Lab-1-Current-Events
pdf
keyboard_arrow_up
School
University Of Arizona *
*We aren’t endorsed by this school
Course
510B
Subject
Information Systems
Date
Dec 6, 2023
Type
Pages
5
Uploaded by DrFlower11387
Information Security in Public and Private Sectors
Lab 1: Current Events
Document Sections
Lab Purpose
–
General discussion of the purpose of the lab
Lab Goal
–
What completing this lab should impart to you
Lab Instructions
–
Instructions for carrying out the lab
Lab Deliverables
–
What you have to submit to your instructor
Lab Resources
–
Any useful resources for completing the lab deliverables
Lab Purpose
Information Security is a constantly growing and changing area of concern for governments,
corporations, and individuals.
Technology itself changes at a pace much faster than ever seen before.
As technology advances, so do the security issues.
Inasmuch as new technology presents new security
challenges, information security must concern itself with the old and the new technology; thus
producing a constant layering.
As a security aware professional, it is incumbent upon you to keep your finger on the pulse of security-
related events, legislation, and practices.
In today’s cyber world, if something is occurring in a different
part of the globe, chances are that it is (or will) occur in your professional neighborhood also.
There are many sources from which you can glean the latest news on cyber security events.
In
particular, with many reporting agencies using RSS feeds, current events are easy to peruse at your
desktop or cell phone.
The purpose of this lab is to increase your awareness and sources of awareness on Information
Security events. Additionally, this lab invites you to begin looking at security incidents in terms of how
information is affected and what implications are hidden beneath the surface.
Page 2 of 5
V713
Copyright © Arizona Board of Regents
Lab Goals
Upon completion of this lab, you should have:
Increased your awareness of current events in Information Security
Identified Information Security related event sources
Increased your ability to view events as they relate to the confidentiality, integrity, and
availability of information and information systems.
Lab Instructions
1.
Locating Security News Feeds
a.
There are many cyber security related feeds available.
Locate one or more such feeds
and find news releases or incidents that you can use for analysis.
You can use whatever
information source you like provided it is documented, current and relates to areas of
information security.
b.
Keep in mind that you are looking for short descriptions of issues or incidents.
You are
not looking for research articles or instructional text.
These snippets do not have to
deal with data breaches.
They can include supply chains, software bugs, hardware bugs,
surveillance, policies, and politics as they relate to information security.
c.
A list of potential information security type feeds are listed below in the Additional
Resources section.
Note that some of these feeds may change over time and without
notice.
2.
Choose and Analyze Feeds
From the many feeds, select 5 current event items that deal with information security or have
implications to information security or national information security.
They can be among any
item listed in the feeds.
For each of the 5 current events:
1.
Read and analyze the current event
2.
Prepare a short analysis (example below) on aspects of the event as they
relate to the Information Assurance principles (CIA) of:
a.
Confidentiality
b.
Integrity
c.
Availability
Note that if the even does not explicitly mention an item or issued that
relates to one or more areas of the
CIA triangle
, suggest how the missing
Page 3 of 5
V713
Copyright © Arizona Board of Regents
areas might come into play behind the scene or down the road as a cause
of the security event.
You can, of course, use your own cybersecurity feeds or current events obtained from other
sources.
Lab Deliverables
Compile your findings into a single MS Word document for submission.
Use
TIMES NEW
ROMAN 12-point font
.
Your document should contain:
3.
Your First and Last Name
4.
Date
5.
Name of the Lab
6.
For each of the 5 current event provide:
a.
The
link
to the current event
b.
A brief
summary
of the event
c.
Your
analysis
of the CIA triangle issues
d.
Briefly discuss either the proposed
resolution
or, if not available,
what you think should be done.
Here I’m just
looking for a
general answer.
i.
Submit your document via D2L assignments section for the lab
Example
Security Flaws Close New Road’s Toll System Example
Lance Hoopes
June 12, 20xx
Information Security in Public & Private Sectors
–
Lab 1
---------------------------------------------------------------------------------------------------------------
Current Event 1
:
Security Flaws Close New Road’s Toll System
Link:
http://www.nzherald.co.nz/motoring-
alerts/news/article.cfm?c_id=194&objectid=10550744
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Page 4 of 5
V713
Copyright © Arizona Board of Regents
Summary
The New Zealand Transportation Agency (NZTA) was forced to shut down a new online
prepayment system, its Northern Gateway Toll Road, due to inadequate security.
Confidentiality
While there were no reported breaches in customer credit card information, NZTA notified its
customers to inform them of the situation and that the system would be down until the security
issue was resolved.
Integrity
No breaches in integrity were reported.
However, if the system was hacked, assailants might
have been able to, not only breach the confidentiality of customers, but change credit and debit
amounts in the system.
This may deprive other customers of service or it may give other
customers (non-customers) service for which there was not corresponding payment.
Availability
Availability was affected in that the online payment system was not available.
In addition, it was
unclear if the information that was already in the system before it was shutdown would be
available behind the scenes (if a customer had paid, would the credit still be there for toll road
usage).
Availability is the outstanding issue here.
Resolution
The reported problem appeared to be the lack of internet security to protect customers when
entering credit card and payment information.
The obvious solution here is to secure the online
login and transaction using SSL protection like most online merchants and banks use.
Page 5 of 5
V713
Copyright © Arizona Board of Regents
Lab Resources
Use the web to research your particular current event.
There are typically other leads for a
single event.
You can also gain background knowledge by researching on the web.
Here are
potential places you can find information security news:
o
News | CSO Online
o
Cyber Security News Today - Latest Updates & Research - Cybernews
o
The Cyber Express | #1 Cybersecurity News & Hacker News Site
o
The Hacker News | #1 Trusted Cybersecurity News Site
o
Cyber Security News, Latest Infosec Headlines, Breaking Internet Security News
(securitygladiators.com)
o
Stay Updated With Information Security News: Explore Now (informationsecuritybuzz.com)
o
Cybersecurity - Latest News, Research and Analysis - WSJ.com
o
Dark Reading | Security | Protect The Business
o
Cyber Defense Magazine | Cyber Security Magazine - Daily News
o
Schneier on Security
o
Government info security news, training, education - GovInfoSecurity
o
Naked Security
–
Sophos News
o
Cybersecurity News and Insights to Stay Safe Online | McAfee Blog
o
Infosecurity Magazine - Information Security & IT Security News and Resources (infosecurity-
magazine.com)
o
The Hacker News | #1 Trusted Cybersecurity News Site
o
Google Online Security Blog (googleblog.com)
o
Malware Archives - Cybersecurity Insiders (cybersecurity-insiders.com)
o
Graham Cluley • Cybersecurity keynote speaker, news and opinion
o
Threatpost | The first stop for security news
o
Cybersecurity - Page 2 - CNET
o
Security Newswire Topic | Security Magazine