1. (22 points)
a. (5 points) Describe what a social engineering attack is.
Answer:
b. (12 points) Provide 3 examples of social engineering attacks and describe how they could be used to undermine the security of your IT infrastructure.
Answer:
c. (5 points) How can social engineering attacks be defended against?
Answer
2. (28 points) Requirements question
a. (5 points) Describe what a functional requirement is; provide details.
Answer
b. (5 points) Describe what an assurance requirement is; provide details.
Answer
c. (18 points) Provide an example of each by writing an actual functional requirement and the corresponding assurance requirement using some aspect of a system for your example. For example, you could write a requirement based on user interface behavior, file access, audit logging or various other areas of functionality. It does not have to be long but it needs to demonstrate your understanding of these concepts.
Answer:
2. (50 points) Assume you have a computing environment consisting of a mix of machines running the following Windows platforms; 7 and 10. There are also machines running Linux and Apple iOS. Your environment runs a mix of email and various office applications (e.g. word processing, spreadsheet, slide presentation, database). There is regular use of internet sites both for business and some personal use. There are also laptops, mobile phones and tablets that connect wirelessly to your network.
The environment is spread across a wide geographic area. While it might be tempting to have a solution that uses one type of system, such as Windows 10 this is not a possibility given the problem statement. The heterogeneity of the platforms in the environment is typical of the complexity faced by many organizations today. The environment is as defined and you must deal with the stated variation and complexity.
What do you consider to be the major risks to your environment and why? Describe the risks and vulnerabilities involved in the above stated environment. There are many risks to consider. You must provide a minimum of 10 risks with explanations. Your explanations must provide some detail.