Total Marks 5
Starting Date Thursday, August 01, 2019
Closing Date Friday, August 02, 2019
Status Open
Question Title Graded Discussion Board
Question Description
Scenario:
Suppose “WeConnect” is an IT based company which is specialized in providing Voice over IP (VoIP) based services to its clients. Currently “WeConnect” is working on an application that will provide the functionality of “Virtual Labs” to Online Universities situated across the globe. Using this application the teachers could be able to give online lectures with the help of simulations and students could be able to raise text, audio or video based queries.
A module of this application requires the usage of CAPTCHA codes that takes less than a minute to process, but the client is insisting to remove this delay for a better user experience.
After reading the above given scenario, give your opinion with solid reasons, should the company reduce the CAPTCHA code processing time or completely remove the CAPTCHA code feature from this application?
Please read the scenario carefully before writing your comments.
A concise, coherent and to the point comment is preferred over lengthy comment having irrelevant details. Your comment must not be more than 4-5 lines. Comments, posted on regular Lessons MDB or sent through email will NOT be considered in any case. Any request about such an acceptance will not be catered. Furthermore, your solution should not be copied from any student or from any other source.
Best of Luck!
Re: CS205 Assignment 2 Solution and Discussion
Assignment No. 02
Semester: Spring 2020
CS205: Information Security Total Marks: 25
Due Date: 15/06/2020
Instructions:
Please read the following instructions carefully before submitting assignment:
You need to use MS word document to prepare and submit the assignment on VU-LMS.
It should be clear that your assignment will not get any credit if:
The assignment is submitted after due date.
The assignment is not in the required format (doc or docx)
The submitted assignment does not open or file is corrupt.
Assignment is copied (partial or full) from any source (websites, forums, students, etc)
Objectives:
To enhance the learning capabilities of the students about Vulnerability management and its Tools.
Assignment
Question No-1:
You are required to download the QUALYS and NESSUS trial versions and install these tools on your PC/Laptop. Then read the online guides and watch the related YouTube videos where necessary for instructions on how to use these tools and to familiarize with the menus.
Now run the scanner to scan a minimum of:
2 IT assets such as server, workstation, or network device (As per your convenience)
2 web assets such as website or portal
Compare and contrast the both (QUALYS and NESSUS) reports and comment how the reports are different. Your answer should be concise and to the point.
Note:
After scanning the above IT assets take the screenshot of the reports of these scanners (QUALYS and NESSUS) and paste those screenshot in word file then submit that word file as assignment.
Best of luck
Re: CS205 Assignment 1 Solution and Discussion
Assignment No. 01
Semester: Spring 2020
CS205: Information Security Total Marks: 30
Due Date: 29 /05/2020
Instructions:
Please read the following instructions carefully before submitting assignment:
You need to use MS word document to prepare and submit the assignment on VU-LMS.
It should be clear that your assignment will not get any credit if:
The assignment is submitted after due date.
The assignment is not in the required format (doc or docx)
The submitted assignment does not open or file is corrupt.
Assignment is copied (partial or full) from any source (websites, forums, students, etc)
Objectives:
To enhance the learning capabilities of the students about:
• CIA triangle.
• OSI security architecture.
Assignment
Question No-1:
In today’s IT world, different stores are running their businesses through Internet which enables their customers to make sales and purchase transactions online 24/7 from anywhere. Time saving is one of the prime benefits of online business/shopping as the customers don’t have to physically visit the business/shopping centers in this regard. In addition, online businesses also provide the facility of online support and tracking of their orders/transactions to their customers. The customers can get their queries clarified and can track their delivery status i.e. when the goods /products are going to be dispatched to them.
However, in spite of all the benefits of online business/ shopping, still a large number of people hesitate to make online account on the website of online store to perform online transaction due to fear of losing their personal / account information. To ensure the customer gain, the online businesses must need to apply some OSI preventive security measures/services to tackle with the risk associated with their businesses.
In view of above, you are required to carefully analyze each scenario given below and identify the most suitable OSI security service to tackle the risk associated with each scenario:
Customer’s personal or order information is considered very important and it should be available only for that specific customer.
Customer’s delivery address is stored in the database of an online store for delivery of required items. An employee of this store having legal rights to access this database, unintentionally changes this address information which resultantly can misguide the delivery of products on wrong address.
Online shopping website is not accessible due to which its customers are unable to place orders or do any other transaction.
Delivery receipt should be received in same form as it is sent to a customer.
Online shopping store is going to launch new promotions, but this plan is leaked prior to its launching.
While online shopping, customer is transferring online payment via credit card. Both the parties i.e. customer and related bank should be guaranteed for identification of each other.
A customer is only allowed to see his/her order status, but not allowed to make any changes in his/her order information after successful submission of order request.
A customer performs online order and then later denies for his/her order. How online business will tackle/handle this situation?
A customer sends email to an online store to know about his/her order status and the online store replies to the customer with related information of order status. This information should be received as it is sent by online store.
Solution:
Scenario No
OSI security service
1
2
3
4
5
6
7
8
9
Question No-2:
Consider an online performance evaluation system of a company where its employees enter the daily status of the tasks assigned to them in online sheets available in the system. The sheets are analyzed by the competent authorities of the company on daily basis to evaluate the performance of the employees.
You are required to briefly explain the confidentiality, integrity and availability with the help of example associated with this system.
In your point of view which component of C.I.A. Triangle model will get the highest importance and which component will get the least importance according to above mentioned scenario?
Solution:
Best of luck
Assignment No. 03
Semester: Fall 2019
CS205: Information Security Total Marks: 25
Due Date: 22/01/2020
Instructions:
Please read the following instructions carefully before submitting assignment:
You need to use MS word document to prepare and submit the assignment on VU-LMS.
It should be clear that your assignment will not get any credit if:
The assignment is submitted after due date.
The assignment is not in the required format (doc or docx)
The submitted assignment does not open or file is corrupt.
Assignment is copied (partial or full) from any source (websites, forums, students, etc)
Objectives:
To enhance the learning capabilities of the students about cryptography and crypto algorithms.
Assignment
Question 1:
You are required to encrypt the string “Security Professional” and decrypt the string “MdgfjVhjfbteut” using following tables with “Substitution Cipher Method”.
[image: 2jpMsDs.png]
Question 2:
You are required to encrypt the plain text “ACCOUNTABILITY” using Vigenere Square Cipher method? Suppose that keyword is “SILENT”.
Question 3:
You are required to encrypt the plain text “wearesecurityprofessionalsinuk” into cipher text using columnar transposition method with a Key: “231645”.
Best of luck
Any Frnd have CS205 Solved 3rd Assignment. Kindly Share it urgent
Assignment No. 02
Semester: Fall 2019
CS205: Information Security Total Marks: 15
Due Date: 28/11/2019
Instructions:
Please read the following instructions carefully before submitting assignment:
You need to use MS word document to prepare and submit the assignment on VU-LMS.
It should be clear that your assignment will not get any credit if:
The assignment is submitted after due date.
The assignment is not in the required format (doc or docx)
The submitted assignment does not open or file is corrupt.
Assignment is copied (partial or full) from any source (websites, forums, students, etc)
Objectives:
To enhance the learning capabilities of the students about:
Software Attacks
Need for Security against attacks
Assignment
Question No-1:
“Friend Circle” is a social media platform yet to be launched. Currently, it is in testing phase in which various security policies in the perspective of an online platform are being tested. Following are the reports / observations of such tests:
Report 1:
Upon testing the login interface, the security experts found a loophole in the system that an unauthorized person can login to the system by trying different combinations of passwords.
Report 2:
It is observed that bundle of unnecessary requests possibly generated by some computers or bots can overload the application and resultantly system may crash or fail to perform ordinary functions.
After carefully analyzing above mentioned reports, you are required to identify the type of attack associated with each report. Also mention one suitable solution to tackle the identified attack.
Question No-2:
Carefully study the Topics “threat” and “software attacks” and identify the deliberate software attacks for following situations with proper justification.
Suppose a user receives an email containing an image file as the attachment. As the user opens the file, different files on his systems get deleted or modified.
A student copied some files from his USB flash drive to a computer in university lab. After doing this, he observed that the number of files on the system got duplicated and overall performance of the system got deteriorated. He faced too much delay in performing tasks by the computer.
A user noticed that someone is using his Facebook account after stealing his credentials. After investigation, he observed that it happened after installing a software downloaded from an un-authentic website.
CS205 Grand Quiz Solution and Discussion
CS205 - Information Security
29
Posts
1
Posters
15.8k
Views
1
Watching
-
A policy is___________________.
Mandatory and limited in scope to a department
Mandatory and applies to entire organization; signed off by senior management
Not mandatory but a guideline only
Signed off by information security department
-
For effective information security implementation, the security journey should start with___________.
Developing comprehensive policies and procedures
Management commitment
Security hardening and vulnerability management of IT assets
A penetration test
-
The purpose of the information security lifecycle is to ensure that___________________.
Project management is conducted adequately
The sequence is documented
There is a completion date to security projects
All security projects & activities consistently follow the same sequence and steps
-
One of the challenges in effective implementation of a security transformation project in a small-sized organization is_______________.
Adhoc culture and lack of discipline
Old and outdated IT environment
Multiple data center sites
Lack of a disaster recovery (DR) site
-
What does check content explain about rule in DISA STIG?
Describes the control
Describes the benefit of implementing control
Tells how to check whether control is implemented or not
Tells how to apply control
-
_________________is the part of Information Security Awareness.
Procedure
Standard
Policy
Training
-
Which of the following statement is correct?
CVE is superset of NVD
NVD is an open standard for assigning vulnerability impacts
NVD is superset of CVSS
NVD is superset of CVE
-
If account lockout feature value is set to “0” on a ms 2012 member server than?
The account will never be locked despite of several failed login attempts
The account will be locked and system will have to be rebooting
Will require administrator to unlock the account
Will have to disconnect from network
-
The verizon and symantec reports show that_______________.
Web is the most vulnerable vector
Email is the most attacked vector
IOT is more secure than other technologies
Malicious internal users or disgruntled employees cause most damage
PAK VS BAN Live
File Sharing
