See attached doc
1. (22 points)
a. (5 points) Describe what a social engineering attack is.
b. (12 points) Provide 3 examples of social engineering attacks and describe how they could be used to undermine the security of your IT infrastructure.
c. (5 points) How can social engineering attacks be defended against?
2. (28 points) Requirements question
a. (5 points) Describe what a functional requirement is; provide details.
b. (5 points) Describe what an assurance requirement is; provide details.
c. (18 points) Provide an example of each by
writing an actual functional requirement and the corresponding assurance requirement using some aspect of a system for your example. For example, you could write a requirement based on user interface behavior, file access, audit logging or various other areas of functionality. It does not have to be long but it needs to demonstrate your understanding of these concepts.
(50 points) Assume you have a computing environment consisting of a mix of machines running the following Windows platforms; 7 and 10. There are also machines running Linux and Apple iOS. Your environment runs a mix of email and various office applications (e.g. word processing, spreadsheet, slide presentation, database). There is regular use of internet sites both for business and some personal use. There are also laptops, mobile phones and tablets that connect wirelessly to your network.
The environment is spread across a wide geographic area. While it might be tempting to have a solution that uses one type of system, such as Windows 10 this is not a possibility given the problem statement. The heterogeneity of the platforms in the environment is typical of the complexity faced by many organizations today. The environment is as defined and you must deal with the stated variation and complexity.
What do you consider to be the major risks to your environment and why? Describe the risks and vulnerabilities involved in the above stated environment. There are many risks to consider. You must provide a minimum of 10 risks with explanations.
Your explanations must provide some detail.
Place your risks and descriptions in a numbered list.
1. (28 points) You are responsible for managing several PCs. You have asked your assistant to backup their work. The assistant indicates they need administrator privilege to perform the backup. He also says he will bring in a USB memory stick to backup their data to.
a. (4 points) What are your concerns with granting administrator privileges to your assistant?
b. (9 points) What would you ask the assistant about this request for administrator privileges? Provide at least 3 questions you might ask and explain why you are asking these questions and what you hope to glean from the responses.
c. (2 points) What control principle would you be violating if administrator privileges are not needed and you grant them?
d. (9 points) Identify and describe 3 concerns you have about the assistant bringing in a memory stick for backups? Explain your concerns.
e. (4 points) How would you determine if backing up to a memory stick is a reasonable and accepted approach?
2. (5 points)
Security certificates are a major part of your security infrastructure. Certificates enhance security in numerous areas including: ensuring identities of computers, protecting the confidentiality of email messages, ensuring the authenticity of someone sending an email message or broadcast message; encrypting communications between servers and clients. Security certificates support secure communication between your system and a server. This secure communication is necessary for ensuring transactions are confidential and the data being communicated between systems maintain integrity. It is important to learn what a certificate is, how they are used and where they are installed on your system. Additionally, understanding the vulnerabilities with certificates is important.
For this assignment you need to select a certificate of your choice on your system. This requires you to use your browser options to look at the installed certificates (see lecture notes week 4 for how). You can alternately get to certificates installed on Windows 10 systems via the certmgr tool; locate with Windows search.
You should take screen shots of the certificate you selected and include that in your answer. I would like to see the displays for the “General” tab and the “Details” tab. Note that you may need to provide multiple screen shots of a tab to include all of the data in that tab. The screen shots needed are based on how your browser displays the information.
Following is an example of one way to present the information for a certificate I chose showing the General and Details tab.
If you have Mac computer please follow instruction here
3. (20 points)
Several files have been deleted on your system. It is not clear if this was the result of a malicious act or if it was accidental. The auditing mechanism may be able to help you determine what happened.
a. (10 points) What are you going to look for in the audit file? Provide at least 5 items you would look for in the audit file. Explain why you selected each item and what it might tell you.
b. (6 points) What may it mean if the deleting of these files were not recorded in the audit log? Provide at least 3 items with reasons.
c. (2 points) What is the impact/cost of auditing events?
d. (2 points) What is the impact/cost of not auditing events?
4. (20 points)
a particular type of security incident
and describe the various tactics (a process or procedure) that illustrates addressing each of the four (4) areas:
1) incident prevention
2) incident detection
3) incident response
4) incident recovery
The incident you select should be detailed so that your examples of the tactics for each area (prevention, detection, response and recovery) provide some specifics. Note there is often more than one tactic for each category.
5. (2 points) Explain what spyware is?
6. (25 points) Provide an example of a specific piece of spyware. Explain the key attributes of it using the following template.
OVERVIEW: (General overview. Include in the overview what platforms and or applications are affected. Also include any other information that you consider important for an overview.)
INFECTION: (There can be numerous infections. Consider user visible and internal infections.)
PAYLOAD: (There can be numerous payloads. Consider user visible and internal payloads.)
TRIGGER: (There can be numerous triggers. Consider user caused and internal triggers.)
DEFENSE: (How can you defend against this malware?)