Social Practices and Security Assignment-
Question 1 - Case study
Study the case study and complete the following questions:
From the most recent consolidated data available on insider threats, over 50% of organisations report having encountered an insider cyber-attack in 2012, with insider threat cases making up roughly 23% of all cybercrime incidents. This percentage has stayed consistent over the prior couple of years, but the total number of attacks has increased significantly.
The result is $2.9 trillion in employee fraud losses globally per year, with $40 billion in losses due to employee theft and fraud in the US in 2012 alone. The damage and negative impact caused by insider threat incidents is reported to be higher than that of outsider or other cybercrime incidents.
Interestingly, in contrast to outsider attacks on networks, insider cyber-attacks are under-reported. Only a few cases make it into public media or are even known to insider threat experts. Reasons for such under-reporting are insufficient damage or evidence to warrant prosecution, and concerns about negative publicity. The risk of revealing confidential data and business processes during investigations may be another reason why many companies don't report and prosecute insider threat incidents.
Source: http://www.computerworld.com/article/2691620/security0/insider-threats-how-they-affect-us-companies.html [Date accessed: 29 October 2015]
1. Which approach would you follow in attempting to protect against inside attacks? Justify your answer.
2. It is the responsibility of the government to ensure that they put in place relevant laws to ensure that attackers are prosecuted. Which two laws could an organisation in South Africa use to prosecute an inside attacker, should they get caught? Justify your answer.
3. According to the article "over 50% of organisations report having encountered an insider cyber-attack". Research any three organisations that have experienced insider cyber-attacks. Describe each attack and indicate their severity.
4. Why are there a higher number of cyber-attacks coming from internal employees? Provide three researched reasons. Provide references for your answers.
5. Two employees at an organisation that was in the middle of a labour dispute sabotaged the system controlling the traffic lights of a major city. The sabotage took four days to fix, during which time traffic was greatly affected. Identify the type of inside attack this is. Justify your answer.
6. Assuming you have been hired as information security officer and your immediate task is to come up with a strategy to counteract inside attacks. Explain in detail the measures/action you would put in place as part of your strategic action.
Question 2 - Scenario
Study the scenario and complete the following questions:
You have a Web server, attached to the Internet, and you are willing to allow your clients, staff, and potential clients, to access the web pages stored on that Web server. You are not, however, willing to allow unauthorised access to that system by anyone, be that staff, customers, or unknown third parties. For example, you do not want people (other than the Web designers that your company has employed) to be able to change the web pages on that computer.
Source: Joseph William/2015
1. What is the best mechanism to use to warn of attempted or prevent unauthorised access to the computer? Compare the two most common types of such mechanisms that you would probably use and state which one is the best for the situation above. Motivate your answer.
Question 3 - Case study
Study the case study and complete the following questions:
On the 19th of February 2014, personal records for more than 309,000 students and staff were exposed in a "sophisticated" database attack at the University of Maryland.
Birth dates, social security numbers, names and university ID numbers were compromised for people issued with a school ID and affiliated with the university's College Park and Shady Grove campuses since 1998. Financial, academic, health and contact information such as phone numbers were not exposed. The cause of the breach, which occurred, is considered unknown and an investigation was put in place by federal and state law enforcements. The school is said to have 37,000 active students.
"Computer forensic investigators examined the breached files and logs to determine how their sophisticated, multi-layered security defences were bypassed. The University is initiating steps to ensure there is no repeat of this breach."
Personal records are valuable to cybercriminals, who can compile dossiers on victims for the purposes of financial fraud, such as opening bank accounts or taking out loans. The data may also be valuable for other types of targeted attacks, such as spear phishing.
The incident is the latest in a string of breaches that have affected companies and organisations which focused on intercepting payment card details from point-of-sale devices.
Source: Kirk, J. 2014. Database attack exposes personal data at University of Maryland.
Available at: http://www.pcworld.com/article/2099540/database-attack-exposes-personal-data-at-university-of-maryland.html [Accessed: 08 September 2014].
Instructions-
1. Your organisation has been hired to perform a risk assessment for the University. In your own words what is a risk assessment and why is it important? Perform a vulnerability assessment for the database which was attacked. (You can make other assumptions).
2. Which mitigation approach is best to implement in such a case and why do you think it's the best?
3. From the scenario "The University is initiating steps to ensure there is no repeat of this breach." Which risk control strategy should the university implement and why do you think it is the best strategy?
4. Would you classify the attack on Maryland database as an incident or a disaster? Why?
5. In an attempt to strengthen the security of the university the Chief Information Officer (CIO) has suggested several technologies to be used by the university. One of them is the use of Kerberos protocol. Critique the implementation of this technologies in a university environment. Do you think the university should implement this authentication?
6. Another important document that every institution or organisation should have is a document that instructs the employees on the proper usage of technologies and processes.
a. What is the name of this document?
b. Create the document you mention in (a) above for Maryland University Computer Lab Your document should have at least five components.
Question 4 - Case study
Study the case study and complete the following questions:
Arrested in Sicily in April 2006, the reputed head of an Italian Mafia family, Bernardo Provenzano, made notes or 'pizzini' in the Sicilian dialect. When arrested, he left approximately 350 of the notes behind. In the pizzini he gives instructions to his lieutenants regarding particular people.
Instead of writing the name of a person, Provenzano used a variation of the cipher in which letters were replaced by numbers: A by 4, B by 5, ... Z by 24 (there are only 21 letters in the Italian alphabet). So in one of his notes the string "...I met 512151522 191212154 and we agreed that we will see each other after the holidays...," refers to Binnu Riina, an associate arrested soon after Provenzano [LOR06]. Police decrypted notes found before Provenzano's arrest and used clues in them to find the boss, wanted for 40 years.
All notes appear to use the same encryption, making them trivial to decrypt once police discerned the pattern.
Suggestions we might make to Sig. Provenzano: use a strong encryption algorithm, change the encryption key from time to time, and hire a cryptographer.
Source: Pfleeger, C.P. & Pfleeger, L.S. 2011. Security in computing. 4th edition. USA: Prentice Hall
Instructions-
1. What is the name of the cypher Provenzano was using?
2. Discuss the major advantages and disadvantages of the cipher you mentioned in 3.1.
3. What are the characteristics of a good cipher?
4. Decrypt the following encrypted text with a Caesar cypher with a shift (key) of -3 and showing all the steps:
QL YBIFBSB FK QEB EBOLFC JXHBP EBOLBP.
Attachment:- Assignment.rar