Cybersecurity Project - Maximum 9 Pages (1.5 Spaced).

Posted Under: Cyber Security

Ask A Question
Viewed 20
Maximum 9 pages (1.5 spaced); figures and/or tables are allowed on additional pages. 1. (Cryptography - maximum 3 pages (1.5 spaced)) a.) Describe the functioning of the three cryptographic methods below and their role for CAIN: (i) symmetric-key cryptosystems (ii) asymmetric-key cryptosystems (iii) hash functions Please list two examples of the currently important methods. b.) What is a digital certificate and a certification authority? For which purposes are digital certificates being used in current network infrastructures? How can a sophisticated threat actor use compromised digital certificates for attacks? c.) Explain the Diffie-Hellman-Key-Exchange and how this is exploitable by a man in the middle attack. d.) What is the major shortcoming of the Vernam Code, and why can Quantum-Key-Distribution (QKD) mitigate this shortcoming? e.) Explain the role of public keys for confidentiality, integrity and authenticity on slide 88 in the handout. f.) Some users of asymmetric-key cryptosystems are publishing the public key on their web site. Explain how this can be exploited by an attacker. How can this exploit risk being mitigated by the involvement of a Certification Authority and a digital certificate? g.) Explain the Two-Way-Authentication on slide 89 in the handout. Can this protocol exploited by reflection attacks? Explain your answer. h.) How can a virus use cryptographic routines to avoid detection by antivirus programs? Explain the term “polymorphic virus”. 2. (TCP/IP – maximum 2 pages (1.5 spaced)) a) Explain the different levels of the OSI-architecture. b) Explain how TCP/IP stack breed critical vulnerabilities in IoT devices. c) Describe the service provided by the Transmission Control Protocol (TCP). d) Explain the security architecture SSL/TLS e) What is the meaning of tunneling and what are virtual private networks (VPNs) ? f) How can VPNs being used to provide remote access ? g) How can SSL/TLS being used for the set up of VPNs? h) What is the difference of HTTPS and HTTP and what is the role of SSL/TLS? i) Give an example how tunneling can be used for circumventing firewall policies. 3. (System Development Life Cycle – maximum 2 pages (1.5 spaced)) In your role of the Chief Information Officer of a financing institution, you realize that the dynamic growth of the firm’s equipment leasing business threatens to overstretch the capacities of the existing database in which the information on client master data, key contract specifications, ratings, collateral values, and payment transactions is being managed. You reach the conclusion that a major redesign of the existing system, in which both the scalability of the system and the scope of the analytical functionalities it offers need to be greatly enhanced, is required. a) Please name the successive phases of developing a successor system to the current solution. b) Please enumerate, and briefly explain, two weaknesses that are frequently encountered in such projects. c) Please explain how security aspects are integrated into the different stages of the review process. d) Please summarize the key characteristics of the “agile” approach to software development. e) Give two examples how not considering the security in the design of a system or application can be a major contributing factor to cybersecurity vulnerabilities and finally a cause for operational and reputational risk. 4. (Elements of Cyber Security-Patch Management, Penetration Testing, Platform Hardening, Identity and user management, etc. - maximum 2 pages (1.5 spaced)) Startled by recent news about “cyberattacks” on financial institutions, the directors of your company have commissioned a comprehensive assessment of the effectiveness and quality of existing controls directed at safeguarding data security and integrity inside the organization. Please briefly describe • the purpose of the related testing procedures, • the role of penetration testing. Briefly explain how the outcomes of such an assessment relate to the concept of “platform hardening”. Explain how adequate Data Governance can help to understand the sensitivity of information and to improve the quality of existing controls.

This order does not have tags, yet.


No uploads for this question

Explanations and Answers 0

No answers posted

Post your Answer - free or at a fee

Login to your tutor account to post an answer

Posting a free answer earns you +20 points.


NB: Post a homework question for free and get answers - free or paid homework help.

Get answers to: Cybersecurity Project - Maximum 9 Pages (1.5 Spaced). or similar questions only at Tutlance.

Related Questions