Scribd
Upload
7 views3 pages

Solved_Assignment_Information_Security

The document discusses key concepts in information security, including the CIA Triad (Confidentiality, Integrity, Availability) with real-life examples for each component. It outlines common cyberattacks such as phishing and malware, and differentiates between symmetric and asymmetric encryption, providing use-cases for both. Additionally, it emphasizes the importance of security policies in organizations and lists tools like firewalls and multi-factor authentication that help mitigate cyber threats.

Uploaded by

fatimaaftabfsd
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
7 views3 pages

Solved_Assignment_Information_Security

The document discusses key concepts in information security, including the CIA Triad (Confidentiality, Integrity, Availability) with real-life examples for each component. It outlines common cyberattacks such as phishing and malware, and differentiates between symmetric and asymmetric encryption, providing use-cases for both. Additionally, it emphasizes the importance of security policies in organizations and lists tools like firewalls and multi-factor authentication that help mitigate cyber threats.

Uploaded by

fatimaaftabfsd
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Fundamentals of Information Security –

Assignment #2
Q1. Define the CIA Triad in information security. Explain each component
with one real-life example. (3 Marks)
The CIA Triad is a fundamental model in information security that stands for
Confidentiality, Integrity, and Availability.

1. Confidentiality: Ensures that data is only accessible to authorized individuals.


Example: Using a password to access your online banking account ensures only you can
view your financial information.

2. Integrity: Ensures data is accurate and unaltered during storage or transmission.


Example: A digital signature on a document ensures it hasn’t been modified by
unauthorized parties.

3. Availability: Ensures data and systems are accessible when needed.


Example: Backup generators for data centers help ensure systems stay online during a
power outage.

Q2. What are the common types of cyberattacks (at least five)? Explain
each with a brief example or case. (4 Marks)
1. Phishing: Tricking users into providing sensitive information via fake emails.
Example: An employee receives an email appearing to be from the CEO requesting login
details.

2. Malware: Malicious software like viruses or ransomware.


Example: WannaCry ransomware infected computers globally, encrypting files until a
ransom was paid.

3. Denial of Service (DoS) Attack: Overwhelming a system with traffic to make it unavailable.
Example: A website becomes inaccessible due to a flood of fake traffic.

4. Man-in-the-Middle Attack (MitM): Intercepting communication between two parties.


Example: A hacker intercepts data between a user and a public Wi-Fi router to steal login
credentials.

5. SQL Injection: Inserting malicious SQL code into a query to access the database.
Example: An attacker enters SQL code into a login form to retrieve data from the backend
database.

Q3. Differentiate between symmetric and asymmetric encryption. Give


one use-case where each is preferable. (3 Marks)
Feature | Symmetric Encryption | Asymmetric Encryption
----------------------|-------------------------------------|------------------------------
Keys Used | Same key for encryption & decryption | Public key for encryption, private
key for decryption
Speed | Faster | Slower
Security | Less secure if key is shared poorly | More secure due to two key system

Use-case (Symmetric): Encrypting files on a local hard drive for quick access (e.g.,
BitLocker).
Use-case (Asymmetric): Secure email communication or online transactions (e.g., SSL
certificates).

Q4. Case Study – Phishing Attack (5 Marks)


a) How the attack could have been prevented:
- Regular employee training on recognizing phishing attempts.
- Using email filtering systems to block suspicious messages.
- Implementing multi-factor authentication (MFA).

b) Technical and non-technical countermeasures:


Technical:
- Deploy spam filters and anti-phishing tools.
- Use MFA to prevent account access even if credentials are stolen.
Non-Technical:
- Conduct regular awareness sessions.
- Display posters or reminders on secure email practices.

c) Awareness Message for Employees:

Subject: Stay Alert – Protect Yourself from Phishing Emails


Dear Team,
Please be cautious of suspicious emails asking for personal or login information. Do not
click unknown links or download unexpected attachments. Always verify the sender’s email
address. If in doubt, report the email to IT support.
Your alertness helps keep our organization safe!
– IT Security Team
Q5. List and explain any three tools or technologies used in modern
cybersecurity. Mention how they help mitigate specific types of threats.
(3 Marks)
1. Firewall: Controls incoming and outgoing network traffic based on security rules.
Mitigates: Unauthorized access to the network.

2. Intrusion Detection System (IDS): Monitors network traffic for suspicious activity.
Mitigates: Early detection of attacks like DoS or malware.

3. Multi-Factor Authentication (MFA): Requires users to verify their identity using two or
more methods.
Mitigates: Unauthorized access even if passwords are compromised.

Q6. Explain the importance of security policies in organizations. Provide


two examples of policies commonly implemented. (2 Marks)
Importance:
Security policies provide guidelines and rules that help protect an organization’s
information systems. They ensure all employees follow best practices to reduce risk and
maintain compliance with laws.

Examples:
1. Acceptable Use Policy: Defines how employees may use company systems and data
responsibly.
2. Password Policy: Requires strong, regularly changed passwords to enhance system
security.

You might also like