$20
MIS607 Cybersecurity ( MIS607 Entire Course )
Course: MIS607_Cybersecurity
MIS607 Assessment 1 - Online Quiz
MIS607 Assessment 2 Threat Model Report
MIS607 Assessment 3 Mitigation Plan for Threat Report
-------------------------------------------------------------------------------------------
MIS607 Cybersecurity Entire course
--------------------------------------------------------------------------------------------
MIS607 Assignment 1 - Online Quiz
20 Exam MCQ Quiz Questions with answers + Also included 100 Practise Quiz MCQ Questions with answers) 100% Correct
Context
This online quiz tests your knowledge on malware threats, types of malware, and the ways that malware can be spread. Given the ubiquity and importance of information systems in organizations, there are many potential misuses and abuses of information and electronic communication that creates privacy and security problems.
This assessment further examines your knowledge of the ethical issues as they relate to computer and information system security.
Instructions
• This Online Test is made up of 20 questions.
• Review the learning resources for Module 1.1 – Module 2.2 before undertaking the Online Test.
• You will have 30 minutes to complete the attempt.
• The Online Test attempt will shut down at 30 minutes duration.
• If you leave the Online Test for a period of time prior to completion there will a forced completion.
• This Online Test will comprise of Multiple-choice Questions.
The quiz will be graded automatically and you will receive your grade outcome instantly.
MIS607 Assessment 1 Online Quiz
Question 1
What is the most common goal of search engine optimization (SEO) poisoning?
• to trick someone into installing malware or divulging personal information
• to build a botnet of zombies
• to overwhelm a network device with maliciously formed packets
• to increase web traffic to malicious sites
Question 2
What type of attack disrupts services by overwhelming network devices with bogus traffic?
• brute force
• port scans
• zero-day
• DDoS
Question 3
Which technology removes direct equipment and maintenance costs from the user for data backups?
• a cloud service
• network attached storage
• a tape
• an external hard drive
Question 4
Which statement describes cyberwarfare?
• Cyberwarfare is an attack carried out by a group of script kiddies.
• It is simulation software for Air Force pilots that allows them to practice under a simulated war scenario.
• It is a series of personal protective equipment developed for soldiers involved in nuclear war.
• It is Internet-based conflict that involves the penetration of information systems of other nations.
Question 5
Which configuration on a wireless router is not considered to be adequate security for a wireless network?
• prevent the broadcast of an SSID
• implement WPA2 encryption
• enabling wireless security
• modify the default SSID and password of a wireless router
Question 6
A network administrator is conducting a training session to office staff on how to create a strong and effective password. Which password would most likely take the longest for a malicious user to guess or break?
• super3secret2password1
• 10characters
• drninjaphd
• mk$$cittykat104#
Question 7
Which type of technology can prevent malicious software from monitoring user activities, collecting personal information, and producing unwanted pop-up ads on a user computer?
• two factor authentication
• firewall
• password manager
• antispyware
Question 8
Which tool can identify malicious traffic by comparing packet contents to known attack signatures?
• Nmap
• Netflow
• Zenma
• IDS
Question 9
What is the best method to prevent Bluetooth from being exploited?
• Always disable Bluetooth when it is not actively used.
• Always use a VPN when connecting with Bluetooth.
• Only use Bluetooth when connecting to a known SSID.
• Only use Bluetooth to connect to another smartphone or tablet.
Question 10
Why do IoT devices pose a greater risk than other computing devices on a network?
• Most IoT devices do not receive frequent firmware updates.
• IoT devices cannot function on an isolated network with only an Internet connection.
• Most IoT devices do not require an Internet connection and are unable to receive new updates.
• IoT devices require unencrypted wireless connections.
Question 11
In what way are zombies used in security attacks?
• They are maliciously formed code segments used to replace legitimate applications.
• They probe a group of machines for open ports to learn which services are running.
• They target specific individuals to gain corporate or personal information.
• They are infected machines that carry out a DDoS attack.
Question 12
What is the motivation of a white hat attacker?
• discovering weaknesses of networks and systems to improve the security level of these systems
• studying operating systems of various platforms to develop a new system
• taking advantage of any vulnerability for illegal personal gain
• fine tuning network devices to improve their performance and efficiency
Question 13
Which method is used to check the integrity of data?
• checksum
• backup
• authentication
• encryption
Question 14
Which tool can perform real-time traffic and port analysis, and can also detect port scans, fingerprinting and buffer overflow attacks?
• Netflow
• Snort
• Nmap
• SIEM
Question 15
Which two characteristics describe a worm? (Choose two.)
• hides in a dormant state until needed by an attacker
• executes when software is run on a computer
• travels to new computers without any intervention or knowledge of the user
• infects computers by attaching to software code
Question 16
What is the purpose of a rootkit?
• to replicate itself independently of any other programs
• to gain privileged access to a device while concealing itself
• to deliver advertisements without user consent
• to masquerade as a legitimate program
Question 17
Which protocol is used by the Cisco Cyber threat Defence Solution to collect information about the traffic that is traversing the network?
• HTTPS
• Telnet
• NAT
• NetFlow
Question 18
Which type of attack allows an attacker to use a brute force approach?
• social engineering
• denial of service
• packet sniffing
• password cracking
Question 19
How can users working on a shared computer keep their personal browsing history hidden from other workers that may use this computer?
• Use only an encrypted connection to access websites.
• Move any downloaded files to the recycle bin.
• Reboot the computer after closing the web browser.
• Operate the web browser in private browser mode.
Question 20
What is the last stage of the Cyber Kill Chain framework?
• remote control of the target device
• creation of malicious payload
• gathering target information
• malicious action
MIS607 Assignment 2 Threat Model Report
Task Summary
You are required write a 1500 words Threat modelling report in response to a case scenario by identifying the threat types and key factors involved. This assessment is intended to build your fundamental understanding of these key threats so that you will be able to respond/mitigate those factors in Assessment 3. In doing so, this assessment will formatively develop the knowledge required for you to complete Assessment 3 successfully.
Context
Security threat modelling, or threat modelling is a process of assessing and documenting a system's security risks. Threat modelling is a repeatable process that helps you find and mitigate all of the threats to your products/services. It contributes to the risk management process because threats to software and infrastructure are risks to the user and environment deploying the software. As a professional, your role will require you to understand the most at-risk components and create awareness among the staff of such high-risk components and how to manage them. Having a working understanding of these concepts will enable you to uncover threats to the system before the system is committed to code.
Task Instructions
1. Carefully read the attached the case scenario to understand the concepts being discussed in the case.
2. Review your subject notes to establish the relevant area of investigation that applies to the case. Reread any relevant readings that have been recommended in the case area in modules. Plan how you will structure your ideas for the threat model report.
3. Draw a use DFDs (Data Flow Diagrams):
· Include processes, data stores, data flows
· Include trust boundaries (Add trust boundaries that intersect data flows)
· Iterate over processes, data stores, and see where they need to be broken down
· Enumerate assumptions, dependencies
· N umber everything (if manual)
· Determine the threat types that might impact your system
· STRIDE/Element: Identifying threats to the system.
· Understanding the threats (threat, property, definition)
4. The report should consist of the following structure:
A title page with subject code and n ame, assignment title, student’s n ame, student, and lecturer’s n ame.
The introduction that will also serve as your statement of purpose for the report. This means that you will tell the reader what you are going to cover in your report. You will need to inform the reader of:
a) Your area of research and its context
b) The key concepts of cybersecurity you will be addressing and why you are drawing the threat model
c) What the reader can expect to find in the body of the report
The body of the report) will need to respond to the specific requirements of the case study. It is advised that you use the case study to assist you in structuring the threat model report, drawing DFD and presenting the diagram by means of subheadings in the body of the report.
The conclusion will summarise any findings or recommendations that the report puts forward regarding the concepts covered in the report.
5. Format of the report
The report should use font Arial or Calibri 11 point, be line spaced at 1.5 for ease of reading, and have page n umbers on the bottom of each page. If diagrams or tables are used, due attention should be given to pagination to avoid loss of meaning and continuity by unnecessarily splitting information over two pages. Diagrams must carry the appropriate captioning.
6. Referencing
There are requirements for referencing this report using APA style for citing and referencing research. It is expected that you used 10 external references in the relevant subject area based on readings and further research.
7. You are strongly advised to read the rubric, which is an evaluation guide with criteria for grading the assignment. This will give you a clear picture of what a successful report looks like.
Submission Instructions
Submit Assessment 2 via the Assessment l ink in the main navigation menu in MIS607 Cybersecurity. The Learning Facilitator will provide feedback via the Grade Centre in the LMS portal.
Case Scenario
The Business &Communication Insurance (B&C Insurance) began business as a private health insurer, established by Gary RT.L & family in 1965 through the Health Insurance Commission. This company was set up to compete with private "for-profit" funds. The company’s headquarters is located in New York and has offices in various other countries including Spain, Australia and Hong Kong. The CEO of the B&C Insurance recently received a ransom em ail from an unknown company claiming that they have access to the company strategic plans and personal details of 200,000 clients. A sample of personal details of 200 clients was included in the em ail as a ‘proof’.
Ransom em ails are normally sent through unreliable external networks that are outside the company’s security boundary. The CEO consulted the senior management and they acted promptly to investigate and contain the threat with the aid of forensic computer specialists. The first step was to validate the threat. The management team found a discussion on a hacker site in the dark net that had personal information of 200,000 clients of B&C Insurance for sale. This also included the details of the 200 clients, provided in the ransom em ail as ‘proof’. The investigation also confirmed that the details of the 200 customers are genuine.
The senior management considered the need to identify threats and give practical guidance on how to manage the risks of identity fraud to be of utmost importance. Therefore, a team of consultants was appointed to prepare a series of reports to identify various threats and to develop cybersecurity crisis management plans in order to respond to potential threats/ risks of sophisticated hackers penetrating into the internal systems of the company and accessing client information.
As the cybersecurity specialist in the team, you have been asked to write a report to identify the threat types and key factors involved. In doing so, you are required to identify the most ‘at-risk’ components, create awareness among the staff of such high-risk components and how to manage them. In addition, this report is to help key stakeholders, including the executive managers, to make decisions on what course of actions must be undertaken to mitigate potential threats.
MIS607 Assignment 3 Mitigation Plan for Threat Report
Task Summary
For this assessment, you are required to write a 2500 words mitigation plan for threat report based on knowledge you gained about threat types and key factors in Assessment 2. You are required to use the Assessment 2 case as context to write a report to address or alleviate problems faced by the business and to protect the customers. In doing so, you are required to demonstrate your ability to mitigate threat/risks identified in Assessment 2 through the strategy you recommend (STRIDE).
Context
Cybersecurity help organizations to mitigate threats/risks, reduce financial loss and safety violations, decrease unethical behaviour, improve customer satisfaction, and increase efficiency, as well as to maintain these improved results. Threats can be resolved by Risk Acceptance (doing nothing), Risk Transference (pass risk to an externality), Risk Avoidance (removing the feature/component that causes the risk) and Risk Mitigation (decrease the risk). This assessment gives you an opportunity to demonstrate your understanding of cybersecurity and your capability to explain Risk Mitigation strategies for such threats. Mitigations should be chosen according to the appropriate technology and resolution should be decided according to the risk level and cost of mitigation.
Task Instructions
1. Read the Assessment 2 Case Scenario again to understand the concepts discussed in the case.
2. Review your subject notes to establish the relevant area of investigation that applies to the case. Reread any relevant readings that have been recommended in the case area in modules. Plan how you will structure your ideas for the mitigation plan for threat report.
3. The mitigation plan for threat report should address the following:
• Setting priorities for risks/threats
• Analyse the case in terms of identified risk categories and scenarios
• Apply standard mitigations
• Discuss specific resolutions for improvement, and justify their significance
• Provide recommendations for mitigating risk based on an assessment of risk appetite, risk tolerance and current risk levels (Choose techniques to mitigate the threats)
• Make recommendations to the CEO on how to conduct risk management, key issues involving your process improvement model, including a road map, the identification of appropriate technologies for the identified techniques, communicating the strategy, and a suggested timeline.
4. The report should consist of the following structure:
A title page with subject code and n ame, assignment title, student’s n ame, student , and lecturer’s n ame.
The introduction that will also serve as your statement of purpose for the report. This means that you will tell the reader what you are going to cover in mitigation plan report. You will need to inform the reader of:
a) Your area of research and its context (how to mitigate or manage threats)
b) The key concepts you will be addressing
c) What the reader can expect to find in the body of the report
The body of the report will need to respond to the specific requirements of the case study. It is advised that you use the case study to assist you in structuring the report. Set priorities for identified threats from assessment 2, analyse the case in terms of identified risk categories and discuss specific resolutions and recommendations for improvements in the body of the report.
The conclusion (will summarise any findings or recommendations that the report puts forward regarding the concepts covered in the report.
5. Format of the report
The report should use font Arial or Calibri 11 point, be line spaced at 1.5 for ease of reading, and have page n umbers on the bottom of each page. If diagrams or tables are used, due attention should be given to pagination to avoid loss of meaning and continuity by unnecessarily splitting information over two pages. Diagrams must carry the appropriate captioning.
6. Referencing
There are requirements for referencing this report using APA referencing style for citing and referencing research. It is expected that you used 10 external references in the relevant subject area based on readings and further research.
7. You are strongly advised to read the rubric, which is an evaluation guide with criteria for grading the assignment—this will give you a clear picture of what a successful report looks like.
Submission Instructions
Submit Assessment 3 via the Assessment l ink in the main navigation menu in MIS607 Cybersecurity. The Learning Facilitator will provide feedback via the Grade Centre in the LMS portal. Feedback can be viewed in My Grades.
