1
BISM7213 – Securing Business Information
Assignment 2
Security Topic Analysis
Dr Yao Zhao – 2025 S2

Assignment Overview
This assignment must be completed individually by each student. The submission deadline is 3pm,
27 October 2025. This assignment requires a student to answer 3 questions (each with sub-parts)
that focus on the course material covered across the course. Assignment 2 is worth 30% of the
overall course marks. A student’s answer to each of the 3 questions (that is, each question and all its
sub-parts) cannot exceed 300 words (+10% tolerance per UQ policy). This word limit per question
requires a student to soundly analyse/research each question and then structure a response in a
concise, business- informative fashion. There is no need to reference an answer unless referencing
is specifically requested in the question. A student must construct each answer in her/his own
words – and in ‘plain English’ business language (using the language we use in class and not too
technical language that would be more suited to computing science/engineering contexts). Please
note that each question in this assignment may well span work covered across all weeks (and not
simply relate to one specific week).

This assignment assumes that a postgrad student is capable to assimilate information from not only
this course, but also many other courses and reputable sources on the Internet as would be
required in a business setting. Each assessment question evaluates students’ abilities, skills and
knowledge.

• PDF submission via Turnitin. Full details and links closer to submission date.
• Please include a cover/title page that contains your student number, name, course code and
course title, date, total word count (for all three questions), and the AI usage table.
• Clearly label which question and if relevant subquestion you answer (e.g., Question 2(a)).
You don‘t have to repeat the question.
• Answer in full sentences but you may want to use bullet points, numbering, or headers to
help structuring your answer.
• Late submission: A penalty of 10% of the maximum possible mark will be deducted per 24 hours
from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.


Assignment Marking Guide
Each submission will be marked as per the rubric in Table 1 (Page 3).










BISM7213 Assignment 2 – Semester 2, 2025


2
Use of Artificial Intelligence
In this Assessment Guideline it is noted that Artificial Intelligence (AI) provides emerging tools that
may support students in completing this assessment task. Students may appropriately use AI in
completing this assessment task. Students must clearly reference any use of AI in each instance.

A failure to reference generative AI use may constitute student misconduct under the Student Code
of Conduct.

The University of Queensland has specific rules for the use of artificial intelligence – refer to the web
page ‘UQ’s rules for using AI’.

In this course, AI is allowed and must be acknowledged and you must reference your use according
to the course coordinator’s requirements.

The instructions specified in the assessment task are as follows. You might use AI in several ways:
• To generate ideas that you have adapted. This requires general acknowledgement.
• To generate a summary of specific material(s) you identified and used to inform your work.
This requires general acknowledgement.
• To support your writing (e.g. grammar, spelling, sentencing, or phrasing) and enhance the
clarity of your expression. This requires general acknowledgement.
• To machine translate from one language to another. This requires general
acknowledgement.
• To derive and build content (including arguments, structure, examples, facts, or sources)
that you include directly in your work with little adaptation. This requires general
acknowledgement.

General acknowledgement of the use of AI tools requires a table on the assignment cover page. Use
the UQ exemplar below as a guide for your table:

If you have not used artificial intelligence in this assessment task, you should then note this on the
cover page.

3
Table 1 - Marking rubric for assignment 2.

Criteria High distinction (8.5-10) Distinction (7.5-8.4) Credit (6.5 – 7.4) Pass (5-6.4) Marginal fail (4.7-4.9) Fail (3-4.6) Low fail (0-2.9)
(10 marks)
Question 1
Provides
outstanding
explanations of
hybrid security
protocols (TLS) and
PKI.
Provides very good
explanations of
hybrid security
protocols (TLS) and
PKI.
Provides good
explanations of
hybrid security
protocols (TLS)
and PKI.
Provides basic
explanations of
hybrid security
protocols (TLS) and
PKI.
Provides limited
explanations of
hybrid security
protocols (TLS) and
PKI.
Provides minimal
explanations of
hybrid security
protocols (TLS) and
PKI.
Provides
inadequate or
incorrect
explanations of
hybrid security
protocols (TLS)
and PKI.
(10 marks)
Question 2
Provides
outstanding
explanations of
Kerberos
Provides very good
explanations of
Kerberos
Provides good
explanations of
Kerberos
Provides basic
explanations of
Kerberos
Provides limited
explanations of
Kerberos
Provides minimal
explanations of
Kerberos
Provides
inadequate or
incorrect
explanations of
Kerberos
(10 marks)
Question 3
Provides
outstanding
explanations of
PCI DSS, and
the CDE.
Provides very good
explanations of PCI
DSS, and the CDE.
Provides good
explanations of
PCI DSS, and
the CDE
Provides basic
explanations of
PCI DSS, and
the CDE
Provides limited
explanations of
PCI DSS, and
the CDE.
Provides minimal
explanations of
PCI DSS, and the
CDE.
Provides
inadequate or
incorrect
explanations of
PCI DSS and the
CDE.

BISM7213 Assignment 2 – Semester 2, 2025
Question 1

Please answer the following questions in relation to our topics of hybrid security protocols (TLS) and
PKI.

You are a business analyst working for an online retailing business “Travel Shoppers”. Travel
Shoppers works within a global PKI and the digital certificate supporting its web sales process is a
central asset. Your manager needs you to explain to him how this digital certificate is secured so
that it can distribute the Travel Shoppers public key with trust. He needs to know how all Travel
Shoppers clients can fully trust that fraudulent copies of the Travel Shoppers digital certificate will
be quickly and effectively detected.

His central need is to be assured that all Travel Shoppers clients can totally trust that – when securely
making a transaction-based secure connection with Travel Shoppers, the clients are indeed dealing
with the legitimate Travel Shoppers web server.
Finally, he wants to know what is the central strategy that Travel Shoppers needs to focus upon to
support TLS in this specific area.
(10%)






Question 2

Please answer the following question in relation to our coverage of the Kerberos authentication
service.
a) We have discussed how Kerberos implements the ‘shared secret’ principle and that this
delivers mutual authentication. Explain how the Kerberos server will authenticate itself back
to the user. You must ensure to explain what the Kerberos server does, and you must explain
fully why this proves the identity of the Kerberos server to the user.

(6%)
b) In the Kerberos authentication system at UQ, what is the actual secret that is known to
Kerberos and also to the user. What type of cryptography does Kerberos utilize? Does
Kerberos solve the key distribution problem – explain your answer.
(4%)
BISM7213 Assignment 2 – Semester 2, 2025
Question 3

Please answer the following questions in relation to our topic of PCI-DSS. The network diagram that
relates to this question is at the end of this assignment with the heading “Network Diagram – Travel
Shoppers”.

Your manager at “Travel Shoppers” is worried about an upcoming PCI-DSS compliance audit and
wants to know more about the PCI DSS. Specifically, your manager wants you to concisely explain to
him what the CDE is, the concept of network segmentation and CDE scope, and why these are very
significant in relation to Travel Shoppers’s adoption of PCI DSS.

He also wants to know whether and how Travel Shoppers has achieved segmentation of its CDE. He
also wants you to list Travel Shopper’s system components within the CDE. Finally, he wants to
know if he should expect high or low auditing costs and why.


(10 %)


Network Diagram follows on next page
BISM7213 Assignment 2 – Semester 2, 2025


Internet


Ethernet









VPN
NIDS



Work area for
Sales
representatives



Network Diagram – Travel Shoppers









































Database Server (for Cardholder Data)



End of assignment specification

学霸联盟