What is the name of the cypher provenzano was using

Assignment Help Other Subject
Reference no: EM131197817

Social Practices and Security Assignment-

Question 1 - Case study

Study the case study and complete the following questions:

From the most recent consolidated data available on insider threats, over 50% of organisations report having encountered an insider cyber-attack in 2012, with insider threat cases making up roughly 23% of all cybercrime incidents. This percentage has stayed consistent over the prior couple of years, but the total number of attacks has increased significantly.

The result is $2.9 trillion in employee fraud losses globally per year, with $40 billion in losses due to employee theft and fraud in the US in 2012 alone. The damage and negative impact caused by insider threat incidents is reported to be higher than that of outsider or other cybercrime incidents.

Interestingly, in contrast to outsider attacks on networks, insider cyber-attacks are under-reported. Only a few cases make it into public media or are even known to insider threat experts. Reasons for such under-reporting are insufficient damage or evidence to warrant prosecution, and concerns about negative publicity. The risk of revealing confidential data and business processes during investigations may be another reason why many companies don't report and prosecute insider threat incidents.

Source: https://www.computerworld.com/article/2691620/security0/insider-threats-how-they-affect-us-companies.html [Date accessed: 29 October 2015]

1. Which approach would you follow in attempting to protect against inside attacks? Justify your answer.

2. It is the responsibility of the government to ensure that they put in place relevant laws to ensure that attackers are prosecuted. Which two laws could an organisation in South Africa use to prosecute an inside attacker, should they get caught? Justify your answer.

3. According to the article "over 50% of organisations report having encountered an insider cyber-attack". Research any three organisations that have experienced insider cyber-attacks. Describe each attack and indicate their severity.

4. Why are there a higher number of cyber-attacks coming from internal employees? Provide three researched reasons. Provide references for your answers.

5. Two employees at an organisation that was in the middle of a labour dispute sabotaged the system controlling the traffic lights of a major city. The sabotage took four days to fix, during which time traffic was greatly affected. Identify the type of inside attack this is. Justify your answer.

6. Assuming you have been hired as information security officer and your immediate task is to come up with a strategy to counteract inside attacks. Explain in detail the measures/action you would put in place as part of your strategic action.

Question 2 - Scenario

Study the scenario and complete the following questions:

You have a Web server, attached to the Internet, and you are willing to allow your clients, staff, and potential clients, to access the web pages stored on that Web server. You are not, however, willing to allow unauthorised access to that system by anyone, be that staff, customers, or unknown third parties. For example, you do not want people (other than the Web designers that your company has employed) to be able to change the web pages on that computer.

Source: Joseph William/2015

1. What is the best mechanism to use to warn of attempted or prevent unauthorised access to the computer? Compare the two most common types of such mechanisms that you would probably use and state which one is the best for the situation above. Motivate your answer.

Question 3 - Case study

Study the case study and complete the following questions:

On the 19th of February 2014, personal records for more than 309,000 students and staff were exposed in a "sophisticated" database attack at the University of Maryland. 

Birth dates, social security numbers, names and university ID numbers were compromised for people issued with a school ID and affiliated with the university's College Park and Shady Grove campuses since 1998. Financial, academic, health and contact information such as phone numbers were not exposed. The cause of the breach, which occurred, is considered unknown and an investigation was put in place by federal and state law enforcements. The school is said to have 37,000 active students. 

"Computer forensic investigators examined the breached files and logs to determine how their sophisticated, multi-layered security defences were bypassed. The University is initiating steps to ensure there is no repeat of this breach." 

Personal records are valuable to cybercriminals, who can compile dossiers on victims for the purposes of financial fraud, such as opening bank accounts or taking out loans. The data may also be valuable for other types of targeted attacks, such as spear phishing. 

The incident is the latest in a string of breaches that have affected companies and organisations which focused on intercepting payment card details from point-of-sale devices. 

Source: Kirk, J. 2014. Database attack exposes personal data at University of Maryland.

Available at: https://www.pcworld.com/article/2099540/database-attack-exposes-personal-data-at-university-of-maryland.html [Accessed: 08 September 2014].

Instructions-

1. Your organisation has been hired to perform a risk assessment for the University. In your own words what is a risk assessment and why is it important? Perform a vulnerability assessment for the database which was attacked. (You can make other assumptions).

2. Which mitigation approach is best to implement in such a case and why do you think it's the best?  

3. From the scenario "The University is initiating steps to ensure there is no repeat of this breach." Which risk control strategy should the university implement and why do you think it is the best strategy?

4. Would you classify the attack on Maryland database as an incident or a disaster? Why?

5. In an attempt to strengthen the security of the university the Chief Information Officer (CIO) has suggested several technologies to be used by the university. One of them is the use of Kerberos protocol. Critique the implementation of this technologies in a university environment. Do you think the university should implement this authentication?

6. Another important document that every institution or organisation should have is a document that instructs the employees on the proper usage of technologies and processes.

a. What is the name of this document?

b. Create the document you mention in (a) above for Maryland University Computer Lab Your document should have at least five components.

Question 4 - Case study

Study the case study and complete the following questions:

Arrested in Sicily in April 2006, the reputed head of an Italian Mafia family, Bernardo Provenzano, made notes or 'pizzini' in the Sicilian dialect. When arrested, he left approximately 350 of the notes behind. In the pizzini he gives instructions to his lieutenants regarding particular people.

Instead of writing the name of a person, Provenzano used a variation of the cipher in which letters were replaced by numbers: A by 4, B by 5, ... Z by 24 (there are only 21 letters in the Italian alphabet). So in one of his notes the string "...I met 512151522 191212154 and we agreed that we will see each other after the holidays...," refers to Binnu Riina, an associate arrested soon after Provenzano [LOR06]. Police decrypted notes found before Provenzano's arrest and used clues in them to find the boss, wanted for 40 years.

All notes appear to use the same encryption, making them trivial to decrypt once police discerned the pattern.

Suggestions we might make to Sig. Provenzano: use a strong encryption algorithm, change the encryption key from time to time, and hire a cryptographer.

Source: Pfleeger, C.P. & Pfleeger, L.S. 2011. Security in computing. 4th edition. USA: Prentice Hall

Instructions-

1. What is the name of the cypher Provenzano was using?

2. Discuss the major advantages and disadvantages of the cipher you mentioned in 3.1.

3. What are the characteristics of a good cipher?

4. Decrypt the following encrypted text with a Caesar cypher with a shift (key) of -3 and showing all the steps:

QL YBIFBSB FK QEB EBOLFC JXHBP EBOLBP.

Attachment:- Assignment.rar

Reference no: EM131197817

Questions Cloud

Define the three types of planning : Define the three types of planning for this company and identify the related level of management responsible for each type of plan. Assuming that you were a manager at each level, identify what your role would be in the planning process.
Response at the international level : Analyze at least 2 major problems associated with U.S. based disaster relief coordination and response at the international level. Next, suggest 1 solution to each of the problem in question.
Chinas development trend and business potentials : China's development trend and business potentials for foreign companies (choosing one industry or sector, e.g., automobile ,or green energy, or low carbon industries.
Discuss therapeutic effects of humor and music therapy : Discuss three main barriers to changing our current healthcare system to a more integrative system of care and Discuss how your nursing practice might be affected by complementary and alternative medicine.
What is the name of the cypher provenzano was using : Arrested in Sicily in April 2006, the reputed head of an Italian Mafia family, Bernardo Provenzano, made notes or 'pizzini' in the Sicilian dialect. What is the name of the cypher Provenzano was using
Write an essay with the topic : Write an essay with the topic being "The positive impact of technology in relation to Accounting and Finance".
Discuss the most typical community-acquired pathogens : Differentiate between the presenting signs of symptoms of a 55-year-old suffering from acute bronchitis and a 55-year-old suffering from pneumonia. In your response, discuss the most typical community-acquired pathogens involved with each of these..
What is the estimated capital investment for ethanol plant : What is the estimated capital investment for a similar ethanol plant with a capacity of 500,000 gallons per year?
What do you think you would think of these reflections : You are chained to the ground and all you can see in front of you is a cave wall. There is a light source behind you, which casts reflections on the wall. What do you think you would think of these reflections? Could they represent family members? ..

Reviews

Write a Review

 

Other Subject Questions & Answers

  Write a script and record a tv or radio commercial

For this assignment, demonstrate your understanding of Ren and other key concepts of Confucian ethics by choosing from any of the following options: Write a Poem and Write a script and/or record a TV or Radio Commercial.

  According to sociologist c wright mills people often

according to sociologist c. wright mills people often believe that their private lives can only be explained in terms

  Internet to research the code of ethical conduct

According to the textbook, ongoing challenges in the global business environment are mostly attributed to unethical business practices, failure to embrace technology advancements, and stiff competition among businesses. Use the Internet to researc..

  What management philosophies and standards emphasized

What management philosophies and standards should be emphasized by managers to help employees remain connected to the company mission?

  Psychological egoism considered an ethical theory

Why isn't psychological egoism considered an ethical theory? It aims to tell us how we do behave, not how we should behave. All of these. It is regarded as immoral. It has no implications for ethics.

  Databases in a business environment

Prepare a 2- to 3-page memorandum analyzing the use of databases in a business environment. Include what database applications should be used.

  Crime of shoplifting-cyber crime

Illustrate the different ways that the taking requirement can be met in the crime of shoplifting, and how private security officers are trained to handle a shoplifting incident.  Review what constitutes "cyber crime," and how states and the federal g..

  Favored sense within the traveling experience

Urry contends that the visual is the favored sense within the traveling experience. He asserts that this narrow focus on the visual sense is limiting. Do you agree? Why or why not?

  Purpose of the annotated bibliography

The purpose of the annotated bibliography is to assist you in developing research analysis skills including critical thinking, writing, and literature research skills

  How smart phones are use in improve mental health of patient

How smart phones are used in improving mental Health of the patients? Can data from smartphone sensors be used to recognize bipolar disorder episodes and detect behavior changes that can signal the onset of episodes?

  A land ethic that redefined how people ought to envision

A land ethic that redefined how people ought to envision their community it should include all biological organisms and their sense of right and wrong. What historical figures would have agreed or disagreed with this view, and why

  Parents work behavior affects children’s behavior and mood

Parents work behavior affects children’s behavior and mood. For example, when fathers and mothers are psychologically engaged in work, but are available at home some studies have suggested that their children children are more likely to become academ..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd