Cyber Security

Assigment # 01

Submitted To: Dr. Tauqeer Safdar

Submitted By: Mudassir Masood
Roll No: BSIT(E-19-32)
Date: 08-02-2023
Semester: 8th Evening
Department: Information Technology
Question No 01:
This question requires a little bit of background in probability. Consider the
two scenarios below:

• A circuit-switching scenario in which Ncs users, each requiring a bandwidth

of 10 Mbps, must share a link of capacity 100 Mbps.

• A packet-switching scenario with Nps users sharing a 100 Mbps link, where
each user again requires 10 Mbps when transmitting, but only needs to
transmit 30 percent of the time

Based on the above scenarios, answer the following questions.

a) When circuit switching is used, what is the maximum number of users that
can be supported?

b) Suppose packet switching is used. If there are 19 packet-switching users,

can this many users be supported under circuit-switching? Yes or No.

c) Suppose packet switching is used. What is the probability that a given

(specific) user is transmitting, and the remaining users are not transmitting?

d) Suppose packet switching is used. What is the probability that one user
(any one among the 19 users) is transmitting, and the remaining users are not
transmitting?

e) When one user is transmitting, what fraction of the link capacity will be
used by this user? Write your answer as a decimal.

f) What is the probability that any 7 users (of the total 19 users) are
transmitting and the remaining users are not transmitting?

g) What is the probability that more than 10 users are transmitting?

Answer:
a) When circuit switching is used, the maximum number of users that can be
supported is 100 Mbps / 10 Mbps = 10 users.
 b) No, 19 packet-switching users cannot be supported under circuit-switching
because 19 users * 10 Mbps = 190 Mbps > 100 Mbps.
c) If packet switching is used, the probability that a given user is transmitting
and the remaining users are not transmitting is 0.3.
d) If packet switching is used, the probability that one user (among the 19
users) is transmitting and the remaining users are not transmitting is 0.3 *
19 = 5.7.
e) When one user is transmitting, the fraction of the link capacity used is 10
Mbps / 100 Mbps = 0.1.
f) The probability that any 7 users are transmitting and the remaining users
are not transmitting can be calculated using the binomial distribution,
which is too complex to calculate here without a specific formula or
calculator.
g) The probability that more than 10 users are transmitting can be calculated
using the cumulative distribution function of a binomial distribution, which
is too complex to calculate here without a specific formula or calculator

Question No 02:
The Bahauddin Zakariya University (BZU), Multan is implementing an
electronic voting (e-voting) system to elect their student representative. Only
the faculty of BZU are allowed to vote online at a voting website that the
university IT department is implementing .What are the security attributes
that need to be considered for the e-voting system? Be specific. For instance,
do not just say `confidentiality', but enumerate which (all) kinds of
information need to be kept confidential. Note that the security attributes
could go beyond the classical three used in CIA-triad

Answer:
The following security attributes need to be considered For an e-voting
system of bzu.
 1) Confidentiality: Information such as voters' identities, their vote choices,
and the election results must be kept confidential to prevent unauthorized
access and tampering.
2) Authentication: Only authorized faculty members of BZU should be able to
access the e-voting system and cast their vote. Strong authentication
methods, such as two-factor authentication, should be used to verify the
identity of voters.
3) Integrity: The e-voting system should prevent unauthorized modification of
the voting data and results. This can be achieved through the use of digital
signatures, cryptographic hash functions, and other security measures.
4) Availability: The e-voting system should be available to faculty members
during the voting period, without any unplanned downtime or service
disruptions.
5) Non-repudiation: The e-voting system should provide evidence of the
authenticity and integrity of the voting data and results, so that voters
cannot deny having cast their vote or deny the results of the election.
6) Privacy: The e-voting system should protect the privacy of voters and not
reveal their vote choices to anyone, including the IT department and the
election administrators.
7) Auditability: The e-voting system should provide a transparent and
auditable trail of all voting activities, to detect and prevent any anomalies
or security incidents.

 These security attributes are critical for ensuring the accuracy, fairness, and
reliability of the e-voting system, and for building trust among the faculty
members and stakeholders of BZU.

Question No 03:
In the context of information security, what are some advantages for an
organization to adhere to the requirements of a specific standard? What are some
possible shortcomings of standards in the context of information security?
Answer:
Answer:
Advantages of adhering to information security standards for an organization:

1) Improved security: Adhering to a recognized security standard helps

organizations better protect sensitive data and assets from threats and
attacks.
2) Increased credibility: Demonstrating compliance with security standards
can increase an organization's credibility with customers, partners, and
stakeholders.
3) Risk management: Standards provide a systematic approach to risk
management, helping organizations identify and prioritize their security
needs.
4) Compliance: Standards can help organizations comply with legal and
regulatory requirements for protecting sensitive information.
5) Best practices: Standards provide a common framework for best practices
in information security, helping organizations ensure they are using up-to-
date, effective security measures.

Possible shortcomings of information security standards:

1) Complexity: Standards can be complex, difficult to understand, and

challenging to implement.
2) Cost: Adhering to standards can be expensive, requiring investment
in new technology, personnel, and processes.
3) Inflexibility: Standards can be rigid and may not allow for
customization to meet the unique needs of an organization.
4) Resource constraints: Standards may require significant resources to
implement and maintain, which can be a challenge for smaller
organizations.
5) Overreliance: Organizations may become overly reliant on standards,
failing to adapt to new and evolving security threats and technologies