BSBXCS301 Assessment 1

docx

School

Canberra Institute of Technology *

*We aren’t endorsed by this school

Course

BSBXCS301

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

11

Uploaded by CoachWolverine3943

Report
Assessment Written Student Name: CIT Number: Competency Title, Code and Banner Code CRN BSBXCS301 Protect own personal online profile from cyber security threats Assessment Type Written Case Study Project Assignment Other Assessment Name Assessment 1: Knowledge Test Assessment Date Student Statement: This assessment is my own work. Any ideas and comments made by other people have been acknowledged. I understand that by emailing or submitting this assessment electronically, I agree to this statement. Student Signature: Date: PRIVACY DISCLAIMER: CIT is collecting your personal information for assessment purposes. The information will only be used in accordance with the CIT Privacy Policy. Assessor Feedback Student provided with feedback Attempt 1 Satisfactory Not Yet Satisfactory Date: / / Attempt 2 Satisfactory Not Yet Satisfactory Date: / / Assessor Name: Adnan Syed Assessor Signature: Adnan Note from Assessor: Please record any reasonable adjustment that has occurred for this assessment. © Canberra Institute of Technology Page 1 of 11 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023
Assessment Task Instructions for Students In this assessment you will be required to answer a series of scenario-based questions. In the scenario, you will be working as an IT service officer in an organisation. To be successful in this assessment, you are required to have clear knowledge and understanding on the concepts below: legislative requirements relating to reporting cyber security threats organisational policies and procedures relating to online profiles, including escalation routes for cyber security issues password management policies and practices protocols for handling personally identifiable information Multi-factor authenticator connecting to public Wi-Fi via virtual private networks (VPNs) Phishing, social media, social engineering, malware Physical and logical threat Software patching Basic cyber security principles Time allowed : See Subject Guide Assessment range and conditions : Student needs to have access to any and all resources. If resources are used, then appropriate referencing must be adhered to. Student is to submit this assessment in a timely manner and if an extension is required, to contact the teacher within an appropriate timeframe. Materials provided and Materials you will need: Assessment paper and instructions Access to eLearn Access to CIT computers, internet access to research material Access to MS Office applications including MS Publisher Access to email account and browser account Information for students: You may have two (2) attempts for this assessment. If your first attempt is not successful, your teacher will discuss your results with you and will arrange a second attempt. If your second attempt is not successful, you will be required to re-enrol in this unit. Only one re-assessment attempt will be granted for each assessment item. © Canberra Institute of Technology Page 2 of 11 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023
Question 1 1.1 What is information security? What are the three main components for information security? (at least 50 words) Information security is the system that protects sensitive or personal information leakage to unauthorized users or attackers where the information can be modified, destroyed or used for identity purposes. There is a security framework called AAA (Authentication, Authorisation and accounting) Which actually safe guards and protects the access to the resources or assets. Three main components of information security are confidentiality, integrity and availability, the CIA triad. Question 2 a) Define confidentiality with examples (at least 30 words) Confidentiality is something that is private to the individual or an organisation and is encrypted. The information is accessed by the authorized individuals only. Examples of confidential information are personal information such as a person's name, phone number, address, medical records and financial records of an institution. b) Define integrity with examples (at least 30 words) Integrity means where the data that is stored is intact or accurate and it has not been corrupted by malicious software or manually. Techniques such as hashing are being used to maintain the integrity. Examples of the data that is stored in a database of an organisation is not being manipulated or destroyed by any means and is complete to be communicated. C) Define availability with examples (at least 30 words) Availability is the timely and reliable access of the data or resources by the authorised and authenticated user. Examples include login to Netflix account by the authorised user and being able to use the resource on demand. Question 3 Under which legislative requirements an organisation or agency must report a data breach to the relevant authority? A data breach occurs when the personal data held by an organisation is disclosed or is accessed by unauthorised users. According to the Privacy Act 1988 and under the Notifiable Data Breaches (NDB) scheme any organisation or agency must report the data breach and notify the affected individuals. Examples include when a personal device that has personal information is lost or stolen or is given to any strangers. Database with personal information of an organisation is hacked. © Canberra Institute of Technology Page 3 of 11 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Question 4 What is multi-factor authentication? How does it improve the security of your account? (at least 40 words) Multi Factor Authentication (MFA) means accessing the services with two or more forms of authentication. If one has MFA for accounts, they are less likely to get hacked. Even if there is any attack by malicious software, it comprises one form of authentication such as a password and the attacker will not gain access to the accounts as they are being stopped by the second authentication factors such as an OTP, biometrics or fingerprints. Question 5 Define each of the item below: (at least 20 words for each) a) Phishing The attacker uses a vector such as emails where vulnerable links are being sent to be clicked by the user to exploit the weaknesses to gain access to the assets, which is called Phishing. b) Social engineering It is easier to exploit individuals rather than a network and attackers get access to the personal information by pretending as a known person in social websites. c) Malware It is a program or file that is used to infect the computer or a network that is being used by the attackers to gain access for the sensitive information. d) Encryption It is a way companies and individuals use to protect the sensitive information being read by the unauthorised persons or hackers. The data is encoded and it will only be decrypted by the user who is authorised to open it. Question 6 Please create a strong password and take screenshots each step as below. Even a strong password needs to be changed on regular basis to protect your online profile. Note: screen shots have been provided to support in creation of the passwords and screen shots. You are required to create your own passwords and not use the examples provided. 1) Go to © Canberra Institute of Technology Page 4 of 11 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023
https://my.norton.com/extspa/passwordmanager?path=pwd-gen 2) Create a password of 9 digits (only number) It is a weak password. What do you think? © Canberra Institute of Technology Page 5 of 11 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023
It is a weak password as someone can easily crack it and gain access to your account. 3) Create a password of 9 digits (number and letter only) © Canberra Institute of Technology Page 6 of 11 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
It is still a weak password as someone can easily crack it and gain access to your account. 4) Create a password of 9 digits (number, letter, mixed letter, and punctuation) © Canberra Institute of Technology Page 7 of 11 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023
It is still a weak password as someone can easily crack it and gain access to your account. 5) Create a password of 11 digits (number, letter, mixed letter, and punctuation) © Canberra Institute of Technology Page 8 of 11 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023
It is a strong password. Even though it is strong, it needs to be changed quite often to avoid any attacks. Question 7: Describe password management policy? (at least 200 words) You can include: a) Password length and combination The password length created by an user should be at least 8 characters and a machine-generated password should be at least 6 characters according to NIST. Even though an eight-character password that has only lowercase and uppercase characters with 200 billion possible combinations can be brute force through all of the possible combinations in around 30 min b) Limitation of password attempts and implementation of a lock-out policy Depending on the number of failed sign-in attempts, the account lockout threshold policy setting determines and it causes a user account to be locked. Until it is being reset, a locked account can't be used or unless the threshold policy setting expires. c) Frequency of changing a password It is recommended to change your password every three months. If someone has access to your account or it is being compromised, it should be changed immediately. © Canberra Institute of Technology Page 9 of 11 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
d) Password history requirements The number of new, distinct passwords that must be linked to a user account before an old password can be used again is set by the Enforce password history policy setting. e) Use of multi factor authentication MFA is used to verify whether a user's identity is real. A user must provide two or more criteria as a proof to be authenticated. Adding additional authentication factors in order to boost security is one of MFA's main objectives. Question 8: Explain how connecting to public Wi-Fi via virtual private networks (VPNs) is secure. (at least 50 words) A VPN is a secure connection as it is encrypted at the network level of your online activity and traffic is secure when using VPN on public Wi-Fi. Anyone attempting to gain access to your device through web traffic, they would still have to get past a layer of encryption. So VPN is always recommended for people who use free public WiFi. Question 9: Define logical and physical threat to a computer network system. List two physical threats which can be posed while working insecurely in a public place (at least 40 words) Attacks include Denial of Service (DoS) and SQL Injection where the attacker tries to run commands to interfere with the network's regular operation. In DoS, the attacker sends too much traffic to a website's computer for it to handle. This makes it hard for people who are trying to access the site legally to do so. A distributed denial of service (DDoS) attack is a situation in which a lot of fake web traffic comes from many different computers. For an SQL injection, the person behind it usually needs to be a pro-level coder, because malicious code must be used to make computers that run SQL show information they wouldn't normally show. The attacker is mostly looking for a weakness in the SQL code. Question 10: What is a data breach? Describe Notifiable Data breaches (NDB) Scheme (at least 60 words) A data breach occurs when the personal data held by an organisation is disclosed or is accessed by unauthorised users. According to the Privacy Act 1988 and under the Notifiable Data Breaches (NDB) scheme any organisation or agency must report the data breach and notify the affected individuals. Notifiable breaches include when a personal device that has personal information is lost or stolen or is given to any strangers. Database with personal information of an organisation is hacked. Question 11: © Canberra Institute of Technology Page 10 of 11 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023
Define Personally identifiable information (PII) and describe protocols to handle it. (at least 100 words) Personally identifiable information (PII) is data that can be used to find, identify, or know the location of a person. It includes things like a person's name, date of birth, place of residence, credit card information, phone number, race, gender, criminal record, age, and medical records. Centralised control makes sure that only the right people can access the data and that it doesn't get shared with the wrong people. It also lets you keep track of who has access to the data and where it is stored. © Canberra Institute of Technology Page 11 of 11 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023

Related Documents

environmental-sustainability-plan-template (1).docx
BSBXCS302 Assessment 1.docx
EVPC 100 MOD 5 FINAL PROJECT ANTHONY.docx
CH 07-01.pdf
M02 - Part 2 Hands-On Project 4-4 Configuring Microsoft Windows Security - Part 2.docx
Ch.05-02 Fulfillment Process - S4HANA 2020 MCC V1.6.docx
SRS-Team-1.docx
Team_4_Lab_1.docx
EJPME II_Post test_module 8.docx
Lab 10 for Cyber Range.docx
Lab 6a – PW Cracking.docx
Lab 6b -- PW sec.docx