Type of assignment: This assignment is individual.
Points: The maximum number of points for this assignment is 27, which will be prorated accordingly after all assignments are posted.
- For 6 points: Analysis of a real incident:
- Using no more than half a page, summarize a real security incident that has been reported in English-speaking online public media (e.g., The register, Ars Technica, Bruce Schneier’s blog, ZDnet) on or after October 2020. Provide reference(s) to the original report of the incident and the corresponding URL. The TA should be able to verify the information in your summary by accessing the original report using your reference or URL. Choose an incident that is amenable to the task at hand.
- Using another half a page, analyze (1) the value of the assets at risk, (2) threats to these assets, and (3) threat agents, for the stakeholder(s) that experienced most damage, as a result of that incident. If necessary make reasonable assumptions and state them clearly. Classify which of the CIA properties of the valuable assets were reduced as a result of the incident.
- For 6 points: Analyze (1) the value of the assets at risk, (2) threats to these assets, and (3) threat agents, for any two of the following futuristic scenarios. See the videos for each of the scenarios.
- For 5 points: Provide an adversary model of the attacker(s) based on the information found about the incident you used for problem 1.
- For 4 points: Provide a threat model using just the details of the incident from problem 1. While this threat model is not expected to be comprehensive and complete, it’s expected to be based on the information available about the details of the attack.
- For 6 points: Suggest and describe ways to manage risk for the assets from problems #1 & #2.