微信客服:xiaoxionga100
微信客服:ITCS521
BISM7213-BISM7213–Business Information Security代写-Assignment 2
时间:2023-10-26
BISM7213 Assignment 2 – Semester 2, 2023
BISM7213 – Business Information Security
Assignment 2 worth 60% of overall course marks
Dr Lennart Jaeger – 2023 S2
Assignment Overview
This assignment must be completed individually by each student. The submission deadline is 2pm, 06
Nov 2023. This assignment requires a student to answer 6 questions (each with sub-parts) that focus
on the course material covered across the course. Assignment 2 is worth 60% of the overall course
marks. A student’s answer to each of the 6 questions (that is, each question and all its sub-parts) cannot
exceed 300 words (+10% tolerance per UQ policy). This word limit per question requires a student to
soundly analyse/research each question and then structure a response in a concise, business-
informative fashion. There is no need to reference an answer unless referencing is specifically
requested in the question. A student must construct each answer in her/his own words – and in ‘plain
English’ business language (using the language we use in class and not too technical language that
would be more suited to computing science/engineering contexts). Please note that each question in
this assignment may well span work covered across all weeks (and not simply relate to one specific
week).
This assignment assumes that a postgrad student is capable to assimilate information from not only
this course, but also many other courses and reputable sources on the Internet as would be required
in a business setting. Students are advised that the use of AI technologies to develop responses is
strictly prohibited and may constitute student misconduct under the Student code of Conduct. Each
assessment question evaluates students’ abilities, skills and knowledge without the aid of AI.
• PDF submission via Turnitin. Full details closer to submission date.
• Please ensure your student details (name, number, email address) are contained on each page of
the submission in a suitably designed footer.
• Clearly label which question and if relevant subquestion you answer (e.g., Question 6a)). You
don‘t have to repeat the question.
• Answer in full sentences but you may want to use bullet points, numbering, or headers to help
structuring your answer.
• Read each question carefully for additional formatting requirements specific to the question.
Assignment Marking Guide
Each submission will be marked as per the rubric in Table 1 (see following pages).
BISM7213 Assignment 2 – Semester 2, 2023
Table 1 - Marking rubric for assignment 2.
Criteria
High distinction
(8.5-10)
Distinction (7.5-8.4) Credit (6.5 – 7.4) Pass (5-6.4) Marginal fail (4.7-4.9) Fail (3-4.6) Low fail (0-2.9)
(10 marks)
Question 1)
a) Provides
outstanding advice
to partner.
b) Provides
outstanding
explanations about
ASCII conversion
and XOR function.
Provides correct
output cypher (as
bits).
a) Provides very
good advice to
partner
b) Provides very
good explanations
about ASCII
conversion and XOR
function.
Provides correct
output cypher (as
bits).
a) Provides good
advice to partner
b) Provides good
explanations
about ASCII
conversion and
XOR function.
Provides correct
output cypher (as
bits).
a) Provides basic
advice to partner
b) Provides basic
explanations about
ASCII conversion
and XOR function.
Provides correct
output cypher (as
bits).
a) Provides limited
advice to partner
b) Provides limited
explanations about
ASCII conversion
and XOR function.
Provides incorrect
output cypher (as
bits).
a) Advice to partner
may not be relevant
or explained.
b) Provides minimal
explanations about
ASCII conversion
and XOR function.
Provides incorrect
output cypher (as
bits).
a) Advice to partner
is not clear or
relevant, or
presented.
b) Provides
inadequate or
incorrect
explanations about
ASCII conversion
and XOR function.
Provides incorrect
output cypher (as
bits)
(10 marks)
Question 2)
Provides
outstanding
explanations of
hybrid security
protocols (TLS) and
PKI.
Provides very good
explanations of
hybrid security
protocols (TLS) and
PKI.
Provides good
explanations of
hybrid security
protocols (TLS)
and PKI.
Provides basic
explanations of
hybrid security
protocols (TLS) and
PKI.
Provides limited
explanations of
hybrid security
protocols (TLS) and
PKI.
Provides minimal
explanations of
hybrid security
protocols (TLS) and
PKI.
Provides
inadequate or
incorrect
explanations of
hybrid security
protocols (TLS)
and PKI.
(10 marks)
Question 3)
Provides
outstanding
explanations of
Kerberos
Provides very good
explanations of
Kerberos
Provides good
explanations of
Kerberos
Provides basic
explanations of
Kerberos
Provides limited
explanations of
Kerberos
Provides minimal
explanations of
Kerberos
Provides
inadequate or
incorrect
explanations of
Kerberos
BISM7213 Assignment 2 – Semester 2, 2023
(10 marks)
Question 4)
Provides
outstanding
explanations of
Firewalls and DMZ.
Provides very good
explanations of
Firewalls and DMZ.
Provides good
explanations of
Firewalls and DMZ
Provides basic
explanations of
Firewalls and DMZ
Provides limited
explanations of
Firewalls and DMZ
Provides minimal
explanations of
Firewalls and DMZ
Provides
inadequate or
incorrect
explanations of
Firewalls and DMZ
(10 marks)
Question 5)
Provides
outstanding
explanations of PCI
DSS, and the CDE.
Provides very good
explanations of PCI
DSS, and the CDE.
Provides good
explanations of
PCI DSS, and the
CDE
Provides basic
explanations of PCI
DSS, and the CDE
Provides limited
explanations of PCI
DSS, and the CDE.
Provides minimal
explanations of PCI
DSS, and the CDE.
Provides
inadequate or
incorrect
explanations of
PCI DSS and the
CDE.
(10 marks)
Question 6)
Provides
outstanding
explanations of
blockchain.
Provides very good
explanations of
blockchain.
Provides good
explanations of
blockchain
Provides basic
explanations of
blockchain
Provides limited
explanations of
blockchain
Provides minimal
explanations
limited
understanding of
blockchain
Provides
inadequate or
incorrect
explanations of
blockchain
BISM7213 Assignment 2 – Semester 2, 2023
Question 1
Please answer the following questions in relation to our topic “symmetric key cryptography”.
a) You are consulting to a major Australian tax firm. The firm wants to communicate
confidentially with its 3000 individual clients. A partner within the firm has suggested that
symmetric key cryptography system would be the ideal solution to provide this
confidentiality. What is your advice?
(4%)
b) You are planning to explain to your work colleagues as to how ‘human’ friendly data is
encrypted via (1) ASCII conversion and (2) the Exclusive OR (XOR) function. In your
explanation, you need to concisely describe:
I. The ASCII conversion approach, its major limitation, and how this limitation has since
been solved?
II. The XOR function – what it does and why it is popular in implementing ciphers on
digital computing platforms?
III. Demonstrate (I.) and (II.) above by encrypting the ‘plain text message’ Ant with the
cipher key XyZ (as shown in the relevant slide 18 of week 6 seminar. You also must
use the ASCII table from slide 16).
(6%)
Question 2
Please answer the following questions in relation to our topic “hybrid security protocols (TLS) and
PKI”.
You are a business analyst working for an online retailing business “Travel Shoppers”. Your manager
needs you to explain to him how your business web server – using TLS – provides strong security for
customers completing online purchasing with Travel Shoppers. Specifically your manager is
concerned about ‘hacking’ attacks in which a ‘rogue’ server will take a copy of the Travel Shoppers
digital certificate, and then fraudulently use this copy to complete transactions with unsuspecting
Travel Shoppers customers.
He wants to know if this can happen – in part or completely, what are the controls inbuilt into TLS
and certificates to combat this, and what is the central strategy that Travel Shoppers needs to focus
upon to support TLS in this specific area.
(10%)
Question 3
Please answer the following question in relation to our coverage of the Kerberos authentication
service.
a) We have discussed how Kerberos implements the ‘shared secret’ principle and that this
delivers mutual authentication. Explain how the Kerberos server will authenticate itself back
to the user. You must ensure to explain what the Kerberos server does, and you must explain
fully why this proves the identity of the Kerberos server to the user.
(6%)
BISM7213 Assignment 2 – Semester 2, 2023
b) In the Kerberos authentication system at UQ, what is the actual secret that is known to
Kerberos and also to the user. What type of cryptography does Kerberos utilize? Does
Kerberos solve the key distribution problem – explain your answer.
(4%)
Question 4
Please answer the following questions in relation to our topic of Firewalls and the DMZ. The network
diagram that relates to this question is at the end of this assignment with the heading “Network
Diagram – Travel Shoppers”.
Your manager is very interested in the firewall design for “Travel Shoppers”. He asks for an
explanation of the two major types of firewalls that have been used in the Travel Shoppers network
design and the advantages of these firewall types. He asks if – and how – the chosen firewall design
would effectively deal with ‘spoofing’ attacks and ‘malicious’ code attacks.
Your manager has heard of the DMZ concept, however he wants to know why it is needed, how it
works and how ‘breaking the connection’ delivers better security to Travel Shoppers.
(10%)
Question 5
Please answer the following questions in relation to our topic of PCI-DSS. The network diagram that
relates to this question is at the end of this assignment with the heading “Network Diagram – Travel
Shoppers”.
Your manager at “Travel Shoppers” is worried about an upcoming PCI-DSS compliance audit and
wants to know more about the PCI DSS. Specifically, your manager wants you to concisely explain to
him what the CDE is, the concept of network segmentation and CDE scope, and why these are very
significant in relation to Travel Shoppers’s adoption of PCI DSS.
He also wants to know whether and how Travel Shoppers has achieved segmentation of its CDE. He
also wants you to list Travel Shopper’s system components within the CDE. Finally, he wants to know
if he should expect high or low auditing costs and why.
(10 %)
Question 6
The concept of the ‘blockchain’ very much interests your manager at Travel Shoppers. However, the
concept of a centrally-managed, permissioned database offering read, write, create and delete
access is still very popular in the contemporary business world. Your manager wants to know how
the bitcoin blockchain differs very much from this contemporary business database model.
The Bitcoin blockchain uses cryptographic hashing as an integrity control to deliver immutability
within the blockchain. Your manager wants to know what this ‘immutability’ precisely means – that
is, what can change within the blockchain and what cannot. Explain how hashing achieves
immutability.
(10%)
Network Diagram follows on next page
BISM7213 Assignment 2 – Semester 2, 2023
Network Diagram – Travel Shoppers
Wireless Access
Point
Stateful inspection
Stateful inspection
Other important
servers
Stateful inspection Packet filtering
Router
Internet
Cloud
File server
DNS Server Email Server
Web Proxy Server
Stateful inspection
Print Server
Kerberos
Ethernet
Office PCs
Stateful inspection
Work area for
Sales
representatives
PCs
Web Server with
certificate
NIDS
VPN
Database Server (for Cardholder Data)
End of assignment specification
BISM7213 – Business Information Security
Assignment 2 worth 60% of overall course marks
Dr Lennart Jaeger – 2023 S2
Assignment Overview
This assignment must be completed individually by each student. The submission deadline is 2pm, 06
Nov 2023. This assignment requires a student to answer 6 questions (each with sub-parts) that focus
on the course material covered across the course. Assignment 2 is worth 60% of the overall course
marks. A student’s answer to each of the 6 questions (that is, each question and all its sub-parts) cannot
exceed 300 words (+10% tolerance per UQ policy). This word limit per question requires a student to
soundly analyse/research each question and then structure a response in a concise, business-
informative fashion. There is no need to reference an answer unless referencing is specifically
requested in the question. A student must construct each answer in her/his own words – and in ‘plain
English’ business language (using the language we use in class and not too technical language that
would be more suited to computing science/engineering contexts). Please note that each question in
this assignment may well span work covered across all weeks (and not simply relate to one specific
week).
This assignment assumes that a postgrad student is capable to assimilate information from not only
this course, but also many other courses and reputable sources on the Internet as would be required
in a business setting. Students are advised that the use of AI technologies to develop responses is
strictly prohibited and may constitute student misconduct under the Student code of Conduct. Each
assessment question evaluates students’ abilities, skills and knowledge without the aid of AI.
• PDF submission via Turnitin. Full details closer to submission date.
• Please ensure your student details (name, number, email address) are contained on each page of
the submission in a suitably designed footer.
• Clearly label which question and if relevant subquestion you answer (e.g., Question 6a)). You
don‘t have to repeat the question.
• Answer in full sentences but you may want to use bullet points, numbering, or headers to help
structuring your answer.
• Read each question carefully for additional formatting requirements specific to the question.
Assignment Marking Guide
Each submission will be marked as per the rubric in Table 1 (see following pages).
BISM7213 Assignment 2 – Semester 2, 2023
Table 1 - Marking rubric for assignment 2.
Criteria
High distinction
(8.5-10)
Distinction (7.5-8.4) Credit (6.5 – 7.4) Pass (5-6.4) Marginal fail (4.7-4.9) Fail (3-4.6) Low fail (0-2.9)
(10 marks)
Question 1)
a) Provides
outstanding advice
to partner.
b) Provides
outstanding
explanations about
ASCII conversion
and XOR function.
Provides correct
output cypher (as
bits).
a) Provides very
good advice to
partner
b) Provides very
good explanations
about ASCII
conversion and XOR
function.
Provides correct
output cypher (as
bits).
a) Provides good
advice to partner
b) Provides good
explanations
about ASCII
conversion and
XOR function.
Provides correct
output cypher (as
bits).
a) Provides basic
advice to partner
b) Provides basic
explanations about
ASCII conversion
and XOR function.
Provides correct
output cypher (as
bits).
a) Provides limited
advice to partner
b) Provides limited
explanations about
ASCII conversion
and XOR function.
Provides incorrect
output cypher (as
bits).
a) Advice to partner
may not be relevant
or explained.
b) Provides minimal
explanations about
ASCII conversion
and XOR function.
Provides incorrect
output cypher (as
bits).
a) Advice to partner
is not clear or
relevant, or
presented.
b) Provides
inadequate or
incorrect
explanations about
ASCII conversion
and XOR function.
Provides incorrect
output cypher (as
bits)
(10 marks)
Question 2)
Provides
outstanding
explanations of
hybrid security
protocols (TLS) and
PKI.
Provides very good
explanations of
hybrid security
protocols (TLS) and
PKI.
Provides good
explanations of
hybrid security
protocols (TLS)
and PKI.
Provides basic
explanations of
hybrid security
protocols (TLS) and
PKI.
Provides limited
explanations of
hybrid security
protocols (TLS) and
PKI.
Provides minimal
explanations of
hybrid security
protocols (TLS) and
PKI.
Provides
inadequate or
incorrect
explanations of
hybrid security
protocols (TLS)
and PKI.
(10 marks)
Question 3)
Provides
outstanding
explanations of
Kerberos
Provides very good
explanations of
Kerberos
Provides good
explanations of
Kerberos
Provides basic
explanations of
Kerberos
Provides limited
explanations of
Kerberos
Provides minimal
explanations of
Kerberos
Provides
inadequate or
incorrect
explanations of
Kerberos
BISM7213 Assignment 2 – Semester 2, 2023
(10 marks)
Question 4)
Provides
outstanding
explanations of
Firewalls and DMZ.
Provides very good
explanations of
Firewalls and DMZ.
Provides good
explanations of
Firewalls and DMZ
Provides basic
explanations of
Firewalls and DMZ
Provides limited
explanations of
Firewalls and DMZ
Provides minimal
explanations of
Firewalls and DMZ
Provides
inadequate or
incorrect
explanations of
Firewalls and DMZ
(10 marks)
Question 5)
Provides
outstanding
explanations of PCI
DSS, and the CDE.
Provides very good
explanations of PCI
DSS, and the CDE.
Provides good
explanations of
PCI DSS, and the
CDE
Provides basic
explanations of PCI
DSS, and the CDE
Provides limited
explanations of PCI
DSS, and the CDE.
Provides minimal
explanations of PCI
DSS, and the CDE.
Provides
inadequate or
incorrect
explanations of
PCI DSS and the
CDE.
(10 marks)
Question 6)
Provides
outstanding
explanations of
blockchain.
Provides very good
explanations of
blockchain.
Provides good
explanations of
blockchain
Provides basic
explanations of
blockchain
Provides limited
explanations of
blockchain
Provides minimal
explanations
limited
understanding of
blockchain
Provides
inadequate or
incorrect
explanations of
blockchain
BISM7213 Assignment 2 – Semester 2, 2023
Question 1
Please answer the following questions in relation to our topic “symmetric key cryptography”.
a) You are consulting to a major Australian tax firm. The firm wants to communicate
confidentially with its 3000 individual clients. A partner within the firm has suggested that
symmetric key cryptography system would be the ideal solution to provide this
confidentiality. What is your advice?
(4%)
b) You are planning to explain to your work colleagues as to how ‘human’ friendly data is
encrypted via (1) ASCII conversion and (2) the Exclusive OR (XOR) function. In your
explanation, you need to concisely describe:
I. The ASCII conversion approach, its major limitation, and how this limitation has since
been solved?
II. The XOR function – what it does and why it is popular in implementing ciphers on
digital computing platforms?
III. Demonstrate (I.) and (II.) above by encrypting the ‘plain text message’ Ant with the
cipher key XyZ (as shown in the relevant slide 18 of week 6 seminar. You also must
use the ASCII table from slide 16).
(6%)
Question 2
Please answer the following questions in relation to our topic “hybrid security protocols (TLS) and
PKI”.
You are a business analyst working for an online retailing business “Travel Shoppers”. Your manager
needs you to explain to him how your business web server – using TLS – provides strong security for
customers completing online purchasing with Travel Shoppers. Specifically your manager is
concerned about ‘hacking’ attacks in which a ‘rogue’ server will take a copy of the Travel Shoppers
digital certificate, and then fraudulently use this copy to complete transactions with unsuspecting
Travel Shoppers customers.
He wants to know if this can happen – in part or completely, what are the controls inbuilt into TLS
and certificates to combat this, and what is the central strategy that Travel Shoppers needs to focus
upon to support TLS in this specific area.
(10%)
Question 3
Please answer the following question in relation to our coverage of the Kerberos authentication
service.
a) We have discussed how Kerberos implements the ‘shared secret’ principle and that this
delivers mutual authentication. Explain how the Kerberos server will authenticate itself back
to the user. You must ensure to explain what the Kerberos server does, and you must explain
fully why this proves the identity of the Kerberos server to the user.
(6%)
BISM7213 Assignment 2 – Semester 2, 2023
b) In the Kerberos authentication system at UQ, what is the actual secret that is known to
Kerberos and also to the user. What type of cryptography does Kerberos utilize? Does
Kerberos solve the key distribution problem – explain your answer.
(4%)
Question 4
Please answer the following questions in relation to our topic of Firewalls and the DMZ. The network
diagram that relates to this question is at the end of this assignment with the heading “Network
Diagram – Travel Shoppers”.
Your manager is very interested in the firewall design for “Travel Shoppers”. He asks for an
explanation of the two major types of firewalls that have been used in the Travel Shoppers network
design and the advantages of these firewall types. He asks if – and how – the chosen firewall design
would effectively deal with ‘spoofing’ attacks and ‘malicious’ code attacks.
Your manager has heard of the DMZ concept, however he wants to know why it is needed, how it
works and how ‘breaking the connection’ delivers better security to Travel Shoppers.
(10%)
Question 5
Please answer the following questions in relation to our topic of PCI-DSS. The network diagram that
relates to this question is at the end of this assignment with the heading “Network Diagram – Travel
Shoppers”.
Your manager at “Travel Shoppers” is worried about an upcoming PCI-DSS compliance audit and
wants to know more about the PCI DSS. Specifically, your manager wants you to concisely explain to
him what the CDE is, the concept of network segmentation and CDE scope, and why these are very
significant in relation to Travel Shoppers’s adoption of PCI DSS.
He also wants to know whether and how Travel Shoppers has achieved segmentation of its CDE. He
also wants you to list Travel Shopper’s system components within the CDE. Finally, he wants to know
if he should expect high or low auditing costs and why.
(10 %)
Question 6
The concept of the ‘blockchain’ very much interests your manager at Travel Shoppers. However, the
concept of a centrally-managed, permissioned database offering read, write, create and delete
access is still very popular in the contemporary business world. Your manager wants to know how
the bitcoin blockchain differs very much from this contemporary business database model.
The Bitcoin blockchain uses cryptographic hashing as an integrity control to deliver immutability
within the blockchain. Your manager wants to know what this ‘immutability’ precisely means – that
is, what can change within the blockchain and what cannot. Explain how hashing achieves
immutability.
(10%)
Network Diagram follows on next page
BISM7213 Assignment 2 – Semester 2, 2023
Network Diagram – Travel Shoppers
Wireless Access
Point
Stateful inspection
Stateful inspection
Other important
servers
Stateful inspection Packet filtering
Router
Internet
Cloud
File server
DNS Server Email Server
Web Proxy Server
Stateful inspection
Print Server
Kerberos
Ethernet
Office PCs
Stateful inspection
Work area for
Sales
representatives
PCs
Web Server with
certificate
NIDS
VPN
Database Server (for Cardholder Data)
End of assignment specification
