Assignment No.

01 Total Marks: 20
Semester: Spring 2023
CS205: Information Security Due Date: May 22, 2023

Instructions:
Please read the following instructions carefully before submitting assignment:
You need to use MS Word document to prepare and submit the assignment solution on VU-LMS.
It should be clear that your assignment will not get any credit if:

 The assignment is submitted after due date.

 The assignment is not in the required format (.doc or docx).
 The submitted assignment does not open or file is corrupt.
 Assignment is copied (partial or full) from any source (websites, forums, students, etc.).

Objective:

To enhance the learning capabilities of the students about:

 Security Attacks
 CIA triad
Assignment

Question No.1
As an Information Security officer, you are given a task to identify the component of CIA Triad which has been
compromised in each of the scenarios given below:

1. A company recently discovered that an employee had modified financial records to hide fraudulent
activities.
2. An e-commerce website is experiencing issues with customers receiving counterfeit products. The company
suspects that their supply chain has been compromised.
3. A healthcare organization realizes that patient records are leaked on public website.
4. A hacker modifies the company's website to display unethical content to defame the website.
5. A Distributed Denial of Service (DDoS) attack is launched against a company's website, causing it to
become unavailable to legitimate users.

Provide your answer in given table:

Scenario Compromised Component

1. An employee had modified financial records to hide fraudulent activities. Confidentiality

2. Customers receiving counterfeit products due to supply chain compromise.Integrity

3. Patient records are leaked on public website. Confidentiality

4. Hacker modifies the company’s website to display unethical content to defame the website.
Integrity

5. Distributed Denial of Service (DDoS) attack is launched against a company’s website, causing it to
become unavailable to legitimate users. Availability

Scenario No. CIA Component

1
2
3
 4
5

Question No.2
Suppose an enterprise computer network consists of multiple devices including servers, desktops,laptops,
switches and routers etc. where sensitive information including financial data, intellectual property and
customer information is transferred among the network devices. The enterprise is concerned about the security
of this data and has implemented various measures including firewalls, antivirus software, data encryption, and
access controls to protect it. However, the network is still vulnerable to various types of attacks such as
ransomware, trojan horses, worms, spyware, phishing attacks, denial-of-service attacks and SQL injection
attacks. Following issues have been observed so far in the enterprise:

1. A user in the finance department received an email that appeared to be from a bank, asking the user to
provide his/her login credentials to verify his/her account. As the user entered his/her credentials, the user’s
computer became unresponsive and all files got encrypted.

2. An employee in the HR department clicked on a link in an email that appeared to be from a colleague. The
link downloaded a program that appeared to be legitimate.

3. A computer in the marketing department became infected by a virus that further spread throughout the
network causing all network devices to slow down and become unresponsive.

4. The company's website became inaccessible to its legitimate users due to huge number of fake login
requests to server by some unauthorized users.

5. Attackers gain unauthorized access to the company's database. They were able to retrieve confidential
customer information, including names, addresses, and credit card details.

Considering yourself as an Information Security Officer, you are required to carefully analyze each scenario and
answer the following questions:

Questions:

1. What is the name of the virus attack that the finance department experienced?
2. What is the name of the virus attack that the HR department experienced?
3. What is the name of the virus attack that the marketing department experienced?  
4. What type of attack occurred when the company's website became inaccessible for its legitimate users due
to a large number of fake login requests?
5. What type of attack occurred when attackers gain unauthorized access to the company's database and
retrieve confidential customer information?
 
Solution:

Here are the answers to your questions:

The virus attack that the finance department experienced is called ransomware1.

The virus attack that the HR department experienced is not mentioned in the given scenario. However,
phishing attacks are common in HR departments where attackers send emails that appear to be from a
colleague or a higher-up and ask for sensitive information such as login credentials2.

The computer in the marketing department was infected by a virus that further spread throughout the
network causing all network devices to slow down and become unresponsive. This is an example of a
worm3.

The company’s website became inaccessible to its legitimate users due to a huge number of fake login
requests to the server by some unauthorized users. This is an example of a Denial-of-Service (DoS)
attack4.

Attackers gained unauthorized access to the company’s database and were able to retrieve confidential
customer information, including names, addresses, and credit card details. This is an example of a data
breach5.

Best of Luck!