BSBXCS301 Assessment 1

.docx

School

Canberra Institute of Technology *

*We aren’t endorsed by this school

Course

BSBXCS301

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

Uploaded by CoachWolverine3943

Assessment Written Student Name: CIT Number: Competency Title, Code and Banner Code CRN BSBXCS301 Protect own personal online profile from cyber security threats Assessment Type ☒ Written ☐ Case Study ☐ Project ☐ Assignment ☐ Other Assessment Name Assessment 1: Knowledge Test Assessment Date Student Statement: This assessment is my own work. Any ideas and comments made by other people have been acknowledged. I understand that by emailing or submitting this assessment electronically, I agree to this statement. Student Signature: Date: PRIVACY DISCLAIMER: CIT is collecting your personal information for assessment purposes. The information will only be used in accordance with the CIT Privacy Policy. Assessor Feedback ☐ Student provided with feedback Attempt 1 ☐ Satisfactory ☐ Not Yet Satisfactory Date: / / Attempt 2 ☐ Satisfactory ☐ Not Yet Satisfactory Date: / / Assessor Name: Adnan Syed Assessor Signature: Adnan Note from Assessor: Please record any reasonable adjustment that has occurred for this assessment. © Canberra Institute of Technology Page 1 of 11 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023

Assessment Task Instructions for Students In this assessment you will be required to answer a series of scenario-based questions. In the scenario, you will be working as an IT service officer in an organisation. To be successful in this assessment, you are required to have clear knowledge and understanding on the concepts below:  legislative requirements relating to reporting cyber security threats  organisational policies and procedures relating to online profiles, including escalation routes for cyber security issues  password management policies and practices  protocols for handling personally identifiable information  Multi-factor authenticator  connecting to public Wi-Fi via virtual private networks (VPNs)  Phishing, social media, social engineering, malware  Physical and logical threat  Software patching  Basic cyber security principles Time allowed : See Subject Guide Assessment range and conditions :  Student needs to have access to any and all resources. If resources are used, then appropriate referencing must be adhered to.  Student is to submit this assessment in a timely manner and if an extension is required, to contact the teacher within an appropriate timeframe. Materials provided and Materials you will need:  Assessment paper and instructions  Access to eLearn  Access to CIT computers, internet access to research material  Access to MS Office applications including MS Publisher  Access to email account and browser account Information for students: You may have two (2) attempts for this assessment.  If your first attempt is not successful, your teacher will discuss your results with you and will arrange a second attempt.  If your second attempt is not successful, you will be required to re-enrol in this unit. Only one re-assessment attempt will be granted for each assessment item. © Canberra Institute of Technology Page 2 of 11 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023

Question 1 1.1 What is information security? What are the three main components for information security? (at least 50 words) Information security is the system that protects sensitive or personal information leakage to unauthorized users or attackers where the information can be modified, destroyed or used for identity purposes. There is a security framework called AAA (Authentication, Authorisation and accounting) Which actually safe guards and protects the access to the resources or assets. Three main components of information security are confidentiality, integrity and availability, the CIA triad. Question 2 a) Define confidentiality with examples (at least 30 words) Confidentiality is something that is private to the individual or an organisation and is encrypted. The information is accessed by the authorized individuals only. Examples of confidential information are personal information such as a person's name, phone number, address, medical records and financial records of an institution. b) Define integrity with examples (at least 30 words) Integrity means where the data that is stored is intact or accurate and it has not been corrupted by malicious software or manually. Techniques such as hashing are being used to maintain the integrity. Examples of the data that is stored in a database of an organisation is not being manipulated or destroyed by any means and is complete to be communicated. C) Define availability with examples (at least 30 words) Availability is the timely and reliable access of the data or resources by the authorised and authenticated user. Examples include login to Netflix account by the authorised user and being able to use the resource on demand. Question 3 Under which legislative requirements an organisation or agency must report a data breach to the relevant authority? A data breach occurs when the personal data held by an organisation is disclosed or is accessed by unauthorised users. According to the Privacy Act 1988 and under the Notifiable Data Breaches (NDB) scheme any organisation or agency must report the data breach and notify the affected individuals. Examples include when a personal device that has personal information is lost or stolen or is given to any strangers. Database with personal information of an organisation is hacked. © Canberra Institute of Technology Page 3 of 11 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023

Question 4 What is multi-factor authentication? How does it improve the security of your account? (at least 40 words) Multi Factor Authentication (MFA) means accessing the services with two or more forms of authentication. If one has MFA for accounts, they are less likely to get hacked. Even if there is any attack by malicious software, it comprises one form of authentication such as a password and the attacker will not gain access to the accounts as they are being stopped by the second authentication factors such as an OTP, biometrics or fingerprints. Question 5 Define each of the item below: (at least 20 words for each) a) Phishing The attacker uses a vector such as emails where vulnerable links are being sent to be clicked by the user to exploit the weaknesses to gain access to the assets, which is called Phishing. b) Social engineering It is easier to exploit individuals rather than a network and attackers get access to the personal information by pretending as a known person in social websites. c) Malware It is a program or file that is used to infect the computer or a network that is being used by the attackers to gain access for the sensitive information. d) Encryption It is a way companies and individuals use to protect the sensitive information being read by the unauthorised persons or hackers. The data is encoded and it will only be decrypted by the user who is authorised to open it. Question 6 Please create a strong password and take screenshots each step as below. Even a strong password needs to be changed on regular basis to protect your online profile. Note: screen shots have been provided to support in creation of the passwords and screen shots. You are required to create your own passwords and not use the examples provided. 1) Go to © Canberra Institute of Technology Page 4 of 11 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help