User Account

All Pages

What is the name of the cypher provenzano was using

Assignment Help Other Subject
Reference no: EM131197817

Social Practices and Security Assignment-

Question 1 - Case study

Study the case study and complete the following questions:

From the most recent consolidated data available on insider threats, over 50% of organisations report having encountered an insider cyber-attack in 2012, with insider threat cases making up roughly 23% of all cybercrime incidents. This percentage has stayed consistent over the prior couple of years, but the total number of attacks has increased significantly.

The result is $2.9 trillion in employee fraud losses globally per year, with $40 billion in losses due to employee theft and fraud in the US in 2012 alone. The damage and negative impact caused by insider threat incidents is reported to be higher than that of outsider or other cybercrime incidents.

Interestingly, in contrast to outsider attacks on networks, insider cyber-attacks are under-reported. Only a few cases make it into public media or are even known to insider threat experts. Reasons for such under-reporting are insufficient damage or evidence to warrant prosecution, and concerns about negative publicity. The risk of revealing confidential data and business processes during investigations may be another reason why many companies don't report and prosecute insider threat incidents.

Source: https://www.computerworld.com/article/2691620/security0/insider-threats-how-they-affect-us-companies.html [Date accessed: 29 October 2015]

1. Which approach would you follow in attempting to protect against inside attacks? Justify your answer.

2. It is the responsibility of the government to ensure that they put in place relevant laws to ensure that attackers are prosecuted. Which two laws could an organisation in South Africa use to prosecute an inside attacker, should they get caught? Justify your answer.

3. According to the article "over 50% of organisations report having encountered an insider cyber-attack". Research any three organisations that have experienced insider cyber-attacks. Describe each attack and indicate their severity.

4. Why are there a higher number of cyber-attacks coming from internal employees? Provide three researched reasons. Provide references for your answers.

5. Two employees at an organisation that was in the middle of a labour dispute sabotaged the system controlling the traffic lights of a major city. The sabotage took four days to fix, during which time traffic was greatly affected. Identify the type of inside attack this is. Justify your answer.

6. Assuming you have been hired as information security officer and your immediate task is to come up with a strategy to counteract inside attacks. Explain in detail the measures/action you would put in place as part of your strategic action.

Question 2 - Scenario

Study the scenario and complete the following questions:

You have a Web server, attached to the Internet, and you are willing to allow your clients, staff, and potential clients, to access the web pages stored on that Web server. You are not, however, willing to allow unauthorised access to that system by anyone, be that staff, customers, or unknown third parties. For example, you do not want people (other than the Web designers that your company has employed) to be able to change the web pages on that computer.

Source: Joseph William/2015

1. What is the best mechanism to use to warn of attempted or prevent unauthorised access to the computer? Compare the two most common types of such mechanisms that you would probably use and state which one is the best for the situation above. Motivate your answer.

Question 3 - Case study

Study the case study and complete the following questions:

On the 19th of February 2014, personal records for more than 309,000 students and staff were exposed in a "sophisticated" database attack at the University of Maryland. 

Birth dates, social security numbers, names and university ID numbers were compromised for people issued with a school ID and affiliated with the university's College Park and Shady Grove campuses since 1998. Financial, academic, health and contact information such as phone numbers were not exposed. The cause of the breach, which occurred, is considered unknown and an investigation was put in place by federal and state law enforcements. The school is said to have 37,000 active students. 

"Computer forensic investigators examined the breached files and logs to determine how their sophisticated, multi-layered security defences were bypassed. The University is initiating steps to ensure there is no repeat of this breach." 

Personal records are valuable to cybercriminals, who can compile dossiers on victims for the purposes of financial fraud, such as opening bank accounts or taking out loans. The data may also be valuable for other types of targeted attacks, such as spear phishing. 

The incident is the latest in a string of breaches that have affected companies and organisations which focused on intercepting payment card details from point-of-sale devices. 

Source: Kirk, J. 2014. Database attack exposes personal data at University of Maryland.

Available at: https://www.pcworld.com/article/2099540/database-attack-exposes-personal-data-at-university-of-maryland.html [Accessed: 08 September 2014].

Instructions-

1. Your organisation has been hired to perform a risk assessment for the University. In your own words what is a risk assessment and why is it important? Perform a vulnerability assessment for the database which was attacked. (You can make other assumptions).

2. Which mitigation approach is best to implement in such a case and why do you think it's the best?  

3. From the scenario "The University is initiating steps to ensure there is no repeat of this breach." Which risk control strategy should the university implement and why do you think it is the best strategy?

4. Would you classify the attack on Maryland database as an incident or a disaster? Why?

5. In an attempt to strengthen the security of the university the Chief Information Officer (CIO) has suggested several technologies to be used by the university. One of them is the use of Kerberos protocol. Critique the implementation of this technologies in a university environment. Do you think the university should implement this authentication?

6. Another important document that every institution or organisation should have is a document that instructs the employees on the proper usage of technologies and processes.

a. What is the name of this document?

b. Create the document you mention in (a) above for Maryland University Computer Lab Your document should have at least five components.

Question 4 - Case study

Study the case study and complete the following questions:

Arrested in Sicily in April 2006, the reputed head of an Italian Mafia family, Bernardo Provenzano, made notes or 'pizzini' in the Sicilian dialect. When arrested, he left approximately 350 of the notes behind. In the pizzini he gives instructions to his lieutenants regarding particular people.

Instead of writing the name of a person, Provenzano used a variation of the cipher in which letters were replaced by numbers: A by 4, B by 5, ... Z by 24 (there are only 21 letters in the Italian alphabet). So in one of his notes the string "...I met 512151522 191212154 and we agreed that we will see each other after the holidays...," refers to Binnu Riina, an associate arrested soon after Provenzano [LOR06]. Police decrypted notes found before Provenzano's arrest and used clues in them to find the boss, wanted for 40 years.

All notes appear to use the same encryption, making them trivial to decrypt once police discerned the pattern.

Suggestions we might make to Sig. Provenzano: use a strong encryption algorithm, change the encryption key from time to time, and hire a cryptographer.

Source: Pfleeger, C.P. & Pfleeger, L.S. 2011. Security in computing. 4th edition. USA: Prentice Hall

Instructions-

1. What is the name of the cypher Provenzano was using?

2. Discuss the major advantages and disadvantages of the cipher you mentioned in 3.1.

3. What are the characteristics of a good cipher?

4. Decrypt the following encrypted text with a Caesar cypher with a shift (key) of -3 and showing all the steps:

QL YBIFBSB FK QEB EBOLFC JXHBP EBOLBP.

Attachment:- Assignment.rar

Reference no: EM131197817

Questions Cloud

Define the three types of planning : Define the three types of planning for this company and identify the related level of management responsible for each type of plan. Assuming that you were a manager at each level, identify what your role would be in the planning process.
Response at the international level : Analyze at least 2 major problems associated with U.S. based disaster relief coordination and response at the international level. Next, suggest 1 solution to each of the problem in question.
Chinas development trend and business potentials : China's development trend and business potentials for foreign companies (choosing one industry or sector, e.g., automobile ,or green energy, or low carbon industries.
Discuss therapeutic effects of humor and music therapy : Discuss three main barriers to changing our current healthcare system to a more integrative system of care and Discuss how your nursing practice might be affected by complementary and alternative medicine.
What is the name of the cypher provenzano was using : Arrested in Sicily in April 2006, the reputed head of an Italian Mafia family, Bernardo Provenzano, made notes or 'pizzini' in the Sicilian dialect. What is the name of the cypher Provenzano was using
Write an essay with the topic : Write an essay with the topic being "The positive impact of technology in relation to Accounting and Finance".
Discuss the most typical community-acquired pathogens : Differentiate between the presenting signs of symptoms of a 55-year-old suffering from acute bronchitis and a 55-year-old suffering from pneumonia. In your response, discuss the most typical community-acquired pathogens involved with each of these..
What is the estimated capital investment for ethanol plant : What is the estimated capital investment for a similar ethanol plant with a capacity of 500,000 gallons per year?
What do you think you would think of these reflections : You are chained to the ground and all you can see in front of you is a cave wall. There is a light source behind you, which casts reflections on the wall. What do you think you would think of these reflections? Could they represent family members? ..

Reviews

Write a Review

Other Subject Questions & Answers

  Cross-cultural opportunities and conflicts in canada

Short Paper on Cross-cultural Opportunities and Conflicts in Canada.

  Sociology theory questions

Sociology are very fundamental in nature. Role strain and role constraint speak about the duties and responsibilities of the roles of people in society or in a group. A short theory about Darwin and Moths is also answered.

  A book review on unfaithful angels

This review will help the reader understand the social work profession through different concepts giving the glimpse of why the social work profession might have drifted away from its original purpose of serving the poor.

  Disorder paper: schizophrenia

Schizophrenia does not really have just one single cause. It is a possibility that this disorder could be inherited but not all doctors are sure.

  Individual assignment: two models handout and rubric

Individual Assignment : Two Models Handout and Rubric,    This paper will allow you to understand and evaluate two vastly different organizational models and to effectively communicate their differences.

  Developing strategic intent for toyota

The following report includes the description about the organization, its strategies, industry analysis in which it operates and its position in the industry.

  Gasoline powered passenger vehicles

In this study, we examine how gasoline price volatility and income of the consumers impacts consumer's demand for gasoline.

  An aspect of poverty in canada

Economics thesis undergrad 4th year paper to write. it should be about 22 pages in length, literature review, economic analysis and then data or cost benefit analysis.

  Ngn customer satisfaction qos indicator for 3g services

The paper aims to highlight the global trends in countries and regions where 3G has already been introduced and propose an implementation plan to the telecom operators of developing countries.

  Prepare a power point presentation

Prepare the power point presentation for the case: Santa Fe Independent School District

  Information literacy is important in this environment

Information literacy is critically important in this contemporary environment

  Associative property of multiplication

Write a definition for associative property of multiplication.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd