Assignment 1

Type of assignment: This assignment is individual.

Points: The maximum number of points for this assignment is 33, which will be prorated accordingly after all assignments are posted. Weight of each problem is in parenthesis.

Format: Assignment submissions are accepted in PDF formats only. Assignments submitted in any other format will be discarded without marking and 0 points will be given. All text in the assignment submissions must be typed and figures (if any) plotted to be easy to read and understood.

Format your answer and references in the course assignment template (word, latex, overleaf).

How to Submit: via Canvas.

Problems

  1. (6 points) Analysis of a real incident:
    1. Using no more than half a page, summarize a real security incident that has been reported in English-speaking online public media (e.g., The register, Ars Technica, Bruce Schneier’s blog, F-secure web blog, ZDnet) on or after October 2018. Provide reference(s) to the original report of the incident and the corresponding URL. The TA should be able to verify the information in your summary by accessing the original report using your reference or URL. Choose an incident that amenable to the task at hand.
    2. Using another half a page, analyze (1) the value of the assets at risk, (2) threats to these assets, and (3) threat agents, for the stakeholder(s) that experienced most damage, as a result of that incident. If necessary make reasonable assumptions and state them clearly. Classify which of the CIA properties of the valuable assets were reduced as a result of the incident.
  2. (6 points) Analyze (1) the value of the assets at risk, (2) threats to these assets, and (3) threat agents, for any two of the following futuristic scenarios. See the videos for each of the scenarios.
    1. Health
    2. Finances
    3. Voting
  3. (5 points) For each threat in problem #2, classify which of the CIA properties of the assets would be reduced if the threat were realized.
  4. (6 points) Suggest and describe ways to manage risk for the assets from problems #1 & #2.
  5. (10 points) Read paper [1]. For each attack described in the paper, list in a table form (1) owners, (2) vulnerabilities, (3) threats, (4) threat agents, (5) risks, (6) assets, and (7) countermeasures (as proposed in the paper).

References

  1. Nolen Scaife, Christian Peeters, and Patrick Traynor. “Fear the Reaper: Characterization and Fast Detection of Card Skimmers” in Proceedings of 27th USENIX Security Symposium (USENIX Security 18), USENIX Association, August 2018, pp. 1-14.