Unit 7 Assingnment1 Template

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 6

UNIT 7: IT SYSTEMS

SECURITY AND
ENCRYPTION
Assignment 1: IT security and cryptography

[DATE]
YOUR FULL NAME
Centre Number: 31190
Your Full Name Centre Number: 31190 Unit 7: Assignment 1

Security Threats and protecting data

1. Introduction

Describe briefly the content of this assignment explain the organisation you will use to demonstrate
your understanding

2.0 Types of threats

Briefly explain the types of threats to Money Run and explain the data collected and what is most at
risk

2.1 Internal threats

Describe and explain the internal threats techniques that can cause problems/issues within Money
Run. Choose 5 from the list including BYOD. You must relate your example to Money Run.

 Accidental loss
 Data threat
 Unintentional Disclosure of data
 Damage to data
 Unsafe practices (external flash storage)
 Unsafe practices Visiting untrusted (websites)
 Unsafe practices downloading/ files to/from the internet
 Unsafe practices files to/from the internet
 Unsafe practices users overriding security controls
 Unsafe practices file sharing apps and bring your own device (BYOD)

2.2 External threats

Describe and explain the internal threats techniques that can cause problems/issues with Money
Run. Use the list below to relate your examples to Money Run, provide detailed explanation of how
these are current IT security threats for Money Run.

 Data theft
 Destruction
 Withholding and/disruption of systems (by competitors, cyber criminals, government,
terrorists) for purposes or financial gain

1
Your Full Name Centre Number: 31190 Unit 7: Assignment 1

2.3 Physical threats

Describe and explain the physical threats for Money Run; ensure you include the following (include
any case studies):

 Theft of equipment or data


 malicious damage to equipment or data
 damage or destruction by fire
 flood
 terrorist action or other disaster

2.4 Social engineering and software driven threats

Describe and explain the social engineering impacts Money Run include:

 social engineering and software-driven threats


 Techniques used to obtain secure information (software that has a malicious intent), e.g.
malware, viruses, worms, Trojan horses, ransomware, spyware, adware, rootkits and
backdoors. (provide examples and case studies where possible)

3.0 Computer based threats


Describe the various computer based threats faced by Money Run, explain how these apply
specifically to Money Run.

 Passive threats, including wiretapping, port scanning and idle scanning.


 Active threats, including denial-of-service attack, spoofing, man in the middle,
 Address Resolution Protocol (ARP) poisoning, smurf attack, buffer overflow, heap overflow,
format string attack, Structured Query Language (SQL) injection and cyber-attack.
 Cloud computing security risks.

4.0 Information security


Explain the importance of information security for Money Run and the consequences associated.
Suggest best practice for Money Run to adopt to avoid any serious consequences.

 Describe the principles of confidentiality, integrity and availability of information, explain


how this applies to Money Run.
 Explain the importance of accessibility of information for Money Run
 Unauthorised access or modification of information and the implications for Money Run.
 Principle of minimal access to information or lowest required access permission to be able to
maximise protection.
 Deliberate or accidental loss of information.
 The need to protect intellectual property from theft or malicious damage, e.g. personal
information, bank account details, employment details.

2
Your Full Name Centre Number: 31190 Unit 7: Assignment 1

5.0 legal requirements


Legislation must be current and applicable to England, Wales. Explain why Money Run must
adhere to legal requirements when considering IT system security. Ensure you include the following:

 Data Protection Act 1998 and the requirements it places on organisations to keep data about
stakeholders secure.
 Computer Misuse Act 1990 and its definitions of illegal practices and applications.
 Copyright, Designs and Patents Act 1988 and its requirements in terms of protecting
software products and digital media such as music and films.
 Telecommunications (Lawful Business Practice) (Interception of Communications)
Regulations 2000 and their requirement to allow companies to monitor employee
communication using IT systems and other uses of the internet while at work.
 Fraud Act 2006 and its requirement to deal with services using IT-based methods to steal
information for fraudulent purposes.
 Legal liability and contractual obligations.

6.0 Impacts of security breaches


Assess the impact that IT security threats can have on Money Runs’ IT systems and business whilst
taking account of the principles of information security and legal requirements.
Use examples to explain how serious security breach is likely to result in one or more of the following
for Money Run:

 operational impact on an organisation of the loss of data or service


 financial impact of loss of service, such as an e-commerce website
 damage to reputation
 legal consequences of data privacy breaches
 forensics research requirements to identify data lost, stolen or copied.

7.0 The effectiveness of techniques used to protect systems (2 pages approx. or


written within the sections above)
Evaluate the effectiveness of the techniques used to protect organisations from security threats while
taking account of the principles of information security and legal requirements.

Ensure you make links between the effects of the security threats identified in the investigation, the
effectiveness of the protection, the legal requirements (for example to keep personal data secure)
and the information security requirements.

Ensure you provide high-quality written and fluent technical vocabulary, which supports a well-
structured and considered response that clearly connects chains of reasoning.

8.0 Cryptography (introduction)

3
Your Full Name Centre Number: 31190 Unit 7: Assignment 1

Briefly importance of cryptography to Money Run, link this to the sensitive data and the legal
implications of not keeping data secure.

8.1 Uses of cryptography


Explain Key cryptography methods that Money Run could adopt. Include the following:

 shift ciphers, one-time pads, hash functions (e.g. MD4, MD5, SHA-2 SHA-3), block ciphers,
stream ciphers
 cryptographic primitives, e.g. pseudo random functions, one-way functions
 cryptographic salts and their use in storing passwords
 encryption algorithms, e.g. RSA, DES, 3DES
 Mathematical principles, integer factorisation, prediction of prime numbers.

8.3 Legal issues and ethical consideration in encryption


What are the legal and ethical considerations around encryption?

Explain government concern around accessibility to data.

Why would large organisations such as Google, Apple and Facebook want to protect encryption
methods, do you think they are right to withhold the information?

8.4 Cryptography principles


Explain the principles of information security when protecting the IT systems of Money Run.

• The principles and uses of encryption, including digital rights management (DRM); password
storing and salts; obfuscation and steganography; secure transactions; two-factor
authentication; file, folder, disk encryption; encryption of communication data, e.g. police, mobile
phone.
• Legal and ethical issues.
• Computational hardness assumption.

9.0 Applications of cryptography within Money Run


The types and application of cryptography, including:
• symmetric key encryption
• public key encryption
• key exchanges (Diffe-Hellman)
• digital certificates (including certificate authorities)
• HTTPS protocol
• virtual private networks (VPNs)
• Generic Routing Encapsulation (GRE) tunnels
• encryption of data on Wi-Fi networks.

10.0 Summary

4
Your Full Name Centre Number: 31190 Unit 7: Assignment 1

Summaries the report

11.0 References

Resource/Title Resource (URL) Author/Date Page reference


published and section where
source was used.

You might also like