EXAMINATION OFFICE

IU.ORG

ORAL ASSIGNMENT
Task for Course:
DLMCSITSDP01– Cyber Security and Data Protection

CONTENT
1. Task ........................................................................................................................................... 2
1.1 Task 1: Protecting personal data................................................................................................................ 2
1.2 Task 2: Applying the OWASP Top 10 List .................................................................................................... 2
1.3 Task 3: Transport Layer Security (TLS)....................................................................................................... 3
2. Additional information for the evaluation of the oral assignment ................................................... 3
3. Tutorial support ......................................................................................................................... 3

page 1 of 3
EXAMINATION OFFICE
IU.ORG

1. TASK
There are different topic options to choose from for the oral assignment. Please select only one to cover in your
presentation.

Note on copyright
Please take note that IU Internationale Hochschule GmbH holds the copyright to the examination tasks. We
expressly object to the publication of tasks on third-party platforms. In the event of a violation, IU Internationale
Hochschule is entitled to injunctive relief.

1.1 Task 1: Protecting personal data

There are many different technical approaches that can be used in order to protect personal data, including
encryption, anonymisation and pseudonymisation.
1. Explain the meaning and the purpose of these three approaches.
2. Compare the three approaches, discussing their relative advantages and disadvantages.
3. For each of the approaches, describe one scenario where it is particularly well suited.
Introductory Literature:
European Union. (2018). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
on the protection of natural persons with regard to the processing of personal data and on the free movement of
such data, and repealing Directive 95/46/EC (General Data Protection Regulation). EUR-Lex. https://eur-
lex.europa.eu/eli/reg/2016/679/oj
Elliot, M., Mackey, E., O’Hara, K. (2020). The Anonymisation Decision-Making Framework 2ndEdition. UKAN.
https://ukanon.net/framework/

1.2 Task 2: Applying the OWASP Top 10 List

A software development organisation wants to protect the software it creates against major security risks, and
has identified the OWASP Top 10 Security Risks as the list of risks it wants to use.
1. Provide an overview of this list of security risks, putting particular focus on its background such as why, how
and by whom it was generated.
2. Select the first two risks from the current version of this list, plus any two other security risks from the list.
Explain the meaning of these four risks in some detail, including the potential damage involved.
3. For each of the four risks selected in the previous step, describe what the organisation should do to prevent
these risks from occurring in its software products. Make sure to address this question from the management
point of view as well as from the technical point of view.
Introductory Literature:
Open Web Application Security Project (2021). OWASP Top Ten 2021. OWASP. https://owasp.org/www-project-
top-ten
Fredj O.B., Cheikhrouhou O., Krichen M., Hamam H., Derhab A. (2021). An OWASP Top Ten Driven Survey on
Web Application Protection Methods. In Garcia-Alfaro J., Leneutre J., Cuppens N., Yaich R. (eds) Risks and

page 2 of 3
EXAMINATION OFFICE
IU.ORG

Security of Internet and Systems. CRiSIS 2020. Lecture Notes in Computer Science, vol 12528. Springer, Cham.
https://doi-org.pxz.iubh.de:8443/10.1007/978-3-030-68887-5_14

1.3 Task 3: Transport Layer Security (TLS)

TLS is a major component of providing security for the internet.
1. Provide an overview of TLS and its main components.
2. Explain the main services where TLS is applied.
3. Which crypto-algorithms may be used in TLS and how are they selected in any application?
4. Discuss the benefits and limits of TLS.
Introductory Literature:
Internet Engineering Task Force (IETF) (2018). The Transport Layer Security (TLS) Protocol Version 1.3. Request
for Comments (RFC) 8446. https://datatracker.ietf.org/doc/html/rfc8446
Boyd C., Mathuria A., Stebila D. (2020). Transport Layer Security Protocol. S. 241-288. In Protocols for
Authentication and Key Establishment. Information Security and Cryptography. Springer. https://doi-
org.pxz.iubh.de:8443/10.1007/978-3-662-58146-9_6

2. ADDITIONAL INFORMATION FOR THE EVALUATION OF THE ORAL ASSIGNMENT

When conceptualizing the oral assignment, the evaluation criteria and explanations given in the writing guidelines
should be considered.

3. TUTORIAL SUPPORT
Several options are available for support with presentations. The student is responsible for making use of these
resources. Tutors are available for subject consultation on the choice of topic as well as for specific and general
questions on academic work. There is no provision for the tutor to confirm acceptable outlines, parts of the
content, or presentation drafts, since independent preparation is part of the examination. However, hints may be
given on rough drafts to facilitate the creation of academic work.

page 3 of 3