SlideShare a Scribd company logo

Principles of Information Security - Assignment 3 DescriptionM.docx

Download as DOCX, PDF
C
ChantellPantoja184

Principles of Information Security - Assignment 3 Description Marks out of Weighting Due date Assignment 3 Report and Presentation based on CASE STUDY: BCX.COM (A fictitious analysis of a security breach) Length: 3000 words approx. plus Appendices 100 70% 08 October 2014 This assignment assesses your understanding in relation to the following three course objectives: 1. analyse information security vulnerabilities and threats and determine appropriate controls that can be applied to mitigate the potential risks 2. explain why continual improvement is necessary to maintain reasonably secure information systems and IT infrastructure and to describe the role of disaster recovery and business continuity plans in recovering information and operational systems when systems and hardware fail 4. demonstrate an ability to communicate effectively both written and orally about the management of information security in organisations. This assignment assesses the following graduate skills: Problem Solving, Academic & Professional Literacy and Oral and Written Communication at level 2. This assignment relates to the topics covered in modules 1 to 10. This assignment can be completed by groups of two students or as an individual assignment. Details regarding the allocation of students to teams will be provided on the course study desk. Each student team will be allocated their own discussion forum for assignment 3 to specifically work collaboratively as a team in developing and discussing their approach to assignment 3 case study and the required Security report and presentation. Regular participation in each team’s discussion forum by the team members each week from Monday 8th September until Friday 17th October is expected. Each team member will also be required to keep a journal of their activities and progress related to completing this assignment and will form part of the assessment for assignment 3. In date order clearly list the following: · date of research activity/discussion · topics researched or discussed · time duration of activity. Submit this journal for each team member as an appendix to the assignment 3 Recommendations report. Any reference to web pages and on line resources such as white papers, blogs, wikis etc. should be listed at the end of the journal. Regular participation on the discussion forums dedicated for this assessment is highly recommended and can assist greatly with this assessment item. Also note that you are expected to do research outside of the course materials provided. Case Study: BIGCOINX (A fictitious analysis of the importance of Security in the Digital Currency World) Background: BigCoinX (BCX) is an Internet bitcoin exchange start-up founded in early 2013 riding on the boom of interest in the bitcoin currency of the last few years. Established by former work colleagues in the investment banking industry, Mark Buck (current CEO) and Peter Gates (CTO), the company by late 2013 was relatively successful .

Education
1 of 17
Principles of Information Security - Assignment 3 Description Marks out of Weighting Due date Assignment 3 Report and Presentation based on CASE STUDY: BCX.COM (A fictitious analysis of a security breach) Length: 3000 words approx. plus Appendices 100 70% 08 October 2014 This assignment assesses your understanding in relation to the following three course objectives: 1. analyse information security vulnerabilities and threats and determine appropriate controls that can be applied to mitigate the potential risks 2. explain why continual improvement is necessary to maintain reasonably secure information systems and IT infrastructure and to describe the role of disaster recovery and business continuity plans in recovering information and operational systems when systems and hardware fail 4. demonstrate an ability to communicate effectively both written and orally about the management of information security in organisations. This assignment assesses the following graduate skills: Problem Solving, Academic & Professional Literacy and Oral and Written Communication at level 2. This assignment relates to the topics covered in modules 1 to 10. This assignment can be completed by groups of two students or as an individual assignment. Details regarding the allocation of students to teams will be provided on the course study desk. Each student team will be allocated their own discussion forum for assignment 3 to specifically work collaboratively as a team
in developing and discussing their approach to assignment 3 case study and the required Security report and presentation. Regular participation in each team’s discussion forum by the team members each week from Monday 8th September until Friday 17th October is expected. Each team member will also be required to keep a journal of their activities and progress related to completing this assignment and will form part of the assessment for assignment 3. In date order clearly list the following: · date of research activity/discussion · topics researched or discussed · time duration of activity. Submit this journal for each team member as an appendix to the assignment 3 Recommendations report. Any reference to web pages and on line resources such as white papers, blogs, wikis etc. should be listed at the end of the journal. Regular participation on the discussion forums dedicated for this assessment is highly recommended and can assist greatly with this assessment item. Also note that you are expected to do research outside of the course materials provided. Case Study: BIGCOINX (A fictitious analysis of the importance of Security in the Digital Currency World) Background: BigCoinX (BCX) is an Internet bitcoin exchange start-up founded in early 2013 riding on the boom of interest in the bitcoin currency of the last few years. Established by former work colleagues in the investment banking industry, Mark Buck (current CEO) and Peter Gates (CTO), the company by late 2013 was relatively successful and doing an estimated 1% of all global bitcoin trades.
While in the scheme of things, the user base numbers seems good, both Mark and Peter know, that to achieve a critical mass of users that will establish BCX as a “player” in the bitcoin world, they will need to reach numbers upwards of 10% of global bitcoin trades. With bitcoin being a hot topic and Internet start-ups springing up all the time to try to make money from the bitcoin rush, BCX knows it has to stay ahead of the game. The company is continually innovating and responding to user requirements, industry trends and competitive challenges. Mark and Peter’s 5 person business, based in Sydney’s upcoming Technology Hub, Redfern, is a busy and dynamic environment. BCX is aiming to become profitable and self-sufficient by the end of 2014 at the latest. It is at this time that their capital funds will be exhausted, but they estimate, once they hit the 3% global mark, and have deployed into production their new bitcoin trading software, (both aggressively targeted for October, 2014), they will have positive financial results. ----------------- News Release: March 17, 2013: “Largest Global Bitcoin Marketplace Hacked: Mt Gox, the world’s largest bitcoin exchange files for bankruptcy. $600M in bitcoins stolen”. ---------------- Waking up to news overnight that their largest competitor has been hacked (or otherwise – details are sketchy) and that they have lost over $600M in their customer’s bitcoins has shaken up the BCX team. Mark and Peter are nervous. If the world’s largest bitcoin exchange has gone under, what position does that leave them in? With little news available and probably no expectation of knowing what exactly went on at Mt Gox for some time, BCX must try to assess their own position and risks. There is a lot at
stake here. Are they exposed as well? Are their clients going to be nervous and do a “run” on the exchange? Is their business secure? Time is of an essence so an emergency teleconference is organised between Mark, Peter and Phil Jones, (Technical Support Manager) at HotHost1 – a cloud services company where the BCX environment is hosted. Some resources which may be useful for this assignment 3 Case Study At Mt. Gox bitcoin hub, 'geek' CEO sought both control and escape http://www.reuters.com/article/2014/04/21/us-bitcoin- mtgox-karpeles-insight-idUSBREA3K01D20140421 Avoiding the next Mt. Gox: Vault of Satoshi bitcoin exchange launches proof-of-solvency service http://pando.com/2014/04/22/avoiding-the-next-mt-gox-vault- of-satoshi-bitcoin-exchange-launches-proof-of-solvency- service/ Bitcoin Transaction Malleability and MtGox http://arxiv.org/pdf/1403.6676v1.pdf Mt.Gox Finds 200,000 Bitcoin In An “Old-Format” Digital Wallet http://techcrunch.com/2014/03/20/mt-gox-finds-200000-bitcoin- in-an-old-format-digital-wallet/ Mt. Gox http://en.wikipedia.org/wiki/Mt._Gox March 18, 2014, 9:45am: Offices of HackStop Consulting A quiet morning for you until a call from a company called BCX reaches your desk. As a Senior IT Security Consultant at HackStop Consulting,
you’ve had calls like this many times. It’s time to get your game on again! Time to visit the offices of BCX. Their CEO, CTO and a Manager from their hosting provider HotHost1 are desperate to meet with you. Your Task On return from your meeting, it’s time to quickly put together a proposed plan of work and a response for BCX. Given the nature of your assignment with BCX, an urgent response and work-plan is required that outlines your approach and methodologies to: (1) Assessing what could go wrong – how could someone (a hacker?) compromise the BCX environment and steal the user bitcoins? (2) How does BCX ensure it does not happen? Student Notes At present, no other assumptions need to be made about the actual security issues/breach at Mt Box but an understanding of how it could have happened will assist with the assignment. Read about the real Mt Gox episode and the history of bitcoin and other bitcoin security issues of the past few years. (Google is your best friend). This assignment is focused upon seeing if you, the student has built up an awareness of how security in Internet Websites can be assessed and analysed to assist businesses in improving their overall security position. By being able to outline how you would go about reviewing the security requirements outlined in the BCX case study and making recommendations on improving security practices and the appropriate controls that need to be put place to reduce the risks to an acceptable level for BCX, the markers will be able to assess your level of knowledge learned in this course and the additional research you have undertaken. Any information not provided in the case study may be
assumed, but make sure that your assumptions are stated and that the assumptions are plausible. **** NB; Importantly and in addition to your own study and research, there will be two specific discussion forum threads on the assignment discussion forum where you can ask questions of the main players in the scenario: 1. Mark Buck and/or Peter Gates (BCX) 2. Phil Jones (HotHost1) By actively participating in the forum discussions for this assignment, you will gain valuable information and insight into this case study that will be regarded highly by the markers. (Note: Any questions which are not considered to be appropriate or professional for the purpose of this assessment may not be answered) Deliverables The success of your engagement is based upon two deliverables: (1) Development of security audit plan to assess how you would determine BCX’s security posture at the present time. (2) A business proposal to BCX Management in the form of a presentation (based on your proposed security audit plan – Deliverable 1) that outlines how the organisation should be better focusing on Information Security. In detail: (1) Security Audit Work-plan (WORD Document): The Security Audit work plan should be included in a professionally presented document of no more than 10 pages and be structured to show how each phase of work is to be undertaken. Your work-plan must include the following at a minimum: * Executive Summary: half-page brief outlining purpose; scope, expectations and outcomes of the proposed plan of work. (250 words) Structured and ordered work plan phase description, which for each section includes: * Background and problem analysis - What could go wrong?
How could a hacker compromise the BCX web site environment and steal the user information ? (approx. 500 words) * Threat analysis - What is to be investigated and tested, how it will be done, what sort of potential issues you are looking for, and deliverables BCX and/or HotHost1 can expect for each phase of work – (eg; the “deliverable” for the phase of work could potentially be a report containing the results of a vulnerability assessment test on BCX’s server(s)). (approx. 1000 words) * Dependencies and critical success factors to the job - such as key stakeholders in this security audit – the key people to be interviewed or whose involvement in that phase of work is required. (Remember, you don’t always get free-rein access to systems and other information and because time is of importance, you won’t get a long time to master the environment. But, as you know, you cannot also always believe everything you are told). What is key to getting this job done efficiently and what support do you need to get this done, (from BCX and also the hosting provider). (approx. 500 words) * Set of recommendations for improving BCX’s current security practices and ensuring that an appropriate set of controls are put in place (approx. 750 words) * Reference list of key sources in particular technical references which support your approach (Not counted in word count) Note in this report and in the accompanying presentation you are encouraged to make use of appropriate Figures and Tables to emphasise the key points that you are trying make * A journal of each team member's (for students completing this assignment individually – your) activities in participating and contributing to the completion of the work plan report and presentation. (2) Developing a Securer Environment for BCX for the Future (POWERPOINT):
Your strategy presentation should be created as if it were an actual presentation you were doing for a real client in relation to your proposed work plan including a set of recommendations and should contain the following at a minimum: * 1 Slide for an Introduction outlining your team and the organisation you work for * 2-3 Slides covering the Background: A brief summary of where BCX is today in regards to security practices in their organisation and controls in place for their web servers. * 2-3 Slides covering the Threat Analysis: A summary of the major threats and associated vulnerabilities and the actions required to reduce the risks associated with these threats and specific vulnerabilities in their web servers to an acceptable level. * 2 Slides covering Dependencies and critical success factors to the job: i.e. what is key to getting this job done efficiently and what support do you need to get this done, (e.g. internal business stakeholders, developers etc.) * 2 Slides covering your proposed Set of recommendations for improving security practices at BCX and ensuring appropriate controls are in place in relation to their web site which is core to their business [The following is also to be included. While not part of a “standard” Industry business presentation, it is there to allow teaching staff to gauge what level of research has been undertaken]. * 1 Slide acknowledging the key authoritative reference sources which underpin the research you have conducted and your approach in the proposed work plan in your proposed business report. ------------------ Report and Presentation Format: * MS WORD and PowerPoint respectively (or a web-based presentation as an alternative to PowerPoint for (2) of the
assignment deliverables) must be used. NB; For the presentation, you are asked to include a Word document (or utilise the notes section of PowerPoint) to detail the length of time expected to be spent on each slide (page) and the details of what you would expect to discuss with the audience. * This assignment is focused upon seeing if as a student in this course you have built up an awareness of how security in an environment should be set up and operated. By being able to outline how you would review and test the security of the fictional organisation, BCX, through assessment of the basics such as good policies, standards, procedures and controls in place, in addition to detection of incidents, the markers will be able to assess your level of knowledge learned from the course content and from your own additional research in relation to this case study. Principles of Information Security - Assignment 3 Description Marks out of Weighting Due date Assignment 3 Report and Presentation based on CASE STUDY: BCX.COM (A fictitious analysis of a security breach) Length: 3000 words approx. plus Appendices 100 70% 08 October 2014 This assignment assesses your understanding in relation to the following three course objectives: 1. analyse information security vulnerabilities and threats and determine appropriate controls that can be applied to mitigate the potential risks 2. explain why continual improvement is necessary to maintain reasonably secure information systems and IT infrastructure and to describe the role of disaster recovery and business continuity
plans in recovering information and operational systems when systems and hardware fail 4. demonstrate an ability to communicate effectively both written and orally about the management of information security in organisations. This assignment assesses the following graduate skills: Problem Solving, Academic & Professional Literacy and Oral and Written Communication at level 2. This assignment relates to the topics covered in modules 1 to 10. This assignment can be completed by groups of two students or as an individual assignment. Details regarding the allocation of students to teams will be provided on the course study desk. Each student team will be allocated their own discussion forum for assignment 3 to specifically work collaboratively as a team in developing and discussing their approach to assignment 3 case study and the required Security report and presentation. Regular participation in each team’s discussion forum by the team members each week from Monday 8th September until Friday 17th October is expected. Each team member will also be required to keep a journal of their activities and progress related to completing this assignment and will form part of the assessment for assignment 3. In date order clearly list the following: · date of research activity/discussion · topics researched or discussed · time duration of activity. Submit this journal for each team member as an appendix to the assignment 3 Recommendations report. Any reference to web pages and on line resources such as white papers, blogs, wikis etc. should be listed at the end of the journal. Regular participation on the discussion forums dedicated for this assessment is highly recommended and can assist greatly with this assessment item. Also note that you are expected to do research outside of the course materials provided.
Case Study: BIGCOINX (A fictitious analysis of the importance of Security in the Digital Currency World) Background: BigCoinX (BCX) is an Internet bitcoin exchange start-up founded in early 2013 riding on the boom of interest in the bitcoin currency of the last few years. Established by former work colleagues in the investment banking industry, Mark Buck (current CEO) and Peter Gates (CTO), the company by late 2013 was relatively successful and doing an estimated 1% of all global bitcoin trades. While in the scheme of things, the user base numbers seems good, both Mark and Peter know, that to achieve a critical mass of users that will establish BCX as a “player” in the bitcoin world, they will need to reach numbers upwards of 10% of global bitcoin trades. With bitcoin being a hot topic and Internet start-ups springing up all the time to try to make money from the bitcoin rush, BCX knows it has to stay ahead of the game. The company is continually innovating and responding to user requirements, industry trends and competitive challenges. Mark and Peter’s 5 person business, based in Sydney’s upcoming Technology Hub, Redfern, is a busy and dynamic environment. BCX is aiming to become profitable and self-sufficient by the end of 2014 at the latest. It is at this time that their capital funds will be exhausted, but they estimate, once they hit the 3% global mark, and have deployed into production their new bitcoin trading software, (both aggressively targeted for October, 2014), they will have positive financial results. -----------------
News Release: March 17, 2013: “Largest Global Bitcoin Marketplace Hacked: Mt Gox, the world’s largest bitcoin exchange files for bankruptcy. $600M in bitcoins stolen”. ---------------- Waking up to news overnight that their largest competitor has been hacked (or otherwise – details are sketchy) and that they have lost over $600M in their customer’s bitcoins has shaken up the BCX team. Mark and Peter are nervous. If the world’s largest bitcoin exchange has gone under, what position does that leave them in? With little news available and probably no expectation of knowing what exactly went on at Mt Gox for some time, BCX must try to assess their own position and risks. There is a lot at stake here. Are they exposed as well? Are their clients going to be nervous and do a “run” on the exchange? Is their business secure? Time is of an essence so an emergency teleconference is organised between Mark, Peter and Phil Jones, (Technical Support Manager) at HotHost1 – a cloud services company where the BCX environment is hosted. Some resources which may be useful for this assignment 3 Case Study At Mt. Gox bitcoin hub, 'geek' CEO sought both control and escape http://www.reuters.com/article/2014/04/21/us-bitcoin- mtgox-karpeles-insight-idUSBREA3K01D20140421 Avoiding the next Mt. Gox: Vault of Satoshi bitcoin exchange launches proof-of-solvency service http://pando.com/2014/04/22/avoiding-the-next-mt-gox-vault- of-satoshi-bitcoin-exchange-launches-proof-of-solvency- service/
Bitcoin Transaction Malleability and MtGox http://arxiv.org/pdf/1403.6676v1.pdf Mt.Gox Finds 200,000 Bitcoin In An “Old-Format” Digital Wallet http://techcrunch.com/2014/03/20/mt-gox-finds-200000-bitcoin- in-an-old-format-digital-wallet/ Mt. Gox http://en.wikipedia.org/wiki/Mt._Gox March 18, 2014, 9:45am: Offices of HackStop Consulting A quiet morning for you until a call from a company called BCX reaches your desk. As a Senior IT Security Consultant at HackStop Consulting, you’ve had calls like this many times. It’s time to get your game on again! Time to visit the offices of BCX. Their CEO, CTO and a Manager from their hosting provider HotHost1 are desperate to meet with you. Your Task On return from your meeting, it’s time to quickly put together a proposed plan of work and a response for BCX. Given the nature of your assignment with BCX, an urgent response and work-plan is required that outlines your approach and methodologies to: (1) Assessing what could go wrong – how could someone (a hacker?) compromise the BCX environment and steal the user bitcoins? (2) How does BCX ensure it does not happen? Student Notes At present, no other assumptions need to be made about the actual security issues/breach at Mt Box but an understanding of how it could have happened will assist with the assignment. Read about the real Mt Gox episode and the history of bitcoin and other bitcoin security issues of the past few years. (Google
is your best friend). This assignment is focused upon seeing if you, the student has built up an awareness of how security in Internet Websites can be assessed and analysed to assist businesses in improving their overall security position. By being able to outline how you would go about reviewing the security requirements outlined in the BCX case study and making recommendations on improving security practices and the appropriate controls that need to be put place to reduce the risks to an acceptable level for BCX, the markers will be able to assess your level of knowledge learned in this course and the additional research you have undertaken. Any information not provided in the case study may be assumed, but make sure that your assumptions are stated and that the assumptions are plausible. **** NB; Importantly and in addition to your own study and research, there will be two specific discussion forum threads on the assignment discussion forum where you can ask questions of the main players in the scenario: 1. Mark Buck and/or Peter Gates (BCX) 2. Phil Jones (HotHost1) By actively participating in the forum discussions for this assignment, you will gain valuable information and insight into this case study that will be regarded highly by the markers. (Note: Any questions which are not considered to be appropriate or professional for the purpose of this assessment may not be answered) Deliverables The success of your engagement is based upon two deliverables: (1) Development of security audit plan to assess how you would determine BCX’s security posture at the present time. (2) A business proposal to BCX Management in the form of a presentation (based on your proposed security audit plan – Deliverable 1) that outlines how the organisation should be better focusing on Information Security.
In detail: (1) Security Audit Work-plan (WORD Document): The Security Audit work plan should be included in a professionally presented document of no more than 10 pages and be structured to show how each phase of work is to be undertaken. Your work-plan must include the following at a minimum: * Executive Summary: half-page brief outlining purpose; scope, expectations and outcomes of the proposed plan of work. (250 words) Structured and ordered work plan phase description, which for each section includes: * Background and problem analysis - What could go wrong? How could a hacker compromise the BCX web site environment and steal the user information ? (approx. 500 words) * Threat analysis - What is to be investigated and tested, how it will be done, what sort of potential issues you are looking for, and deliverables BCX and/or HotHost1 can expect for each phase of work – (eg; the “deliverable” for the phase of work could potentially be a report containing the results of a vulnerability assessment test on BCX’s server(s)). (approx. 1000 words) * Dependencies and critical success factors to the job - such as key stakeholders in this security audit – the key people to be interviewed or whose involvement in that phase of work is required. (Remember, you don’t always get free-rein access to systems and other information and because time is of importance, you won’t get a long time to master the environment. But, as you know, you cannot also always believe everything you are told). What is key to getting this job done efficiently and what support do you need to get this done, (from BCX and also the hosting provider). (approx. 500 words) * Set of recommendations for improving BCX’s current security practices and ensuring that an appropriate set of controls are put in place (approx. 750 words)
* Reference list of key sources in particular technical references which support your approach (Not counted in word count) Note in this report and in the accompanying presentation you are encouraged to make use of appropriate Figures and Tables to emphasise the key points that you are trying make * A journal of each team member's (for students completing this assignment individually – your) activities in participating and contributing to the completion of the work plan report and presentation. (2) Developing a Securer Environment for BCX for the Future (POWERPOINT): Your strategy presentation should be created as if it were an actual presentation you were doing for a real client in relation to your proposed work plan including a set of recommendations and should contain the following at a minimum: * 1 Slide for an Introduction outlining your team and the organisation you work for * 2-3 Slides covering the Background: A brief summary of where BCX is today in regards to security practices in their organisation and controls in place for their web servers. * 2-3 Slides covering the Threat Analysis: A summary of the major threats and associated vulnerabilities and the actions required to reduce the risks associated with these threats and specific vulnerabilities in their web servers to an acceptable level. * 2 Slides covering Dependencies and critical success factors to the job: i.e. what is key to getting this job done efficiently and what support do you need to get this done, (e.g. internal business stakeholders, developers etc.) * 2 Slides covering your proposed Set of recommendations for improving security practices at BCX and ensuring appropriate controls are in place in relation to their web site which is core to their business
[The following is also to be included. While not part of a “standard” Industry business presentation, it is there to allow teaching staff to gauge what level of research has been undertaken]. * 1 Slide acknowledging the key authoritative reference sources which underpin the research you have conducted and your approach in the proposed work plan in your proposed business report. ------------------ Report and Presentation Format: * MS WORD and PowerPoint respectively (or a web-based presentation as an alternative to PowerPoint for (2) of the assignment deliverables) must be used. NB; For the presentation, you are asked to include a Word document (or utilise the notes section of PowerPoint) to detail the length of time expected to be spent on each slide (page) and the details of what you would expect to discuss with the audience. * This assignment is focused upon seeing if as a student in this course you have built up an awareness of how security in an environment should be set up and operated. By being able to outline how you would review and test the security of the fictional organisation, BCX, through assessment of the basics such as good policies, standards, procedures and controls in place, in addition to detection of incidents, the markers will be able to assess your level of knowledge learned from the course content and from your own additional research in relation to this case study.

Recommended

Cis 599 Education Redefined - snaptutorial.com
Cis 599 Education Redefined - snaptutorial.comCis 599 Education Redefined - snaptutorial.com
Cis 599 Education Redefined - snaptutorial.comDavisMurphyC77
 
CIS 599 Exceptional Education / snaptutorial.com
CIS 599 Exceptional Education / snaptutorial.comCIS 599 Exceptional Education / snaptutorial.com
CIS 599 Exceptional Education / snaptutorial.comdonaldzs98
 
Cis 599 Education Organization / snaptutorial.com
Cis 599 Education Organization / snaptutorial.comCis 599 Education Organization / snaptutorial.com
Cis 599 Education Organization / snaptutorial.comBaileya84
 
Cis 599 Enhance teaching / snaptutorial.com
Cis 599 Enhance teaching / snaptutorial.comCis 599 Enhance teaching / snaptutorial.com
Cis 599 Enhance teaching / snaptutorial.comDavis105
 
MIS301 Team Paper #8 Read the articles The Bitcoin B.docx
MIS301 Team Paper #8 Read the articles The Bitcoin B.docxMIS301 Team Paper #8 Read the articles The Bitcoin B.docx
MIS301 Team Paper #8 Read the articles The Bitcoin B.docxraju957290
 
CIS 599 Education guide/Tutorialrank.com
CIS 599 Education guide/Tutorialrank.comCIS 599 Education guide/Tutorialrank.com
CIS 599 Education guide/Tutorialrank.comnummaju
 
NIST Special Publication 500-293: US Government Cloud Computing Technology R...
NIST Special Publication 500-293: US Government Cloud Computing Technology R... NIST Special Publication 500-293: US Government Cloud Computing Technology R...
NIST Special Publication 500-293: US Government Cloud Computing Technology R...David Sweigert
 
Cis 599 Extraordinary Success/newtonhelp.com
Cis 599 Extraordinary Success/newtonhelp.com Cis 599 Extraordinary Success/newtonhelp.com
Cis 599 Extraordinary Success/newtonhelp.com amaranthbeg153
 

Recommended

Cis 599 Education Redefined - snaptutorial.com
Cis 599 Education Redefined - snaptutorial.comCis 599 Education Redefined - snaptutorial.com
Cis 599 Education Redefined - snaptutorial.comDavisMurphyC77
 
CIS 599 Exceptional Education / snaptutorial.com
CIS 599 Exceptional Education / snaptutorial.comCIS 599 Exceptional Education / snaptutorial.com
CIS 599 Exceptional Education / snaptutorial.comdonaldzs98
 
Cis 599 Education Organization / snaptutorial.com
Cis 599 Education Organization / snaptutorial.comCis 599 Education Organization / snaptutorial.com
Cis 599 Education Organization / snaptutorial.comBaileya84
 
Cis 599 Enhance teaching / snaptutorial.com
Cis 599 Enhance teaching / snaptutorial.comCis 599 Enhance teaching / snaptutorial.com
Cis 599 Enhance teaching / snaptutorial.comDavis105
 
MIS301 Team Paper #8 Read the articles The Bitcoin B.docx
MIS301 Team Paper #8 Read the articles The Bitcoin B.docxMIS301 Team Paper #8 Read the articles The Bitcoin B.docx
MIS301 Team Paper #8 Read the articles The Bitcoin B.docxraju957290
 
CIS 599 Education guide/Tutorialrank.com
CIS 599 Education guide/Tutorialrank.comCIS 599 Education guide/Tutorialrank.com
CIS 599 Education guide/Tutorialrank.comnummaju
 
NIST Special Publication 500-293: US Government Cloud Computing Technology R...
NIST Special Publication 500-293: US Government Cloud Computing Technology R... NIST Special Publication 500-293: US Government Cloud Computing Technology R...
NIST Special Publication 500-293: US Government Cloud Computing Technology R...David Sweigert
 
Cis 599 Extraordinary Success/newtonhelp.com
Cis 599 Extraordinary Success/newtonhelp.com Cis 599 Extraordinary Success/newtonhelp.com
Cis 599 Extraordinary Success/newtonhelp.com amaranthbeg153
 
the world of technology is changing at an unprecedented pace, and th.docx
the world of technology is changing at an unprecedented pace, and th.docxthe world of technology is changing at an unprecedented pace, and th.docx
the world of technology is changing at an unprecedented pace, and th.docxpelise1
 
Blockchain based News Application to combat Fake news
Blockchain based News Application to combat Fake newsBlockchain based News Application to combat Fake news
Blockchain based News Application to combat Fake newsIRJET Journal
 
BLOCKCHAIN IMPLEMENTATION IN EDUCATIONAL SYSTEM
BLOCKCHAIN IMPLEMENTATION IN EDUCATIONAL SYSTEMBLOCKCHAIN IMPLEMENTATION IN EDUCATIONAL SYSTEM
BLOCKCHAIN IMPLEMENTATION IN EDUCATIONAL SYSTEMIRJET Journal
 
IRJET-Block Chain based Cyber Security System for Data Transfer
IRJET-Block Chain based Cyber Security System for Data TransferIRJET-Block Chain based Cyber Security System for Data Transfer
IRJET-Block Chain based Cyber Security System for Data TransferIRJET Journal
 
BMIS 664 Final Project.docx
BMIS 664 Final Project.docxBMIS 664 Final Project.docx
BMIS 664 Final Project.docxwrite31
 
Blockchain's impact on accounting & banking industry research
Blockchain's impact on accounting & banking industry researchBlockchain's impact on accounting & banking industry research
Blockchain's impact on accounting & banking industry researchMehdiRizvi13
 
TaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docxTaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docxbradburgess22840
 
TaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docxTaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docxdeanmtaylor1545
 
IRJET- Bitcoin - The Future Currency
IRJET- Bitcoin - The Future CurrencyIRJET- Bitcoin - The Future Currency
IRJET- Bitcoin - The Future CurrencyIRJET Journal
 
Distributed ledger technical research in central bank of brazil
Distributed ledger technical research in central bank of brazilDistributed ledger technical research in central bank of brazil
Distributed ledger technical research in central bank of brazilmustafa sarac
 
Blockchain Technology
Blockchain TechnologyBlockchain Technology
Blockchain Technologyijtsrd
 
IRJET- Consensus Mechanism on Secure Challenges in Blockchain Networks
IRJET- Consensus Mechanism on Secure Challenges in Blockchain NetworksIRJET- Consensus Mechanism on Secure Challenges in Blockchain Networks
IRJET- Consensus Mechanism on Secure Challenges in Blockchain NetworksIRJET Journal
 
Implementation of Sentimental Analysis of Social Media for Stock Prediction ...
Implementation of Sentimental Analysis of Social Media for Stock Prediction ...Implementation of Sentimental Analysis of Social Media for Stock Prediction ...
Implementation of Sentimental Analysis of Social Media for Stock Prediction ...IRJET Journal
 
Inside TorrentLocker (Cryptolocker) Malware C&C Server
Inside TorrentLocker (Cryptolocker) Malware C&C Server Inside TorrentLocker (Cryptolocker) Malware C&C Server
Inside TorrentLocker (Cryptolocker) Malware C&C Server Davide Cioccia
 
CIS 558 Entire Course NEW
CIS 558 Entire Course NEWCIS 558 Entire Course NEW
CIS 558 Entire Course NEWshyamuopuop
 
Craig Ellis MBA Dissertation
Craig Ellis MBA DissertationCraig Ellis MBA Dissertation
Craig Ellis MBA DissertationCraig Ellis
 
Decentralized exchange-Banco: presented by Pentagon
Decentralized exchange-Banco: presented by PentagonDecentralized exchange-Banco: presented by Pentagon
Decentralized exchange-Banco: presented by PentagonLuyaoZhangPhD
 
IRJET- Smart Contracts for Insurance based on Hyperledger Fabric
IRJET- Smart Contracts for Insurance based on Hyperledger FabricIRJET- Smart Contracts for Insurance based on Hyperledger Fabric
IRJET- Smart Contracts for Insurance based on Hyperledger FabricIRJET Journal
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyUlf Mattsson
 
Response to Commerce Dept's IoT RFC
Response to Commerce Dept's IoT RFC Response to Commerce Dept's IoT RFC
Response to Commerce Dept's IoT RFC Bob Marcus
 
Problem 1Problem 2.docx
Problem 1Problem 2.docxProblem 1Problem 2.docx
Problem 1Problem 2.docxChantellPantoja184
 
Problem 20-1A Production cost flow and measurement; journal entrie.docx
Problem 20-1A Production cost flow and measurement; journal entrie.docxProblem 20-1A Production cost flow and measurement; journal entrie.docx
Problem 20-1A Production cost flow and measurement; journal entrie.docxChantellPantoja184
 

More Related Content

Similar to Principles of Information Security - Assignment 3 DescriptionM.docx

the world of technology is changing at an unprecedented pace, and th.docx
the world of technology is changing at an unprecedented pace, and th.docxthe world of technology is changing at an unprecedented pace, and th.docx
the world of technology is changing at an unprecedented pace, and th.docxpelise1
 
Blockchain based News Application to combat Fake news
Blockchain based News Application to combat Fake newsBlockchain based News Application to combat Fake news
Blockchain based News Application to combat Fake newsIRJET Journal
 
BLOCKCHAIN IMPLEMENTATION IN EDUCATIONAL SYSTEM
BLOCKCHAIN IMPLEMENTATION IN EDUCATIONAL SYSTEMBLOCKCHAIN IMPLEMENTATION IN EDUCATIONAL SYSTEM
BLOCKCHAIN IMPLEMENTATION IN EDUCATIONAL SYSTEMIRJET Journal
 
IRJET-Block Chain based Cyber Security System for Data Transfer
IRJET-Block Chain based Cyber Security System for Data TransferIRJET-Block Chain based Cyber Security System for Data Transfer
IRJET-Block Chain based Cyber Security System for Data TransferIRJET Journal
 
BMIS 664 Final Project.docx
BMIS 664 Final Project.docxBMIS 664 Final Project.docx
BMIS 664 Final Project.docxwrite31
 
Blockchain's impact on accounting & banking industry research
Blockchain's impact on accounting & banking industry researchBlockchain's impact on accounting & banking industry research
Blockchain's impact on accounting & banking industry researchMehdiRizvi13
 
TaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docxTaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docxbradburgess22840
 
TaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docxTaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docxdeanmtaylor1545
 
IRJET- Bitcoin - The Future Currency
IRJET- Bitcoin - The Future CurrencyIRJET- Bitcoin - The Future Currency
IRJET- Bitcoin - The Future CurrencyIRJET Journal
 
Distributed ledger technical research in central bank of brazil
Distributed ledger technical research in central bank of brazilDistributed ledger technical research in central bank of brazil
Distributed ledger technical research in central bank of brazilmustafa sarac
 
Blockchain Technology
Blockchain TechnologyBlockchain Technology
Blockchain Technologyijtsrd
 
IRJET- Consensus Mechanism on Secure Challenges in Blockchain Networks
IRJET- Consensus Mechanism on Secure Challenges in Blockchain NetworksIRJET- Consensus Mechanism on Secure Challenges in Blockchain Networks
IRJET- Consensus Mechanism on Secure Challenges in Blockchain NetworksIRJET Journal
 
Implementation of Sentimental Analysis of Social Media for Stock Prediction ...
Implementation of Sentimental Analysis of Social Media for Stock Prediction ...Implementation of Sentimental Analysis of Social Media for Stock Prediction ...
Implementation of Sentimental Analysis of Social Media for Stock Prediction ...IRJET Journal
 
Inside TorrentLocker (Cryptolocker) Malware C&C Server
Inside TorrentLocker (Cryptolocker) Malware C&C Server Inside TorrentLocker (Cryptolocker) Malware C&C Server
Inside TorrentLocker (Cryptolocker) Malware C&C Server Davide Cioccia
 
CIS 558 Entire Course NEW
CIS 558 Entire Course NEWCIS 558 Entire Course NEW
CIS 558 Entire Course NEWshyamuopuop
 
Craig Ellis MBA Dissertation
Craig Ellis MBA DissertationCraig Ellis MBA Dissertation
Craig Ellis MBA DissertationCraig Ellis
 
Decentralized exchange-Banco: presented by Pentagon
Decentralized exchange-Banco: presented by PentagonDecentralized exchange-Banco: presented by Pentagon
Decentralized exchange-Banco: presented by PentagonLuyaoZhangPhD
 
IRJET- Smart Contracts for Insurance based on Hyperledger Fabric
IRJET- Smart Contracts for Insurance based on Hyperledger FabricIRJET- Smart Contracts for Insurance based on Hyperledger Fabric
IRJET- Smart Contracts for Insurance based on Hyperledger FabricIRJET Journal
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyUlf Mattsson
 
Response to Commerce Dept's IoT RFC
Response to Commerce Dept's IoT RFC Response to Commerce Dept's IoT RFC
Response to Commerce Dept's IoT RFC Bob Marcus
 

Similar to Principles of Information Security - Assignment 3 DescriptionM.docx (20)

the world of technology is changing at an unprecedented pace, and th.docx
the world of technology is changing at an unprecedented pace, and th.docxthe world of technology is changing at an unprecedented pace, and th.docx
the world of technology is changing at an unprecedented pace, and th.docx
 
Blockchain based News Application to combat Fake news
Blockchain based News Application to combat Fake newsBlockchain based News Application to combat Fake news
Blockchain based News Application to combat Fake news
 
BLOCKCHAIN IMPLEMENTATION IN EDUCATIONAL SYSTEM
BLOCKCHAIN IMPLEMENTATION IN EDUCATIONAL SYSTEMBLOCKCHAIN IMPLEMENTATION IN EDUCATIONAL SYSTEM
BLOCKCHAIN IMPLEMENTATION IN EDUCATIONAL SYSTEM
 
IRJET-Block Chain based Cyber Security System for Data Transfer
IRJET-Block Chain based Cyber Security System for Data TransferIRJET-Block Chain based Cyber Security System for Data Transfer
IRJET-Block Chain based Cyber Security System for Data Transfer
 
BMIS 664 Final Project.docx
BMIS 664 Final Project.docxBMIS 664 Final Project.docx
BMIS 664 Final Project.docx
 
Blockchain's impact on accounting & banking industry research
Blockchain's impact on accounting & banking industry researchBlockchain's impact on accounting & banking industry research
Blockchain's impact on accounting & banking industry research
 
TaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docxTaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docx
 
TaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docxTaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docx
 
IRJET- Bitcoin - The Future Currency
IRJET- Bitcoin - The Future CurrencyIRJET- Bitcoin - The Future Currency
IRJET- Bitcoin - The Future Currency
 
Distributed ledger technical research in central bank of brazil
Distributed ledger technical research in central bank of brazilDistributed ledger technical research in central bank of brazil
Distributed ledger technical research in central bank of brazil
 
Blockchain Technology
Blockchain TechnologyBlockchain Technology
Blockchain Technology
 
IRJET- Consensus Mechanism on Secure Challenges in Blockchain Networks
IRJET- Consensus Mechanism on Secure Challenges in Blockchain NetworksIRJET- Consensus Mechanism on Secure Challenges in Blockchain Networks
IRJET- Consensus Mechanism on Secure Challenges in Blockchain Networks
 
Implementation of Sentimental Analysis of Social Media for Stock Prediction ...
Implementation of Sentimental Analysis of Social Media for Stock Prediction ...Implementation of Sentimental Analysis of Social Media for Stock Prediction ...
Implementation of Sentimental Analysis of Social Media for Stock Prediction ...
 
Inside TorrentLocker (Cryptolocker) Malware C&C Server
Inside TorrentLocker (Cryptolocker) Malware C&C Server Inside TorrentLocker (Cryptolocker) Malware C&C Server
Inside TorrentLocker (Cryptolocker) Malware C&C Server
 
CIS 558 Entire Course NEW
CIS 558 Entire Course NEWCIS 558 Entire Course NEW
CIS 558 Entire Course NEW
 
Craig Ellis MBA Dissertation
Craig Ellis MBA DissertationCraig Ellis MBA Dissertation
Craig Ellis MBA Dissertation
 
Decentralized exchange-Banco: presented by Pentagon
Decentralized exchange-Banco: presented by PentagonDecentralized exchange-Banco: presented by Pentagon
Decentralized exchange-Banco: presented by Pentagon
 
IRJET- Smart Contracts for Insurance based on Hyperledger Fabric
IRJET- Smart Contracts for Insurance based on Hyperledger FabricIRJET- Smart Contracts for Insurance based on Hyperledger Fabric
IRJET- Smart Contracts for Insurance based on Hyperledger Fabric
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technology
 
Response to Commerce Dept's IoT RFC
Response to Commerce Dept's IoT RFC Response to Commerce Dept's IoT RFC
Response to Commerce Dept's IoT RFC
 

More from ChantellPantoja184

Problem 20-1A Production cost flow and measurement; journal entrie.docx
Problem 20-1A Production cost flow and measurement; journal entrie.docxProblem 20-1A Production cost flow and measurement; journal entrie.docx
Problem 20-1A Production cost flow and measurement; journal entrie.docxChantellPantoja184
 
Problem 2 Obtain Io.Let x be the current through j2, ..docx
Problem 2 Obtain Io.Let x be the current through j2, ..docxProblem 2 Obtain Io.Let x be the current through j2, ..docx
Problem 2 Obtain Io.Let x be the current through j2, ..docxChantellPantoja184
 
Problem 1On April 1, 20X4, Rojas purchased land by giving $100,000.docx
Problem 1On April 1, 20X4, Rojas purchased land by giving $100,000.docxProblem 1On April 1, 20X4, Rojas purchased land by giving $100,000.docx
Problem 1On April 1, 20X4, Rojas purchased land by giving $100,000.docxChantellPantoja184
 
Problem 17-1 Dividends and Taxes [LO2]Dark Day, Inc., has declar.docx
Problem 17-1 Dividends and Taxes [LO2]Dark Day, Inc., has declar.docxProblem 17-1 Dividends and Taxes [LO2]Dark Day, Inc., has declar.docx
Problem 17-1 Dividends and Taxes [LO2]Dark Day, Inc., has declar.docxChantellPantoja184
 
Problem 1Problem 1 - Constant-Growth Common StockWhat is the value.docx
Problem 1Problem 1 - Constant-Growth Common StockWhat is the value.docxProblem 1Problem 1 - Constant-Growth Common StockWhat is the value.docx
Problem 1Problem 1 - Constant-Growth Common StockWhat is the value.docxChantellPantoja184
 
Problem 1Prescott, Inc., manufactures bookcases and uses an activi.docx
Problem 1Prescott, Inc., manufactures bookcases and uses an activi.docxProblem 1Prescott, Inc., manufactures bookcases and uses an activi.docx
Problem 1Prescott, Inc., manufactures bookcases and uses an activi.docxChantellPantoja184
 
Problem 1Preston Recliners manufactures leather recliners and uses.docx
Problem 1Preston Recliners manufactures leather recliners and uses.docxProblem 1Preston Recliners manufactures leather recliners and uses.docx
Problem 1Preston Recliners manufactures leather recliners and uses.docxChantellPantoja184
 
Problem 1Pro Forma Income Statement and Balance SheetBelow is the .docx
Problem 1Pro Forma Income Statement and Balance SheetBelow is the .docxProblem 1Pro Forma Income Statement and Balance SheetBelow is the .docx
Problem 1Pro Forma Income Statement and Balance SheetBelow is the .docxChantellPantoja184
 
Problem 2-1PROBLEM 2-1Solution Legend= Value given in problemGiven.docx
Problem 2-1PROBLEM 2-1Solution Legend= Value given in problemGiven.docxProblem 2-1PROBLEM 2-1Solution Legend= Value given in problemGiven.docx
Problem 2-1PROBLEM 2-1Solution Legend= Value given in problemGiven.docxChantellPantoja184
 
PROBLEM 14-6AProblem 14-6A Norwoods Borrowings1. Total amount of .docx
PROBLEM 14-6AProblem 14-6A Norwoods Borrowings1. Total amount of .docxPROBLEM 14-6AProblem 14-6A Norwoods Borrowings1. Total amount of .docx
PROBLEM 14-6AProblem 14-6A Norwoods Borrowings1. Total amount of .docxChantellPantoja184
 
Problem 13-3AThe stockholders’ equity accounts of Ashley Corpo.docx
Problem 13-3AThe stockholders’ equity accounts of Ashley Corpo.docxProblem 13-3AThe stockholders’ equity accounts of Ashley Corpo.docx
Problem 13-3AThe stockholders’ equity accounts of Ashley Corpo.docxChantellPantoja184
 
Problem 12-9AYour answer is partially correct.  Try again..docx
Problem 12-9AYour answer is partially correct.  Try again..docxProblem 12-9AYour answer is partially correct.  Try again..docx
Problem 12-9AYour answer is partially correct.  Try again..docxChantellPantoja184
 
Problem 1123456Xf122437455763715813910106Name DateTopic.docx
Problem 1123456Xf122437455763715813910106Name DateTopic.docxProblem 1123456Xf122437455763715813910106Name DateTopic.docx
Problem 1123456Xf122437455763715813910106Name DateTopic.docxChantellPantoja184
 
Problem 1. For the truss and loading shown below, calculate th.docx
Problem 1. For the truss and loading shown below, calculate th.docxProblem 1. For the truss and loading shown below, calculate th.docx
Problem 1. For the truss and loading shown below, calculate th.docxChantellPantoja184
 
Problem 1 (30 marks)Review enough information about .docx
Problem 1 (30 marks)Review enough information about .docxProblem 1 (30 marks)Review enough information about .docx
Problem 1 (30 marks)Review enough information about .docxChantellPantoja184
 
Problem 1 (10 points) Note that an eigenvector cannot be zero.docx
Problem 1 (10 points) Note that an eigenvector cannot be zero.docxProblem 1 (10 points) Note that an eigenvector cannot be zero.docx
Problem 1 (10 points) Note that an eigenvector cannot be zero.docxChantellPantoja184
 
Probation and Parole 3Running head Probation and Parole.docx
Probation and Parole 3Running head Probation and Parole.docxProbation and Parole 3Running head Probation and Parole.docx
Probation and Parole 3Running head Probation and Parole.docxChantellPantoja184
 
Problem 1(a) Complete the following ANOVA table based on 20 obs.docx
Problem 1(a) Complete the following ANOVA table based on 20 obs.docxProblem 1(a) Complete the following ANOVA table based on 20 obs.docx
Problem 1(a) Complete the following ANOVA table based on 20 obs.docxChantellPantoja184
 
Probe 140 SPrecipitation in inchesTemperature in F.docx
Probe 140 SPrecipitation in inchesTemperature in F.docxProbe 140 SPrecipitation in inchesTemperature in F.docx
Probe 140 SPrecipitation in inchesTemperature in F.docxChantellPantoja184
 

More from ChantellPantoja184 (20)

Problem 1Problem 2.docx
Problem 1Problem 2.docxProblem 1Problem 2.docx
Problem 1Problem 2.docx
 
Problem 20-1A Production cost flow and measurement; journal entrie.docx
Problem 20-1A Production cost flow and measurement; journal entrie.docxProblem 20-1A Production cost flow and measurement; journal entrie.docx
Problem 20-1A Production cost flow and measurement; journal entrie.docx
 
Problem 2 Obtain Io.Let x be the current through j2, ..docx
Problem 2 Obtain Io.Let x be the current through j2, ..docxProblem 2 Obtain Io.Let x be the current through j2, ..docx
Problem 2 Obtain Io.Let x be the current through j2, ..docx
 
Problem 1On April 1, 20X4, Rojas purchased land by giving $100,000.docx
Problem 1On April 1, 20X4, Rojas purchased land by giving $100,000.docxProblem 1On April 1, 20X4, Rojas purchased land by giving $100,000.docx
Problem 1On April 1, 20X4, Rojas purchased land by giving $100,000.docx
 
Problem 17-1 Dividends and Taxes [LO2]Dark Day, Inc., has declar.docx
Problem 17-1 Dividends and Taxes [LO2]Dark Day, Inc., has declar.docxProblem 17-1 Dividends and Taxes [LO2]Dark Day, Inc., has declar.docx
Problem 17-1 Dividends and Taxes [LO2]Dark Day, Inc., has declar.docx
 
Problem 1Problem 1 - Constant-Growth Common StockWhat is the value.docx
Problem 1Problem 1 - Constant-Growth Common StockWhat is the value.docxProblem 1Problem 1 - Constant-Growth Common StockWhat is the value.docx
Problem 1Problem 1 - Constant-Growth Common StockWhat is the value.docx
 
Problem 1Prescott, Inc., manufactures bookcases and uses an activi.docx
Problem 1Prescott, Inc., manufactures bookcases and uses an activi.docxProblem 1Prescott, Inc., manufactures bookcases and uses an activi.docx
Problem 1Prescott, Inc., manufactures bookcases and uses an activi.docx
 
Problem 1Preston Recliners manufactures leather recliners and uses.docx
Problem 1Preston Recliners manufactures leather recliners and uses.docxProblem 1Preston Recliners manufactures leather recliners and uses.docx
Problem 1Preston Recliners manufactures leather recliners and uses.docx
 
Problem 1Pro Forma Income Statement and Balance SheetBelow is the .docx
Problem 1Pro Forma Income Statement and Balance SheetBelow is the .docxProblem 1Pro Forma Income Statement and Balance SheetBelow is the .docx
Problem 1Pro Forma Income Statement and Balance SheetBelow is the .docx
 
Problem 2-1PROBLEM 2-1Solution Legend= Value given in problemGiven.docx
Problem 2-1PROBLEM 2-1Solution Legend= Value given in problemGiven.docxProblem 2-1PROBLEM 2-1Solution Legend= Value given in problemGiven.docx
Problem 2-1PROBLEM 2-1Solution Legend= Value given in problemGiven.docx
 
PROBLEM 14-6AProblem 14-6A Norwoods Borrowings1. Total amount of .docx
PROBLEM 14-6AProblem 14-6A Norwoods Borrowings1. Total amount of .docxPROBLEM 14-6AProblem 14-6A Norwoods Borrowings1. Total amount of .docx
PROBLEM 14-6AProblem 14-6A Norwoods Borrowings1. Total amount of .docx
 
Problem 13-3AThe stockholders’ equity accounts of Ashley Corpo.docx
Problem 13-3AThe stockholders’ equity accounts of Ashley Corpo.docxProblem 13-3AThe stockholders’ equity accounts of Ashley Corpo.docx
Problem 13-3AThe stockholders’ equity accounts of Ashley Corpo.docx
 
Problem 12-9AYour answer is partially correct.  Try again..docx
Problem 12-9AYour answer is partially correct.  Try again..docxProblem 12-9AYour answer is partially correct.  Try again..docx
Problem 12-9AYour answer is partially correct.  Try again..docx
 
Problem 1123456Xf122437455763715813910106Name DateTopic.docx
Problem 1123456Xf122437455763715813910106Name DateTopic.docxProblem 1123456Xf122437455763715813910106Name DateTopic.docx
Problem 1123456Xf122437455763715813910106Name DateTopic.docx
 
Problem 1. For the truss and loading shown below, calculate th.docx
Problem 1. For the truss and loading shown below, calculate th.docxProblem 1. For the truss and loading shown below, calculate th.docx
Problem 1. For the truss and loading shown below, calculate th.docx
 
Problem 1 (30 marks)Review enough information about .docx
Problem 1 (30 marks)Review enough information about .docxProblem 1 (30 marks)Review enough information about .docx
Problem 1 (30 marks)Review enough information about .docx
 
Problem 1 (10 points) Note that an eigenvector cannot be zero.docx
Problem 1 (10 points) Note that an eigenvector cannot be zero.docxProblem 1 (10 points) Note that an eigenvector cannot be zero.docx
Problem 1 (10 points) Note that an eigenvector cannot be zero.docx
 
Probation and Parole 3Running head Probation and Parole.docx
Probation and Parole 3Running head Probation and Parole.docxProbation and Parole 3Running head Probation and Parole.docx
Probation and Parole 3Running head Probation and Parole.docx
 
Problem 1(a) Complete the following ANOVA table based on 20 obs.docx
Problem 1(a) Complete the following ANOVA table based on 20 obs.docxProblem 1(a) Complete the following ANOVA table based on 20 obs.docx
Problem 1(a) Complete the following ANOVA table based on 20 obs.docx
 
Probe 140 SPrecipitation in inchesTemperature in F.docx
Probe 140 SPrecipitation in inchesTemperature in F.docxProbe 140 SPrecipitation in inchesTemperature in F.docx
Probe 140 SPrecipitation in inchesTemperature in F.docx
 

Recently uploaded

Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 

Recently uploaded (20)

Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 

Principles of Information Security - Assignment 3 DescriptionM.docx

  • 1. Principles of Information Security - Assignment 3 Description Marks out of Weighting Due date Assignment 3 Report and Presentation based on CASE STUDY: BCX.COM (A fictitious analysis of a security breach) Length: 3000 words approx. plus Appendices 100 70% 08 October 2014 This assignment assesses your understanding in relation to the following three course objectives: 1. analyse information security vulnerabilities and threats and determine appropriate controls that can be applied to mitigate the potential risks 2. explain why continual improvement is necessary to maintain reasonably secure information systems and IT infrastructure and to describe the role of disaster recovery and business continuity plans in recovering information and operational systems when systems and hardware fail 4. demonstrate an ability to communicate effectively both written and orally about the management of information security in organisations. This assignment assesses the following graduate skills: Problem Solving, Academic & Professional Literacy and Oral and Written Communication at level 2. This assignment relates to the topics covered in modules 1 to 10. This assignment can be completed by groups of two students or as an individual assignment. Details regarding the allocation of students to teams will be provided on the course study desk. Each student team will be allocated their own discussion forum for assignment 3 to specifically work collaboratively as a team
  • 2. in developing and discussing their approach to assignment 3 case study and the required Security report and presentation. Regular participation in each team’s discussion forum by the team members each week from Monday 8th September until Friday 17th October is expected. Each team member will also be required to keep a journal of their activities and progress related to completing this assignment and will form part of the assessment for assignment 3. In date order clearly list the following: · date of research activity/discussion · topics researched or discussed · time duration of activity. Submit this journal for each team member as an appendix to the assignment 3 Recommendations report. Any reference to web pages and on line resources such as white papers, blogs, wikis etc. should be listed at the end of the journal. Regular participation on the discussion forums dedicated for this assessment is highly recommended and can assist greatly with this assessment item. Also note that you are expected to do research outside of the course materials provided. Case Study: BIGCOINX (A fictitious analysis of the importance of Security in the Digital Currency World) Background: BigCoinX (BCX) is an Internet bitcoin exchange start-up founded in early 2013 riding on the boom of interest in the bitcoin currency of the last few years. Established by former work colleagues in the investment banking industry, Mark Buck (current CEO) and Peter Gates (CTO), the company by late 2013 was relatively successful and doing an estimated 1% of all global bitcoin trades.
  • 3. While in the scheme of things, the user base numbers seems good, both Mark and Peter know, that to achieve a critical mass of users that will establish BCX as a “player” in the bitcoin world, they will need to reach numbers upwards of 10% of global bitcoin trades. With bitcoin being a hot topic and Internet start-ups springing up all the time to try to make money from the bitcoin rush, BCX knows it has to stay ahead of the game. The company is continually innovating and responding to user requirements, industry trends and competitive challenges. Mark and Peter’s 5 person business, based in Sydney’s upcoming Technology Hub, Redfern, is a busy and dynamic environment. BCX is aiming to become profitable and self-sufficient by the end of 2014 at the latest. It is at this time that their capital funds will be exhausted, but they estimate, once they hit the 3% global mark, and have deployed into production their new bitcoin trading software, (both aggressively targeted for October, 2014), they will have positive financial results. ----------------- News Release: March 17, 2013: “Largest Global Bitcoin Marketplace Hacked: Mt Gox, the world’s largest bitcoin exchange files for bankruptcy. $600M in bitcoins stolen”. ---------------- Waking up to news overnight that their largest competitor has been hacked (or otherwise – details are sketchy) and that they have lost over $600M in their customer’s bitcoins has shaken up the BCX team. Mark and Peter are nervous. If the world’s largest bitcoin exchange has gone under, what position does that leave them in? With little news available and probably no expectation of knowing what exactly went on at Mt Gox for some time, BCX must try to assess their own position and risks. There is a lot at
  • 4. stake here. Are they exposed as well? Are their clients going to be nervous and do a “run” on the exchange? Is their business secure? Time is of an essence so an emergency teleconference is organised between Mark, Peter and Phil Jones, (Technical Support Manager) at HotHost1 – a cloud services company where the BCX environment is hosted. Some resources which may be useful for this assignment 3 Case Study At Mt. Gox bitcoin hub, 'geek' CEO sought both control and escape http://www.reuters.com/article/2014/04/21/us-bitcoin- mtgox-karpeles-insight-idUSBREA3K01D20140421 Avoiding the next Mt. Gox: Vault of Satoshi bitcoin exchange launches proof-of-solvency service http://pando.com/2014/04/22/avoiding-the-next-mt-gox-vault- of-satoshi-bitcoin-exchange-launches-proof-of-solvency- service/ Bitcoin Transaction Malleability and MtGox http://arxiv.org/pdf/1403.6676v1.pdf Mt.Gox Finds 200,000 Bitcoin In An “Old-Format” Digital Wallet http://techcrunch.com/2014/03/20/mt-gox-finds-200000-bitcoin- in-an-old-format-digital-wallet/ Mt. Gox http://en.wikipedia.org/wiki/Mt._Gox March 18, 2014, 9:45am: Offices of HackStop Consulting A quiet morning for you until a call from a company called BCX reaches your desk. As a Senior IT Security Consultant at HackStop Consulting,
  • 5. you’ve had calls like this many times. It’s time to get your game on again! Time to visit the offices of BCX. Their CEO, CTO and a Manager from their hosting provider HotHost1 are desperate to meet with you. Your Task On return from your meeting, it’s time to quickly put together a proposed plan of work and a response for BCX. Given the nature of your assignment with BCX, an urgent response and work-plan is required that outlines your approach and methodologies to: (1) Assessing what could go wrong – how could someone (a hacker?) compromise the BCX environment and steal the user bitcoins? (2) How does BCX ensure it does not happen? Student Notes At present, no other assumptions need to be made about the actual security issues/breach at Mt Box but an understanding of how it could have happened will assist with the assignment. Read about the real Mt Gox episode and the history of bitcoin and other bitcoin security issues of the past few years. (Google is your best friend). This assignment is focused upon seeing if you, the student has built up an awareness of how security in Internet Websites can be assessed and analysed to assist businesses in improving their overall security position. By being able to outline how you would go about reviewing the security requirements outlined in the BCX case study and making recommendations on improving security practices and the appropriate controls that need to be put place to reduce the risks to an acceptable level for BCX, the markers will be able to assess your level of knowledge learned in this course and the additional research you have undertaken. Any information not provided in the case study may be
  • 6. assumed, but make sure that your assumptions are stated and that the assumptions are plausible. **** NB; Importantly and in addition to your own study and research, there will be two specific discussion forum threads on the assignment discussion forum where you can ask questions of the main players in the scenario: 1. Mark Buck and/or Peter Gates (BCX) 2. Phil Jones (HotHost1) By actively participating in the forum discussions for this assignment, you will gain valuable information and insight into this case study that will be regarded highly by the markers. (Note: Any questions which are not considered to be appropriate or professional for the purpose of this assessment may not be answered) Deliverables The success of your engagement is based upon two deliverables: (1) Development of security audit plan to assess how you would determine BCX’s security posture at the present time. (2) A business proposal to BCX Management in the form of a presentation (based on your proposed security audit plan – Deliverable 1) that outlines how the organisation should be better focusing on Information Security. In detail: (1) Security Audit Work-plan (WORD Document): The Security Audit work plan should be included in a professionally presented document of no more than 10 pages and be structured to show how each phase of work is to be undertaken. Your work-plan must include the following at a minimum: * Executive Summary: half-page brief outlining purpose; scope, expectations and outcomes of the proposed plan of work. (250 words) Structured and ordered work plan phase description, which for each section includes: * Background and problem analysis - What could go wrong?
  • 7. How could a hacker compromise the BCX web site environment and steal the user information ? (approx. 500 words) * Threat analysis - What is to be investigated and tested, how it will be done, what sort of potential issues you are looking for, and deliverables BCX and/or HotHost1 can expect for each phase of work – (eg; the “deliverable” for the phase of work could potentially be a report containing the results of a vulnerability assessment test on BCX’s server(s)). (approx. 1000 words) * Dependencies and critical success factors to the job - such as key stakeholders in this security audit – the key people to be interviewed or whose involvement in that phase of work is required. (Remember, you don’t always get free-rein access to systems and other information and because time is of importance, you won’t get a long time to master the environment. But, as you know, you cannot also always believe everything you are told). What is key to getting this job done efficiently and what support do you need to get this done, (from BCX and also the hosting provider). (approx. 500 words) * Set of recommendations for improving BCX’s current security practices and ensuring that an appropriate set of controls are put in place (approx. 750 words) * Reference list of key sources in particular technical references which support your approach (Not counted in word count) Note in this report and in the accompanying presentation you are encouraged to make use of appropriate Figures and Tables to emphasise the key points that you are trying make * A journal of each team member's (for students completing this assignment individually – your) activities in participating and contributing to the completion of the work plan report and presentation. (2) Developing a Securer Environment for BCX for the Future (POWERPOINT):
  • 8. Your strategy presentation should be created as if it were an actual presentation you were doing for a real client in relation to your proposed work plan including a set of recommendations and should contain the following at a minimum: * 1 Slide for an Introduction outlining your team and the organisation you work for * 2-3 Slides covering the Background: A brief summary of where BCX is today in regards to security practices in their organisation and controls in place for their web servers. * 2-3 Slides covering the Threat Analysis: A summary of the major threats and associated vulnerabilities and the actions required to reduce the risks associated with these threats and specific vulnerabilities in their web servers to an acceptable level. * 2 Slides covering Dependencies and critical success factors to the job: i.e. what is key to getting this job done efficiently and what support do you need to get this done, (e.g. internal business stakeholders, developers etc.) * 2 Slides covering your proposed Set of recommendations for improving security practices at BCX and ensuring appropriate controls are in place in relation to their web site which is core to their business [The following is also to be included. While not part of a “standard” Industry business presentation, it is there to allow teaching staff to gauge what level of research has been undertaken]. * 1 Slide acknowledging the key authoritative reference sources which underpin the research you have conducted and your approach in the proposed work plan in your proposed business report. ------------------ Report and Presentation Format: * MS WORD and PowerPoint respectively (or a web-based presentation as an alternative to PowerPoint for (2) of the
  • 9. assignment deliverables) must be used. NB; For the presentation, you are asked to include a Word document (or utilise the notes section of PowerPoint) to detail the length of time expected to be spent on each slide (page) and the details of what you would expect to discuss with the audience. * This assignment is focused upon seeing if as a student in this course you have built up an awareness of how security in an environment should be set up and operated. By being able to outline how you would review and test the security of the fictional organisation, BCX, through assessment of the basics such as good policies, standards, procedures and controls in place, in addition to detection of incidents, the markers will be able to assess your level of knowledge learned from the course content and from your own additional research in relation to this case study. Principles of Information Security - Assignment 3 Description Marks out of Weighting Due date Assignment 3 Report and Presentation based on CASE STUDY: BCX.COM (A fictitious analysis of a security breach) Length: 3000 words approx. plus Appendices 100 70% 08 October 2014 This assignment assesses your understanding in relation to the following three course objectives: 1. analyse information security vulnerabilities and threats and determine appropriate controls that can be applied to mitigate the potential risks 2. explain why continual improvement is necessary to maintain reasonably secure information systems and IT infrastructure and to describe the role of disaster recovery and business continuity
  • 10. plans in recovering information and operational systems when systems and hardware fail 4. demonstrate an ability to communicate effectively both written and orally about the management of information security in organisations. This assignment assesses the following graduate skills: Problem Solving, Academic & Professional Literacy and Oral and Written Communication at level 2. This assignment relates to the topics covered in modules 1 to 10. This assignment can be completed by groups of two students or as an individual assignment. Details regarding the allocation of students to teams will be provided on the course study desk. Each student team will be allocated their own discussion forum for assignment 3 to specifically work collaboratively as a team in developing and discussing their approach to assignment 3 case study and the required Security report and presentation. Regular participation in each team’s discussion forum by the team members each week from Monday 8th September until Friday 17th October is expected. Each team member will also be required to keep a journal of their activities and progress related to completing this assignment and will form part of the assessment for assignment 3. In date order clearly list the following: · date of research activity/discussion · topics researched or discussed · time duration of activity. Submit this journal for each team member as an appendix to the assignment 3 Recommendations report. Any reference to web pages and on line resources such as white papers, blogs, wikis etc. should be listed at the end of the journal. Regular participation on the discussion forums dedicated for this assessment is highly recommended and can assist greatly with this assessment item. Also note that you are expected to do research outside of the course materials provided.
  • 11. Case Study: BIGCOINX (A fictitious analysis of the importance of Security in the Digital Currency World) Background: BigCoinX (BCX) is an Internet bitcoin exchange start-up founded in early 2013 riding on the boom of interest in the bitcoin currency of the last few years. Established by former work colleagues in the investment banking industry, Mark Buck (current CEO) and Peter Gates (CTO), the company by late 2013 was relatively successful and doing an estimated 1% of all global bitcoin trades. While in the scheme of things, the user base numbers seems good, both Mark and Peter know, that to achieve a critical mass of users that will establish BCX as a “player” in the bitcoin world, they will need to reach numbers upwards of 10% of global bitcoin trades. With bitcoin being a hot topic and Internet start-ups springing up all the time to try to make money from the bitcoin rush, BCX knows it has to stay ahead of the game. The company is continually innovating and responding to user requirements, industry trends and competitive challenges. Mark and Peter’s 5 person business, based in Sydney’s upcoming Technology Hub, Redfern, is a busy and dynamic environment. BCX is aiming to become profitable and self-sufficient by the end of 2014 at the latest. It is at this time that their capital funds will be exhausted, but they estimate, once they hit the 3% global mark, and have deployed into production their new bitcoin trading software, (both aggressively targeted for October, 2014), they will have positive financial results. -----------------
  • 12. News Release: March 17, 2013: “Largest Global Bitcoin Marketplace Hacked: Mt Gox, the world’s largest bitcoin exchange files for bankruptcy. $600M in bitcoins stolen”. ---------------- Waking up to news overnight that their largest competitor has been hacked (or otherwise – details are sketchy) and that they have lost over $600M in their customer’s bitcoins has shaken up the BCX team. Mark and Peter are nervous. If the world’s largest bitcoin exchange has gone under, what position does that leave them in? With little news available and probably no expectation of knowing what exactly went on at Mt Gox for some time, BCX must try to assess their own position and risks. There is a lot at stake here. Are they exposed as well? Are their clients going to be nervous and do a “run” on the exchange? Is their business secure? Time is of an essence so an emergency teleconference is organised between Mark, Peter and Phil Jones, (Technical Support Manager) at HotHost1 – a cloud services company where the BCX environment is hosted. Some resources which may be useful for this assignment 3 Case Study At Mt. Gox bitcoin hub, 'geek' CEO sought both control and escape http://www.reuters.com/article/2014/04/21/us-bitcoin- mtgox-karpeles-insight-idUSBREA3K01D20140421 Avoiding the next Mt. Gox: Vault of Satoshi bitcoin exchange launches proof-of-solvency service http://pando.com/2014/04/22/avoiding-the-next-mt-gox-vault- of-satoshi-bitcoin-exchange-launches-proof-of-solvency- service/
  • 13. Bitcoin Transaction Malleability and MtGox http://arxiv.org/pdf/1403.6676v1.pdf Mt.Gox Finds 200,000 Bitcoin In An “Old-Format” Digital Wallet http://techcrunch.com/2014/03/20/mt-gox-finds-200000-bitcoin- in-an-old-format-digital-wallet/ Mt. Gox http://en.wikipedia.org/wiki/Mt._Gox March 18, 2014, 9:45am: Offices of HackStop Consulting A quiet morning for you until a call from a company called BCX reaches your desk. As a Senior IT Security Consultant at HackStop Consulting, you’ve had calls like this many times. It’s time to get your game on again! Time to visit the offices of BCX. Their CEO, CTO and a Manager from their hosting provider HotHost1 are desperate to meet with you. Your Task On return from your meeting, it’s time to quickly put together a proposed plan of work and a response for BCX. Given the nature of your assignment with BCX, an urgent response and work-plan is required that outlines your approach and methodologies to: (1) Assessing what could go wrong – how could someone (a hacker?) compromise the BCX environment and steal the user bitcoins? (2) How does BCX ensure it does not happen? Student Notes At present, no other assumptions need to be made about the actual security issues/breach at Mt Box but an understanding of how it could have happened will assist with the assignment. Read about the real Mt Gox episode and the history of bitcoin and other bitcoin security issues of the past few years. (Google
  • 14. is your best friend). This assignment is focused upon seeing if you, the student has built up an awareness of how security in Internet Websites can be assessed and analysed to assist businesses in improving their overall security position. By being able to outline how you would go about reviewing the security requirements outlined in the BCX case study and making recommendations on improving security practices and the appropriate controls that need to be put place to reduce the risks to an acceptable level for BCX, the markers will be able to assess your level of knowledge learned in this course and the additional research you have undertaken. Any information not provided in the case study may be assumed, but make sure that your assumptions are stated and that the assumptions are plausible. **** NB; Importantly and in addition to your own study and research, there will be two specific discussion forum threads on the assignment discussion forum where you can ask questions of the main players in the scenario: 1. Mark Buck and/or Peter Gates (BCX) 2. Phil Jones (HotHost1) By actively participating in the forum discussions for this assignment, you will gain valuable information and insight into this case study that will be regarded highly by the markers. (Note: Any questions which are not considered to be appropriate or professional for the purpose of this assessment may not be answered) Deliverables The success of your engagement is based upon two deliverables: (1) Development of security audit plan to assess how you would determine BCX’s security posture at the present time. (2) A business proposal to BCX Management in the form of a presentation (based on your proposed security audit plan – Deliverable 1) that outlines how the organisation should be better focusing on Information Security.
  • 15. In detail: (1) Security Audit Work-plan (WORD Document): The Security Audit work plan should be included in a professionally presented document of no more than 10 pages and be structured to show how each phase of work is to be undertaken. Your work-plan must include the following at a minimum: * Executive Summary: half-page brief outlining purpose; scope, expectations and outcomes of the proposed plan of work. (250 words) Structured and ordered work plan phase description, which for each section includes: * Background and problem analysis - What could go wrong? How could a hacker compromise the BCX web site environment and steal the user information ? (approx. 500 words) * Threat analysis - What is to be investigated and tested, how it will be done, what sort of potential issues you are looking for, and deliverables BCX and/or HotHost1 can expect for each phase of work – (eg; the “deliverable” for the phase of work could potentially be a report containing the results of a vulnerability assessment test on BCX’s server(s)). (approx. 1000 words) * Dependencies and critical success factors to the job - such as key stakeholders in this security audit – the key people to be interviewed or whose involvement in that phase of work is required. (Remember, you don’t always get free-rein access to systems and other information and because time is of importance, you won’t get a long time to master the environment. But, as you know, you cannot also always believe everything you are told). What is key to getting this job done efficiently and what support do you need to get this done, (from BCX and also the hosting provider). (approx. 500 words) * Set of recommendations for improving BCX’s current security practices and ensuring that an appropriate set of controls are put in place (approx. 750 words)
  • 16. * Reference list of key sources in particular technical references which support your approach (Not counted in word count) Note in this report and in the accompanying presentation you are encouraged to make use of appropriate Figures and Tables to emphasise the key points that you are trying make * A journal of each team member's (for students completing this assignment individually – your) activities in participating and contributing to the completion of the work plan report and presentation. (2) Developing a Securer Environment for BCX for the Future (POWERPOINT): Your strategy presentation should be created as if it were an actual presentation you were doing for a real client in relation to your proposed work plan including a set of recommendations and should contain the following at a minimum: * 1 Slide for an Introduction outlining your team and the organisation you work for * 2-3 Slides covering the Background: A brief summary of where BCX is today in regards to security practices in their organisation and controls in place for their web servers. * 2-3 Slides covering the Threat Analysis: A summary of the major threats and associated vulnerabilities and the actions required to reduce the risks associated with these threats and specific vulnerabilities in their web servers to an acceptable level. * 2 Slides covering Dependencies and critical success factors to the job: i.e. what is key to getting this job done efficiently and what support do you need to get this done, (e.g. internal business stakeholders, developers etc.) * 2 Slides covering your proposed Set of recommendations for improving security practices at BCX and ensuring appropriate controls are in place in relation to their web site which is core to their business
  • 17. [The following is also to be included. While not part of a “standard” Industry business presentation, it is there to allow teaching staff to gauge what level of research has been undertaken]. * 1 Slide acknowledging the key authoritative reference sources which underpin the research you have conducted and your approach in the proposed work plan in your proposed business report. ------------------ Report and Presentation Format: * MS WORD and PowerPoint respectively (or a web-based presentation as an alternative to PowerPoint for (2) of the assignment deliverables) must be used. NB; For the presentation, you are asked to include a Word document (or utilise the notes section of PowerPoint) to detail the length of time expected to be spent on each slide (page) and the details of what you would expect to discuss with the audience. * This assignment is focused upon seeing if as a student in this course you have built up an awareness of how security in an environment should be set up and operated. By being able to outline how you would review and test the security of the fictional organisation, BCX, through assessment of the basics such as good policies, standards, procedures and controls in place, in addition to detection of incidents, the markers will be able to assess your level of knowledge learned from the course content and from your own additional research in relation to this case study.