Assessment 2: Applied Project
Due date: Week 12
Group/individual: Group
Word count / Time provided: 2000 words
Weighting: 30%
Unit Learning Outcomes: ULO-1, ULO-2, ULO-3, ULO-4, ULO-5
Course Learning Outcomes: CLO-1, CLO-2, CLO-3, CLO-4, CLO-9
Assessment Details:
This assessment is designed to assess your technical skills in investigation IS security, risk threats and management to an organization. The assessment is also assessing your skills to evaluate risk management techniques and IS auditing. You are required to select an organization that uses information systems to perform daily business operations. You have to identify the most valuable assets for the organisations and investigate the security threats and mitigation techniques. You have also to propose/evaluate the risk management techniques adopted by the selected organization to ensure the reliability, confidentiality, availability, and integrity. You have also to discuss audit plan and processes used by the organization and investigate the impact of human factors on security and risk management.
Task Specifications
This assessment includes three tasks as follows:
Task-1:
Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. Use Steghide tools available in Kali Linux/Linux to hide a text file that includes your group students names and IDs on audio file. You have first to create audio file with no more than 30 second to record your group students names only. Then, you have to create text file to include group details include names and student IDs. Finally, use Steghide tools (use APIC as passphrase) to embedded your text file into the created audio file.
In your report, you have to provide screenshot demonstrate the steps with the commands you followed during the process of installation of Steghide, and the way use used to hide group information text file into audio file and finally the steps to extract the text file from audio for verification of your work.
Task-2:
Access control is granting or denying approval to use specific resources. Technical access control consists of technology restrictions that limit users on computers from accessing data. In this project you have to
In this task you have to work in a group to understand Access Control List (ACL) and files system security using Linux environment. You have to complete the followings tasks using kali Linux or any Linux OS:
1. Fill the following table with the information related to all member of your group:
Sn. No APIC Student ID First Name Last Name
1 {StudentID1} {FirstName1} {LastName1}
2
3
Table 1: Group information
2. Create main directory named APIC and set it permission to full access, fill the following table:
Task Command/s
Create directory named (APIC)
Set full access to APIC directory
Table 2: Create Directories APIC
3. Create directories within APIC directory according to Table-3:
Task Command/s
- Create directory ‘{StudentID1}
- Set read and write access permission only
- Create directory ‘{StudentID2}
- Set read access permission only
- Create directory ‘{StudentID3}
- Set read and execute access permission only
- Create directory ‘{StudentID4}
- Set full access permission
Table 3: Create Student ID directories
Please note, {StudentIDx} is the APIC Student ID according to Table-1.
4. Create users, with names according to the first name of all the group member.
Task Command/s
- Create user ‘{FirstName1}
- Write ACL to enable:
1. full permission to ‘{StudentID1}
2. read and write permission to ‘{StudentID2} and
3. read permission only to other directories.
- Create directory {FirstName2}
- Write ACL to enable:
1. full permission to ‘{StudentID2}
2. read and execute permission to
‘{StudentID1}
3. read permission only to other directories.
Table 4: Create users 4. Create two groups and fill Table-5:
Task Command/s
- Create group {LastName1}
- Add ‘{FirstName1} and ‘{FirstName2} to LastName1} group
- Write ACL that {LastName1} group users will get full access to ‘{StudentID1} directory and read access to ‘{StudentID2} directory.
- Create group {LastName2}
- Add ‘{FirstName2} and ‘{FirstName3} to {LastName2} group
- Write ACL that {LastName2} group users will get full access to ‘{StudentID2} directory and write and execute access to ‘{StudentID1} directory.
Table 5: Create groups
Use the commands available in Linux or Kali Linux to complete the above tables. In your report, you have to provide screenshot to demonstrate the steps you followed during the process of conducting the assignment tasks requirements according to your group student IDs, first name and last name.
Task-3:
Discuss with clear demonstration, how the Steganography and access control list techniques that you conducted in Task-1 and Task-2, respectively, can achieve confidentiality, integrity, and availability (CIA). You have to provide justification during your discussion.
Submission
1. You have to submit a report in word format file include your answers for Task-1, Task-2 and Task-3 with the required screenshots for Task-1 and Task-2. You have to include cover page that include group student ID and full name.
2. You have also to submit the created audio file that embedded your group information text file for Task-1 (make sure to use: APIC as passphrase)
The two files must be submitted separately not in single compress file.
In completing this assessment successfully, you will be able to investigate IS security, risk threats and propose the suitable security controls, which will help in achieving ULO-1, ULO-2, ULO-3, ULO-4 , ULO-5, ULO-6 and ULO-7, this in turn will help you in achieving CLO-1, CLO-2, CLO-3, CLO0-4 and CLO-9, which collectively with other unit learning outcomes will help in achieving GA-52, GA-10, GA11 and GA-12.
Marking Information: The applied project will be marked out of 100 and will be weighted 30% of the total unit mark.
Marking
Criteria Not satisfactory
(0-49%) of the
criterion mark) Satisfactory
(50-64%) of the criterion mark Good
(65-74%) of the criterion mark Very Good
(75-84%) of the criterion mark Excellent
(85-100%) of the criterion mark
Audio file embedded text file (10 mark) Lack of evidence of using the Steghide for Steganography with no audio file submission Audio file not includes the embedded test file Audio file includes text file but with irrelevant information to student group. Audio file includes text file but didn’t include all the group information. Audio file correctly includes group details.
Steganography steps and
Screenshot
(15 mark) Lack of evidence of understanding of the process of
Steganography with no screenshot Screenshot is provided with not complete or not using Steghide. Screenshot is provided using Steghide with settings errors Screenshot is provided using Steghide with some incorrect settings. Screenshot is provided using Steghide with correct result.
Directory creation (15 mark) Lack of evidence of understanding the Linux commands for directory creation and access. Very brief demonstration of using Linux commands for directory creation and access. Evidence of good understanding and demonstration of using Linux commands for directory creation and access. Very clear understanding and demonstration of using Linux commands for directory creation and access. Excellent understanding and demonstration of using Linux commands for directory creation and access.
User creation (15 mark) Lack of evidence of understanding of the process of user creation and required permission Very brief demonstration of using Linux commands for user creation and required permission Evidence of good understanding and demonstration of using Linux commands for user creation and required permission Very clear understanding and demonstration of using Linux commands for user creation and required permission Excellent understanding and demonstration of using Linux commands for user and required permission
Group creation (15 mark) Lack of evidence of understanding of the process of group creation and required permission Very brief demonstration of using Linux commands for group creation and required permission Evidence of good understanding and demonstration of using Linux commands for group creation and required permission Very clear understanding and demonstration of using Linux commands for group creation and required permission Excellent understanding and demonstration of using Linux commands for group creation and required permission
Achieving CIA in
Steganography
(15 marks) Poor discussion with irrelevant information. Brief discussion about achieving CIA in Steganography with limited demonstration and justification. Generally good discussion about achieving CIA in Steganography with good demonstration and justification. Very clear discussion of achieving CIA in Steganography with clear demonstration and justification. A very detailed and very clear discussion of achieving CIA in Steganography with very good demonstration and justification.
Achieving CIA in access control list
(15 marks) Poor discussion with irrelevant information. Brief discussion about achieving CIA in access control list with limited demonstration and justification. Generally good discussion about achieving CIA in in access control list with good demonstration and justification. Very clear discussion of achieving CIA in in access control list with clear demonstration and justification. A very detailed and very clear discussion of achieving CIA in in access control list with very good demonstration and justification.