首页 > 其他分享 >COMPSCI 316: Cyber Security

COMPSCI 316: Cyber Security

时间:2024-09-11 16:14:55浏览次数:9  
标签:Briefly security explain 316 COMPSCI marks Security data your

Assignment 1

COMPSCI 316: Cyber Security, Semester 2, 2024

This assignment is worth 100 marks. The weight of this assignment is 10% of the course. The deadline to submit this assignment is Friday, September 13, 23:59 hrs NZ Time. No late submissions are accepted. The assignment must be submitted through Canvas. The only acceptable format is PDF.

For answers containing brief explanations, the answers should not exceed 300 words. You are also expected to use APA or IEEE1 referencing style. in this assignment.

Note. Sharing assignment solutions does not help in your learning. Consequently, our academic integrity policy does not permit sharing solutions or source code leading to solutions. Violation of this will result in your assignment submission attracting no marks, and you may also face disciplinary actions. Therefore, please do not share assignments, assignment solutions or source code leading to assignment solutions. Do not publish or make available your assignments or solutions online. You will be liable if someone copies your solution. Please talk to us if you have any doubts about what is legit and what is not.

Do not leave your computers, devices, and belongings unattended — you must always secure these to prevent anyone from accessing your assignments or solutions.

For more information, see our University’s Student Academic Conduct Statute.

Question I. (20 marks) Data Breach. Identify a data breach discovered between August 2023 and July 2024 and answer the following questions.

1. Share the URL reporting this data breach. [1 mark]

2. Briefly describe the impact of this data breach. Briefly describe how many users were affected, the level of impact (explaining whether it was low, medium, or high), and financial, or other losses (e.g., reputation damage). [5 marks]

3. Briefly explain what information was released. [3 marks]

4. Briefly describe the root cause of this data breach. [5 marks]

5. As a cyber security expert, what kind of security measures would you take to reduce the risk of similar data breaches in the future? Provide a brief explanation. [6 marks]

Question II. (25 marks) Vulnerability Analysis. Visit https://cve.mitre.org/cve/search_cve_list.html and search for a CVE ID (CVE, 2023) that contains the last three digits in your UPI (username). If no entry corresponds to the last three digits of your UPI (username), you can increment your UPI by one and repeat the process unless you find a valid CVE ID. If you see multiple CVE IDs, you can choose any one of them. For your CVE entry, which you must write down in your answer, you should be able to find its NVD entry, where you can find detailed information about the vulnerability. Answer the following questions:

1. Briefly explain the vulnerability in your own words. [5 marks]

2. Briefly explain why the confidentiality score is low, medium, or high. [3 marks]

3. Briefly explain why the integrity score is low, medium, or high. [3 marks]

4. Briefly explain why the availability score is low, medium, or high. [3 marks]

5. Consider that you are a cyber security 代 写COMPSCI 316: Cyber Securityconsultant for an organization that uses a product or service that can be exploited using the vulnerability in question. Briefly describe at least one alternative product or service you can suggest to your organization. [6 marks]

6. Can this vulnerability be identified using static analysis or dynamic analysis? Explain briefly. [5 marks]

Question III. (8 marks) Usable Security. As healthcare digitization continues, the industry must prioritize security measures that protect patient data, healthcare systems and infrastructure. Phishing is a leading cause of healthcare data breaches, and attacks have been increasing exponentially. Assume you are working as a cyber security consultant for the healthcare industry. You are tasked to develop an app that teaches employees in the healthcare sector how to protect themselves from phishing attacks (State any assumptions you have made).

1. Briefly explain your advice to develop appropriate teaching content (i.e., what to teach) in the app to combat contemporary phishing attacks. [2 marks]

2. Briefly explain your strategy to get users (i.e., doctors, nurses, admin staff, and patients in healthcare sectors) to better interact with the app to improve their learning experience. [2 marks]

3. Briefly explain how you assess the user’s learning (users could be doctors, nurses, admin staff, and patients). [4 marks]

Question IV. (12 marks) Software Security. Assume you are working as a cyber security consultant for the Ministry of Defence in New Zealand. You are tasked to develop a fully working, secure messaging app (i.e., audio, video, text, file sharing etc.) for internal communication purposes within the ministry. You have learned the Open Web Application Security Project (OWASP) top-10 most seen application vulnerabilities. You are required to advise your software development team to implement the following security features (i.e., secure login, secure communication, secure password storage, and secure all messages) in the messaging app.

1. Briefly explain your advice on developing a secure login for users. [4 marks]

2. Briefly explain your advice on developing secure password storage for individuals. [4 marks]

3. Briefly explain your advice to secure all messages and communication in the application. [4 marks]

Question V. (15 marks) Cyber Security Risk Management. Assume you are working as a cyber security consultant for a major bank in New Zealand to develop a mobile banking system for their customers. It will record, process, and store customers’ banking data such as demographic information, transactions, loans, insurance information, and other data that a banking professional collects to identify an individual and determine appropriate service. The senior management at the bank has determined that a new risk management plan must be developed. To this end, you must answer the following questions (State any assumptions you have made):

1. Introduce a risk management plan to the senior management at the bank by briefly explaining its purpose and importance. [ 3 marks]

2. Create an outline (i.e., visually describe the outline) for the completed risk management plan. [5 marks]

3. How can the CIA triad be applied in cyber security risk management? [7 marks]

Question VI. (20 marks) Usable Privacy and GDPR. Consider that you are working as a DevOpsSec (development, security and operations) Consultant at a cyber security company to develop a health care system for Auckland City Hospital in New Zealand. You are required to design a web-based healthcare application that allows remote consultation with medical professionals, general practitioners, and specialists for payment. Patients should be able to browse a registered list of medical professionals and chat (i.e., text, audio, and video) about their health problems for advice.

Doctors and healthcare professionals can register on the application to earn by providing their expertise to patients. The application will be freely available online for desktop and mobile platforms and charge for individual (i.e., patient) consultations. You may want to consider advertising and data sharing with third parties, such as insurance providers and hospitals (State any assumptions you have made).

1. Briefly explain what privacy requirements should be considered when developing healthcare applications to preserve end-user privacy. [8 marks]

2. Briefly explain your strategy for implementing appropriate privacy requirements using GDPR principles in the healthcare application to preserve end-user privacy. [12 marks]

 

标签:Briefly,security,explain,316,COMPSCI,marks,Security,data,your
From: https://www.cnblogs.com/qq---99515681/p/18408414

相关文章

  • 48730-32548, Cyber Security
    48730-32548,CyberSecurityWeek-5Thelabisbasedondocuments“SEEDLabs”providedbyWenliangDu,SyracuseUniversityUnderstandingTCP/IPbasedAttacksLabOverviewThelearningobjectiveofthislabistogainfirst-handexperienceonTCP/IPvuln......
  • Spring Security 4大核心架构图与21种安全验证策略场景分析
    一、SpringSecurity架构设计图二、SpringSecurity架构流程设计图三、SpringSecurity4大架构模块图四、21种安全验证策略原创Solomon肖哥弹架构SpringSecurity是一个功能强大且高度可定制的Java安全框架,用于保护基于Spring的应用程序。它提供全面的安全......
  • springboot 常用的验证框架分析 -shiro/springsecurity
    一 常用的认证鉴权框架关于认证和鉴权的框架,在springboot中使用比较多的比如shiro,springsecurity,soToken这些。从设计上,这些框架的底层逻辑其实大同小异。整体上来说:对于保护性的安全资源,用户需要先通过认证,才能获取授权访问,所以通过理解,很容易思考到,所有的权限管理框架。......
  • 深入探索Spring Security:保护你的应用免受威胁
    目录1.引言2.什么是SpringSecurity?3.核心概念认证(Authentication)授权(Authorization)过滤器链(FilterChain)异常处理4.核心组件SecurityContextHolderUserDetailsServiceAuthenticationManagerAccessDecisionManager5.配置SpringSecurity6.最佳实践7.结论1.引......
  • Java中的服务端点认证与授权:JWT与Spring Security OAuth2
    Java中的服务端点认证与授权:JWT与SpringSecurityOAuth2大家好,我是微赚淘客返利系统3.0的小编,是个冬天不穿秋裤,天冷也要风度的程序猿!今天我们将深入探讨如何在Java应用中实现服务端点的认证与授权,重点关注JWT(JSONWebToken)和SpringSecurityOAuth2。我们将通过实际代码示例展......
  • Java中的服务端点保护:Spring Security与OAuth2
    Java中的服务端点保护:SpringSecurity与OAuth2大家好,我是微赚淘客返利系统3.0的小编,是个冬天不穿秋裤,天冷也要风度的程序猿!今天,我们将深入探讨如何在Java应用中保护服务端点,重点介绍SpringSecurity与OAuth2这两种强大的安全机制。我们将通过实际代码示例演示如何使用这些工具来......
  • Java中的服务端点安全性:Spring Security的高级特性
    Java中的服务端点安全性:SpringSecurity的高级特性大家好,我是微赚淘客返利系统3.0的小编,是个冬天不穿秋裤,天冷也要风度的程序猿!今天,我们将深入探讨SpringSecurity的高级特性,以增强Java应用的服务端点安全性。本文将展示如何利用SpringSecurity的强大功能来保护服务端点,涵盖配置......
  • 安全:modsecurity配置
    一,日志在哪里查看?#--Auditlogconfiguration-------------------------------------------------#Logthetransactionsthataremarkedbyarule,aswellasthosethat#triggeraservererror(determinedbya5xxor4xx,excluding404,#levelresponsesta......
  • CF1316F sol
    简化题意传送门定义一个长度为\(n\)的权值\(val(p)=\sum\limits_{i=1}^{n-1}p^{'}_ip^{'}_{i+1}\),其中\(p^{'}\)为\(p\)排序后的序列。特殊的,如果\(n\le1\),\(val(p)=\text{0}\)现在给定长度为\(n\)一个序列\(a\),\(a\)的所有子序列\(a^{'}\)的\(val(a^{'})\)的\(\......
  • 安全:nginx安装modsecurity
    一,modsecurity官网:   官网:https://modsecurity.org/如图:   官方代码站:https://github.com/owasp-modsecurity/ModSecurity二,安装环境准备:1,安装依赖库:[root@localhostsource]#yuminstall-ygccmakepcre-devellibxml2libxml2-develcurl-develht......