TM311: Information Security

Tutor-Marked Assignment (TMA) Spring 23/24

Cut-Off Date: Based on the Published Deadline.

Total Marks: 60 marks turned to 15 marks

Contents
Warnings and Declaration…………………………………….………………………………......1
Question 1 ……………….…………………………………. ………………………………...…..2
Question 2 ………………………………………………………………………………….…..…..3

Plagiarism Warning:
As per AOU rules and regulations, all students are required to submit their own TMA
work and avoid plagiarism. The AOU has implemented sophisticated techniques for
plagiarism detection. You must provide all references in case you use and quote
another person's work in your TMA. You will be penalized for any act of plagiarism as
per the AOU's rules and regulations.

Declaration of No Plagiarism by Student (to be signed and submitted by student

with TMA work):

I hereby declare that this submitted TMA work is a result of my own efforts and I have
not plagiarized any other person's work. I have provided all references of information
that I have used and quoted in my TMA work.
Name of Student:……………………………..
Signature:………………………………………... Date:
…………………………………………………

TM311 / TMA Page 1 of 3 2023/2024 Spring

Q1 [40 marks]: Assume that you have been assigned to design a Secure Online Banking
System. This system should enable customers to perform typical banking activities such
as checking balances, transferring funds, paying bills, and applying for loans. The main
objective is to identify potential threats and vulnerabilities in the system and propose
mitigation strategies to enhance its security. Based on the above details, answer the
following:

Use Microsoft Threat Modeling Tool 2020 to create the model that represents the
online banking system. Your model should include external entities, processes, data
stores, and data flows. The deliverable of this question is a comprehensive report that
include the following:

 Identify all the possible users of your system (Legitimate and non-legitimate)? [5
marks]

 Identify the core assets of the systems [5 marks]

 Attach a screenshot of the model from the tool. [15 marks]

TM311 / TMA Page 2 of 3 2023/2024 Spring

 Generate a report from the Microsoft Threat Modelling Tool and summarize your
finding by listing all possible threats and their mitigations as follows (also attach a
screenshot): [15 marks]

Threat
Identification Affected Asset Impact Mitigation
(STRIDE)

Q2 [20 marks]: In May 2017, the WannaCry ransomware attack swept across the globe,
affecting more than 200,000 computers in 150 countries. The malware exploited
vulnerabilities in Microsoft Windows operating systems, encrypting data and demanding
ransom payments in Bitcoin. Significant impacts were felt across various sectors,
including healthcare, where the UK's National Health Service (NHS) experienced major
disruptions.
You are asked to select three research papers (conference or journals) and provide the
following details on each one:
 The title of the paper.
 The journal/conference name and date of publication.
 What is the research problem statement? [between 100-200 words]
 What is the objective of the research? [between 100-200 words]
 The reference in APA style.

TM311 / TMA Page 3 of 3 2023/2024 Spring