TSC2151 – Cybersecurity Fundamentals

Name: MUHAMMAD ISMAIL HAMZA ID: 1201303165

TUTORIAL 2

Marks are allocated based on the rubrics below. Each question is allocated 1 mark, total
marks will be normalized to 4 marks.

Please make sure that your solution is properly cited and referenced, where applicable.
Failing to do so, your solution will not be graded.

Please fill up and submit this document in PDF format to Google Classroom. Late
submissions will not be accepted and graded. Please take note of the deadline and the
deadline follows Google Classroom’s system’s time, not your PC’s time. Do submit early
in and don’t take the risk of being cut off from the submission.

Rubrics:
No evidence/wrong Average Good
solution/no citation or
0.5 mark 1 mark
references
0 mark
No evidence of solution; or Partially correct or Correct and complete
wrong solution; or no incomplete solution. solution.
citations and references
where applicable.

1. Consider this case of an intrepid identity thief. The perpetrator, Jane, encounters the
victim, John, online in a chat room. John is using his real first name but only his last
initial. However, over a series of online conversations between Jane and John, he does
reveal personal details about his life (marital status, children, occupation, region he lives
in, and so forth). Eventually, Jane offers John some piece of information, such as
perhaps an investment tip, as a trick to get John’s email address from him. Once she
gets his email address, an email exchange begins outside of the chat room, wherein
Jane purports to give John her real name, thus encouraging John to do the same. Of
course, the perpetrator’s name is fictitious, such as “Mary.” But Jane now has John’s real
name, city, marital status, occupation, and so on.

Jane can try a number of options, but in this case she begins by using the phone book or
the Web to get John’s home address and phone number. She can then use this
information to get John’s Social Security number in a variety of ways. The most
straightforward would be to go through John’s trash while he is at work. However, if John
 works in a large company, Jane can just call (or enlist someone to call), claiming to be
John’s wife or another close relative, wanting to verify personnel data. If Jane is clever
enough, she may come away with John’s Social Security number. Then it is a trivial
matter to get John’s credit report and to get credit cards in his name.

From this scenario, consider the following questions:

1.1. What reasonable steps could John have taken to protect his identity in the chat
room?
John could have taken the step to safeguard his identity in the chat room by making
use of a fictious name and by taking appropiate measures before revealing his
identity , John should not trust anyone
reference

https://www.chegg.com/homework-help/questions-and-answers/chapter-3-case-stud
y-discussion-consider-case-intrepid-identity-thief-perpetrator-jane-enc-q56481081

1.2. What steps should any employer take to prevent being unwittingly complicit in
identity theft?
1. Store and protect personal information

Employees trust their employers with a lot of personal information, such as their
social security number and home address, so it’s the employer’s duty to make sure
this information is protected. Employers must make sure their companies have the
correct storage and protection in place.

There are a variety of safety precautions an employer can take, starting with the
most basic protection of locking documents containing personal information in a
sturdy filing cabinet or secure location. Employers should also make sure that any
employee information stored on a computer or database is password protected, so
unauthorized employees cannot gain access to this information.

The final step is to make sure any servers containing employee information are
encrypted so it’s more difficult for unauthorized users to access.

2. Set strict policies and procedures

Even if you have all of this information stored in a secure location or protected with a
top-notch encryption, it will not be safe if you don’t have policies and procedures
describing who can access this information and how. Make sure protective
procedures are in place, such as shredding an employer’s username, password and
documents with personal information if they’re no longer needed.
There should be consequences for employees who don’t follow the appropriate
policies and procedures, since their misconduct could be putting your employees’
information in jeopardy. To make sure they stay up-to-date, you should take a look at
these policies and procedures about once per year.

3. Educate employees on identity theft

Even if you’re taking all of the necessary steps to protect their identities in the
workplace, your employees may not be taking steps to be proactive in their personal
life or may not even be aware of how serious identity theft actually is. A lot of people
aren’t aware of how easy it is for someone to steal their identity, and as a result, they
make crucial mistakes that could be putting their identity in jeopardy.

4. Offer identity theft protection as an employee benefit

If you want to be a proactive employer who is really working to protect your

employees’ identities, then you may want to consider offering identity theft protection
to your employees as a benefit. These services work to protect personal information
by monitoring it on the Internet black market as well as the activity on credit reports

reference

https://www.bizjournals.com/bizjournals/how-to/funding/2014/07/4-tips-to-protect-you
r-employees-from-identity.html

2. Chiao Chien manages IT security for a school. Given the wide range of people who use
the school’s computers, it is difficult for Chien to prevent virus attacks. Chien has a
reasonably good budget and has installed antivirus software on every machine. He also
has a firewall that has all unneeded ports blocked, and a school policy prohibits the
download of any software from the Web.

Consider the following questions:

1.1. How secure do you think Chien’s network is from virus attacks?

On the basis of given security factors that Chien has implemented on his
school's computers, it can be stated that the network is quite secure for low
level and certain high level vulnerabilities and potential threats that may
attack the computer.Chiao Chien looks that he has taken care of threats or
 virus regarding the use of pen drives or memorycards where there is high
chances of virus to be spread.

reference

https://www.chegg.com/homework-help/questions-and-answers/chiao-chen-
manages-security-school-given-wide-range-people-use-school-s-computers-
difficul-q94215227

1.2. What areas has Chien not secured? What recommendations would you make to
Chien?

He does not seem to do anything about attacks coming from emails which is the most
commonway virus get onto computers.