CSE 4482 Computer Security Management: Assessment and Forensics assignment 1 Due date: Oct 8, 2010. Your first assignment is to write a report about phishing. Your report has to cover the following: 1) the origin of the term - phishing; 2) the threats phishing poses to individual employees and the company as a whole.
CSE 4482 Computer Security Management: Assessment and Forensics assignment 1 Due date: Oct 8, 2010. Your first assignment is to write a report about phishing. Your report has to cover the following: 1) the origin of the term - phishing; 2) the threats phishing poses to individual employees and the company as a whole.
CSE 4482 Computer Security Management: Assessment and Forensics assignment 1 Due date: Oct 8, 2010. Your first assignment is to write a report about phishing. Your report has to cover the following: 1) the origin of the term - phishing; 2) the threats phishing poses to individual employees and the company as a whole.
1.1 Phishing Report [25 points] Assume you have just been employed by a leading financial institution as an information security consultant. Your first assignment is to write a report about phishing, so that the Board and CEO can assess the extent and implications of this particular type of security attack to company’s information security. Your report has to cover the following: 1) the origin of the term – phishing; 2) the threats phishing poses to individual employees and the company as a whole; 3) a detailed list of mechanisms that are available to counter phishing; The report should be around 1 - 1.5 pages in length, and based on at least 3 different (properly referenced) sources. The report should be structured logically, with clearly identified sections, so that it is easy to follow and understand.
1.2 Information Security Program/Department at York University [15 points]
In this question, your task is to identify which of the three Info. Sec. organizational models, previously discussed in class, apply to York University: (a) Info. Sec. under IT; (b) Info. Sec. under Administrative Services; (c) Info. Sec. under Risk Management? The information necessary to answer this question can be obtained off the Internet, i.e. off York’s Web-domain. Provide the link to (or a screenshot of) the page that has helped you answer the question. In addition, answer the following: • What is the name of York’s Information Security Officer? • What are your general comments about the Information Security model employed at York? Name one key advantage and one key disadvantage of this model.
1.3 Security Policy [20 points]
For each of the following questions, write a short one-paragraph answer: 3.1) What can occur if a security policy is so rigidly formulated that too little trust is placed in network users? 3.2) Why is Acceptable Use Policy usually the first listed ISSP policy in the documents/web- sites of most companies? 3.3) What is the purpose of an (ISSP) Audit Policy? What are the possible subcategories of this policy? Part II – Practical Questions [40 points] In the second part of this assignment, you are asked to read pages 1 - 7 of the “Applied Information Security: A Hands-on Guide to Information Security Software” textbook, and perform the exercises related to the following DOS tools: IPCONFIG, PING, TRACERT, NETSTAT. In your written report, the following should be included: 1. IPCONFIG: 1.a) screenshot of the output that you obtain by performing ‘ipconfig /all’ on your computer; 1.b) answers to questions 1 – 4. 2. PING 2.a) screenshot of the output that you obtain by performing ‘ping www.utah.edu’; 2.b) answers to questions 1 – 4. 3. TRACERT 3.a) screenshot of the output you obtain by performing ‘tracert www.utah.edu’; 3.b) answers to questions 1 – 4. 4. NETSTAT 4.a) screenshot of the output you obtain by performing ‘netstat’ on your computer; 4.b) answers to questions 1 – 4.
Each of the above answers should NOT exceed 2-3 sentences in length!