Scribd Logo
Upload

Welcome to Scribd!

  • CSE4482 Assignment1

    Uploaded by

    sramji74
    192 views2 pages
    CSE 4482 Computer Security Management: Assessment and Forensics assignment 1 Due date: Oct 8, 2010. Your first assignment is to write a report about phishing. Your report has to cover the following: 1) the origin of the term - phishing; 2) the threats phishing poses to individual employees and the company as a whole.

    Original Description:

    Original Title

    CSE4482_Assignment1

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    CSE 4482 Computer Security Management: Assessment and Forensics assignment 1 Due date: Oct 8, 2010. Your first assignment is to write a report about phishing. Your report has to cover the following: 1) the origin of the term - phishing; 2) the threats phishing poses to individual employees and the company as a whole.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    192 views2 pages

    CSE4482 Assignment1

    Uploaded by

    sramji74
    CSE 4482 Computer Security Management: Assessment and Forensics assignment 1 Due date: Oct 8, 2010. Your first assignment is to write a report about phishing. Your report has to cover the following: 1) the origin of the term - phishing; 2) the threats phishing poses to individual employees and the company as a whole.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    CSE 4482

    Computer Security Management:


    Assessment and Forensics

    Assignment 1
    Due date: Oct 8, 2010

    Part I – Theoretical Questions


    1.1 Phishing Report [25 points]
    Assume you have just been employed by a leading financial institution as an information
    security consultant. Your first assignment is to write a report about phishing, so that the Board
    and CEO can assess the extent and implications of this particular type of security attack to
    company’s information security. Your report has to cover the following:
    1) the origin of the term – phishing;
    2) the threats phishing poses to individual employees and the company as a whole;
    3) a detailed list of mechanisms that are available to counter phishing;
    The report should be around 1 - 1.5 pages in length, and based on at least 3 different (properly
    referenced) sources. The report should be structured logically, with clearly identified sections,
    so that it is easy to follow and understand.

    1.2 Information Security Program/Department at York University [15 points]


    In this question, your task is to identify which of the three Info. Sec. organizational models,
    previously discussed in class, apply to York University:
    (a) Info. Sec. under IT;
    (b) Info. Sec. under Administrative Services;
    (c) Info. Sec. under Risk Management?
    The information necessary to answer this question can be obtained off the Internet, i.e. off
    York’s Web-domain. Provide the link to (or a screenshot of) the page that has helped you
    answer the question.
    In addition, answer the following:
    • What is the name of York’s Information Security Officer?
    • What are your general comments about the Information Security model employed at York?
    Name one key advantage and one key disadvantage of this model.

    1.3 Security Policy [20 points]


    For each of the following questions, write a short one-paragraph answer:
    3.1) What can occur if a security policy is so rigidly formulated that too little trust is placed in
    network users?
    3.2) Why is Acceptable Use Policy usually the first listed ISSP policy in the documents/web-
    sites of most companies?
    3.3) What is the purpose of an (ISSP) Audit Policy? What are the possible subcategories of
    this policy?
    Part II – Practical Questions [40 points]
    In the second part of this assignment, you are asked to read pages 1 - 7 of the “Applied
    Information Security: A Hands-on Guide to Information Security Software” textbook, and perform
    the exercises related to the following DOS tools: IPCONFIG, PING, TRACERT, NETSTAT.
    In your written report, the following should be included:
    1. IPCONFIG:
    1.a) screenshot of the output that you obtain by performing ‘ipconfig /all’ on your computer;
    1.b) answers to questions 1 – 4.
    2. PING
    2.a) screenshot of the output that you obtain by performing ‘ping www.utah.edu’;
    2.b) answers to questions 1 – 4.
    3. TRACERT
    3.a) screenshot of the output you obtain by performing ‘tracert www.utah.edu’;
    3.b) answers to questions 1 – 4.
    4. NETSTAT
    4.a) screenshot of the output you obtain by performing ‘netstat’ on your computer;
    4.b) answers to questions 1 – 4.

    Each of the above answers should NOT exceed 2-3 sentences in length!

    You might also like