CT046-3-1-ISFT - Introduction to Security and Forensics Technologies Page 1 of 7

Learning Outcomes of the Assignment

CLO2: Assess relevant facts related to security and forensic to solve specific problems
and produce appropriate solutions (A2, PLO2)
CLO3: Discuss on professional, ethical and legal issues related to security and forensics
areas (A3, PLO4)

Instructions
No marks will be awarded for the entire assignment if any part of it is found to be copied directly
from printed materials or from another student. All submissions should be made on or before the
due date. Any late submissions after the deadline will not be entertained. Zero (0) mark will be
awarded for late submission unless extenuating circumstances are upheld.

Portfolio 1: Application of PKI (CLO2) – 800 words

According to an article dated February 2021 on Covid-19 Economic Impact Assessment, the
coronavirus pandemic has helped drive the rapid growth of digital solutions. While this has
enabled several positive developments, it has also exposed many sectors to a heightened threat of
cyberattacks. These are the summary of findings according to the article:

 The education sector experienced an increase in cyberattacks as digital adoption rose.

 Emerging markets with large digital industries were among those most targeted by hackers.
 96% of businesses have changed their cybersecurity strategy due to Covid-19.
 Businesses and governments alike are looking to bolster their cybersecurity defences.

In short, these sectors are among the most targeted:

 Education
 Health Service Providers
 Financial Institutions
 E-Commerce
 Utilities
 Government Agencies

Level 1 Asia Pacific University of Technology & Innovation 2021

CT046-3-1-ISFT - Introduction to Security and Forensics Technologies Page 2 of 7

Reference: https://oxfordbusinessgroup.com/news/covid-19-and-cyberattacks-which-emerging-
markets-and-sectors-are-most-risk

Activities:
1. Choose one sector from the above list.
2. Propose the application of PKI for the chosen sector against cyberattacks.
3. Suggest specific applications / systems to be used in the security proposal.

Deliverable:
Proposal for application of PKI in specific sector

Portfolio 2: Use of Forensic Tools and Techniques (CLO2) – 800 words

Case Study: M57 Patents - Exfiltration

A hypothetical start-up company, M57 Patents, was in business for about a month, doing art
patent searches. In this case, the main players are the CEO, Pat McGoo; the IT person, Terry;
and the patent researchers, Jo and Charlie.

One of the employees in M57 is stealing proprietary research from the company and passing it
on to an outside entity. This employee has taken some measures to cover their tracks, but
probably did not count on the company machines being imaged in the ongoing investigation of
other criminal activity.

The police seized the digital evidence at the scene and made forensic copies of various evidence
sources. However, for the scope of this portfolio, you are going to investigate ONE of the USB
drives’ images only which can be downloaded here:
https://downloads.digitalcorpora.org/corpora/scenarios/2009-m57-patents/usb/

Reference:

Level 1 Asia Pacific University of Technology & Innovation 2021

CT046-3-1-ISFT - Introduction to Security and Forensics Technologies Page 3 of 7

For more details, the case could be read here: https://digitalcorpora.org/corpora/scenarios/m57-

patents-scenario

Activities:
1. Refer to the additional details provided.
2. Document your investigation steps and findings as a case investigation report, following
proper structure and sequence.
3. Evaluate the case based on your findings.
4. Provide recommendations for the case and for the future if similar case were to happen as
part of your conclusion.

Deliverable:
Case investigation report

Portfolio 3: Professional, Ethical and Legal Discussion (CLO3) – 400 words

Case Study: Levels of Security

Kessa Jones owns her own consulting business, and has several people working for her. Kessa is
currently designing a database management system for the personnel office of ToyTime, a mid-
sized company that makes toys.
Ms. Jones has involved ToyTimeInc management in the design process from the start of the
project. It is now time to decide about the kind and degree of security to build into the system.
Kessa has described several options to the client. The client has decided to opt for the least
secure system because the system is going to cost more than was initially planned, and the least
secure option is the cheapest security option.
Kessa knows that the database includes sensitive information, such as performance evaluations,
medical records, and salaries. With weak security, she fears that enterprising ToyTime
employees will be able to easily access this sensitive data. Furthermore, she fears that the system
will be an easy target for external hackers.

Level 1 Asia Pacific University of Technology & Innovation 2021

CT046-3-1-ISFT - Introduction to Security and Forensics Technologies Page 4 of 7

Kessa feels strongly that the system should be more secure than it would be if the least secure
option is selected. Ms. Jones has tried to explain the risks to ToyTime, but the CEO, the CIO,
and the Director of Personnel are all convinced that the cheapest security is what they want.

Should Kessa refuse to build the system with the least secure option?

Applying the Code

The Code makes it clear that Kessa must be careful about the issue of privacy of sensitive data,
and she should not lose sight of that responsibility. At the same time, Ms. Jones needs to balance
the need for security with the economic interests of the company that hired her to do this work.
Professionals have to make subjective judgments to balance cost and the customer’s needs; there
cannot be perfect security, and there are never infinite resources. This tension between finite
resources and attaining the highest quality is a common cause for ethical conflicts.
In this case Kessa made a mistake by offering a security “option” to the company that, upon later
reflection, she thought was inadequate. It seems she did this to allow ToyTime to make an
informed decision, but this is like an engineer designing a bridge including the possibility of
building it with substandard materials in the cost estimates.
If the low security system is not good enough for sustainable operations, then she should not
have made it a possibility.
By not informing the company up front about the necessity and cost for adequate security, she
has created a difficult situation, both for ToyTime and for herself.
When we are faced with an ethical issue, whether it is in the evaluation of a case, the choice of a
course of action, or the formulation of a policy, there are a number of questions that we need to
examine:
 Who are the stakeholders? That is, be aware of all the people involved in the issue in any
way, whether they are responsible in some way for the decision or they have some interest in
the outcome.
 What alternatives responses to the issue exist?
 What are the costs and benefits of each alternative? This examination should include all the
stakeholders and be as comprehensive as possible.

Level 1 Asia Pacific University of Technology & Innovation 2021

CT046-3-1-ISFT - Introduction to Security and Forensics Technologies Page 5 of 7

 How would the benefits and burdens be distributed for each alternative? What groups among
the stakeholders would be favored and which would be disadvantaged under each of the
alternatives?

Consider the following alternatives:

1. Kessa goes along with the request and builds the system with inadequate security.
2. Kessa refuses to build the system and abandons the project.
3. Kessa tells ToyTime that her company will build in better security, but only charge for the
cheaper option.

Deliverable:
Group discussion on the case study
This case does not require research – it requires thought and reflection.

Documentation Guidelines:
Document the results of your work in a professional and systematic manner. Your completed
documentation should at least contain the following requirements:
1) Cover
2) Table of content
3) Write up for Portfolio 1, 2 and 3 with proper numbered sections and subsections. Each
portfolio should have the following structure at minimum:
a) Introduction
b) Structured write up content (with appropriate referencing and in-text citations)
c) Conclusion
d) References
e) Appendix

Submission Requirements
1. Online submission via Moodle.
2. Times New Roman font size 12, with 1.5 line spacing and justified paragraphs.

Level 1 Asia Pacific University of Technology & Innovation 2021

CT046-3-1-ISFT - Introduction to Security and Forensics Technologies Page 6 of 7

3. Expected length is approximately 2,000 words per individual (excluding diagrams,

appendixes and references).
4. The report needs to be well presented. Submission of reports that are unprofessional in its
outlook will not fare well when marks are allocated.
5. Every report must have a front cover with the following details:
a) Name
b) Intake code.
c) Subject.
d) Project Title.
e) Date Assigned (the date the report was handed out).
f) Date Completed (the date the report is due to be handed in).
6. All information, figures and diagrams obtained from external sources must be referenced
using the APA referencing system accordingly.

Performance Criteria:

Performance Breakdown Weightage Marks

Criteria (%) Awarded
Portfolio 1 Application of PKI 40
(Individual): 1) Detailed description and explanation
PLO2 – 2) Proposed applications / systems
Cognitive
Skills
Portfolio 2 Case Investigation Report 40
(Individual): 1) Explanation of forensic tools and techniques
PLO2 – 2) Tools’ demo
Cognitive
Skills
Portfolio 3 Professional, Ethical and Legal Discussion 20
(Group): 1) Documentation
PLO4 – 2) Presentation
Interpersonal
Skills
TOTAL 100

Level 1 Asia Pacific University of Technology & Innovation 2021

CT046-3-1-ISFT - Introduction to Security and Forensics Technologies Page 7 of 7

Marking Rubrics

0 to 19 20 to 25 26 to 29 30 to 40
(Fail) (Pass) (Credit) (Distinction)
PLO2 – Fail to demonstrate Average level in Good level in Excellent level in
Cognitive intellectual demonstrating demonstrating demonstrating
Skills independence in the intellectual intellectual intellectual
application of independence in the independence in the independence in the
knowledge within application of application of application of
specific field(s) by knowledge within knowledge within knowledge within
applying critical, specific field(s) by specific field(s) by specific field(s) by
analytical and applying critical, applying critical, applying critical,
evaluation skills in analytical and analytical and analytical and
the field of evaluation skills in evaluation skills in evaluation skills in
study the field of the field of the field of
study study study

Missing or poor Minimal Good description Extensive

description on the description on the on the proposal: description on the
proposal: proposal: 1. Good proposal:
1. Missing or poor 1. Minimal explanation on 1. Extensive
Portfolio 1:
explanation on explanation on the application explanation on
Application of
the application of the application of PKI. the application
PKI Proposal
PKI. of PKI. 2. Good discussion of PKI.
2. Missing or poor 1. Minimal on proposed 2. Detailed
discussion on discussion on applications / discussion on
proposed proposed systems. proposed
applications / applications / applications /
systems. systems. systems.
Missing or poor Minimal Good elaboration in Extensive
case investigation elaboration in case case investigation elaboration in case
report: investigation report: investigation
1. Missing or poor report: 1. Good report:
Portfolio 2:
explanation on 1. Minimal explanation on 1. Extensive
Case
use of tools and explanation on use of tools and explanation on
Investigation
techniques use of tools and techniques use of tools and
Report
2. No / poor tools techniques 2. Good tools techniques
demo 2. Average / demo 2. Excellent tools
acceptable tools demo
demo

0 to 9 10 to 12 13 to 14 15 to 20
(Fail) (Pass) (Credit) (Distinction)
PLO 4 – Fail to work Average level in Good level in Excellent level in
Interpersonal together with working together working together working together
Skills different people in with different with different with different
diverse learning people in diverse people in diverse people in diverse
and learning and learning and learning and

Level 1 Asia Pacific University of Technology & Innovation 2021

CT046-3-1-ISFT - Introduction to Security and Forensics Technologies Page 8 of 7

working working working working

communities as communities as communities as communities as
well well as other well as other well as other
as other groups groups locally and groups locally groups locally and
locally and
internationally. and internationally.
internationally.
internationally.
1. Missing or poor 1. Minimal 1. Good 1. Excellent
documentation elaboration in documentation documentation
Portfolio 3:
2. No / poor documentation 2. Good 2. Excellent
Case Study
presentation 2. Average / presentation presentation
Discussion
acceptable
presentation

Level 1 Asia Pacific University of Technology & Innovation 2021