DIGITAL SECURITY MOD003264
Re-assessment element 010: Assignment 2000 WORDS
Trimester 2, 2021/22
Assessment element 010 holds 60% of your total mark. This assessment element has 2 parts as below:
Element 010 | Part 1 | Lab logbook | 20% | Completion and submission of your solutions [log book] to weekly questions on lab activities based on the specifications described below. |
Part 2 | Coursework | 40% | Completion and submission of the task described below. |
Part 1 – Lab logbook [20%] |
In this module, we use the NETLAB platform to conduct our practical activities. NETLAB is a software and hardware system solution that lets you remotely control routers, switches, and virtual PCs through your web browser. Hence, you can complete Part 1 of your assessment element 010 from any computer that has an Internet connection.
Every week you will be given a lab hands-on accompanied by a series of questions related to the given lab hands-on [Both can be found under the Canvas module weekly activity pages]. You should answer these questions during the lab session mainly based on the given lab hands-on and your external research and maintain your Lab-logs and records for assessment element 010 – Part 1 final submission on Canvas. Your progress will be moderated by your lab tutor on weekly basis. Throughout this module, we are going to have TEN compulsory labs hands-on which in total hold 20% of your total mark. Each hands-on is worth 2% (2% * 10 = 20%). You are expected to maintain an engineering lab logbook (in digital format) containing evidence of all completed exercises, including your solutions, screenshots, and any further research undertaken during the exercise. Student Must submit their lab logbook to Canvas before the final submission deadline.
Submission Guide for Element 010 – Part 1 (Lab logbook):
- Submission Deadline: Please refer to the Canvas Assessment page.
- Assessment Type: Individual – Coursework
- Report Format: Unzipped unprotected standard PDF file.
- Report Naming Convention: 010_ Part1_StudentID.PDF or DOCX
- Submission Platform: Canvas
- Important Note: Ensure your student ID is listed on ALL page’s header. Submission should be anonymous, so DO NOT include your name on any pages of your submission. Also please include a cover page with your submission.
Other Remarks:
- To learn about the submission deadline please refer to the Canvas Assessment page.
- Keep your solutions short. A paragraph of description (60 to 100 words) would be adequate for each question.
- Bundle your solutions as a single logbook in PDF or DOCX file format.
- Write in your own words. This assessment element will be checked for plagiarism.
- This is an individual assessment that means sharing solutions, screenshots automatically render your work as collusion.
- Please, do not claim lab hands-on screenshots as yours.
- Please, do not submit your logbook text as an image to bypass plagiarism check.
- Important Note: The report language must be formal, written in the third person. have all figures and tables correctly labelled and be presented in a structured and meaningful way, with consideration for grammar, punctuation, and spelling.
- Important Note: Ensure your student ID is listed on ALL pages’ header. Submission should be anonymous, so DO NOT include your name on any pages of your submission.
- Cover Page: Your report must include a cover page that exhibits your module name, code, assessment element, submission date and student id.
- Important Note: All figures and screenshots provided in the report must be in high resolution, clear, and readable.
An ancient example of bad academic conduct! 😅
Marking Criteria for Element 010 – Part 1
No. | Lab Exercise Topic | Results | |
1 | Capturing Network Traffic | PASS (2%) Your proposed solution meets the expected criteria, well-structured, complete, genuine, and original. | FAIL (0%) Unstructured, poorly written, and unorganised work. Poor attempt in referencing. Poor and irrelevant/ incomplete solution. |
2 | Performing Active Reconnaissance with Linux | PASS (2%) Your proposed solution meets the expected criteria, well-structured, complete, genuine, and original. | FAIL (0%) Unstructured, poorly written, and unorganised work. Poor attempt in referencing. Poor and irrelevant/ incomplete solution. |
3 | Cryptography Concepts | PASS (2%) Your proposed solution meets the expected criteria, well-structured, complete, genuine, and original. | FAIL (0%) Unstructured, poorly written, and unorganised work. Poor attempt in referencing. Poor and irrelevant/ incomplete solution. |
4 | Securing Data with Encryption Software | PASS (2%) Your proposed solution meets the expected criteria, well-structured, complete, genuine, and original. | FAIL (0%) Unstructured, poorly written, and unorganised work. Poor attempt in referencing. Poor and irrelevant/ incomplete solution. |
5 | PKI Management with Windows | PASS (2%) Your proposed solution meets the expected criteria, well-structured, complete, genuine, and original. | FAIL (0%) Unstructured, poorly written, and unorganised work. Poor attempt in referencing. Poor and irrelevant/ incomplete solution. |
6 | Password Cracking with Windows | PASS (2%) Your proposed solution meets the expected criteria, well-structured, complete, genuine, and original. | FAIL (0%) Unstructured, poorly written, and unorganised work. Poor attempt in referencing. Poor and irrelevant/ incomplete solution. |
7 | Implementing Common Protocols and Services for Basic Security Practices | PASS (2%) Your proposed solution meets the expected criteria, well-structured, complete, genuine, and original. | FAIL (0%) Unstructured, poorly written, and unorganised work. Poor attempt in referencing. Poor and irrelevant/ incomplete solution. |
8 | Analyse and Differentiate Types of Attacks and Mitigation Techniques | PASS (2%) Your proposed solution meets the expected criteria, well-structured, complete, genuine, and original. | FAIL (0%) Unstructured, poorly written, and unorganised work. Poor attempt in referencing. Poor and irrelevant/ incomplete solution. |
9 | Analysing Types of Web Application Attacks | PASS (2%) Your proposed solution meets the expected criteria, well-structured, complete, genuine, and original. | FAIL (0%) Unstructured, poorly written, and unorganised work. Poor attempt in referencing. Poor and irrelevant/ incomplete solution. |
10 | Performing Backups | PASS (2%) Your proposed solution meets the expected criteria, well-structured, complete, genuine, and original. | FAIL (0%) Unstructured, poorly written, and unorganised work. Poor attempt in referencing. Poor and irrelevant/ incomplete solution. |
11 | Incident Response Procedures (Optional) | PASS (2%) Your proposed solution meets the expected criteria, well-structured, complete, genuine, and original. | FAIL (0%) Unstructured, poorly written, and unorganised work. Poor attempt in referencing. Poor and irrelevant/ incomplete solution. |
Part 2 – Coursework [40%] |
Answer all the questions below. You should compile a well-constructed, formally written report of no more than 1500 words (20% leeway) that encompasses industry standards and fundamental digital security best practices. The assignment will specify a different scenario on which to base the context of your answers.
Whilst your target audience has some level of IT knowledge, they have employed you as the subject expert. Answers to each question should be provided at a level of technical detail sufficient to that target audience in the given scenario. You should apply the knowledge gained from the lectures and reading lists and complement this with your own research in order to demonstrate an understanding of the subject material, explaining the technology and how it applies to the context of the given scenario, providing suitable examples where appropriate.
Question 1: Risk Assessment (10 out of 40) [400 to 500 words] |
You have just started a new job at Ruskin University as a network security specialist. You have been asked to conduct both quantitative and qualitative risk assessments for Ruskin University. Describe the steps that you must take to conduct these risk assessments. The following imaginary network topology shows the Ruskin university network and digital assets that can be used to identify possible risks and estimate average monetary values. Use common sense to estimate the rough monetary values of the assets. Try to identify FOUR SECURITY THREATS AND RISKS that might be critical to Ruskin University digital assets BASED ON THE GIVEN TOPOLOGY. Form your QUANTITATIVE and QUALITATIVE risk assessment based on your identified security threats and risks and offer MITIGATION PLANS for each.
Figure 1: Ruskin University Network Topology
Question 2: Cryptography (15 out of 40) [ 500 – 700 words] |
At Ruskin University, you are also responsible for safeguarding and protecting sensitive and personal information.
2.1 Outline how and where symmetric, asymmetric cryptography and Hash functions can contribute to the security of communications at Ruskin University? To elaborate your solution, please find FOUR USE-CASES in Ruskin University’s daily communications that employ the aforementioned security principles. Your solution must be technical means it must outline protocols, processes, ports, standards, and other necessary details.Elaborate your solution with examples, provide comparison and analysis if required.
2.2 Outline FOUR possible risks and attacks corresponding to use-cases that you explained in question 2.1 and describe how cryptography mitigates these risks and attacks. Your solution must be technical means it must outline protocols, processes, ports, standards, and other necessary details.Elaborate your solution with examples, provide comparison and analysis if required.
2.3 The ultimate goal in computer security is to safeguard and deliver the CIA and AAA. Outline best practices (2 for each security principle) that enable you to deliver these goals.
Question 3: Incident Response Plan (10 out of 40) [ 400 – 500 words] |
You have been asked to develop an Incident Response Plan for Ruskin University to protect the university’s assets and safeguard its business continuity in the case of a disaster, cyber-attack, or critical failure. Identify ONE possible incident that might take place in your workplace and elaborate your Incident Response Plan based on the NIST’s Computer Security Incident Response lifecycle.
NIST’s computer security incident handling guide can be found here:
IMPORTANT: Your solution must be technical, and it should be adopted to the University environment and use cases. supply your solution with examples.
Question 4: OWASP Secure Coding (5 out of 40) [ 300 – 500 words] |
As a security specialist, you should be able to understand web application security risks. Provide a real-world example for at least 5 of OWASP web application security risk listed here: (https://owasp.org/www-project-top-ten). You must use your own research to identify those real-world incidents and risks. Your solutions must be referenced meticulously. Supply your real-world examples with a short description and analysis.
Remarks:
You are expected to reference your report thoroughly and accurately (Part 2 – Coursework) using the Harvard referencing style expected by Anglia University. Your report should contain a minimum of 10 references. Marks will be deducted for lack of referencing and in-text citation or divergence from Harvard referencing style. Details on Harvard referencing can be found on the library website:
You are expected to compile a well-constructed, formal written report of no more than 1500 words (20% leeway). Marks will be given for the presentation and layout of the report.
Your report should:
- Be a formal report, written in the third person.
- Have all figures and tables correctly labelled and referenced.
- Be presented in a structured and meaningful way, with consideration for grammar, punctuation and spelling throughout, including the minimum components.
- Your report must include a table of contents and page numbers
- Cover Page to include:
- Module Title and Code
- Your Student ID
- Word Count (references excluded)
Submission Guide for Element 010 – Part 2 (Coursework):
- Submission Deadline: Please refer to the Canvas Assessment page.
- Assessment Type: Individual – Coursework
- Report length: The expected report word count is 1500 words, however 20% leeway, either way, will be allowed. Please include your word count on the cover page.
- Report Format: Unzipped unprotected standard PDF file.
- Report Naming Convention: 010_ Part2_StudentID.PDF or DOCX
- Submission Platform: Canvas
- Important Note: Ensure your student ID is listed on ALL page’s header. Submission should be anonymous, so DO NOT include your name on any pages of your submission.
Marking Criteria for Element 010 – Part 2
Section | Description | Mark |
Quality of Referencing [Embedded] | Excellent references and in-text citations, from authoritative sources, cited correctly using Harvard referencing style. | 85 – 100 |
Great references and in-text citations, mostly from authoritative sources, cited correctly using Harvard referencing style. Some minor styling issues are present. | 70 – 85 | |
Good references and in-text citations with reasonable Harvard style but not all references are authoritative. Some styling issues are present. some references are missing. | 60 – 70 | |
Several reasonable references were provided, but inconsistencies in Harvard referencing style exist [list of references and in-text citations]. Resources are not quite authoritative. Many references are missing. | 50 – 60 | |
Undesirable referencing with inconsistent / No Harvard style [list of references and in-text citations]. Only a few references were provided. No authoritative sources were used. Many references are missing. | 40 -50 | |
Poor attempt in referencing. No Harvard style [list of references and in-text citations] was used. | <40 | |
Layout and Organization [Embedded] | Excellent work in terms of overall structure and formatting, organisation, layout, grammar, and punctuation. | 85 – 100 |
A great piece of work in terms of overall structure and formatting, organisation, layout, grammar, and punctuation. Some minor issues in spelling, punctuation, grammar, overall organisation and layout exist. | 70 – 85 | |
A good piece of work in terms of overall structure and formatting, organisation, layout, grammar, and punctuation; however, several minor issues in spelling, punctuation, grammar, overall organisation, and layout exist. | 60 – 70 | |
A reasonable presentation but inconsistencies in spelling or grammar need to be addressed. Some weaknesses in organisation and layout require improvement. | 50 – 60 | |
Minimal effort in providing a well-structured piece of work. the report lacks proper consistent organisation and structure. Many issues in spelling and grammar exist. | 40 -50 | |
Unstructured, poorly written, and unorganised work. | <40 | |
Question 1 Risk Assessment (10%) | An excellent representation of the risk assessment process. Excellent attention to the details such as assets, risks and threats, risk assessment process and possible mitigation techniques. | 85 – 100 |
A great representation of the risk assessment process with good attention to the details such as assets, risks, and threats. Some minor issues and shortcomings are present in the risk assessment process or mitigation plan. | 70 – 85 | |
A good representation of the risk assessment process, paired with proper representation of assets, risks and threats, and mitigation plans. Some shortcomings with the risk assessment process and mitigation plan. Lack of technical details. | 60 – 70 | |
A reasonable representation of the risk assessment process but with several shortcomings. A reasonable representation of assets, risks, threats, and mitigation plans. The mitigation plan could be improved. The proposed solution lacks technical details. | 50 – 60 | |
Undesirable representation of risk assessment with a significant misunderstanding about the risk assessment process. Several shortcomings with the risk assessment process and mitigation plan. The proposed solution significantly lacks technical details. | 40 – 50 | |
Extremely poor and irrelevant representation of risk assessment. | <40 | |
Question 2 Cryptography (15%) | An Excellent understanding and interpretation of symmetric and asymmetric cryptography and their application in the real-world scenario paired with comprehensive details and case study related examples. An excellent demonstration of security risks and attacks and mitigation techniques. Excellent understanding and interpretation of CIA and AAA frameworks based on the given scenario. | 85 – 100 |
A great understanding and interpretation of symmetric and asymmetric cryptography and their application in the real-world scenario paired with some details and examples. A great demonstration of security risks and attacks and mitigation techniques. A Great understanding and interpretation of CIA and AAA frameworks based on the given scenario. | 70 – 85 | |
A good understanding and interpretation of symmetric and asymmetric cryptography and their application in the real-world scenario, however, details and examples are missing. A good demonstration of security risks and attacks and mitigation techniques. A good understanding and interpretation of CIA and AAA frameworks based on the given scenario. Technical details and case-study related examples could be improved. | 60 – 70 | |
A reasonable understanding and interpretation of symmetric and asymmetric cryptography and their application in the real-world scenario, however, some key elements, details and examples are missing. A reasonable demonstration of security risks and attacks and mitigation techniques. A sensible understanding and interpretation of CIA and AAA frameworks based on the given scenario. Technical details and case-study related examples could be significantly improved. | 50 – 60 | |
A weak understanding and interpretation of symmetric and asymmetric cryptography. Major elements are missing and no details and examples are provided. A weak demonstration and poor understanding of security risks and attacks and mitigation techniques. A poor and mostly incorrect understanding and interpretation of CIA and AAA frameworks. Major elements, technical details and case-study related examples could be significantly improved. | 40 -50 | |
Extremely poor and irrelevant representation of the cryptographic concepts. | <40 | |
Question 3 Incident Response Plan (10%) | An excellent representation of the Incident Response plan based on NIST’s guidelines and lifecycle, an outstanding choice of techniques and strategies, paired with relevant examples and details. | 85 – 100 |
A great representation of the Incident Response plan based on NIST’s guidelines and lifecycle and proper choice of techniques and strategies paired with some examples. The technicality and feasibility of the proposed solution could be improved. | 70 – 85 | |
A good representation of Incident Response plan but loosely follows NIST’s guidelines and lifecycle, fair choice of techniques and strategies. The technical aspect of the proposed solution is lacking behind. | 60 – 70 | |
A reasonable representation of the Incident Response plan which barely follows NIST’s guidelines and lifecycle, fair choice of techniques and strategies. details are missing and the technical aspect of the proposed solution is lacking behind. | 50 – 60 | |
Weak representation of Incident Response plan which barely follows NIST’s guidelines and lifecycle, inappropriate techniques, and strategy. Mostly irrelevant examples. The technical aspect of the proposed solution is lacking significantly. | 40 -50 | |
Extremely poor and irrelevant representation of Incident Response Plan with no / inappropriate examples. | <40 | |
Question 4 OWASP Secure Coding (5%) | Excellent representation and description of OWASP major security concerns and vulnerabilities paired with details and examples. | 85 – 100 |
A good representation of OWASP major security concerns and vulnerabilities paired with some details. Technical aspects of the proposed solution could be improved. | 70 – 85 | |
Adequate details on OWASP major security concerns and vulnerabilities are given. The technical aspect of the proposed solution is lacking behind. | 60 – 70 | |
A reasonable description of the OWASP major security concerns and vulnerabilities. The technical aspect of the proposed solution is lacking behind. | 50 – 60 | |
Inappropriate description of OWASP major security concerns and vulnerabilities. The technical aspect of the proposed solution is lacking significantly. | 40 -50 | |
Extremely poor understanding of OWASP major security concerns and vulnerabilities. | <40 |
Good Luck!
Get expert help for DIGITAL SECURITY MOD003264 and many more. 24X7 help, plag free solution. Order online now!