Scribd Logo
Upload

Welcome to Scribd!

  • PBT & PBT Presentation

    Uploaded by

    F1072 Divisha
    13 views6 pages
    1. The document discusses a ransomware attack on AirAsia that compromised the personal data of 5 million passengers and employees. 2. Students are asked to complete a problem based task on securing information and disaster recovery. They must form groups, prepare a report and presentation, and answer questions related to disaster categories, prevention strategies, and developing a disaster recovery plan. 3. The task involves sketching configurations for technology like UPS, RAID, and backup systems, and preparing functions for handling server disasters. Performance will be evaluated based on rubrics assessing delivery of ideas, understanding of content, and demonstrating techniques for securing information and disasters.

    Original Description:

    Original Title

    Pbt & Pbt Presentation

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    1. The document discusses a ransomware attack on AirAsia that compromised the personal data of 5 million passengers and employees. 2. Students are asked to complete a problem based task on securing information and disaster recovery. They must form groups, prepare a report and presentation, and answer questions related to disaster categories, prevention strategies, and developing a disaster recovery plan. 3. The task involves sketching configurations for technology like UPS, RAID, and backup systems, and preparing functions for handling server disasters. Performance will be evaluated based on rubrics assessing delivery of ideas, understanding of content, and demonstrating techniques for securing information and disasters.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views6 pages

    PBT & PBT Presentation

    Uploaded by

    F1072 Divisha
    1. The document discusses a ransomware attack on AirAsia that compromised the personal data of 5 million passengers and employees. 2. Students are asked to complete a problem based task on securing information and disaster recovery. They must form groups, prepare a report and presentation, and answer questions related to disaster categories, prevention strategies, and developing a disaster recovery plan. 3. The task involves sketching configurations for technology like UPS, RAID, and backup systems, and preparing functions for handling server disasters. Performance will be evaluated based on rubrics assessing delivery of ideas, understanding of content, and demonstrating techniques for securing information and disasters.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    NAME

    MARK
    REGISTRATION
    NO
    CLASS CLO1: /50
    CODE/SUBJECT DFS30023/ INFORMATION
    SECURITY CLO3: /50
    ASSESSMENT PROBLEM BASED TASK
    PBT PRESENTATION
    LECTURER NURULFARIDA BINTI MOHAMAD
    NADZRI
    MUHAMMAD MURSHID BIN
    RAMLAN

    CLO 1 : TRACE USING A BASIC TOOL OF INFORMATION SECURITY


    COUNTERMEASURES FOR THREATS AND ATTACKS IN A SECURITY
    ENVIRONMENT (P3, PLO 3).
    CLO 3 : DEMONSTRATE A GOOD ATTITUDE IN PERFORMING THE APPROPRIATE
    TECHNIQUES TOWARDS SECURING INFORMATION (A3, PLO7)
    TOPIC 5.1 : RECOGNIZE DISASTER SOLUTIONS
    TOPIC 5.2 : PERFORM HARDWARE FOR DISASTERS HANDLING
    DURATION : 9 HOURS (PBT) , 30 MINUTES (PRESENTATION PBT)
    INSTRUCTION : ANSWER ALL QUESTIONS
    1. Students are required to form a group of THREE (3) Students.
    2. Each group is required to prepare a report, perform a
    presentation and submit both.

    SECTION A

    AIRASIA ALLEGEDLY HIT WITH RANSOMWARE ATTACK, DATA OF FIVE MILLION PASSENGERS
    AND EMPLOYEES REPORTEDLY COMPROMISED

    PETALING JAYA: The personal data of five million passengers and all employees of AirAsia
    has reportedly been compromised by hacker group Daixin Team, with the group claiming
    responsibility for the ransomware attack that allegedly hit the airline earlier this month on
    Nov 11 and 12.

    According to a report from DataBreaches.com – a website specialising in reporting data


    breaches worldwide – the hackers provided them with two .csv files containing samples of
    the sensitive information belonging to both passengers and the airlines’ staff, which Daixin
    Team claims to have also given to AirAsia.

    The sample of personal data on one of the files reportedly included passenger IDs, full
    names, and booking IDs, while the second file was said to contain data pertaining to
    employee details including photos, secret questions and answers (likely for account
    recovery), nationality, date of birth, country of birth, location, and date hired.

    References : https://www.thestar.com.my/tech/tech-news/2022/11/23/airasia-allegedly-
    hit-with-ransomware-attack-data-of-five-million-passengers-and-employees-reportedly-
    compromised

    Figure 1.0

    1
    1. Identifies the category of disaster happened in Figure 1.0 (CLO1,P1)
    2. Explain the disaster prevention strategy you should recommend based on your
    response to Question 1. (CLO1, P2)
    3. Construct a Disaster Recovery Plan that contains an appropriate technique that
    organizations can applied to securing organization’s information and disaster
    recovery site. (CLO1, P3)

    SECTION B

    1. Sketch configuration of any TWO (2) from technology below:


    a. UPS
    b. RAID
    c. Redundant servers
    d. Clustering
    e. Tape backup (full, incremental, and differential backup)
    (CLO3, P3)

    2. Prepare the functions in handling server disasters based on your response to


    Question 1. (CLO3, P2)

    2
    RUBRIC FOR PROBLEM BASED TASK (PBT) PRESENTATION

    CLO3: Demonstrate a good attitude in performing the appropriate techniques towards securing information. (A3, PLO 7)

    Performance Level
    Criteria 4 3 2 1 Weightage SCORE

    Clear delivery Student able to Student able Student able to Student not able to 15% = /4*15
    of ideas deliver ideas to deliver deliver ideas and deliver ideas clearly
    with great ideas clearly. require further and require major =
    clarity. improvement. improvements.

    Confident Student able to Student able Student able to Student not able 15% = /4*15
    delivery of deliver ideas with to deliver deliver ideas with to deliver ideas
    ideas great confidence. ideas limited confidence effectively.
    confidently. and require further =
    improvements.

    Understand and Student able to Student able Student able to Student not able to 10% = /4*10
    respond to fully understand to respond to understand and answer understand and
    questions and respond to questions questions but not able respond to a =
    questions very well. well. to accurately answer question.
    the question.

    Adapt delivery to Student able to Student able to Student able to Student not able to = /4*10
    audience level fully deliver ideas deliver ideas deliver ideas with deliver 10%
    appropriately very appropriately to limited appropriately to =
    well. the target appropriateness to the audience level.
    audience well. the target audience
    and require further
    improvements.

    Total
    RUBRIC FOR PROBLEM BASED TASK (PBT)

    CLO1: Trace using a basic tool of information security countermeasures for threats and attacks in a security environment. (P3, PLO 3)

    Performance Level
    Criteria 4 3 2 1 Weightage SCORE

    Disaster Student able to Student able to Student able to Student not able to 5% = /4*5
    Category determine the determine the determine the determine the
    category of category of category of disaster category of disaster =
    disaster with disaster but with but wrong.
    exactly answer. typographical.

    Disaster Student able to Student able Student able to Student not able 5% = /4*5
    Prevention deliver ideas with to deliver deliver ideas with to deliver ideas
    Strategy great confidence ideas limited confidence effectively.
    supported by confidently. and require further =
    examples and improvements.
    explanation.

    Five (5) checklist Four (4) checklist Three (3) checklist are One (1) - two (2) 20% = /4*20
    Disaster Recovery
    are listed with are listed with listed with correct checklist are listed
    Plan (DRP)
    correct information. correct information. information. with correct =
    information.
    A DRP checklist A DRP checklist A DRP checklist should
    should include the should include the include the following A DRP checklist
    following steps: following steps: steps: should include the
    1. Establishing 1. Establishing the 1. Establishing the following steps:
    the range or range or extent range or extent of 1. Establishing the
    extent of of necessary necessary range or extent of
    necessary treatment and treatment and necessary
    treatment and activity -- the activity -- the scope treatment and
    activity -- the scope of of recovery; activity -- the
    scope of recovery; 2. Gathering scope of
    recovery; 2. Gathering relevant network recovery;
    2. Gathering relevant infrastructure 2. Gathering
    relevant network documents; relevant
    network infrastructure 3. Identifying the network
    infrastructure documents; most serious infrastructure
    documents; 3. Identifying threats and documents;
    3. Identifying the most vulnerabilities, 3. Identifying the
    the most serious and the most most serious
    serious threats and critical assets; threats and
    threats and vulnerabiliti 4. Reviewing the vulnerabilities,
    vulnerabiliti es, and the history of and the most
    es, and the most unplanned critical assets;
    most critical incidents and 4. Reviewing the
    critical assets; outages, and history of
    assets; 4. Reviewing how they were unplanned
    4. Reviewing the history handled; incidents and
    the history of 5. Identifying the outages, and
    of unplanned current disaster how they were
    unplanned incidents recovery handled;
    incidents and strategies; 5. Identifying the
    and outages, 6. Identifying the current
    outages, and how incident disaster
    and how they were response team; recovery
    they were handled; 7. Having strategies;
    handled; 5. Identifying management 6. Identifying the
    5. Identifying the current review and incident
    the current disaster approve the response team;
    disaster recovery DRP; 7. Having
    recovery strategies; 8. Testing the plan; management
    strategies; 6. Identifyin 9. Updating the review and
    6. Identifyin g the plan; and approve the
    g the incident 10. Implementing a DRP;
    incident response DRP audit. 8. Testing the
    response team; plan;
    team; 7. Having 9. Updating the
    7. Having management plan; and
    management review and Implementing
    review and approve the a DRP audit.
    approve the DRP;
    DRP; 8. Testing the
    8. Testing the plan;
    plan; 9. Updating the
    9. Updating the plan; and
    plan; and 10. Implementing a
    10. Implementing DRP audit.
    a DRP audit.
    First hardware for All four (4) findings Three (3) findings Two (2) findings are Only one (1) finding is = /4*20
    disaster handling. are listed with a are listed with a listed with a correct listed with a correct 20%
    correct information. correct information. information. information. =
    i. Function/ i. Function/ i. Function/ Types to i. Function/ Types
    Types to Types to implement to implement
    implement implement ii. Design/ Image ii. Design/ Image
    ii. Design/ Image ii. Design/ Image iii. How to create/ use iii. How to create/
    iii. How to iii. How to create/ iv. Configure/ video use
    create/ use use iv. Configure/ video
    iv. Configure/ iv. Configure/
    video video

    Total

    You might also like