微信客服:xiaoxionga100
微信客服:ITCS521
英文代写-COMP3226
时间:2021-11-09
COMP3226 v4: November 4, 2021
Assignment: Analysis of cloud security risks and mitigations
Week 5
Your assignment is on cloud security analysis, which based on the lectures in week 1 to 5.
The assignment is an individual assignment and is worth 50% of the module marking.
You will be assessed on your ability to illustrate possible attacks on a real startup.
Marks Breakdown
This assignment contains 8 tasks. The marking is as follows:
Task 0 - 0 Marks For describing the company. The expected output is a description of the company.
Task 1 - 9 Marks For listing all elements (pieces). The expected output is a table.
Task 2 - 6 Marks For creating a reference diagram. The expected output is a graph.
Task 3 - 6 Marks For creating an attack vector diagram. The expected output is a graph.
Task 4 - 6 Marks For ranking the attack vectors. The expected output is a table.
Task 5 - 6 Marks For creating a list of forbidden relationships. The expected output is a table.
Task 6 - 6 Marks For writing Suggest mitigations.. The expected output is a table.
Task 7 - 6 Marks For writing Suggest policies. The expected output is a table.
Task 8 - 5 Marks For writing a service licence agreement. The expected output is a table.
50 Marks Total
Ultimately, The aim of the this assignment is to assess your knowledge and understanding of threats to
web and cloud environments.
Submission Instructions
Please follow the assignment instruction faithfully, and submit on handin.
Deadline
The assignment deadline is on 19/11/2021.
1
Task 0 - Company description - Zero Marks
Your first task is to write a Max 500 word summary of the startup you are analysing. To select your
company please use www.crunchbase.com, then reserve your selection by adding an entry on the student
wiki.
The condition are:
1. You can not pick a company that is picked by someone else.
2. You can only pick a company that was founded in the past 5 years.
3. You can only pick a company that is 51-100 employees in size.
Task 1 - List all elements - 9 Marks
Your task is to create a table that lists all elements for the startup that you selected. You will be assessed
on the following:
1. Stakeholders. (3 Marks)
2. Host assets. (3 Marks)
3. Network assets. (3 Marks)
For each one, you will be assessed on coverage, description, and justification. Please read table 1 for the
marks breakdown.
Table 1: Marking grid for Task 1
Zero Marks One Mark Two Marks Three Marks
Coverage No coverage
Minimum coverage.
Few elements Missing.
Good coverage, all basic elements are present.
However, there is room for improvement
Great coverage, exhaustive list.
Description No description
Adequate description.
Further description needed.
Good description. Good attention to detail.
However, there is room for improvement
Great description, easy to understand,
and follow.
Justification No justification
Minimal evidence.
Not all element are justified
Good evidence. Good understanding of elements.
However, justification is not adequate.
Great justification and evidence.
Why am I assessing this?
This task is meant to measure your ability to communicate effectively (C1. in Syllabus).
Task 2 - Reference Diagram - 6 Marks
Your task is to draw a reference diagram that illustrates all the elements described in the previous task.
You will be assessed using the following marking grid in table 2.
Table 2: Marking grid for Task 2
Zero Marks One Mark Two Marks Three Marks
Clarity No diagram
Low clarity, it is difficult to map
all the element identified in the
previous task.
Average clarity, Good attention to detail.
However, there is room for improvement
Great clarity, easy to understand,
and follow.
Allocation No diagram
Adequate allocation.
Further optimisation needed.
Good allocation. Good attention to detail.
However, there is room for improvement
Great allocation, easy to understand,
and follow.
The choice of colours, icon or style is not part of marking criteria, although it is appreciated.
Why am I assessing this?
This task is meant to measure your ability to understand the core technical elements of web and cloud
based security systems (A2. in Syllabus).
2
Task 3 - Attack Vectors Diagram - 6 Marks
Your task is to use the reference diagram to create an attack diagram or diagrams which illustrates all
possible threats and vulnerabilities. You will be assessed using the following marking grid in table 3.
Table 3: Marking grid for Task 3
Zero Marks One Mark Two Marks Three Marks
Vulnerability Non mapped Vulnerabilities not clearly illustrated.
Good identification of vulnerabilities.
However, there is room for improvement.
Great identification of vulnerabilities.
Easy to understand, and follow.
Threat Non mapped Threats not clearly illustrated.
Good identification of threats.
However, there is room for improvement.
Great identification of threats.
Easy to understand, and follow.
For this feel free to use any number of diagrams if you feel it is too difficult to illustrate all the attack
vectors. The number of diagrams will not affect the mark, what is measured is the quality.
Why am I assessing this?
This task is meant to measure your ability to critically analyse Web and Cloud based systems for security
problems (B3. in Syllabus).
Task 4 - Rank attack vectors - 6 Marks
Your task is to create a table that ranks and justifies all possible attack vectors for the startup that you
selected. The table needs to have the following columns:
1. Order of severity (Number)
2. Attack Vector
3. Justification
You will be assessed based on the marking grid in table 4 below:
Table 4: Marking grid for Task 4
Zero Marks One Mark Two Marks Three Marks
Order Not ordered
There is a clear lack of understanding
how to rank the attack vectors
Good ranking of attack vectors.
However, there is room for improvement.
Great ranking of attack vectors.
Easy to understand, and follow.
Justification Not justified
There is a clear lack of understanding
for justifying the attack vectors
Good justification of attack vectors.
However, there is room for improvement.
Great justification of attack vectors.
Easy to understand, and follow.
The attack vector itself is not marked, because it is marked in task 3. However, I am marking the order,
and the justification for why the startup you are analysing potentially is susceptible to the attack vector
described.
Why am I assessing this?
This task is meant to measure your ability to recognise and discuss examples of cyber security vulnera-
bilities (B1. in Syllabus).
Task 5 - List forbidden relationships - 6 Marks
Your task is to create a table that ranks and justifies all forbidden relationships for the startup that you
selected. The table needs to have the following columns:
1. Order of severity (High, Medium, and Low).
2. Justification of forbidden relationship.
You will be assessed based on the marking grid in table 5 below:
Why am I assessing this?
This task is meant to measure your ability to understand secure development of web applications (D3.
in Syllabus).
3
Table 5: Marking grid for Task 5
Zero Marks One Mark Two Marks Three Marks
Order Not ordered
There is a clear lack of understanding
how to rank forbidden relationships
Good ranking of forbidden relationships.
However, there is room for improvement.
Great ranking of forbidden relationships.
Easy to understand, and follow.
Justification Not justified
There is a clear lack of understanding
for justifying the forbidden relationships
Good justification of forbidden relationships.
However, there is room for improvement.
Great justification of forbidden relationships.
Easy to understand, and follow.
Task 6 - Suggest mitigations - 6 Marks
Your task is to create a table that ranks and justifies all suggested technical mitigations for the startup
that you selected. The table needs to have the following columns:
1. Order of importance (Number).
2. Description of mitigation.
3. Justification for mitigation.
You will be assessed based on the marking grid in table 6 below:
Table 6: Marking grid for Task 6
Zero Marks One Mark Two Marks Three Marks
Order Not ordered
There is a clear lack of understanding
how to rank the mitigation
Good ranking of mitigation.
However, there is room for improvement.
Great ranking of mitigation.
Easy to understand, and follow.
Justification Not justified
There is a clear lack of understanding
for justifying the attack vectors
Good justification of attack vectors.
However, there is room for improvement.
Great justification of attack vectors.
Easy to understand, and follow.
The description of the mitigation is not marked. However, I am marking the priority, and the justification
for why the startup you are analysing needs it.
Why am I assessing this?
This task is meant to measure your ability to understand the current trends in cyber security; threats,
their importance, and why they are hard to face (A3. in Syllabus).
Task 7 - Suggest guidance - 6 Marks
Your task is to create a table that suggest non-technical suggestion to improve security for the startup
that you selected. The table needs to have the following columns:
1. Order of importance (Number).
2. Description of guidance.
3. Justification of guidance.
You will be assessed based on the marking grid in table 7 below:
Table 7: Marking grid for Task 7
Zero Marks One Mark Two Marks Three Marks
Order Not ordered
There is a clear lack of understanding
how to rank the guidance importance
Good ranking of guidance importance.
However, there is room for improvement.
Great ranking of guidance importance.
Easy to understand, and follow.
Justification Not justified
There is a clear lack of understanding
for justifying the guidance
Good justification of guidance.
However, there is room for improvement.
Great justification of guidance.
Easy to understand, and follow.
The description of the guidance is not marked. However, I am marking the priority, and the justification
for why the startup you are analysing needs it.
Why am I assessing this?
This task is meant to measure your ability to understand cyber security frameworks, standards and best
practices, and how to apply these within an organisation (A1. in Syllabus).
4
Task 8 - Write a service licence agreement - 5 Marks
Your task is to create a list of top 5 most important licence agreement policies for the startup that you
selected. One mark will be awarded for each point that you propose. The order of points is not marked,
only the policy itself.
Why am I assessing this?
This task is meant to measure your ability to understand cyber security frameworks, standards and best
practices, and how to apply these within an organisation (A1. in Syllabus).
5
学霸联盟
Assignment: Analysis of cloud security risks and mitigations
Week 5
Your assignment is on cloud security analysis, which based on the lectures in week 1 to 5.
The assignment is an individual assignment and is worth 50% of the module marking.
You will be assessed on your ability to illustrate possible attacks on a real startup.
Marks Breakdown
This assignment contains 8 tasks. The marking is as follows:
Task 0 - 0 Marks For describing the company. The expected output is a description of the company.
Task 1 - 9 Marks For listing all elements (pieces). The expected output is a table.
Task 2 - 6 Marks For creating a reference diagram. The expected output is a graph.
Task 3 - 6 Marks For creating an attack vector diagram. The expected output is a graph.
Task 4 - 6 Marks For ranking the attack vectors. The expected output is a table.
Task 5 - 6 Marks For creating a list of forbidden relationships. The expected output is a table.
Task 6 - 6 Marks For writing Suggest mitigations.. The expected output is a table.
Task 7 - 6 Marks For writing Suggest policies. The expected output is a table.
Task 8 - 5 Marks For writing a service licence agreement. The expected output is a table.
50 Marks Total
Ultimately, The aim of the this assignment is to assess your knowledge and understanding of threats to
web and cloud environments.
Submission Instructions
Please follow the assignment instruction faithfully, and submit on handin.
Deadline
The assignment deadline is on 19/11/2021.
1
Task 0 - Company description - Zero Marks
Your first task is to write a Max 500 word summary of the startup you are analysing. To select your
company please use www.crunchbase.com, then reserve your selection by adding an entry on the student
wiki.
The condition are:
1. You can not pick a company that is picked by someone else.
2. You can only pick a company that was founded in the past 5 years.
3. You can only pick a company that is 51-100 employees in size.
Task 1 - List all elements - 9 Marks
Your task is to create a table that lists all elements for the startup that you selected. You will be assessed
on the following:
1. Stakeholders. (3 Marks)
2. Host assets. (3 Marks)
3. Network assets. (3 Marks)
For each one, you will be assessed on coverage, description, and justification. Please read table 1 for the
marks breakdown.
Table 1: Marking grid for Task 1
Zero Marks One Mark Two Marks Three Marks
Coverage No coverage
Minimum coverage.
Few elements Missing.
Good coverage, all basic elements are present.
However, there is room for improvement
Great coverage, exhaustive list.
Description No description
Adequate description.
Further description needed.
Good description. Good attention to detail.
However, there is room for improvement
Great description, easy to understand,
and follow.
Justification No justification
Minimal evidence.
Not all element are justified
Good evidence. Good understanding of elements.
However, justification is not adequate.
Great justification and evidence.
Why am I assessing this?
This task is meant to measure your ability to communicate effectively (C1. in Syllabus).
Task 2 - Reference Diagram - 6 Marks
Your task is to draw a reference diagram that illustrates all the elements described in the previous task.
You will be assessed using the following marking grid in table 2.
Table 2: Marking grid for Task 2
Zero Marks One Mark Two Marks Three Marks
Clarity No diagram
Low clarity, it is difficult to map
all the element identified in the
previous task.
Average clarity, Good attention to detail.
However, there is room for improvement
Great clarity, easy to understand,
and follow.
Allocation No diagram
Adequate allocation.
Further optimisation needed.
Good allocation. Good attention to detail.
However, there is room for improvement
Great allocation, easy to understand,
and follow.
The choice of colours, icon or style is not part of marking criteria, although it is appreciated.
Why am I assessing this?
This task is meant to measure your ability to understand the core technical elements of web and cloud
based security systems (A2. in Syllabus).
2
Task 3 - Attack Vectors Diagram - 6 Marks
Your task is to use the reference diagram to create an attack diagram or diagrams which illustrates all
possible threats and vulnerabilities. You will be assessed using the following marking grid in table 3.
Table 3: Marking grid for Task 3
Zero Marks One Mark Two Marks Three Marks
Vulnerability Non mapped Vulnerabilities not clearly illustrated.
Good identification of vulnerabilities.
However, there is room for improvement.
Great identification of vulnerabilities.
Easy to understand, and follow.
Threat Non mapped Threats not clearly illustrated.
Good identification of threats.
However, there is room for improvement.
Great identification of threats.
Easy to understand, and follow.
For this feel free to use any number of diagrams if you feel it is too difficult to illustrate all the attack
vectors. The number of diagrams will not affect the mark, what is measured is the quality.
Why am I assessing this?
This task is meant to measure your ability to critically analyse Web and Cloud based systems for security
problems (B3. in Syllabus).
Task 4 - Rank attack vectors - 6 Marks
Your task is to create a table that ranks and justifies all possible attack vectors for the startup that you
selected. The table needs to have the following columns:
1. Order of severity (Number)
2. Attack Vector
3. Justification
You will be assessed based on the marking grid in table 4 below:
Table 4: Marking grid for Task 4
Zero Marks One Mark Two Marks Three Marks
Order Not ordered
There is a clear lack of understanding
how to rank the attack vectors
Good ranking of attack vectors.
However, there is room for improvement.
Great ranking of attack vectors.
Easy to understand, and follow.
Justification Not justified
There is a clear lack of understanding
for justifying the attack vectors
Good justification of attack vectors.
However, there is room for improvement.
Great justification of attack vectors.
Easy to understand, and follow.
The attack vector itself is not marked, because it is marked in task 3. However, I am marking the order,
and the justification for why the startup you are analysing potentially is susceptible to the attack vector
described.
Why am I assessing this?
This task is meant to measure your ability to recognise and discuss examples of cyber security vulnera-
bilities (B1. in Syllabus).
Task 5 - List forbidden relationships - 6 Marks
Your task is to create a table that ranks and justifies all forbidden relationships for the startup that you
selected. The table needs to have the following columns:
1. Order of severity (High, Medium, and Low).
2. Justification of forbidden relationship.
You will be assessed based on the marking grid in table 5 below:
Why am I assessing this?
This task is meant to measure your ability to understand secure development of web applications (D3.
in Syllabus).
3
Table 5: Marking grid for Task 5
Zero Marks One Mark Two Marks Three Marks
Order Not ordered
There is a clear lack of understanding
how to rank forbidden relationships
Good ranking of forbidden relationships.
However, there is room for improvement.
Great ranking of forbidden relationships.
Easy to understand, and follow.
Justification Not justified
There is a clear lack of understanding
for justifying the forbidden relationships
Good justification of forbidden relationships.
However, there is room for improvement.
Great justification of forbidden relationships.
Easy to understand, and follow.
Task 6 - Suggest mitigations - 6 Marks
Your task is to create a table that ranks and justifies all suggested technical mitigations for the startup
that you selected. The table needs to have the following columns:
1. Order of importance (Number).
2. Description of mitigation.
3. Justification for mitigation.
You will be assessed based on the marking grid in table 6 below:
Table 6: Marking grid for Task 6
Zero Marks One Mark Two Marks Three Marks
Order Not ordered
There is a clear lack of understanding
how to rank the mitigation
Good ranking of mitigation.
However, there is room for improvement.
Great ranking of mitigation.
Easy to understand, and follow.
Justification Not justified
There is a clear lack of understanding
for justifying the attack vectors
Good justification of attack vectors.
However, there is room for improvement.
Great justification of attack vectors.
Easy to understand, and follow.
The description of the mitigation is not marked. However, I am marking the priority, and the justification
for why the startup you are analysing needs it.
Why am I assessing this?
This task is meant to measure your ability to understand the current trends in cyber security; threats,
their importance, and why they are hard to face (A3. in Syllabus).
Task 7 - Suggest guidance - 6 Marks
Your task is to create a table that suggest non-technical suggestion to improve security for the startup
that you selected. The table needs to have the following columns:
1. Order of importance (Number).
2. Description of guidance.
3. Justification of guidance.
You will be assessed based on the marking grid in table 7 below:
Table 7: Marking grid for Task 7
Zero Marks One Mark Two Marks Three Marks
Order Not ordered
There is a clear lack of understanding
how to rank the guidance importance
Good ranking of guidance importance.
However, there is room for improvement.
Great ranking of guidance importance.
Easy to understand, and follow.
Justification Not justified
There is a clear lack of understanding
for justifying the guidance
Good justification of guidance.
However, there is room for improvement.
Great justification of guidance.
Easy to understand, and follow.
The description of the guidance is not marked. However, I am marking the priority, and the justification
for why the startup you are analysing needs it.
Why am I assessing this?
This task is meant to measure your ability to understand cyber security frameworks, standards and best
practices, and how to apply these within an organisation (A1. in Syllabus).
4
Task 8 - Write a service licence agreement - 5 Marks
Your task is to create a list of top 5 most important licence agreement policies for the startup that you
selected. One mark will be awarded for each point that you propose. The order of points is not marked,
only the policy itself.
Why am I assessing this?
This task is meant to measure your ability to understand cyber security frameworks, standards and best
practices, and how to apply these within an organisation (A1. in Syllabus).
5
学霸联盟
