代做BISM7213 assignment 2

日期：2022-06-05 08:39

BISM7213 – Securing Business Information – 2022

Assignment 2 – Six questions covering seminars 6 to 12

(inclusive) (30% of overall course marks)

Assignment Overview

This assignment must be completed individually by each student. The submission deadline is 2pm,

Monday 13th June 2022. This assignment requires a student to answer six questions (each with

sub-parts) that relate to the course content of the remaining seminars. Assignment 2 is worth 30%

of the overall course marks. A student’s answer to each of the questions (that is, each question

and all its sub-parts) cannot exceed 300 words. This word limit per question requires a student to

soundly analyse/research each question and then structure a response in a concise business-

informative fashion. There is no need to reference an answer unless referencing is specifically

requested in the question. A student must construct each answer in her/his own words – and in

‘plain English’ business language (not technical language that would be more suited to computing

science/engineering contexts).

? One PDF submission via the Blackboard BISM7213 site (full details closer to submission

date)

? Please ensure your student details (name, number, email address) are contained on each

page of the report of the report in a suitably designed footer

Assignment Marking Guide

Each submission will be marked according to the following criteria:

? The completeness of the answer – does the answer show that the student has grasped the

full meaning of the question and that the student has included all relevant points in the

answer?

? Does the answer identify and accurately analyse the interdependencies of the relevant

points that are relevant?

? Is the answer presented in ‘plain English’ business language? The student must present

answers (often discussing technical issues) in terminology/language that is clearly and easily

understood by a business analyst/business manager

Question 1

Please answer the following questions in relation to our topic “symmetric key cryptography”.

a) You are consulting to a major Australian real estate firm. The firm wants to communicate

confidentially with its 2500 individual clients. A partner within the firm has suggested that

symmetric key cryptography system would be the ideal solution to provide this

confidentiality. What is your advice?

(4%)

b) You are planning to explain to your work colleagues as to how ‘human’ friendly data is

encrypted via (1) ASCII conversion and (2) the Exclusive OR (XOR) function. In your

explanation, you need to concisely describe:

I. The ASCII conversion approach, its major limitation, and how this limitation has since

been solved?

II. The XOR function – what it does and why it is popular in implementing ciphers on

digital computing platforms?

2 BISM7213 assignment 2 – Semester 1, 2022

III. Demonstrate (I.) and (II.) above by encrypting the ‘plain text message’ Owl with the

cipher key XyZ (as shown in the relevant slide 18 of week 6 seminar).

(6%)

Question 2

Please answer the following questions in relation to our topics of hybrid security protocols (TLS) and

PKI.

You are a business analyst working for an online retailing business “Travel Shoppers”. Travel

Shoppers works within a global PKI and the digital certificate supporting its web sales process is a

central asset. Your manager needs you to explain to him how this digital certificate is secured so that

it can distribute the Travel Shoppers public key with trust. He needs to know how all Travel Shoppers

clients can fully trust that fraudulent copies of the Travel Shoppers digital certificate will be quickly

and effectively detected. His central need is to be assured that all Travel Shoppers clients can totally

trust that – when securely making a transaction-based secure connection with Travel Shoppers, the

clients are indeed dealing with the legitimate Travel Shoppers web server. Finally, he wants to know

what is the central strategy that Travel Shoppers needs to focus upon to support TLS in this specific

area.

(10%)

Question 3

Please answer the following questions in relation to our topic of Firewalls and the DMZ. The network

diagram that relates to this question is at the end of this assignment with the heading “Network

Diagram – Travel Shoppers”.

a) Your manager is very interested in the firewall design for “Travel Shoppers”. He asks for an

explanation of the two major types of firewalls that have been used in the Travel Shoppers

network design and the advantages of these firewall types. He asks if – and how – the chosen

firewall design would effectively deal with ‘spoofing’ attacks and ‘malicious’ code attacks.

(6%)

b) Your manager has heard of the DMZ concept, however he wants to know why it is needed,

how it works and how ‘breaking the connection’ delivers better security to Travel Shoppers.

(4%)

Question 4

Please answer the following question in relation to our coverage of IDS.

The concept of an IDS is not familiar to your manager at “Travel Shoppers”. He wants to know how

an IDS differs to a firewall, does an IDS explicitly cooperate with a firewall, and if not, what is the

point of having both concepts (i.e., IDS and firewalls). Your manager asks why the IDS for Travel

Shoppers has been deployed on the network as shown in the attached network diagram (contained

at the end of this assignment). He asks if there is a general rule that the business should follow for

positioning IDS.

(10%)

3 BISM7213 assignment 2 – Semester 1, 2022

Question 5

Your manager at “Travel Shoppers” wants to know more about the PCI DSS. Specifically, he asks what

the CDE is and why it is so significant to the PCI DSS? In addition, he wants you to list the system

components of Travel Shopper’s CDE (Network Diagram contained at the end of this assignment).

Your manager is also considering using the ISO27001/27002 as a fundamental reference for the

security architecture of the company. He asks you how the ISO27001/27002 would work with PCI-

DSS? Specifically, you must address in your answer the area of the business targeted by each

standard, the level of compliance required by each standard, and the penalties (if applicable) for non-

compliance levied by each.

(10 %)

Question 6

Please answer the following questions in relation to our coverage of the Bitcoin blockchain.

The concept of the ‘blockchain’ very much interests your manager at Travel Shoppers. He has been

advised that the blockchain “employs cryptographic and algorithmic methods to record and

synchronise data across a network in an immutable manner” – he wants to know what this means

and, concisely, how it is achieved.

Your manager also wants to know what the bitcoin blockchain “proof of work” concept is all about –

how it works and what it is designed to achieve.

Finally, your manager wants to know why/why not a bitcoin blockchain could replace the current

database used by the business to support its web sales process (as shown in the network diagram at

the end of this assignment).

(10 %)

Lennart Jaeger

Semester 1, 2022

Network Diagram follows on next page