Monday 11 May 2020, 14:30 BST
(24 hour open online assessment – Indicative duration 2 hours)
DEGREES OF MSci, MEng, BEng, BSc, MA and MA (Social Sciences)
Enterprise Cyber Security (M) COMPSCI 5077
Copyright By cscodehelp代写 加微信 cscodehelp
(Answer ALL 3 questions)
This examination paper is worth a total of 60 marks
1. Bartik and Spence have created a successful financial start-up in Lilliput, a country not part of the European Union (EU) or the European Economic Area (EEA). The pair have decided to create a branch of the financial start-up company in France, a country that is part of the European Union (EU). The pair are encountering fierce competition, in both France and Lilliput, from various similar financial start-up companies.
Bartik and Spence are keen to ensure they demonstrate a professional, high-quality service that customers will recommend to friends and family. The pair want to use cloud computing to ensure their company can scale, but have limited technical knowledge and experience. Bartik also highlights that both governments have strict financial regulations, that while loosening, are likely to change as the countries are in the process of negotiating a wide-spread trade agreement.
The pair have decided to use cloud computing, but the pair are unsure of the optimal cloud deployment model.
Critique FOUR different cloud deployment models in the given context. Argue for the optimal solution in the given context.
(approximately 400 words)
Spence is concerned about the confidentiality of customer data, specifically personal data leaking from use of cloud computing infrastructure or as the result of a cyber-attack. Spence is also concerned that once data is compromised, unauthorised individuals could infer insight from data, potentially giving an advantage to competitors. Spence initially considered encryption to further protect customer data, but felt it was not realistic or optimal. Bartik agrees, but argues they must still ensure they can efficiently utilise customer data pertaining to profiling repayment habits and transaction history for individual customers. A customer record contains various items of information, such as annual salary and gender, as well as sensitive information, including racial origin and religious beliefs.
Argue for TWO obfuscation-based inference controls that would be optimal in the given context.
(approximately 200 words)
Spence states that they could offer existing French customers better financial products and interest rates, if the pair stored and processed all data at their Lilliput branch. Spence argues all that would be required is to transfer and store all existing customer data at the Lilliput branch. Bartik argues that since Lilliput is not part of the European Union (EU), no such data transfer can occur. Spence argues this is not a problem as the company’s customer data is transited all over
Summer diet 1 Continued Overleaf/
the world, effectively passing through various non-EU networks to their back- up systems in various other EU countries.
Appraise different options for the restricted transfer of customer data in the given context and argue whether the different positions adopted by Bartik and Spence are accurate.
(approximately 400 words)
2. The Lena Corporation design various Image Processing Units (IPUs) for portable devices, such as smartphones and tablets. The company remains competitive due to a number of valuable trade secrets related to the design of its IPUs. However, many of these trade secrets have now been leaked to the public in a suspected cyber-attack.
The management team are concerned that attackers have intruded into company systems that were perceived as secure from such threats. The management team have requested Simon, Stallman and Stroustrup to investigate and to determine the anatomy of the suspected cyber-attack as well as suggest appropriate defences.
Simon, Stallman and Stroustrup have reviewed the log of security incidents, that have been reported in the past 12 months within the company. The pair have already determined several relevant incidents:
Two removable media drives (USB memory drives) with the label ‘HR department’ written on them have been discovered in the toilets in separate site offices. The USB memory drives contain various Microsoft Excel files.
36 suspicious emails have been reported within the organisation, specifically in the administration office. Each email has been structured to appear from the immediate superior to the recipient, such as their line manager or team leader.
14 suspicious attachments, specifically Microsoft Excel files, that appear relevant to the recipient’s role and benign, but contain a malicious payload. An example would be a financial analyst receiving a spreadsheet labelled ‘Annual Budget’.
Remote administration tools have been located on various employee systems, that were not present at the previous inspection.
Several employees report receiving suspicious friend requests and messages on social networking services from profiles masquerading as colleagues.
The trio agree that the identified incidents alone are not sufficient to gain insight into the anatomy of the cyber-attack. The trio propose using an approach to better understand the cyber-attack, but cannot agree on an optimal approach.
Summer diet 2 Continued Overleaf/
Simon proposes using Attack Trees, Stallman suggests the Cyber Kill Chain approach, while Stroustrup advocates for the STRIDE approach.
Appraise each of the proposed approaches from Simon, Stallman and Stroustrup in the given context. Argue for the optimal approach and formulate the anatomy of the cyber-attack in the given context.
(approximately 750 words)
b. The management team want to ensure that the company is not susceptible to such a cyber-attack in the future.
Argue for THREE distinct defensive steps that could be taken to optimally defend against the attack identified in (a) and at what stage they should be taken.
(approximately 450 words)
3. Perlman and Sammet is a British multinational retailer that specialises in clothing and food products. The company has been established for 150 years with more than 950 stores operating 24 hours a day. In the 1970s, Perlman and Sammet made considerable investment in a bespoke transaction system to manage customer transactions.
The company has 3 million visitors every 24 hours, 1 million of these visits conclude with a transaction and each transaction typically generates £10 of profit. The ageing transaction system has become the backbone of the company and is critical in the sale of goods. Nevertheless, the management team have become concerned about the dependency of the business on the transaction system.
3 Continued Overleaf/
The management team have determined they can withstand a loss of £5 million profit from transactions, but major business units would be compromised after losses reach £20 million profit from failure of the transaction system. The management team believe the business would be irreparably damaged if the company could not process transactions after 72 hours. The technical support team state the transaction system could be restored within 36 hours from failure and so the business will not become irreparably damaged.
Discuss RPO, RTO and MTPOD in the given context and argue whether the statement from the technical support team is accurate.
(approximately 300 words)
Perlman and Sammet currently rely on an ageing back-up tape-based system. The management team are considering replacing the system with a modern disk- based approach as it may reduce the time taken to restore valuable systems.
The technical support team argue that while a modern disk-based approach could replace the existing tape-based system, it would incur unforeseen costs. The technical support team argue several systems that interact with the back-up system would need to be replaced as a result and considerable staff training would also be required to utilise the new back-up system. The technical support team also argue little infrastructure investment is necessary as the current infrastructure supports a periodic back-up every 72 hours, that covers 12 hours of transactions.
Argue whether the position of the technical support team is accurate in the given context.
(approximately 300 words)
The management team are keen to rapidly expand use of the transaction system, specifically to consumers as to increase the number of profitable transactions. The system support team are concerned though that the ageing transaction system may not be able to cope with the additional demand and that in widening access to customers previously unknown security vulnerabilities may arise. The management team state they will provide resources and need to expand the system within a relatively short timeframe. The system support team argue that many aspects of the ageing systems, such as source code, cannot be updated as they lack software engineers with sufficient knowledge of the systems. The system support team also state that no alternative system is available, if the current ageing system was to collapse.
Appraise FOUR approaches to evolve legacy systems and argue for the optimal approach in the given context.
(approximately 200 words)
程序代写 CS代考 加微信: cscodehelp QQ: 2235208643 Email: firstname.lastname@example.org