This document provides instructions for Assignment 4 for the IT Security and Policies course. It states that the assignment is due on April 21, 2018 at 11:59 pm with a total of 4 marks. It provides instructions for submitting the assignment and warns that plagiarism will result in zero marks. The assignment contains 4 questions related to access control management, web application security flaws, cryptography, and security incident response times.
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
CCI Assignment 4 Deadline 21/04/2018
1. College of Computing and Informatics
Assignment 4
Deadline: Day 21/04/2018 @ 23:59
[Total Mark for this Assignment is 4]
Student Details:
Name:###
CRN:###
ID:###
Instructions:
This Assignment must be submitted on Blackboard (WORD format only) via the allocated
folder.
Email submission will not be accepted.
You are advised to make your work clear and well-presented, marks may be reduced for
poor presentation. This includes filling your information on the cover page.
You MUST show all your work, and text must not be converted into an image, unless
specified otherwise by the question.
Late submission will result in ZERO marks being awarded.
The work should be your own, copying from students or other resources will result in ZERO
marks.
IT Security and Policies
IT409
2. Pg. 01 Assignment 4
Access Control Management
Q1- “Monitoring the employees in an organization is legal” Debate on this
statement from the perspective of Employer and Employee..
(Marking criteria : debating from the perspective of employer 0.5 marks from the perspective
of employee 0.5 marks.)
Answer: Student’s answer will vary, they can give points for the concept or against
the concept. But the answer may include the following concepts.
Perspective of an employer:
1. Actions were taken at the employer’s place of work
2. Equipment used – including bandwidth – was company-provided
3. Monitoring the work also helps ensure the quality of work
4. The employer has the right to protect property from theft and/or fraud
Perspective of the employee:
1. Employees cannot expect privacy in work place
2. He is not allowed to use his personal mails using office facilities
Learning
Outcome(s):
Chapter 9
LO 2: Research
and investigate
problems related
to the field of
Security and
Information
Assurance
01Marks
3. Pg. 02 Assignment 4
Information systems Acquisition, development
and maintenance
Q2- The OSWAP ( Open Web Application Security Project) releases top 10
security flaws in most critical web applications. Find out the latest release and
list down the top 10 flaws. Explain at-least 2 flaws in your own words
(Marking criteria : Listing : 0.25 marks explaining the flaws 0.75 marks)
Answer:
1. Injection
2. Broken authentication
3. Sensitive data exposure
4. Xml external entities
5. Broken access control
6. Security misconfiguration
7. Cross site scripting
8. Insecure deserialization
9. Using components of known vulnerability
10. Insufficient logging and monitoring
Students can explain any two of the above flaws in their own words. Check the
correctness and give marks
Learning
Outcome(s):
Chapter 10
LO 5: Use
effective, proper
and state of the
art security tools
and technologies
01 Marks
4. Pg. 03 Assignment 4
Information systems Acquisition, development and
maintenance
Q3- What do you understand by Cryptography? Compare the two basic types
of cryptography.
(Marking criteria : 0.25 marks for defining cryptography. 0.75 marks for comparing the different
categories)
Answer : Cryptography is the art of secret writing.
Symmetric key Cryptography Asymmetric key Cryptography
1. Uses a single secret key that must be
shared in advance and kept private.
2. The same algorithm with the same
key is user for encryption and
decryption.
3. It may be impossible or at least
impractical to decipher a message if
no other information is available.
1. One of the two keys must be kept
secret.
2. One algorithm is used for
encryption and decryption with a
pair of keys, one for encryption
and one for decryption.
3. It may be impossible or at least
impractical to decipher a message
if no other information is available.
Learning
Outcome(s):
Chapter 10
LO 1: Learn
networking and
security , security
issues, trends and
security resources
1 Marks
5. Pg. 04 Assignment 4
Information SecurityIncident Management
Q4-
Discuss about the required response time for each level of security incident with
your own example.
(Marking criteria : 0.25 for response time, 0.75 for examples)
Answer :
Response to a security incident should be done immediately or within hours , or
within 24 hours, depending upon the criticality level of the security incident.
(Examples may differ from student to student.)
For example
DoS attack – level 1 – needs immediate response,
Malware detection – level 2 – within hours,
Excessive bandwidth usage – within 24 hours.
Learning
Outcome(s):
Chapter 11
LO 3:Analyze,
implement, and
select the most
appropriate
solutions to
problems related
to the field of
Security and
Information
Assurance.
1 Marks