Category: Computer science : Cybersecurity

Essay Question:  Length: 800- 900 words.  Use APA format for in-line citations and references.  (30 pts.)
Compare and contrast symmetric and asymmetric encryption algorithms.
•    Your response should include a brief overview of the cryptographic basis for each type of algorithm, and a comparison of their strengths and vulnerabilities. [20 pts]
•    Describe how a hacker might go about cracking a message encrypted with each type of algorithm. [6 pts]
•    Suggest a specific application for each type of algorithm (symmetric and asymmetric) where the advantages clearly outweigh the disadvantages. [4 pts]
•    Remember to address all points

Essay Question:  Length: 800- 900 words.  Use APA format for in-line citations and references.  (30 pts.)
Compare and contrast symmetric and asymmetric encryption algorithms.
•    Your response should include a brief overview of the cryptographic basis for each type of algorithm, and a comparison of their strengths and vulnerabilities. [20 pts]
•    Describe how a hacker might go about cracking a message encrypted with each type of algorithm. [6 pts]
•    Suggest a specific application for each type of algorithm (symmetric and asymmetric) where the advantages clearly outweigh the disadvantages. [4 pts]
•    Remember to address all points

Scenario
The Entertainment Team (ET — part of Resort Operations at Padgett-Beale, Inc.) is excited about a new event management platform and is ready to go to contract with the vendor. This platform is a cloud-based service that provides end-to-end management for events (conferences, concerts, festivals). The head of Marketing & Media (M&M) is on board and strongly supports the use of this system. M&M believes that the data collection and analysis capabilities of the system will prove extremely valuable for its efforts. Resort Operations (RO) also believes that the technology could be leveraged to provide additional capabilities for managing participation in hotel sponsored “kids programs” and related children-only events.
For an additional fee, the event management platform’s vendor will provide customized Radio Frequency Identification (RFID) bands to be worn by attendees. 
The RFID bands and RFID readers use near-field communications to identify the wearer and complete the desired transactions (e.g. record a booth visit, make a purchase, vote for a favorite activity or performer, etc.).
The RFID bands have unique identifiers embedded in the band that allow tracking of attendees (admittance, where they go within the venue, what they “like,” how long they stay in a given location, etc.). 
The RFID bands can also be connected to an attendee’s credit card or debit card account and then used by the attendee to make purchases for food, beverages, and souvenirs. 
For children, the RFID bands can be paired with a parent’s band, loaded with allergy information, and have a parent specified spending limit or spending preauthorization tied to the parent’s credit card account.
The head of Corporate IT has tentatively given approval for this outsourcing because it leverages cloud-computing capabilities. IT’s approval is very important to supporters of this the acquisition because of the company’s ban on “Shadow IT.” (Only Corporate IT is allowed to issue contracts for information technology related purchases, acquisitions, and outsourcing contracts.) Corporate IT also supports a cloud-based platform since this reduces the amount of infrastructure which IT must support and manage directly.
The project has come to a screeching halt, however, due to an objection by the Chief Financial Officer. The CFO has asked that the IT Governance Board investigate this project and obtain more information about the benefits and risks of using RFID bands linked to an external system which processes transactions and authorizations of mobile / cashless payments for goods and services. The CFO is concerned that the company’s PCI Compliance status may be adversely affected.
The Chief Privacy Officer has also expressed an objection about this project. The CPO is concerned about the privacy implications of tracking both movement of individuals and the tracking of their purchasing behaviors.
The IT Governance Board agreed that the concerns expressed by two of its members (the CFO and CPO) have merit. The board has requested an unbiased analysis of the proposed use cases and the security and privacy issues which could be reasonably expected to arise. 
The IT Governance Board has also agreed to a request from the Chief of Staff that the management interns be allowed to participate in this analysis as their final project. Per the agreement, their involvement will be limited to providing background research into the defined use cases for cashless purchases. These use cases are:
1.    Purchases for craft materials and snacks by children (under the age of 13) attending a hotel sponsored “kids club” program. 
2.    Purchases by Individuals attending a music festival or other event where IDs must be checked to establish proof of age (legal requirement for local alcoholic beverage consumption).
3.    Purchases by attendees at trade shows (attendees are “adults”).
Your Task
Pick one of the three use cases listed above. Then, follow the directions below to complete the required research and write your final report. 
Research
1.    Read / Review the readings in the LEO Classroom.
2.    Read this introduction to RFID technologies
3.    Research one or more of the Use Cases
o    Children: 8 Benefits of Using RFID Wristbands for Resorts & Attractions (see section 4: Family Freedom) and Tappit launches new RFID wristband safety functionality
o    Managing Adult Attendees at Music Festivals (includes RFID bands linked to twitter, Facebook, and credit/debit card): RFID wristbands vs NFC apps: What’s Winning the Contactless Battle? 
o    Tracking Adults at Trade Shows: RFID wristbands – the good, the bad and the ugly 
4.    Choose one of the Use Cases then find and review at least two additional resources on your own that provides information about privacy and security related laws that could limit or impose additional responsibilities upon Padgett-Beale’s collection, storage, transmission, and use of data about guests. (Note: laws may differ with respect to collecting data from or about children.) You should also investigate laws, regulations, or standards which impact the use of the RFID bands for mobile purchases.
5.    Using all of your readings, identify and research at least 7 security and privacy issues which the IT Governance Board needs to consider and address as it considers the implications of your chosen use case upon the adoption or rejection of the proposed IT project (Event Management Platform & RFID bands).
6.    Then, identify 7 best practices that you can recommend to Padgett-Beale’s leadership team to reduce and/or manage risks associated with the security and privacy of data associated with the event management platform.
Write
Write a five-page report using your research. At a minimum, your report must include the following:
1.    An introduction or overview of event management systems and the potential security and privacy concerns which could arise when implementing this technology.  This introduction should be suitable for an executive audience. Provide a brief explanation as to why three major operating units believe the company needs this capability.
2.    An analysis section in which you address the following:
a.    Identify and describe your chosen Use Case
b.    Identify and describe 7 or more types of personal / private information or data that will be collected, stored, processed, and transmitted in conjunction with the use case. 
c.    Identify and describe 5 or more compliance issues related to the use of the RFID bands to make and track mobile purchases.
d.    Analyze and discuss 7 or more privacy and security issues related to the use case.
e.    Identify and discuss 3 or more relevant laws, regulations, or standards which could impact the planned implementation of the event management system with RFID wrist bands.
3.    A recommendations section in which you identify and discuss 8 or more best practices for security and privacy that should be implemented before the technology is put into use by the company. Include at least 2 recommendations in each of the following categories: people, processes, policies, and technologies. 
Take Action
  Review the difference between a process and a policy.
4. A closing section (summary) in which you summarize the issues related to your chosen use case and the event management platform overall. Include a summary of your recommendations to the IT Governance Board.

Step 1 | Choose a carrier medium for the hidden message. This could be an image, audio file, video file, or another type of digital file. For this exercise, you will be working with an image.
    Download the photo from the following link. https://en.wikipedia.org/wiki/File:Journal.pone.0138352.g001A.jpg
    Links to an external site.
    Rename the file with your first name initial and full last name (i.e., dfavors.jpg)
    What is the size of the file?
Step 1. Use the link to download the image naming the file first initial last name.

Step 2 | Select a steganographic algorithm to use for embedding the hidden message into the carrier medium. This should be an appropriate algorithm for the type of file you are using as the carrier medium (an image).
    Visit Steganography Online at https://stylesuxx.github.io/steganography/
    Links to an external site.
    Encode the Message by pressing the “Choose File”  button and upload the photo that you named.
Step 3 | Create the hidden message that you want to embed into the carrier medium. This could be a text message, image, audio file, or another type of digital file. For this exercise, you will be utilizing your Module 9 Reflection Paper text.
    In the text box “Enter your message here” copy and paste the text from your Module 9 Discussion Post.
Step 3. Select image and input text from your Module 9 reflection paper.
Step 4 | Use the chosen steganographic algorithm to embed the hidden message into the carrier medium. This process will typically involve modifying the digital bits of the carrier medium in a way that is not detectable to the naked eye.
    Press the “encode” button
    Right-click the last photo and “save the image as” your first name initial, and your full last name with an “s” at the end. (i.e., dfavorss)
Step 4. Right-click the last photo and “save the image as” your first name initial, your full last name with an “s” at the end. (i.e., dfavorss)
Step 5 | Once the hidden message has been embedded into the carrier medium, you can share the resulting file with the intended recipient.
    What is the size of the file?
    What file type of the file?
Step 6 | The recipient can then use a steganography decoder to extract the hidden message from the carrier medium. This typically involves applying the same steganographic algorithm that was used to embed the message in the first place.
    Select the “Decode” tab at the top left side of the page under the title.
Step 7 | After the hidden message has been extracted from the carrier medium, it can be viewed or used by the recipient.
    Select the “Choose File” button and upload the encoded file ending with “s.”
        Is the message visible?
        Screenshot this page and upload it as a document in the appropriate dropbox for assignment completion.
Step 7. Final screenshot for submission
Review the Grading Rubric
Links to an external site. (PDF) for details on how your report will be evaluated.
Assignment Submission Steps
    Click on Module 9 | Steganography Exercise link within Module 9 or directly from within the Assignments tab on the course home menu.
    Upload your screenshot image into the submission box.
    Optionally, you may also type comments for your SME and facilitators to review regarding your submission.
    Click Submit.

Introduction: The Incident Response Life Cycle begins with Preparation and moves to the process of Detection & Analysis and Containment Eradication & Recovery. It concludes with Post-Incident Activity.
This document involves the three common incident response scenarios. For the threat featured in each scenario, outline three ways to protect against the threat, three ways used to detect the threat, and three ways for responding to the threat.
Instructions
Scenario 1: Insider Threat
One of the hardest attacks to mitigate is the attack executed by an insider who has the authorization to take advantage of the rights and privileges bestowed upon the user within the organization. These attacks of opportunity can cause serious damage. One employee that is intent on harming the organization or commits an act of carelessness can leave an organization defenseless.
Please write a paragraph on each of the following (for a total of three paragraphs):
1.    Protect: Three ways to protect the organization from an insider threat.
2.    Detect: Three ways to detect the threat within the organization such as IoCs.
3.    Respond: Three ways to respond to the threat based on the Incident Response Life Cycles.
Scenario 2: Security Gaps
Motivated offenders use a myriad of tools, tactics, and techniques to target organizations through numerous vectors. An environment that does not routinely validate its security posture, policies, and procedures can allow the attackers unauthorized entry into your network. All it takes is one asset within your organization that has been overlooked and it can create a conduit into your network that can cause data compromise.
Please write a paragraph on each of the following (for a total of three paragraphs):
1.    Protect: Three ways to protect an organization from the threat of malware.
2.    Detect: Three ways to detect the threat.
3.    Respond: Three ways to respond to the threat based on the Incident Response Life Cycle.
Scenario 3: DDoS
Distributed denial of service (DDoS) attacks are still a major concern within an organization as they can be leveraged to cause a diversion while data exfiltration takes place in another part of your network. The attacks are designed to overwhelm system resources while not allowing legitimate traffic within the network. These attacks can change their signatures and can be executed within varying levels of sophistication and hence the reason for the concern.
Please write a paragraph on each of the following (for a total of three paragraphs):
1.    Protect: Three ways to protect an organization from the threat.
2.    Detect: Three ways to detect the threat within an organization such as IoCs.
3.    Respond: Three ways to respond to the threat based on the Incident Response Life Cycle.

Background: This document, will be an incident response runbook (aka. playbook or “use case”), a written guide for identifying, containing, eradicating, and recovering from cybersecurity incidents. An Incident Response Playbook (Runbook) is designed to provide a step-by-step walk-through for the most probable and impactful cyber threats to an organization. The playbook will ensure that specific steps of the Incident Response Plan are followed appropriately and serve as a reminder if particular steps in the IRP are not in place.
An end-user receives an email from the help desk stating that there was an irregular activity associated with their email account and that they can only send or receive emails once it is resolved. Several end users click the link in the email, and immediately items on their workstations act strangely. Suddenly none of the files on the workstation can be opened and now end in ”.crypt.” A message on the end user’s screen demands payment of 1.84 Bitcoins as a ransom for the organization’s now encrypted data. As of May 2021, Bitcoin is approximately $54,301/Bitcoin, making the ransom in this scenario shy of $100,000. 
Soon after that, other employees also report strange notes on their screens. Before long, all computers – workstations and servers – have the popup on their screens and cannot function. This is where the Incident Response process begins.
Instructions: please include the following
1.    An overview section of the identified threat details information about the threat.
2.    Preparation steps or triage processes are needed to prevent or recover from the threat:
o    Contact information of the in-house IR team
o    Communication tree
o    Escalation & notification procedures and reporting mechanism
3.    Detection, Identification, and Analysis of the likely symptoms from the type of threat:
o    Steps implemented for detection
o    Identification matrix for High, Medium, and Low threat categories
o    Incident validation – tools or systems used to confirm and verify the possible delivery vector of the threat
4.    Containment, Eradication, and Recovery:
The third phase, containment, is the initial attempt to mitigate the attacker’s actions. It has two major components: stopping the attack’s spread and preventing further system damage. An organization must decide which containment methods to employ early in the response. Organizations should have strategies and procedures for making containment-related decisions that reflect the level of risk acceptable to the organization according to the threat type.
5.    Post-Incident Activity/Lessons Learned:
Post-incident refers to identifying lessons to be learned after actions and review. This section needs to address questions such as:
o    What happened?
o    Have we done well in protecting the organization’s network?
o    What could we have done better?
o    What should we do differently next time?

Our reading this week and last looks at some aspects of the relationship between computer forensics and IDS, and specialized kinds of tools that can be used for intrusion analysis. For this session’s conference, find and summarize an example of ways IDS tools or techniques are used in computer forensics. Your example might include a specific instance of where IDS contributed to a successful forensic investigation, or a more general description of how a product or type of IDS tool could be used in support of forensic analysis.