Unit 7 Assingnment1 Template
Unit 7 Assingnment1 Template
Unit 7 Assingnment1 Template
SECURITY AND
ENCRYPTION
Assignment 1: IT security and cryptography
[DATE]
YOUR FULL NAME
Centre Number: 31190
Your Full Name Centre Number: 31190 Unit 7: Assignment 1
1. Introduction
Describe briefly the content of this assignment explain the organisation you will use to demonstrate
your understanding
Briefly explain the types of threats to Money Run and explain the data collected and what is most at
risk
Describe and explain the internal threats techniques that can cause problems/issues within Money
Run. Choose 5 from the list including BYOD. You must relate your example to Money Run.
Accidental loss
Data threat
Unintentional Disclosure of data
Damage to data
Unsafe practices (external flash storage)
Unsafe practices Visiting untrusted (websites)
Unsafe practices downloading/ files to/from the internet
Unsafe practices files to/from the internet
Unsafe practices users overriding security controls
Unsafe practices file sharing apps and bring your own device (BYOD)
Describe and explain the internal threats techniques that can cause problems/issues with Money
Run. Use the list below to relate your examples to Money Run, provide detailed explanation of how
these are current IT security threats for Money Run.
Data theft
Destruction
Withholding and/disruption of systems (by competitors, cyber criminals, government,
terrorists) for purposes or financial gain
1
Your Full Name Centre Number: 31190 Unit 7: Assignment 1
Describe and explain the physical threats for Money Run; ensure you include the following (include
any case studies):
Describe and explain the social engineering impacts Money Run include:
2
Your Full Name Centre Number: 31190 Unit 7: Assignment 1
Data Protection Act 1998 and the requirements it places on organisations to keep data about
stakeholders secure.
Computer Misuse Act 1990 and its definitions of illegal practices and applications.
Copyright, Designs and Patents Act 1988 and its requirements in terms of protecting
software products and digital media such as music and films.
Telecommunications (Lawful Business Practice) (Interception of Communications)
Regulations 2000 and their requirement to allow companies to monitor employee
communication using IT systems and other uses of the internet while at work.
Fraud Act 2006 and its requirement to deal with services using IT-based methods to steal
information for fraudulent purposes.
Legal liability and contractual obligations.
Ensure you make links between the effects of the security threats identified in the investigation, the
effectiveness of the protection, the legal requirements (for example to keep personal data secure)
and the information security requirements.
Ensure you provide high-quality written and fluent technical vocabulary, which supports a well-
structured and considered response that clearly connects chains of reasoning.
3
Your Full Name Centre Number: 31190 Unit 7: Assignment 1
Briefly importance of cryptography to Money Run, link this to the sensitive data and the legal
implications of not keeping data secure.
shift ciphers, one-time pads, hash functions (e.g. MD4, MD5, SHA-2 SHA-3), block ciphers,
stream ciphers
cryptographic primitives, e.g. pseudo random functions, one-way functions
cryptographic salts and their use in storing passwords
encryption algorithms, e.g. RSA, DES, 3DES
Mathematical principles, integer factorisation, prediction of prime numbers.
Why would large organisations such as Google, Apple and Facebook want to protect encryption
methods, do you think they are right to withhold the information?
• The principles and uses of encryption, including digital rights management (DRM); password
storing and salts; obfuscation and steganography; secure transactions; two-factor
authentication; file, folder, disk encryption; encryption of communication data, e.g. police, mobile
phone.
• Legal and ethical issues.
• Computational hardness assumption.
10.0 Summary
4
Your Full Name Centre Number: 31190 Unit 7: Assignment 1
11.0 References