User Account

All Pages

What is the name of the cypher provenzano was using

Assignment Help Other Subject
Reference no: EM131197817

Social Practices and Security Assignment-

Question 1 - Case study

Study the case study and complete the following questions:

From the most recent consolidated data available on insider threats, over 50% of organisations report having encountered an insider cyber-attack in 2012, with insider threat cases making up roughly 23% of all cybercrime incidents. This percentage has stayed consistent over the prior couple of years, but the total number of attacks has increased significantly.

The result is $2.9 trillion in employee fraud losses globally per year, with $40 billion in losses due to employee theft and fraud in the US in 2012 alone. The damage and negative impact caused by insider threat incidents is reported to be higher than that of outsider or other cybercrime incidents.

Interestingly, in contrast to outsider attacks on networks, insider cyber-attacks are under-reported. Only a few cases make it into public media or are even known to insider threat experts. Reasons for such under-reporting are insufficient damage or evidence to warrant prosecution, and concerns about negative publicity. The risk of revealing confidential data and business processes during investigations may be another reason why many companies don't report and prosecute insider threat incidents.

Source: https://www.computerworld.com/article/2691620/security0/insider-threats-how-they-affect-us-companies.html [Date accessed: 29 October 2015]

1. Which approach would you follow in attempting to protect against inside attacks? Justify your answer.

2. It is the responsibility of the government to ensure that they put in place relevant laws to ensure that attackers are prosecuted. Which two laws could an organisation in South Africa use to prosecute an inside attacker, should they get caught? Justify your answer.

3. According to the article "over 50% of organisations report having encountered an insider cyber-attack". Research any three organisations that have experienced insider cyber-attacks. Describe each attack and indicate their severity.

4. Why are there a higher number of cyber-attacks coming from internal employees? Provide three researched reasons. Provide references for your answers.

5. Two employees at an organisation that was in the middle of a labour dispute sabotaged the system controlling the traffic lights of a major city. The sabotage took four days to fix, during which time traffic was greatly affected. Identify the type of inside attack this is. Justify your answer.

6. Assuming you have been hired as information security officer and your immediate task is to come up with a strategy to counteract inside attacks. Explain in detail the measures/action you would put in place as part of your strategic action.

Question 2 - Scenario

Study the scenario and complete the following questions:

You have a Web server, attached to the Internet, and you are willing to allow your clients, staff, and potential clients, to access the web pages stored on that Web server. You are not, however, willing to allow unauthorised access to that system by anyone, be that staff, customers, or unknown third parties. For example, you do not want people (other than the Web designers that your company has employed) to be able to change the web pages on that computer.

Source: Joseph William/2015

1. What is the best mechanism to use to warn of attempted or prevent unauthorised access to the computer? Compare the two most common types of such mechanisms that you would probably use and state which one is the best for the situation above. Motivate your answer.

Question 3 - Case study

Study the case study and complete the following questions:

On the 19th of February 2014, personal records for more than 309,000 students and staff were exposed in a "sophisticated" database attack at the University of Maryland. 

Birth dates, social security numbers, names and university ID numbers were compromised for people issued with a school ID and affiliated with the university's College Park and Shady Grove campuses since 1998. Financial, academic, health and contact information such as phone numbers were not exposed. The cause of the breach, which occurred, is considered unknown and an investigation was put in place by federal and state law enforcements. The school is said to have 37,000 active students. 

"Computer forensic investigators examined the breached files and logs to determine how their sophisticated, multi-layered security defences were bypassed. The University is initiating steps to ensure there is no repeat of this breach." 

Personal records are valuable to cybercriminals, who can compile dossiers on victims for the purposes of financial fraud, such as opening bank accounts or taking out loans. The data may also be valuable for other types of targeted attacks, such as spear phishing. 

The incident is the latest in a string of breaches that have affected companies and organisations which focused on intercepting payment card details from point-of-sale devices. 

Source: Kirk, J. 2014. Database attack exposes personal data at University of Maryland.

Available at: https://www.pcworld.com/article/2099540/database-attack-exposes-personal-data-at-university-of-maryland.html [Accessed: 08 September 2014].

Instructions-

1. Your organisation has been hired to perform a risk assessment for the University. In your own words what is a risk assessment and why is it important? Perform a vulnerability assessment for the database which was attacked. (You can make other assumptions).

2. Which mitigation approach is best to implement in such a case and why do you think it's the best?  

3. From the scenario "The University is initiating steps to ensure there is no repeat of this breach." Which risk control strategy should the university implement and why do you think it is the best strategy?

4. Would you classify the attack on Maryland database as an incident or a disaster? Why?

5. In an attempt to strengthen the security of the university the Chief Information Officer (CIO) has suggested several technologies to be used by the university. One of them is the use of Kerberos protocol. Critique the implementation of this technologies in a university environment. Do you think the university should implement this authentication?

6. Another important document that every institution or organisation should have is a document that instructs the employees on the proper usage of technologies and processes.

a. What is the name of this document?

b. Create the document you mention in (a) above for Maryland University Computer Lab Your document should have at least five components.

Question 4 - Case study

Study the case study and complete the following questions:

Arrested in Sicily in April 2006, the reputed head of an Italian Mafia family, Bernardo Provenzano, made notes or 'pizzini' in the Sicilian dialect. When arrested, he left approximately 350 of the notes behind. In the pizzini he gives instructions to his lieutenants regarding particular people.

Instead of writing the name of a person, Provenzano used a variation of the cipher in which letters were replaced by numbers: A by 4, B by 5, ... Z by 24 (there are only 21 letters in the Italian alphabet). So in one of his notes the string "...I met 512151522 191212154 and we agreed that we will see each other after the holidays...," refers to Binnu Riina, an associate arrested soon after Provenzano [LOR06]. Police decrypted notes found before Provenzano's arrest and used clues in them to find the boss, wanted for 40 years.

All notes appear to use the same encryption, making them trivial to decrypt once police discerned the pattern.

Suggestions we might make to Sig. Provenzano: use a strong encryption algorithm, change the encryption key from time to time, and hire a cryptographer.

Source: Pfleeger, C.P. & Pfleeger, L.S. 2011. Security in computing. 4th edition. USA: Prentice Hall

Instructions-

1. What is the name of the cypher Provenzano was using?

2. Discuss the major advantages and disadvantages of the cipher you mentioned in 3.1.

3. What are the characteristics of a good cipher?

4. Decrypt the following encrypted text with a Caesar cypher with a shift (key) of -3 and showing all the steps:

QL YBIFBSB FK QEB EBOLFC JXHBP EBOLBP.

Attachment:- Assignment.rar

Reference no: EM131197817

Questions Cloud

Define the three types of planning : Define the three types of planning for this company and identify the related level of management responsible for each type of plan. Assuming that you were a manager at each level, identify what your role would be in the planning process.
Response at the international level : Analyze at least 2 major problems associated with U.S. based disaster relief coordination and response at the international level. Next, suggest 1 solution to each of the problem in question.
Chinas development trend and business potentials : China's development trend and business potentials for foreign companies (choosing one industry or sector, e.g., automobile ,or green energy, or low carbon industries.
Discuss therapeutic effects of humor and music therapy : Discuss three main barriers to changing our current healthcare system to a more integrative system of care and Discuss how your nursing practice might be affected by complementary and alternative medicine.
What is the name of the cypher provenzano was using : Arrested in Sicily in April 2006, the reputed head of an Italian Mafia family, Bernardo Provenzano, made notes or 'pizzini' in the Sicilian dialect. What is the name of the cypher Provenzano was using
Write an essay with the topic : Write an essay with the topic being "The positive impact of technology in relation to Accounting and Finance".
Discuss the most typical community-acquired pathogens : Differentiate between the presenting signs of symptoms of a 55-year-old suffering from acute bronchitis and a 55-year-old suffering from pneumonia. In your response, discuss the most typical community-acquired pathogens involved with each of these..
What is the estimated capital investment for ethanol plant : What is the estimated capital investment for a similar ethanol plant with a capacity of 500,000 gallons per year?
What do you think you would think of these reflections : You are chained to the ground and all you can see in front of you is a cave wall. There is a light source behind you, which casts reflections on the wall. What do you think you would think of these reflections? Could they represent family members? ..

Reviews

Write a Review

Other Subject Questions & Answers

  I want you to write 500-800 word statement on desire to

i want you to write 500-800 word statement on desire to enter the program community economic development from your

  Research and take notes on the polls and the data provided

Research and take notes on the polls and the data provided. Then, write down ten results from the polls that indicate something interesting about the relative strength of the parties. Write a letter to a presidential candidate explaining what you wou..

  How are patients prepared for nuclear medicine procedures

Explain the scientific and technical concepts related to nuclear medicine. Consider the following questions when you construct your response: What type of radiation is typically exploited in most nuclear medicine procedures?

  Based on each of three of the different domains of thinking

Determine an issue that is faced by a group of people and explain the issue. Then create two questions that relate to the issue based on each of three of the different domains of thinking.

  Discuss the patterns of suburban growth and development

Discuss the patterns of suburban growth and development in the Post-WWII period (1945 - 1965). What were the major reasons for suburban growth during this time period in your city

  Sociolinguistics dialect vernacular bio-program hypothesis

Please respond to these definitions with a 2-3 sentence response for each. sociolinguistics dialect vernacular bio-program hypothesis minority language language families lingua franca Ebonics pidgin vs. creole language shift language planning indi..

  The natural environment and the artificial environment

The natural environment and The artificial environment.

  Hypothesize on what reasons exist for feeling hopeful

Hypothesize on what reasons exist for feeling hopeful about the future of the conflict. If there is no reason to feel hopeful, explain why. Speculate on the probable future of the dispute based on your readings in Roskin and your familiarity with c..

  Prepare a statement about occupational safety and health

Prepare a statement of at least two paragraphs about occupational safety and health ("Workplace Safety Statement") that you would urge Strong Company to include in its employee handbook.

  What else must us company vendor determine about each

one of your vendors that work closely with your franchise wants to purchase 10 million in materials and services from

  Describe the justifications for the us invasion of iraq

Analyze how Just War theory has been applied to U.S. military campaigns from 1945-1994. Discuss any wars conducted by the U.S. during the Cold War period that were not justified by Just War theory. Describe the justifications for the U.S. invasion of..

  You are a department head at a large company

Persuading Employees that a Security Camera Is Necessary (Persuasive Message) You are a department head at a large company. To save money, your company orders office supplies in bulk. Each department then gets its allotment of supplies, which are kep..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd