HS2011 Security Hands-on projects
HS2011 Information Security Assignment
|Assessment Details and Submission Guidelines|
|Unit Title||Information Security|
|Assessment Type||Individual Assignment|
|Assessment Title||Security Hands-On Projects|
|Purpose of the assessment (with ULO Mapping)||The purpose of this assignment is to exercise and develop skills required in implementing and testing different security tools and configuration. Students will be able to: Understand the challenges and impact of factors that relate to Information Systems security managementDemonstrate an understanding of security frameworks, models and standards and their application to different business scenarios, Communicate effectively, information systems’ security concepts and controls to both technical and non-technical stakeholders|
|Weight||25% of the total assessments|
|Word limit||1500 – 2000 words|
|Due Date||End of Week 04|
|Submission Guidelines||All work must be submitted on Blackboard by the due date along with a completed Assignment Cover Page. The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2 cm margins on all four sides of your page with appropriate section headings. Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using Harvard or IEEE referencing style.|
Assessment Design – Adapted Harvard Referencing:
Holmes will be implementing as a pilot program a revised Harvard approach to referencing. The following guidelines apply:
- Reference sources in assignments are limited to sources which provide full text access to the source’s content for lecturers and markers.
- The Reference list should be located on a separate page at the end of the essay and titled: References.
- It should include the details of all the in-text citations, arranged alphabetically A-Z by author surname. In addition, it MUST include a hyperlink to the full text of the cited reference source.
P Hawking, B McCarthy, A Stein (2004), Second Wave ERP Education, Journal of Information Systems Education, Fall, http://jise.org/Volume15/n3/JISEv15n3p327.pdf
- All assignments will require additional in-text reference details which will consist of the surname of the author/authors or name of the authoring body, year of publication, page number of contents, paragraph where the content can be found.
“The company decided to implement a enterprise wide data warehouse business intelligence strategies (Hawking et al, 2004, p3(4)).”
Non-Adherence to Referencing Guidelines
Where students do not follow the above guidelines:
- Students who submit assignments which do not comply with the guidelines will be asked to resubmit their assignments.
- Late penalties will apply, as per the Student Handbook each day, after the student/s have been notified of the resubmission requirements.
Students who comply with guidelines and the citations are “fake” will be reported for academic misconduct.
You are required to follow the instructions in each project and provide screen shots for the outcomes in addition to the answers to any provided questions.
PROJECT 1: Examining Data Breaches
In this project, you view the biggest data breaches resulting in stolen information through a
1. Open your web browser and enter the URL http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ (if you are no longer able to access the site through this web address, use a search engine to search for “Information Is Beautiful World’s Biggest Data Breaches.”
2. Click Hide Filter to display a visual graphic of the data breaches, as shown in Figure 1.
Figure 1: World’s biggest data breaches
3. Scroll down the page to view the data breaches. Note that the size of the breach is indicated by the size of the bubble.
4. Scroll back up to the top and note the color of the bubbles that have an “Interesting Story.” Click one of the bubbles and read the story.
5. Click Read a bit more.
6. Click Click to see the original report.
7. Read about the data breach. When finished, close only this tab in your browser.
8. Click Show Filter to display the filter menu.
9. Under Organisation, click Government.
10. Under Method of Leak, click All.
11. Click one of the bubbles and read the story.
12. Uncheck Government. Under Organisation, now click Tech to see the breaches that
have targeted the technology industry. Click one of the bubbles and read the story.
13. At the top of the graphic, click Method of Leak so that the bubbles display how the leak
occurred. Which type of leak is the most common? Why do you think this is the case?
14. Create your own filters to view different types of breaches. Does this graphic convey a
better story than the textual data in the previous project?
15. How does this visualization help you with the understanding of threats?
16. Close all windows.
PROJECT 2: Write-Protecting a USB Flash Drive and Disabling a USB Port
Viruses and other malware are often spread from one computer to another by infected USB flash drives. This can be controlled by either disabling the USB port or by write-protecting the drive so that no malware can be copied to it. Disabling the port can be accomplished through changing a Windows registry setting, while write-protecting the drive can be done through third-party software that can control USB device permissions. In this project, you download and install a software-based USB write blocker to prevent data from being written to a USB device and disable the USB port. You will need a USB flash drive for this project.
1. Open your web browser and enter the URL www.irongeek.com/i.php?page=security/thumbscrew-software-usb-write-blocker (if you are no longer able to access the program through the URL, use a search engine to search for “Irongeek Thumbscrew”).
2. Click Download Thumbscrew.
3. If the File Download dialog box appears, click Save and follow the instructions to save this file in a location such as your desktop or a folder designated by your instructor.
4. When the file finishes downloading, extract the files in a location such as your desktop or a folder designated by your instructor. Navigate to that location and double-click thumbscrew.exe and follow the default installation procedures.
5. After installation, notice that a new icon appears in the system tray in the lower right
corner of the screen.
6. Insert a USB flash drive into the computer.
7. Navigate to a document on the computer.
8. Right-click the document and then select Send to.
9. Click the appropriate Removable Disk icon of the USB flash drive to copy the file to the flash drive.
10. Now make the USB flash drive write protected so it cannot be written to. Click the icon
in the system tray.
11. Click Make USB Read Only. Notice that a red circle now appears over the icon to indicate that the flash drive is write protected.
12. Navigate to a document on the computer.
13. Right-click the document and then select Send to.
14. Click the appropriate Removable Disk icon of the USB flash drive to copy the file to the
flash drive. What happens?
15. Click the icon in the system tray to change the permissions so that the USB drive is no longer read only.
16. Now disable the USB port entirely. First remove the flash drive from the USB port.
17. In the Windows Run dialog box enter regedit.
18. In the left pane double-click HKEY_LOCAL_MACHINE to expand it.
19. Double-click SYSTEM.
20. Double-click ControlSet001.
21. Double-click Services.
22. Double-click USBSTOR as shown in Figure 2.
Figure 2: Windows Registry Editor
23. In the right pane double-click Start.
24. In Value data: change the number of 3 to 4. Be sure that Hexadecimal under Base is selected.
25. Click OK.
26. Now insert a USB flash drive into the USB port. What happens?
27. To reactivate the port, change the Value data: back to 3 and click OK.
28. Close all windows.
PROJECT 3: Preventing Vishing Attacks
Vishing, or voice phishing, continues to increase as an attack against users. First, access the online SoundCloud repository by NumberCop that contains several different recordings of vishing attacks (soundcloud.com/numbercop). After listening to several of the recordings to understand what attackers typically ask and how they craft their attacks, create guidelines for not falling prey to these attacks:
- What would you do to help prevent users from becoming victims?
- What messages do the attackers commonly use?
- How do they trick users into entering their information?
- What social engineering effectiveness reasons do they use?
Then write a series of steps that would help users resist these attacks. Write a one-page paper on your research.
Create a business report with:
- Document Title
- Author(s) information
Table of contents
- You have to use Microsoft Word build-in function to create a Table of Contents.
• What this assignment is about and what you want to achieve (should be about 100 words, ES is differed to compare with Introduction).
- You are required to list the major responsibilities which you should take on to help in solving the business’ problem. What is your basic plan? Where do you start from? What do you want to achieve?
- The purpose of your work
- The structure of your report
The assignment submission should take the form of a report that thoroughly details the challenges. All information sources must be appropriately acknowledged and a full bibliography is required.
Your submission document should be a single word or pdf document containing your report.
All submissions are to be submitted through the safeAssign facility in Blackboard. Submission boxes linked to SafeAssign will be set up in the Units Blackboard Shell. Assignments not submitted through these submission links will not be considered.
Submissions must be made by the due date and time (which will be in the session detailed above) and determined by your unit coordinator. Submissions made after the due date and time will be penalized per day late (including weekend days) according to Holmes Institute policies.
The SafeAssign similarity score will be used in determining the level, if any, of plagiarism. SafeAssign will check conference web-sites, Journal articles, the Web and your own class members submissions for plagiarism. You can see your SafeAssign similarity score (or match) when you submit your assignment to the appropriate drop-box. If this is a concern you will have a chance to change your assignment and resubmit. However, resubmission is only allowed prior to the submission due date and time. After the due date and time have elapsed your assignment will be graded as late. Submitted assignments that indicate a high level of plagiarism will be penalized according to the Holmes Academic Misconduct policy, there will be no exceptions. Thus, plan early and submit early to take advantage of the resubmission feature. You can make multiple submissions, but please remember we only see the last submission, and the date and time you submitted will be taken from that submission.
Holmes Institute is committed to ensuring and upholding Academic Integrity, as Academic Integrity is integral to maintaining academic quality and the reputation of Holmes’ graduates. Accordingly, all assessment tasks need to comply with academic integrity guidelines. Table 1 identifies the six categories of Academic Integrity breaches. If you have any questions about Academic Integrity issues related to your assessment tasks, please consult your lecturer or tutor for relevant referencing guidelines and support resources. Many of these resources can also be found through the Study Sills link on Blackboard.
Academic Integrity breaches are a serious offence punishable by penalties that may range from deduction of marks, failure of the assessment task or unit involved, suspension of course enrolment, or cancellation of course enrolment.
Table 1: Six categories of Academic Integrity breaches
|Plagiarism||Reproducing the work of someone else without attribution. When a student submits their own work on multiple occasions this is known as self-plagiarism.|
|Collusion||Working with one or more other individuals to complete an assignment, in a way that is not authorised.|
|Copying||Reproducing and submitting the work of another student, with or without their knowledge. If a student fails to take reasonable precautions to prevent their own original work from being copied, this may also be considered an offence.|
|Impersonation||Falsely presenting oneself, or engaging someone else to present as oneself, in an in-person examination.|
|Contract cheating||Contracting a third party to complete an assessment task, generally in exchange for money or other manner of payment.|
|Data fabrication and falsification||Manipulating or inventing data with the intent of supporting false conclusions, including manipulating images.|
Source: INQAAHE, 2020