Faculty of Science & Technology Written Assessment – Digital Security
Answer all THREE questions below. You should compile a well-constructed, formal written report of no more than 2,000 words that encompasses industry standard fundamental digital security best practices. The report should be written in the third person.
Formatting
Your work should be spiral or comb bound with the following minimum components:
Cover Page to include
Module title
Course code
Your Student ID number
Date of submission
Table of Contents
Body of your report (2,000 word guide)
Any supporting diagrams and tables
A minimum of 8 references (Harvard reference style)
An appendix if necessary
Deliverables
Standard assessment packaging with cover sheet from e-vision
Ensure your Student ID Number is listed on ALL pages
Final submissions must be made through the iCentre
Aim to hand in your assignment at least 48 hours before the due date, as the iCentre becomes extremely busy on the last few days.
Question 1: Computer Security Principles
Your role is Security Manager at Ruskin City Council. Your job involves the detection, prevention and reaction to potential and actual security violations.
The Head of Security has asked you produce a report, using the AAA and CIA models, to explain how the council should protect critical assets from unauthorised access. The city council building has open access areas for the general public to use computers for Internet and word processing.
Your report should make use of examples and recommend best practice.
Question 2: Introduction to Cryptography
Your new role is as Information Security Manager at Fanglia University, where you are responsible for safeguarding and protecting sensitive and personal information.
The IT Director has requested a briefing report that explain the benefits of hashing techniques. Using examples, explain the difference between the MD5 and AES protocols in protecting student academic records.
Include an MD5 hash of a text file as an appendix.
Question 3: Secure Programming Techniques
You have just started a new job as Software Security Specialist at Lord Ruskin Hospital. Your job involves the prevention and mitigation of software security violations.
The Head of Software Development wants to brief your fellow software developers on programming techniques they should use to defend against software vulnerabilities, as well as your rationale for these suggestions.
Using the OWASP top 10 vulnerabilities, produce a report identifying three different attacks that hospital software applications might be vulnerable to. Outline why these three vulnerabilities occurs and suggest mitigation techniques to prevent an attack occurring in the first place.
