100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Complete CS3609 CyberSecurity Threshold Coursework (PASS) £20.99   Add to cart

Essay

Complete CS3609 CyberSecurity Threshold Coursework (PASS)

 16 views  0 purchase

Complete CS3609 CyberSecurity Threshold Coursework in which I received a passing grade. The document contains the assessment brief and the answers, including diagrams and referencing.

Preview 2 out of 12  pages

  • May 14, 2023
  • 12
  • 2020/2021
  • Essay
  • Unknown
  • A+
All documents for this subject (2)
avatar-seller
BrunelCompSci
Department of Computer Science

CS3609 Cybersecurity
Task 1 – Threshold Coursework for 2020/21


TABLE OF CONTENTS
Main Objective of the Assessment ........................................................................................................................ 1
Description of the Assessment .............................................................................................................................. 1
Learning Outcomes and Marking Criteria ............................................................................................................. 3
Format of the Assessment .................................................................................................................................... 3
Submission Instructions ........................................................................................................................................ 3
Avoiding Plagiarism ............................................................................................................................................... 4
Late Coursework ................................................................................................................................................... 4


Assessment Title Task 1 – Threshold coursework
Module Leader Prof Panos Louvieris
Distribution Date 29/10/2020
Submission Deadline 04/12/2020, 11:00 UK time
Feedback by 23/12/2020
Contribution to overall module assessment Threshold coursework
Indicative student time working on assessment 30 Hours
Maximum of 8 Pages (using the template provided
Word or Page Limit (if applicable)
on WISEflow). Use font Calibri 10 point
Assessment Type (individual or group) Individual

MAIN OBJECTIVE OF THE ASSESSMENT
This assessment requires you to demonstrate your learning in two distinct ways: (1) Through your
understanding of application, network and device architecture; and (2) by identifying appropriate
countermeasures and tools that reduce or mitigate the risk of attack. Importantly, you will be using an office
context – titled BRUNEL TECH START-UP – as the context through which to demonstrate your learning. This
threshold coursework assesses all three of the module’s learning outcomes, as listed in the CS3609 study guide:

LO1: Demonstrate an understanding of the fundamental concepts and theories of Cybersecurity.

LO2: Demonstrate evidence of critical thinking, analysis, synthesis and evaluation in the design and
formulation of Cybersecurity solutions.

LO3: Select relevant Cybersecurity tools and techniques, and show how they can be effectively applied
to solve real-world problems in the Cyberspace.

DESCRIPTION OF THE ASSESSMENT
You are expected to demonstrate the use of the Cybersecurity frameworks, theories and technologies covered
in this module through your threshold coursework report which requires you to complete five tasks in relation
to the Brunel Tech Start-up Scenario. The scenario and the tasks are detailed below

You must list all of the literature that you reference in your report in a Harvard format bibliography (providing
a minimum of 5 references).

BRUNEL TECH START-UP SCENARIO
A tech start-up company has just moved into a new office space and is setting up office equipment. Each desk
in the office space will have a PC connected to a local area network. A meeting space in the office will have a
projector, a gaming PC for graphics requirements and voice over IP (VoIP) devices for conference calls. The
company has set up a Windows server in its machine room to host its website and internal document storage,


Updated October 2020 1 of 4

, Department of Computer Science
which includes customer and employee contact details. Brunel Tech is also using Amazon Web Services (S3 in
particular) to back-up all internal documents to the cloud. Brunel Tech’s employees will also be able to access
documents from home computers and mobile devices, typically using a Wi-Fi network – including the office Wi-
Fi network. In addition, a Linux-based controller (on the wall) connects to a Linux server in the machine room
and stores CCTV still images, captured from cameras in the office space, in an SQL database.

Task 1 (addressing L01): With reference to the network description in the scenario, you are required to draw a
network diagram. You must label all devices with reference to the following: operating system version, IP
address (please note that Brunel Tech’s domain name is mapped to IP address 134.83.62.12), and role of device
(e.g., web server, workstation, network switch).

During a Red Team exercise, it is discovered that the Windows server which hosts the public-facing web site and
the internal document storage runs an outdated version of Apache Tomcat server which has a known software
vulnerability (see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0232). This vulnerability can be
exploited by an attacker who accesses the web service from a remote location to deploy and execute
unauthorised code to the Windows server. This enables attackers to create Windows user accounts on the
infected machines, and to access the infected machines through Remote Access software such as TeamViewer,
Go2Assist, and LogMein.

In addition to the vulnerability discovered during the Red Team exercise, the National Cyber Security Centre has
recently issued an advisory that UK businesses are actively being targeted by ransomware attacks. Corporate
employees are sent phishing e-mails which contain a) links to malicious websites or b) attachments which
contain malware hidden in Microsoft Excel spreadsheets. As a start-up, Brunel Tech has still to develop a security
awareness training program for its employees.

Task 2 (addressing L01 and LO2): Taking into account the Red Team exercise findings and the NCSC advisory,
you are required to identify potential threats to the assets in the network. You must identify and justify at least
one threat based on the findings of the Red Team exercise and at least one threat based on the NCSC advisory.
In addition, you must identify the attack vectors that should be employed if a threat agent gives rise to these
threats and map these vectors to the MITRE ATT&CK framework. Specifically, you should match the attack
vectors to the Tactics and Techniques in the ATT&CK framework (see
https://attack.mitre.org/matrices/enterprise/).

Task 3 (addressing L01 and LO2): In addition to the threats identified in your response to Task 2, you are
required to identify at least one more threat associated with one other asset in the Brunel Tech start-up
scenario.

Task 4 (addressing L02): Having identified the required number of threats, you are required to conduct a risk
assessment for the Brunel Tech start-up network. You must use the risk register that is provided in the
coursework template.

Task 5 (addressing L03): Using the risk register that you compiled in your response to Task 4, you are required
to select the appropriate controls to mitigate the risks that you identified and give the reasons for your chosen
controls. You must specify the Cybersecurity tools that implement the risk controls that you have chosen. For
a list of controls, see the following links:

https://attack.mitre.org/mitigations/enterprise/ (MITRE ATT&CK framework mitigations)
https://www.cisecurity.org/controls/cis-controls-list/ (SANS institute security controls)




Updated October 2020 2 of 4

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller BrunelCompSci. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for £20.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

67474 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy revision notes and other study material for 14 years now

Start selling
£20.99
  • (0)
  Add to cart