MN623 Unit Title Cyber Security and Analytics Assessment

Assessment Details and Submission Guidelines
Unit Code MN623
Unit Title Cyber Security and Analytics
Assessment Type Major Assessment – Individual Submission
Assignment Title Cyber Security and Analytics
Purpose of the
assessment (with
ULO Mapping)
This task is designed to assess students’ knowledge and skills related to the following
learning outcomes:
a. Analyse cyber security vulnerabilities using ethical hacking methodologies
b. Implement and evaluate security testing tools in a realistic computing
environment
c. Evaluate intelligent security solutions based on data analytics
d. Analyse and interpret results from descriptive and predictive data analysis
e. Propose cyber security solutions for business case studies
Weight 50% of the total assessments
Total Marks 100
Word limit NA
Due Date Saturday, 20 June 2020
Submission
Guidelines
 All work must be submitted on Moodle by the due date.
 The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font
and 2.54 cm margins on all four sides of your page with appropriate section
headings.
 Reference sources must be cited in the text of the report, and listed appropriately
at the end in a reference list using IEEE referencing style.
Extension  As this major assessment replaces the final examination ‘’NO EXTENSION” is
allowed in this case.
Academic
Misconduct
 Academic Misconduct is a serious offense. Depending on the seriousness of the
case, penalties can vary from a written warning or zero marks to exclusion from
the course or rescinding the degree. Students should make themselves familiar
with the full policy and procedure available at: https://www.mit.edu.au/aboutmit/institute-publications/policies-procedures-andguidelines/AcademicIntegrityPolicyAndProcedure.
 For further information, please refer to the Academic Integrity Section in your
Unit Description.
MN623 – Cyber Security and Analytics – Final Assessment Trimester 1, 2020
Page 2 of 15
Instructions to Candidates:
1. Read each question carefully before attempting it.
2. Solve all questions.
3. Start the answer to each question on a new page and clearly state the question’s number.
4. Write your answers in the separate word file. (Do not write questions from this file in your file to
avoid plagiarism detection.)
5. Write section and question number as per this file in your answer file.
6. The answers must be prepared in single Microsoft Word document in the order
of the questions and uploaded to the Moodle final exam submission folder before the due time.
Submit only a single word document; multiple submissions are not acceptable.
7. In descriptive questions, you should write at the least a paragraph or more, instead of single-line
answers.
8. You must sign any image (snapshot or picture of calculations) if you are going to include them in
your Microsoft Word document. Your signature must be visible on every single image.
9. You must demonstrate each step you have taken to find the results (the final answer is not
acceptable).
Question Mark Out of Mark
Q1 10
Q2 5
Q3 17
Q4 6
Q5 6
Q6 6
Q7 5
Q8 10
Q9 5
Q10 10
Q11 3
Q12 3
Q13 4
Q14 5
Q15 5
Total 100
MN623 – Cyber Security and Analytics – Final Assessment Trimester 1, 2020
Page 3 of 15
Assignment Description
The face to face “Final Examination” has been substituted with the “Exam like” major assessment.
Students are required to follow the assignment specifications and submit their responses on the
Moodle Shell in the stipulated time.
The assignment has following two major sections:
1. Section 1 – Lecture contents related questions and answer (50 Marks)
2. Section 2 – Research based question and business case study (50 Marks)
Note: You can find “IEEE-Reference-Guide.pdf” in your MN623 MOODLE shell under
“Resources for Work Integrated Learning” Folder for referencing purposes in this Exam Like
major assessment.
MN623 – Cyber Security and Analytics – Final Assessment Trimester 1, 2020
Page 4 of 15
Section 1 [50Marks]
Q1. : To understand the working and the characteristics of malware and to assess its impact on the
system, you will often use different analysis techniques. The following is the classification of these
analysis techniques: Static analysis, Dynamic analysis (Behavioral Analysis), Code analysis and
Memory analysis (Memory forensics).
Static analysis defined: This is the process of analyzing a binary without executing it. It is the easiest
kind of analysis to perform and allows you to extract the metadata associated with the suspect
binary. Static analysis might not reveal all the required information, but it can sometimes provide
interesting information that helps in determining where to focus your subsequent analysis efforts.
Now, you have to define and evaluate Dynamic analysis (Behavioral Analysis), Code analysis and
Memory analysis (Memory forensics) in regards to Advanced Malware Analysis.
[9 Marks + 1 Mark for Referencing Style]
Q2. Demonstrate the use of CRUNCH tool to create a Wordlist file to generate a minimum and
maximum word length (2-9) based on your MIT ID and the first seven numbers and two unique
special characters, and store the result in file pass.txt. Give an exampleof two generated passwords
with length of three characters, one number and one special character. After that, use the HYDRA
attacking tool to attack ftp://192.168.1.3 server which has the username ‘tom’ and password
length between 2 and 9, generated by CRUNCH in the previous step.
[3 Marks for CRUNCH demo + 2 Marks for HYDRA demo]
MN623 – Cyber Security and Analytics – Final Assessment Trimester 1, 2020
Page 5 of 15
Q3. Consider the following Play Tennis dataset Table 1 (adapted from: Quinlan, “Induction of
Decision Trees”, Machine Learning, 1986). From this given 14 instances in Table 1, showing
the mapping between X and Y (which machine learning always does).
The decision tree takes the training set and splits it into the smaller subsets based on features.
We repeat this procedure at every node of a tree with different subsets and attributes till
there is no uncertainty that Min will play or not.
i) Which of the major machine learning categories (supervised, unsupervised, or
reinforcement) does this problem fall under? Justify your answer. [3 Marks]
ii) Draw the relevant decision trees using divide and conquer method to predict whether
the Min will play tennis or not based on new feature vector (X). [5 Marks]
iii) Build the Naive Bayes model from the dataset given in Table 1. Remember that 1 is
added to all the counts to avoid the problem of having a probability that is equal to 0.
[9 Marks]
Note: Students can draw relevant decision trees and Naive Bayes model using pen and paper,
take a snapshot and provide as evidence in the Assignment file along with their explanation.
Table 1. Play Tennis dataset
MN623 – Cyber Security and Analytics – Final Assessment Trimester 1, 2020
Page 6 of 15
Q4. Justify the statement “Spam detection is perhaps the classic example of pattern
recognition”. [5 Marks + 1 Mark for Referencing Style]
Q5. The implication of current arrangements is that end-users carry a significant portion of the
risk, and Government has a limited role in protecting a large number of systems critical to our
way of life. Whether these outcomes are correct is one of the most fundamental questions
we need to explore. Who is responsible for managing cyber risks in the economy?
[5 Marks + 1 Mark for Referencing Style]
Q6. Compare and contrast cyber security policy of Victorian and NSW governments? Propose your
cyber security policy for the Victorian Government that they may follow?
[5 Marks + 1 Mark for Referencing Style]
MN623 – Cyber Security and Analytics – Final Assessment Trimester 1, 2020
Page 7 of 15
Section 2 [50 Marks]
Q7. The Advanced Encryption Standard (AES) is used in order to protect data against unauthorised
access and to encrypt. How decryption is done in Advance Encryption Standard? You need to
explain the overall structure of AES including decryption for the case of 128-bit encryption
key.The students need to write the algebraic design of AES S-box? Give an example to showcase
how substitution of bytes actually take place. [4 Marks + 1 Mark for Referencing Style]
Q8. You have to review and write a brief summary in your own words for the following paper
including available in your MN623 MOODLE shell under “Resources for Work Integrated
Learning” .
Iman Sharafaldin, Arash Habibi Lashkari, Saqib Hakak, and Ali A. Ghorbani, “Developing
Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy”, IEEE 53rd
International Carnahan Conference on Security Technology, Chennai, India, 2019
You also need to write a detailed description of the descriptive and predictive data analysis
importance in cybersecurity field. [9 Marks + 1 Mark for Referencing Style]
Q9. You have the ranked vulnerability risk worksheet for 7 assets with given Asset relative value
as shown in the following table. Compare the risk associated with asset 2 and 5 and comment
which one would require higher attention, assuming that uncertainty is 40% and no risk
mitigation is applied. [5 Marks]
Table 2. Ranked vulnerability risk worksheet
MN623 – Cyber Security and Analytics – Final Assessment Trimester 1, 2020
Page 8 of 15
Read the Case Studies given carefully to answer the questions corresponding to the case studies.
Case Study 1 (Considerations for Proactive Cyber Security Measures When Deploying 5G)
Published on Apr 08, 2020.
Full credits to: https://www.pluralsight.com/guides/considerations-for-proactive-cyber-securitymeasures-when-deploying-5g
Introduction
This guide provides you with a first look, as we see it today, of how 5G may impact your cyber
security and the areas where you may need to consider new potential risks for your organization
and enterprise. At this time, many of the component’s parts are yet to be built out and are merely
concepts. This guide is aimed at those with an interest in how implementation of this new
technology could affect the organizations that adopt it, but also for those who need to start
considering the risks and potential mitigations in integrating 5G into their business processes.
What You Need to Know
5G has been positioned as game-changing and suitable for high-risk use cases. However if there are
network performance failures, these could prove costly or catastrophic. Therefore, there is a need
for purchasers of such services to set strict service level agreements (SLAs) with their suppliers. As
with cloud service provisioning, the SLA should include key performance indicators on data
downloads and upload speeds, end-to-end latency, jitter, network availability, or other metrics
relevant to the required performance of apps that are reliant on a 5G connection. Where service
providers are proposing 5G as a replacement for existing, mature technologies such as a wireless
LAN, they require SLAs relevant to the performance of specific apps (voice, UCC, video,
segmentation of IoT endpoints) currently on the WLAN.
One of 5G’s key features will be the opportunity for network slicing, the segmentation of a single
physical network into multiple virtual ones in accordance with particular use cases. A clear benefit
of 5G network slicing for operators will be the ability to deploy only the functions necessary to
support specific customers and particular market segments. Communication between autonomous
cars, for instance, requires minimal latency (the lag time it takes for a signal to travel), but not
necessarily high throughput (the amount of data a network can process per second), while a usecase such as augmented reality will take more bandwidth. With slicing, these needs can be
accommodated by delegating each to its own network-within-a-network.
It is essential that as a community we share existing 5G knowledge to stakeholder communities.
There are a number of additional threats that have not been discussed in this guide that exist in the
current generations, such as unauthorized data access, unlawful interception, compromised
MN623 – Cyber Security and Analytics – Final Assessment Trimester 1, 2020
Page 9 of 15
authentication gateways/keys, etc. Such threats remain but the mitigation is similar if not the same
as previous generations.
Some Suggested Mitigating Controls
Whilst we await the buildout of the component parts discussed and final agreements over
standards, here are some suggested mitigating controls for the deployment of 5G:
 Fine-grained access control and authentication
 Use of Zero Trust Networks or architecture to minimize the potential exposure of your
information
 Use of segmentation and isolation at the network and app layer to minimize the potential
impact of any compromise
 Wide use of encryption, specifically encryption of the IMSI and/or use of improved pseudoidentifiers
 Careful use of cryptographic mechanisms, including public key-based cryptographic
techniques combined with endpoint protection
 Use of monitoring of systems to detect abnormalities and breaches
 Policy-based security management combined with automated security controls
 Comprehensive physical security measures to prevent access to communication equipment
 Use threat modeling
 Vetting by vendors of their staff and monitoring for insider threats.
Ultimately, more so than ever before, it is about designing security from the start as opposed to
retrofitting it. Over time there will no doubt be unknown security vulnerabilities discovered with 5G.
It’s an immature and untested set of technologies which will be inevitable, so it’s important to be
vigilant and proactive to share lessons learnt. For more information, take advantage of the ENISA
report on threat landscape for 5G networks and its findings.
MN623 – Cyber Security and Analytics – Final Assessment Trimester 1, 2020
Page 10 of 15
Answer the following question based on case study 1:
Q10. DumDum Pty Ltd is a successful IT company. You are the IT Manager of DumDum Pty Ltd and
given the responsibility of deploying 5G with all proactive cyber security measures. You need to
write in detail about:
What are your next steps? Identify the relevance of 5G for your organization, pay attention to
the 5G rollout in your area, and conduct research on the different technology components that
are relevant for your particular use cases. Then run each use case through a threat model. This
will help influence your procurement process and design a strategy for continuous control,
testing, and monitoring. Hint: You can discuss 5G Multi-Access Edge Computing (MEC). Full
marks will be provided if you cover all points with justifications.
[9 Marks + 1 Mark for Referencing Style]
Case Study 2 (Penetration testing on hospital data)
You are hired as a penetration testing engineer at Jose Medical Centre (JMC) located in Dandenong,
Australia. The centre provides medical services mostly to pensioners, and JMC is determined to
provide highest security and privacy for their patients and visitors.
On your arrival, you have learnt that JMC provides anonymous FTP access to their database to
external members. In addition, you have learnt that many hospital staff members are not
adequately trained in cybersecurity and often fall for victim to phishing or other attacks. You realize
you may consider more of the preventative security solution for the protection of hospital data. As
the hospital staff members are not well trained, zero day attack seems a major issue.
Answer the following questions:
Q11. Plan your penetration testing process for JMC and describe them in detail. [3 marks]
Q12. Recommend appropriate data analytic techniques for security prevention at JMC. [3 marks]
Q13. Highlight the challenges in data analytic applications with sensitive data. [4 Marks]
MN623 – Cyber Security and Analytics – Final Assessment Trimester 1, 2020
Page 11 of 15
Case Study 3 (IT security checklist)
Full Credits to:
https://www.roberthalf.com.au/sites/roberthalf.com.au/files/documents/Robert%20Half%20Cyb
er-Security%20Defending%20your%20future.pdf
CIOs and IT directors play a key role in protecting and directing a company’s response to IT security
risks. They operate in a rapidly changing technology environment that requires constant reviewing
of their security programs. These six core steps can help them develop and implement an effective
security program.
1. Be proactive: Develop policies and processes that will help your company prevent and
defend itself against cyber-attacks. Instead of waiting for a breach, assume one will
happen and plan accordingly. Ensure that the organisation has the necessary means to
efficiently respond to security breaches. Procrastination is not an option in today’s market.
2. Use Big Data: Use the available data to identify which risks are emerging and receding and
in which areas you need to implement additional cyber-defences. You need to have a plan
in place. There are many IT security tools available and depending on resources, you need
to tick the boxes to make sure you have covered all possible cyber-security risks.
3. Treat IT security as a continuous enterprise-wide process: To conduct thorough risk and
threat analyses, consistently test and re-evaluate existing processes and systems that are
designed to minimise the inherent risks. Include the management, assessment and
monitoring of the potential risks of vendors and suppliers in your analysis. As cyber-security
evolves, your IT security strategy needs to evolve.
4. Have the necessary skills: As the demand for cyber-security experts is outstripping supply,
companies are confronted with a global IT security skills gap. To secure the necessary
expertise, create a talent pipeline by investing in your existing IT professionals through
extensive training, or by hiring additional team members. Also consider the option of using
contract IT professionals or an external consultancy.
5. Get everyone involved: Make everyone in the company aware of the risks associated with
email, social media and confidential information. Not only do you need to make senior
management aware of IT security risks; a basic awareness across the entire organisation is
essential.
6. Support training: Encourage regular training of all personnel on cyber-security policies and
corporate practices. Go beyond the obligatory email to staff informing them of the risks and
support training on safe email, password creation, website and social media practices.
MN623 – Cyber Security and Analytics – Final Assessment Trimester 1, 2020
Page 12 of 15
Answer the following questions:
Q14. Explain the need for cyber security experts and outline how you can address the cybersecurity
concerns highlighted in the CaseStudy in a two-three paragraphs with 5-8 sentences?
[4 Marks + 1 Mark for Referencing Style]
Q15. Evaluate intelligent security solutions based on data analytics and recommend them to CIO and
IT Directors of your organisation OzIT assuming you are IT manager of OzIT.
[4 Marks + 1 Mark for Referencing Style]
MN623 – Cyber Security and Analytics – Final Assessment Trimester 1, 2020
Page 13 of 15
The details about the rubric are as follows:
Grades HD
80% and above
D
70 – 79%
CR
60 – 69%
P
50 – 59%
Fail
<50%
Section 1 (50 Marks)
Question 1
(10 marks)
All elements are
present and very
well integrated.
Demonstrated
excellent ability
to think critically
and sourced
reference
material
appropriately
Components
present with
good cohesion.
Demonstrated
excellent ability
to think critically
but did not
source material
appropriately
Components
presented and
mostly well
integrated.
Demonstrated
an average
ability to think
critically and
sourced
reference
material
appropriately
Most
components
present and an
average
integration.
Demonstrated
an average
ability to think
critically but did
not source
reference
material
appropriately
Lacks
components
and not
integrated well.
Did not
demonstrate
the ability to
think critically
and did not
sourcereference
material
appropriately
Question 2
(5 marks)
Implemented
and
demonstrated
both commands
with excellent
description and
excellent
justification
Implemented
and
demonstrated
both commands
with good
description and
good
justification
Implemented
and
demonstrated
one command
with good
description and
good
justification
Most
components
present and an
average
description and
justification
Lacks
components
and not
Implemented
and
demonstrated
commands
Question 3
(17 marks)
Concise and
specific to the
topic.
Demonstrated
excellent ability
to think critically
Topics relevant
and soundly
analysed.
Demonstrated
good ability to
think critically
Generally
relevant and
analysed.
Demonstrated
an average
ability to think
critically
Some relevance
and briefly
presented
Not relevant to
the questions
asked
Question 4
(6 marks)
Demonstrated
excellent ability
to think critically
and sourced
reference
material
appropriately
Demonstrated
excellent ability
to think critically
but did not
source material
appropriately
Demonstrated
an average
ability to think
critically and
sourced
reference
material
appropriately
Demonstrated
an average
ability to think
critically but did
not source
reference
material
appropriately
Did not
demonstrate
the ability to
think critically
and did not
source
reference
material
appropriately
Question 5
(6 marks)
Demonstrated
excellent ability
to think critically
and sourced
reference
material
appropriately
Demonstrated
excellent ability
to think critically
but did not
source material
appropriately
Demonstrated
an average
ability to think
critically and
sourced
reference
material
appropriately
Demonstrated
an average
ability to think
critically but did
not source
reference
material
appropriately
Did not
demonstrate
the ability to
think critically
and did not
sourcereference
material
appropriately
MN623 – Cyber Security and Analytics – Final Assessment Trimester 1, 2020
Page 14 of 15
Question 6
(6 marks)
Demonstrated
excellent ability
to think critically
and sourced
reference
material
appropriately
Demonstrated
excellent ability
to think critically
but did not
source material
appropriately
Demonstrated
an average
ability to think
critically and
sourced
reference
material
appropriately
Demonstrated
an average
ability to think
critically but did
not source
reference
material
appropriately
Did not
demonstrate
the ability to
think critically
and did not
sourcereference
material
appropriately
Section 2 (50 Marks)
Question 7
(5 marks)
Explained the
overall structure
of AES including
decryption and
write the
algebraic design
of AES S-box
with example in
an excellent way
and sourced
reference
material
appropriately
Explained the
overall structure
of AES including
decryption and
write the
algebraic design
of AES S-box
with example in
a good way and
sourced
reference
material
appropriately
Explained the
overall structure
of AES including
decryption and
write the
algebraic design
of AES S-box
with example in
an average way
and sourced
reference
material
appropriately
Explained the
overall structure
of AES including
decryption and
write the
algebraic design
of AES S-box
with example in
an average way
but did not
source reference
material
appropriately
Did not explain
and did not
source
reference
material
appropriately
Question 8
(10 marks)
All elements are
present and very
well integrated
and sourced
reference
material
appropriately
Components
present with
good cohesion
and sourced
reference
material
appropriately
Components
presented and
mostly well
integrated and
sourced
reference
material
appropriately
Most
components
present and an
average
integration but
did not source
reference
material
appropriately
Lacks
components
and not
integrated well
and did not
source
reference
material
appropriately
Question 9
(5 marks)
Compared the
risk associated
with asset 2 and
5 with all
formulas given.
All elements are
present and very
well integrated
Compared the
risk associated
with asset 2 and
5 with all
formulas given.
Components
present with
good cohesion
Compared the
risk associated
with asset 2 and
5 with all
formulas given.
Components
presented and
mostly well
integrated
Compared the
risk associated
with asset 2 and
5 with all
formulas given.
Most
components
present and an
average
integration
Did not
compare and
Lacks
components
and not
integrated well
Question 10
(10 marks)
Excellent
description and
excellent
covering all
points with
justifications.
Excellent
description and
good covering
all points with
justifications.
Good
description and
tried to cover all
points with
justifications.
Good description
and did not try to
cover all points
with
justifications.
Poor description
and poor
justification.
Question 11
(3 marks)
Concise and
specific to the
topic
Topics relevant
and soundly
analysed
Generally
relevant and
analysed
Some relevance
and briefly
presented
Not relevant to
the assignment
topic
MN623 – Cyber Security and Analytics – Final Assessment Trimester 1, 2020
Page 15 of 15
Question 12
(3 marks)
Excellent
comprehension
and precise
Excellent
comprehension
and but fuzzy
Average
comprehension
and but clear
Average
comprehension
and but fuzzy
Not well
comprehended
and fuzzy
Question 13
(4 marks)
All elements
are present
and very well
integrated
Components
present with
good cohesion
Components
presented and
mostly well
integrated
Most
components
present and an
average
integration
Lacks
components
and not
integrated well
Question 14
(5 marks)
Demonstrated
excellent ability
to think
critically and
sourced
reference
material
appropriately
Demonstrated
excellent ability
to think critically
but did not
source material
appropriately
Demonstrated
an average
ability to think
critically and
sourced
reference
material
appropriately
Demonstrated
an average
ability to think
critically but did
not
sourcereference
material
appropriately
Did not
demonstrate
the ability to
think critically
and did not
source
reference
material
appropriately
Question 15
(5 marks)
Demonstrated
excellent ability
to think
critically and
sourced
reference
material
appropriately
Demonstrated
excellent ability
to think critically
but did not
source material
appropriately
Demonstrated
an average
ability to think
critically and
sourced
reference
material
appropriately
Demonstrated
an average
ability to think
critically but did
not source
reference
material
appropriately
Did not
demonstrate
the ability to
think critically
and did not
source
reference
material
appropriately
IEEE
Reference
style
(Total marks
from Section
1 and Section
2 = 9 marks)
Clear style
with an
excellent
selection of
references
Clear
referencing style
Generally good
referencing style
Sometimes clear
referencing style
Lacks
consistency with
many errors
END OF MAJOR ASSIGNMENT
REPLACING FINAL EXAMINATION