verbal communication skills relevant to the planning, design, and implementation of a technical solution.

Submission Details

• This is an individual assessment.
• You must submit your answers in a word or pdf format on the Turnitin link available on the Moodle.
• The assessment carries 30% weightage and is marked out of 30.
• Your answers should not be more than 500 and not less than 300 words per question.
• Your similarity index should be less than 30%.
• The deadline to submit your work is by Friday week 8, 5 PM.

After submitting the report, in week 9, each student will have a 3-5-minute interview with the lecturer in which needs to explain the findings of the report and demonstrate understanding of the content. In addition to the criteria stated in the assessment briefing for evaluation of the written report, the final mark also depends on the performance of the student in the interview.

Use of AI generative tools is fully prohibited in this assessment.

TECH2400 Introduction to Cyber Security

Anzaw Pty Ltd Case study

With its headquarters in Sydney and a branch in Brisbane, Anzaw Pty Ltd operates state-of-the-art automobile manufacturing lines. Using significant amounts of automation and advanced technology in its production lines, together with augmented reality for designing its cars of the future, Anzaw also embraces big data and artificial intelligence throughout its operations. Anzaw’s organisational functions are world-class.

The headquarters’ ICT Infrastructure is shown in Figure 1. The key servers used by Anzaw Pty Ltd are Web Server, Database Server and Mail Server. The purposes of these servers are:

• Web Server: Hosts the Website of the Anzaw Pty Ltd
• Database Server: Hosts the designs and manufacturing details of various cars
• Mail Server: Used for receiving and sending emails

Anzaw Pty Ltd would like to take advantage of scalability and on-demand resources provided by Cloud Computing and are interested in adopting a Hybrid Cloud deployment model in the future.

Given the competitive nature of the automobile industry, and situated within a complex and dynamic external environment, Anzaw requires their production lines to be optimised continuously through the use of the latest cutting-edge hardware and software technology systems. In turn, these systems need to deliver not only high levels of work-flow but also high levels of information security. Information security is increasingly important as the company’s technological vision and goals now extend to their automobiles through technological innovation and breakthroughs associated with using the Internet of Things (IoT). Indeed, Anzaw currently feels it is vulnerable to several types of malicious cyberattacks that aim to capture valuable business information in order to sell such information in the black market. Despite these dangers, the management at Anzaw has had little time to focus on areas of information security vulnerability. Therefore, they have hired you as an independent information security consultant to advise them on various aspects of information security issues and vulnerabilities.

Figure 1: Infrastructure of Anzaw Pty Ltd

Assuming the role of an independent information security consultant, use information given in the case study to answer the following questions.

1. Discuss the existing security landscape pertaining to information systems of Anzaw Pty Ltd, including common vulnerabilities, potential threats, and possible repercussions of a security breach.

(Note: general descriptions/definitions about vulnerabilities and threats will receive no marks. You must:

1. 1. explain where exactly in the given case and network topology you found the vulnerabilities/threats
   2. what are the consequences of each identified vulnerability/threat)

(10 marks)

1. Demonstrate your knowledge of important security tools such as authentication, access control, and cryptographic techniques that should be used within the Anzaw Pty Ltd to protect the information systems.

(Note: general descriptions/definitions about security tools will receive no marks. For each selected tool, you must explain:

1. 1. the reasons for choosing it,
   2. how the tool should be deployed and integrated with the given network architecture and topology,
   3. how would it protect the information systems.)

(10 marks)

1. Analyse and explain various security technologies, scanning and probing tools that Anzaw Pty Ltd should use to master the best practices in protecting information.

(Note: general descriptions/definitions about security technologies, scanning and probing tools will receive no marks.

For each selected item, you must explain:

1. 1. the reasons for choosing it,
   2. how should it be deployed and integrated considering the given network architecture and topology,
   3. how would it help to implement best practices for protecting information.)

(10 marks)