Identify and discuss the key attack vectors applicable from an authentication perspective?
2024-06-02 22:10:18
L7 Cyber Security for Business
Submission deadline: Thursday 06 June 2024, no later than 16:30pm (UK local time)
Learning outcomes:
- Information Environments and how information can be used as a weapon.
- Current theoretical and methodological approaches to offensive and defensive Information Operation concepts and philosophies.Successful students will typically be able to:
- Apply with flexibility and creativity different types of information operations based on the scenario at hand.
- Demonstrate self-direction and creativity in designing and developing a cyber defence strategy.
- Undertake Information Operations.
Assessment details: Individual Portfolio (Tasks and activities accumulated over the semester), 100%
Referencing: Students are expected to use Harvard Referencing throughout their assignments where required. Please follow the Harvard Referencing Handbook for all your assignments at the ULBS.
Submission Method: Turnitin - Your work will be put through Turnitin. All submissions will be electronically checked for plagiarism and the use of AI software.Identify and discuss the key attack vectors applicable from an authentication perspective?
You have the option to upload your work ahead of the deadline, more than once. ULBS will be reviewing your last submission only. You can only upload one file. For example if your work contains a word document and power point slides/Excel spreadsheet you will need to copy your slides/spreadsheet into the word document.
ULBS Assessment Office Contact Details
The ULBS Assessment Office are here to help should you have any non-academic questions related to your assessments. You can contact them at AssessmentOffice@law.ac.uk
Note: Keep in mind that self-plagiarism (when you reuse your own specific wording and ideas from work that you have previously submitted without referencing yourself) is also a form of plagiarism and is not allowed.
This activity is designed to test your understanding of the various concepts we have covered in this module. In responding to all the tasks below you are required to use frameworks and concepts which have been covered in the delivery of this module.
As a cyber security architect, you have been hired by the CEO of a start-up that is looking to sell goods on the Internet. A team of developers have been hired to develop the e-commerce application and is targeting launch in the next few weeks. The CEO is aware of the cyber security risks applicable in the online world and the impact a cyber security incident could have on the business. Hence, he has taken the decision to hire you, a cyber security professional, early in the development so that security can be embedded into the design. As a business, they expect to scale 10x from their current size over the next 2 years.
You must perform a detailed analysis of the various design choices and explain your approach and recommendations.You can make assumptions to support your responses. However, these should be clearly stated. The coverage areas against each domain represent the minimal set and are not intended to be exhaustive.
Your responses should be in-depth and reflective of expected responses from a cyber security professional, using appropriate terminology and depth. Ensure to read every task carefully. Especially tasks that ask for a plural (“vectors”, “processes”, “controls”, etc.) require providing at least two answers. For every security control or risk you name, you must explain why they are relevant.
Task 1: Authentication (LO 1, 3,4, and 5)
- Identify and discuss the key attack vectors applicable from an authentication perspective?
- What should the user authentication process be for customers?
- Recommend and justify a process to be followed by the customers for the initial password setting and the password reset process.
- The e-commerce application being developed provides administrative access by internal employees to configure the application. Recommend an authentication process that could be adopted to authenticate internal administrative users and in what way it may be different to customers’ authentication process.
Task 2: System Security (LO 1, 3,4, and 5)
- Identify and discuss the key attack vectors applicable to endpoints (employee laptops, servers, etc.)?
- Identify and discuss the security controls that you would implement to protect against the identified attack vectors?
- Recommend and justify processes that you would implement to be followed in the event of a loss of an employee laptop.
- Provide your perspective on whether employees should have admin access on their laptops, supporting your perspective with referencing appropriate literature. Identify and discuss the pros and cons of providing employees with admin access?
Task 3: Security of Sensitive Data (LO 2, 3,4, and 5)
- Identify what could potentially be sensitive data elements that may be collected as a part of the application being developed and what is the reason for collecting them.
- Identify and discuss the key attack vectors applicable related to the storage of sensitive data?
- Recommend the security measures that you would adopt to store the collected sensitive data securely.
- Recommend and justify the approach that you would adopt for data retention.
Task 4: Payment Data on the cloud (LO 2, 3,4, and 5)
- Identify and discuss the types of payment data that would be collected as part of the application being developed, as well as associated key risks. Clearly identify any assumptions that you have made.
- Recommend how the payment data should be collected and stored? Clearly identify and discuss the recommended security controls.
- Identify and discuss the compliance obligations that may need to be fulfilled.
- Develop an Incident Response Plan in the event of a security breach that compromises payment data.
Task 5: Summary Report
Once you have completed individual tasks, you should write a summary report (maximum approx. 1,000 - 1,500 words – keep in mind you have already written a brief analysis per entry, with academic referencing). This summary report serves as a platform for you to articulate and describe the key learnings derived from each task. It is an opportunity to synthesise insights, providing an overview of the knowledge and understanding acquired throughout the completion of the assigned tasks.Information Environments and how information can be used as a weapon.
Portfolio instructions:
- Any write-up in the Portfolio should be written in font size 11, single spacing.
- With each entry (item/artefact) you put in your portfolio, you should write a brief summary of why you have chosen this particular item/artefact and how it touch on them of that particular section. You should then analyse it in accordance with the tasks as they are laid out in the instructions above.
- Proper citations are essential. All tasks require referencing academic and other sources, listed in a Harvard Referencing style, present a reference list at the end of the Portfolio. Whenever you use external sources (pictures, definitions, line of argumentation), clearly state this at the of the sentence or paragraph by providing a reference to the original article using Harvard Referencing style.
Please refer to the marking criteria (below) for a breakdown of how the tasks will be marked.
Assessment Criteria
GRADE DESCRIPTORS
MARKING CRITERIA
|
Mark Weight
|
FAIL (0 - 49%)
|
PASS (50 – 59%)
|
COMMENDATION (60 – 69%)
|
DISTINCTION (70-100%)
|
Exhibits an unsatisfactory grasp of the issues.
Primarily descriptive and lacking in independent critical thought. Weak or no attempt at analysis, synthesis and critical reflection. Little evidence of ability to tackle the
issues. Poor structure/grammar/
|
Satisfactory grasp of the issues, with limited independent critical thought appropriate to the tasks.
Material is largely relevant to the tasks. Some evidence of analysis, synthesis and critical reflection. Work is presented in acceptable manner, with some minor errors.
|
Good/very good understanding of the issue with some independent critical thought and approach to the tasks. Good attempt at analysis, synthesis and critical reflection, with evidence of some ability to tackle issues. Work is clearly presented in a fairly well organised manner.
|
Excellent level of understanding.
All requirements are dealt with to a high standard. Excellent analysis, synthesis and critical reflection. Evidence of independent and original judgement in relation to resolution of problems Excellently presented.
|
Knowledge & Understanding: Critical analysis and reflection on the extent of the issue across use cases.
|
10
|
|
|
|
|
Clarity & Engagement with Literature: Core understanding of the issues of data security concepts using appropriate literature.
|
10
|
|
|
|
|
Task 1: Thoroughly presenting and conducting a detailed analysis of the concepts outlined in Task 1, supported by appropriate literature.
|
15
|
|
|
|
|
Task 2: Thoroughly presenting and conducting a detailed analysis of the concepts outlined in Task 2, supported by appropriate literature.
|
15
|
|
|
|
|
Task 3: Thoroughly presenting and conducting a detailed analysis of the concepts outlined in Task 3, supported by appropriate literature.
|
15
|
|
|
|
|
Task 4: Thoroughly presenting and conducting a detailed analysis of the concepts outlined in Task 4, supported by appropriate literature.
|
15
|
|
|
|
|
Conclusions: Reflection and critical analysis of data security principles using appropriate references to frameworks.
|
15
|
|
|
|
|
Structure & Organisation: Overall cohesiveness of the report is excellent, with a good and logical flow.
|
5
|
|
|
|
|
100% Plagiarism Free & Custom Written, Tailored to your instructions