COMP3065 AST ICA1
- Other / COMP3065 AST
- 17 Nov 2020
- Price: $18
- Other / Other
Advanced Security Techniques COM3065 AST ICA1 2019-20
From the module guide
“Component 1 (30%): A critical review of the current status of security techniques (approx. 2000 words) assessing learning outcomes 1,2,3,8. Criteria:
Understanding of current security threats.
Appreciation of appropriate countermeasures.
Consideration of legal, ethical and professional issues.
- LO1 Demonstrate a comprehensive and detailed understanding of information and network security principles.
- LO2 Demonstrate understanding of the tools and skills employed by network attackers.
- LO3 Confidently describe appropriate methods of protecting networks and systems that are legal, ethical and professional.
- LO8 Communicate findings from investigative tasks clearly, fluently and effectively in a professional manner.”
Task/scenario
Consider a typical UK-based company with a conventional IT infrastructure involving
- several physical sites;
- VPN links between the sites;
- (logical) DMZ for email and (public-facing) web servers; and
- internal file and database servers.
Some of the servers are cloud-based. The company also makes heavy use of social medias Twitter, LinkedIn, and Facebook to engage with (potential) customers. You are to research and report
- typical means of reconnaissance or information gathering and attack (i.e., attack vectors) by actors involved in industrial espionage/spying (both from the UK and overseas);
- a comprehensive attack surface of the scenario;
- the legal, social, ethical and professional issues associated with one potential active measure you prefer to mitigate the security concerns in the given scenario.
Deliverable and deadline
You should submit your report as a PDF document via Blackboard by the deadline of 16:00hrs set by MDIS.
Advice and assistance
Consult the module tutor during a scheduled session or email.
Assessment criteria
The criteria below is necessarily incomplete as we cannot anticipate every possible ICA submission. The assessment is based against the four learning outcomes stated above. Each is weighted at a quarter of the overall mark for this ICA component.
Marks will be assigned as in the following table.
A/A+/A++ 70%/85%/95% |
Excellent [LO1] Demonstrated a very comprehensive and very detailed understanding of information and network security principles with evidence of study beyond taught material. [LO2] Demonstrated a comprehensive understanding of the tools and skills employed by network attackers with evidence of study beyond taught material. [LO3] Described appropriate methods of protecting networks and systems that are legal, ethical and professional with excellent linkage to the scenario/task. [LO8] A very clear and readable report, with excellent structuring, good use of grammar and referencing. Document submitted as PDF. |
B 65% |
Substantially correct/appropriate (based on taught material & module requirements) [LO1] Demonstrated a comprehensive and detailed understanding of information and network security principles. [LO2] Demonstrated a good understanding of the tools and skills employed by network attackers. [LO3] Described appropriate methods of protecting networks and systems that are legal, ethical and professional with good linkage to the scenario/task. [LO8] A clear and readable report, with appropriate structuring and referencing. Document submitted as PDF. |
C 55% |
Minor errors/omissions/issues [LO1] Demonstrated a reasonable and fairly detailed understanding of information and network security principles with only minor errors/omissions/issues. [LO2] Demonstrated a reasonable understanding of the tools and skills employed by network attackers with only minor errors/omissions/issues. [LO3] Described appropriate methods of protecting networks and systems that are legal, ethical and professional with only minor errors/omissions/issues in relation to the scenario/task. [LO8] A clear and readable report, with minor errors in writing, structure or referencing. Document submitted as PDF. |
D 45% |
Major errors/omissions/issues [LO1] Demonstrated a limited understanding of information and network security principles with major errors/omissions/issues. [LO2] Demonstrated a limited understanding of the tools and skills employed by network attackers with major errors/omissions/issues. [LO3] A limited description of appropriate methods of protecting networks and systems that are legal, ethical and professional with major errors/omissions/issues in relation to the scenario/task. [LO8] A report, with major issues of writing, structure or referencing. Document submitted as PDF. |
E 35% |
Unsatisfactory [LO1] Demonstrated little understanding of information and network security principles. [LO2] Demonstrated little understanding of the tools and skills employed by network attackers. [LO3] Little or irrelevant description of appropriate methods of protecting networks and systems that are legal, ethical and professional. [LO8] A report that is difficult to read or comprehend but includes some attempt at structure and referencing OR document is not submitted as a PDF. |
F 0%-20% |
Inadequate [LO1] Demonstrated little to no understanding of information and network security principles. [LO2] Demonstrated little to no understanding of the tools and skills employed by network attackers. [LO3] Little to no consideration of legal, ethical and professional issues. [LO8] A report that is very difficult to read and comprehend, and makes no attempt at referencing. |