Scribd
Upload
363 views

Solution Cs205 Spring 2023

1. The document provides instructions for Assignment No. 01 in the course CS205: Information Security. It states that the assignment must be submitted as a Microsoft Word document by May 22, 2023 to receive credit. 2. The assignment objective is to enhance student learning about security attacks and the CIA triad of information security. 3. The assignment contains two questions - the first asks students to identify which component of the CIA triad is compromised in various scenarios, and the second asks students to analyze scenarios and identify the type of virus or attack described.

Uploaded by

Taha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
363 views

Solution Cs205 Spring 2023

1. The document provides instructions for Assignment No. 01 in the course CS205: Information Security. It states that the assignment must be submitted as a Microsoft Word document by May 22, 2023 to receive credit. 2. The assignment objective is to enhance student learning about security attacks and the CIA triad of information security. 3. The assignment contains two questions - the first asks students to identify which component of the CIA triad is compromised in various scenarios, and the second asks students to analyze scenarios and identify the type of virus or attack described.

Uploaded by

Taha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Assignment No.

01 Total Marks: 20
Semester: Spring 2023
CS205: Information Security Due Date: May 22, 2023

Instructions:
Please read the following instructions carefully before submitting assignment:
You need to use MS Word document to prepare and submit the assignment solution on VU-LMS.
It should be clear that your assignment will not get any credit if:

 The assignment is submitted after due date.


 The assignment is not in the required format (.doc or docx).
 The submitted assignment does not open or file is corrupt.
 Assignment is copied (partial or full) from any source (websites, forums, students, etc.).

Objective:

To enhance the learning capabilities of the students about:


 Security Attacks
 CIA triad
Assignment

Question No.1
As an Information Security officer, you are given a task to identify the component of CIA Triad which has been
compromised in each of the scenarios given below:

1. A company recently discovered that an employee had modified financial records to hide fraudulent
activities.
2. An e-commerce website is experiencing issues with customers receiving counterfeit products. The company
suspects that their supply chain has been compromised.
3. A healthcare organization realizes that patient records are leaked on public website.
4. A hacker modifies the company's website to display unethical content to defame the website.
5. A Distributed Denial of Service (DDoS) attack is launched against a company's website, causing it to
become unavailable to legitimate users.

Provide your answer in given table:

Scenario Compromised Component

1. An employee had modified financial records to hide fraudulent activities. Confidentiality

2. Customers receiving counterfeit products due to supply chain compromise.Integrity

3. Patient records are leaked on public website. Confidentiality

4. Hacker modifies the company’s website to display unethical content to defame the website.
Integrity

5. Distributed Denial of Service (DDoS) attack is launched against a company’s website, causing it to
become unavailable to legitimate users. Availability

Scenario No. CIA Component


1
2
3
4
5

Question No.2
Suppose an enterprise computer network consists of multiple devices including servers, desktops,laptops,
switches and routers etc. where sensitive information including financial data, intellectual property and
customer information is transferred among the network devices. The enterprise is concerned about the security
of this data and has implemented various measures including firewalls, antivirus software, data encryption, and
access controls to protect it. However, the network is still vulnerable to various types of attacks such as
ransomware, trojan horses, worms, spyware, phishing attacks, denial-of-service attacks and SQL injection
attacks. Following issues have been observed so far in the enterprise:

1. A user in the finance department received an email that appeared to be from a bank, asking the user to
provide his/her login credentials to verify his/her account. As the user entered his/her credentials, the user’s
computer became unresponsive and all files got encrypted.

2. An employee in the HR department clicked on a link in an email that appeared to be from a colleague. The
link downloaded a program that appeared to be legitimate.

3. A computer in the marketing department became infected by a virus that further spread throughout the
network causing all network devices to slow down and become unresponsive.

4. The company's website became inaccessible to its legitimate users due to huge number of fake login
requests to server by some unauthorized users.

5. Attackers gain unauthorized access to the company's database. They were able to retrieve confidential
customer information, including names, addresses, and credit card details.

Considering yourself as an Information Security Officer, you are required to carefully analyze each scenario and
answer the following questions:

Questions:

1. What is the name of the virus attack that the finance department experienced?
2. What is the name of the virus attack that the HR department experienced?
3. What is the name of the virus attack that the marketing department experienced?  
4. What type of attack occurred when the company's website became inaccessible for its legitimate users due
to a large number of fake login requests?
5. What type of attack occurred when attackers gain unauthorized access to the company's database and
retrieve confidential customer information?
 
Solution:

Here are the answers to your questions:

The virus attack that the finance department experienced is called ransomware1.

The virus attack that the HR department experienced is not mentioned in the given scenario. However,
phishing attacks are common in HR departments where attackers send emails that appear to be from a
colleague or a higher-up and ask for sensitive information such as login credentials2.

The computer in the marketing department was infected by a virus that further spread throughout the
network causing all network devices to slow down and become unresponsive. This is an example of a
worm3.

The company’s website became inaccessible to its legitimate users due to a huge number of fake login
requests to the server by some unauthorized users. This is an example of a Denial-of-Service (DoS)
attack4.

Attackers gained unauthorized access to the company’s database and were able to retrieve confidential
customer information, including names, addresses, and credit card details. This is an example of a data
breach5.

Best of Luck!

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy