Professional Documents
Culture Documents
Trimester-1 2021
Assessment Overview
Assessment Task Type Weighting Due Length ULO
Assessment Details:
Today’s Internet has its roots all the way back in the late 1960s, but it was only used by
researchers and the military for almost a quarter of a century. The Internet has opened
the door for threat actors to reach around the world invisibly and instantaneously to launch
attacks on any device connected to it.
Read the case study titled: Threat Update COVID-19 Malicious Cyber Activity that available at:
https://apic.instructure.com/files/148461/download?download_frd=1
Answer the following questions related to the case study:
1. Identify and examine all types of the malicious cyber activities identified by ACSC and
summarize them in a table.
2. Identification and categories assets, including all elements of an organization’s system
(people, procedures, data and information, software, hardware, and networking)
3. Create a table to identifying and prioritizing threats against each type of asset identified in
item (2). You have to demonstrate the way you follow to prioritizing threats with
justification.
4. In general, the security defences should be based on five fundamental security principles:
layering, limiting, diversity, obscurity, and simplicity. The ACSC proposed eight strategies to
prevent malware delivery and limit cyber Security incidents. Analyse these principles with
the strategies proposed by the ACSC. In your analysis, you have to clearly demonstrate how
each mitigation strategy is related to fundamental security principle with justification.
Create a report to answer the above questions, your report must include introduction and report
summarisation in addition to a cover page that includes your details.
Marking Criteria and Rubric: The assessment will be marked out of 100 and will be weighted 30%
of the total unit mark
Types of the Poor discussion with Brief discussion about Generally good Very clear discussion In-depth and very
malicious cyber irrelevant information some threats with discussion with about threats with clear discussion about
activities identified and table general information in general information in good information in threats with very good
by ACSC and the table. the table. the table. information in the
summarize them in table.
a table
(20 marks)
Identification and Poor discussion with Brief identification Generally good Very clear A very detailed
categories assets irrelevant information and categories assets. identification and identification and and very clear
(20 marks) categories assets categories assets identification and
categories assets
Identifying and Poor identifying and Brief identifying and Generally good Very clear A very clear and
prioritizing threats prioritizing threats prioritizing threats identifying and identifying and in-depth
against each type against each type of against each type of prioritizing threats prioritizing threats identifying and
of asset asset asset against each type of against each type of prioritizing threats
(20 marks) asset asset against each type of
asset
Analysing the five Poor Introduction with Brief discussion of the Generally good Very clear discussion In-depth and very
fundamental irrelevant details. five fundamental discussion of the five of the five clear discussion of the
security principles security principles fundamental security fundamental security five fundamental
with the security with the security principles with the principles with the security principles
mitigation mitigation proposed security mitigation by security mitigation with the security
by the ACSC. the ACSC. proposed by the ACSC.
proposed by the mitigation proposed
ACSC by the ACSC.
(20)
Summary not Brief summary of the Generally good clearly very
relating to the report with some summary of the summarizing the clearly
Summary
report relevance report overall summarizing the
(10 marks)
contribution overall
contribution
Assessment Details:
This assessment is designed to assess your technical skills in applying information security tools. In
this assignment, you have to study and apply steganography techniques to embedded data within a
file. In addition, you have to understand Linux file systems and apply access control technologies.
The assessment is also assessing your skills to analyses information security principles against
security techniques including steganography and access control. In completing this assessment
successfully, you will be able to investigate IS security, risk threats and propose the suitable security
controls, which will help in achieving ULO-1, ULO-2, ULO-3, and ULO-4.
Task Specifications
This assessment includes three tasks as follows:
Task-1:
Steganography is the practice of concealing a file, message, image, or video within another file,
message, image, or video. Use Steghide tools available in Kali Linux/Linux to hide a text file that
includes your group students IDs on audio file. You have first to create audio file with no more than
30 second to record your group students IDs only. Then, you have to create text file to include group
details include first and last name for each student in your group. Finally, use Steghide tools (use
security as passphrase) to embedded your text file into the created audio file.
In your report, you have to provide screenshot demonstrate the steps with the commands you
followed during the process of installation of Steghide, and the way use used to hide group
information text file into audio file and finally the steps to extract the text file from audio for
verification of your work.
Task-2:
Access control is granting or denying approval to use specific resources. Technical access control
consists of technology restrictions that limit users on computers from accessing data.
In this task you have to work in a group to understand Access Control List (ACL) and files system
security using Linux environment. You have to complete the followings tasks using kali Linux or any
Linux OS:
1. Fill the following table with the information related to all member of your group:
Sn. APIC Student ID First Name Last Name
No
1 {Student-ID1} {FirstName-1} {LastName-1}
2
3
Table 1: Group information
2. Create main directory named BIS3004 and set it permission to full access, fill the following
table:
Task Command/s
Create directory named :BIS3004
Set full access to BIS3004 directory
Table 2: Create Directories APIC
Please note, {FirstName-x} is the first name of the APIC student according to Table-1.
4. Create users, with names according to the group member student IDs for of your group as
shown in Table-4
Task Command/s
- Create user {Student-ID1}
- Write ACL to enable:
1. full permission to {FirstName-1}
2. read and write permission to
{FirstName-2} and
3. read permission only to other
directories.
- Create user {Student-ID2}
- Write ACL to enable:
1. full permission to {FirstName-2}
2. read and execute permission to
{FirstName-1}
3. read permission only to other
directories.
Table 4: Create users
Use the commands available in Linux or Kali Linux to complete the above tables. In your report, you
have to provide screenshot to demonstrate the steps you followed during the process of conducting
the assignment tasks and requirements according to your group details provided in Table-1 (student
ID, first name and last name).
Task-3:
Discuss with clear demonstration, how the steganography and access control techniques that you
conducted in Task-1 and Task-2, respectively, can achieve confidentiality, integrity, and availability
(CIA). You have to provide justification during your discussion.
Submission
1. You have to submit a report in word format file include your answers for Task-1, Task-2 and
Task-3 with the required screenshots for Task-1 and Task-2. You have to include cover page
that include group student ID and full name.
2. You have also to submit the created audio file that embedded your group information text
file for Task-1 (make sure to use: security as passphrase)
The two files must be submitted separately not in single compress file.
Marking Information: The applied project will be marked out of 100 and will be weighted 30% of
the total unit mark.
Assessment Details:
Practical exercises assess students’ ability to apply theoretical learning to practical, real world
situations on a weekly basis. The practical exercises will improve student’s ability to practice
information security using Linux/Kali Linux platform such as phishing attack, encryption and
steganography and other functions.
This assessment also includes invigilated quiz that will assess your ability to understand theoretical
materials and your knowledge of key content areas. The quiz will be either multiple choice
questions or short questions which are relevant to the lectures of lecture materials. For successful
completion of the quiz, you are required to study the material provided (lecture slides, tutorials, and
reading materials) and engage in the unit’s activities. The prescribed textbook is the main reference
along with the recommended reading materials.
Students will be required to complete the practical exercises and sit the quiz during the workshop
and therefore, attendance is required as part of this assessment. Students will not be assessed on
work that not produced in workshop so that attendance is required as part of this assessment.
Students are required to submit the work that they have completed during the workshop session
only. The details of the lab work and requirements are provided on the online learning system.
Marking information: The assessment will be marked out of 100 and will be weighted 40% that
includes: 30% weight for five quizzes (6 % for each quiz). In addition, 10% lab work participation
and submission for ten weeks ( 1% for each lab work).