SIT382 System Security | My Assignment Tutor

SIT382 System SecurityAssessment 1 – Research EssayTrimester 2 2021Objectives: see ULO1, ULO2, GLO1, GLO2, GLO4 in the unit guide.Due Date: 8pm Friday August 27, 2021Delays caused by computer downtime cannot be accepted as a valid reason for late submissionwithout penalty. Students must plan their work to allow for both scheduled and unscheduleddowntime.Submission Details:You must submit an electronic copy of your assessment solutions in Microsoft Word (.doc or .docx)for the research essay via CloudDeakin. The PDF format may cause issues in the Turnitin system. Soplease avoid using PDF format.It is the student’s responsibility to ensure that they understand the submission instructions. If youhave ANY difficulties, ask the teaching team for assistance (prior to the submission date).Copying, Plagiarism Issues:This is an individual assessment. You are not permitted to work as a part of a group when writing thisassessment.Plagiarism is the use of other people’s words, ideas, research findings or information withoutacknowledgement, that is, without indicating the source. Plagiarism is regarded as a very seriousoffence in Western academic institutions and Deakin University has procedures and penalties to dealwith instances of plagiarism.In order not to plagiarise, all material from all sources must be correctly referenced. It is necessary toreference direct quotes, paraphrases and summaries of sources, statistics, diagrams, images,experiment results and laboratory data – anything taken from sources.When plagiarism is detected, penalties are strictly imposed. Details on plagiarism can be viewed onlineat Assessment 1Total marks: 40The reliance of our society on IT systems has dramatically increased over recent years. Unfortunately,the value of the assets that could be compromised through an IT system extends beyond the monetaryvalue: it is impossible to ignore that the security of IT often affects the safety of OperationalTechnologies (OT). IT systems suffer from failures in maintaining security because of their increasingcomplexity, the evolution of attackers’ capabilities, and the increasing value of the assets that theyhold. Exploitable vulnerabilities and risks will always exist, and their characteristics can change overthe course of an IT system’s life. There is, however, a need to manage within acceptable parametersthese errors, vulnerabilities and risks over the life of IT system. The task of those responsible for thesecurity of IT systems is to establish acceptable levels of security assurance and risk objectives for theIT system.In terms of IT security, adequate security assurance signifies that specific predefined securityrequirements have been addressed through the presentation of a security assurance case: it is theresult of performing appropriate security assurance processes and activities. These security assuranceprocesses and activities need to be described in the form of a reasoned and compelling argument (ormany arguments), supported by a body of evidence for a security-related claim. Such a claim istypically about certain Security Targets being met by product, system, service or organisation.Security assurance requirements are determined from the security problem posed by the deliverable(and potentially other factors), influencers, security requirements, and the target environment for thedeliverable. As such, it is important to understand and specify the scope and boundaries for adeliverable that is subject to a security assessment.Security assurance arguments substantiate security assurance claims which means that the argumentsshould be structured in the appropriate manner. In general, security assurance arguments can beconstructed in many different ways and drawn from many different sources. However, for thisassessment Target of Evaluation (TOE) is a product or service. Security assurance argument must bebased on one of the following alternatives:(a) Tools/methods used to test and evaluate TOE;(b) Tools/methods used to design TOE.In order to score a higher grade for their essay, students must follow specific pattern: the essay shouldcontain the main security argument, counterargument and defence of the main security argument.The scope of security problems for your essay is bounded by those occurring in authentication andaccess control systems. In the essay, a student is encouraged to develop an assurance argument thatcontributes to one of the following security requirements:– Human user identification and authentication;– Machine (e.g. IoT) identification and authentication;– Account management;– Authenticator management;– Strength of password-based authentication;– Strength of public key authentication;– Authorization enforcement;– Auditable events;– Non-repudiation.It is not required to develop a complete security assurance case for one of the listed requirements.For the essay, it is sufficient to evolve around argument(s) that can fit within potential assurance case.For instance, an argument that claims security/privacy of attribute-based authentication may fitwithin the assurance cases for ‘Human user identification and authentication’, ‘Machine (e.g. IoT)identification and authentication’, ‘Authorization enforcement’. However, it is the student’s task todemonstrate ‘how?’ security assurance argument fits there. The length of the essay should be 1500-2000 words (minimum 1500 words, single spaced, 12pt font, on the A4-sized paper).Marking Criteria for Assessment 1Criterion Rating scale Criterionscore1. Relation betweenthe problem andpresented securityargument.Excellent15 pointsSatisfactory9 pointsWeak6 pointsUnsatisfactory3 points/15Securityargument fitswithin the scopeof the problem,and this is wellarticulated.Securityargument fitswithin the scopeof the problem.Securityargumentpartially fitswithin the scopeof the problem.Securityargument is outof the scope ofthe problem.2. ArgumentComprehension(claims, strategies,assumptions, contextand evidence).Excellent15 pointsSatisfactory9 pointsWeak6 pointsUnsatisfactory3 points/15The body ofargument has allthe parts, andthey can becomprehended.The body ofargument hasessential parts,and they can becomprehended.The body ofargument hasessential parts,butcomprehensionis incomplete.Essential partsare missingfrom the bodyof argument.3. Argument wellformedness.Excellent10 pointsSatisfactory6 pointsWeak4 pointsUnsatisfactory2 points/10There are nostructural errors,and this is clearlydemonstrated.There are nostructural errors,but thedemonstration islacking.There are minorstructural errors.There aremajorstructuralerrors.4. ExpressiveSufficiency ofArgument.Excellent10 pointsSatisfactory6 pointsWeak4 pointsUnsatisfactory2 points/10Context is explicitand is sufficientfor logicalinference.Context ispartially explicitbut is sufficientfor logicalinference.Implicit contextcan beunderstood,which issufficient forlogical inference.Context cannot beunderstood,and this isinsufficient forlogicalinference.5. Argument Criticism(e.g. counterargument)Excellent15 pointsSatisfactory9 pointsWeak6 pointsUnsatisfactory3 points/15The criticism ispersuasive andeffectivelyundermines theoverallsufficiency ofargument.The criticism issomewhatpersuasive andmay underminethe overallsufficiency ofargument.Criticism isintroduced, butit is notpersuasive.Criticism ismissing. 6. Argument defence/15Defence evidenceis efficient,trustworthy, andits integrity isunquestionable.Defenceevidence issomewhatefficient andtrustworthy.Defenceevidence iseither notefficient or nottrustworthy.Defenceevidence ismissing.7. Correct use oflanguage and grammar(Syntax, Spelling,punctuation)/10Writing issmooth, skilful,and coherent.Punctuation andspelling areaccurate.Writing is clearand sentenceshave somevaried structure.Punctuation andspelling aregenerallyaccurate.Writing is clear,but sentencesmay lack variety.Severalerrors inpunctuation andspelling.Writing isconfusing andhard to follow.Many errors inpunctuationand spelling.8. Use of sources(relevance/reliability)Excellent10 pointsSatisfactory6 pointsWeak4 pointsUnsatisfactory2 pointsEvidence fromsources issmoothlyintegrated intoessay. All sourcesare citedaccurately andare highlyrelevant andreliable.Evidence fromsource(s)is integrated intothe text. Mostsources are citedaccurately andare generallyrelevant andreliable.Some sourcematerial is used.Several sourcesmay not be citedaccurately.Relevance andreliability maybe questionable.Few or nosourcematerial isused.Relevanceand/orreliability arestrongly inquestion./10 Excellent15 pointsSatisfactory9 pointsWeak6 pointsUnsatisfactory3 pointsExcellent10 pointsSatisfactory6 pointsWeak4 pointsUnsatisfactory2 points


Leave a Reply

Your email address will not be published.