Nmims Unique Assignments contact
[email protected]
+91- 9503094040

IT Security and Risk Management

1. On Feb. 28, 2018, GitHub—a platform for software developers—was hit with an attack that clocked in at 1.35 terabits per second and lasted for roughly 20 minutes. According to GitHub, the traffic was traced back to “over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints.”

What type of attack was this and how should be the countermeasures for such attacks? (10 Marks)

2. The objectives of an IT security policy is the preservation of confidentiality, integrity, and availability (CIA) of systems and information used by an organization’s members. Explain the various aspects of designing a comprehensive security policy with respect to the CIA triad. (10 Marks)

3. Friends Credit Union (FCU) is a federally chartered and insured credit union offering financial services for over 60 years. As a non-profit financial cooperative. it is owned and operated by its members. With over 6400 million in assets and over 51,000 members. FCU's mission is to operate in a financially sound and competitive manner to ensure long term financial stability while safeguarding member assets. The landscape of organizations across the globe and the way business is conducted has changed dramatically over the last decade. New technologies have added tremendous efficiencies and methods for communicating, and corporations have benefitted from these innovations. However, there have been disturbing increases globally in the number of attacks through criminal activities - be it cyber or onsite infiltration.

FCU recognized that adhering to regulatory compliance does not always equate to
security. In an effort to provide world-class service. as well as to ensure confidential
client information remains secure, FCU contracted independent remote and onsite social engineering assessments.

Understanding that the modem criminal preys on the human element as a weakness. Common undercover ploys were developed and executed so determine the organization's susceptibility to potential exploitation. The results identified vulnerabilities within the organization and revealed the need for corporate wide security awareness, crucial to mitigating future risks. Onsite and remote social engineering engagements examined the effectiveness of the existing education and awareness programs, challenging the security posture of the institution's workforce. The security risk assessment methodology Involved four phases, each phase conducted by a certified security analyst.

(1) Reconnaissance
(2) Analysis
(3) Penetration
(4) Reporting

The engagement objective was to infiltrate the corporation and access confidential information through phishing attacks and onsite intrusions. Based on the success rate of achieving the objectives, FCU received a performance report for both of the social engineering risk assessments.

a. Explain the need for social engineering attack preparedness of any organization and the possible impact of being ill prepared for such an attack. (5 Marks)

b. Explain the 4 phases involved in the security risk assessment of FCU in the above case. (5 Marks)

Nmims Unique Assignments contact
[email protected]
+91- 9503094040