2023 Take Home Portion Directions Problems 150pts This part i e the Problems section is | Assignment Collections
Computer Science 2023 My Deadline (20 Hours) Help In Cyber Security Assignment.
2023 Take Home Portion Directions Problems 150pts This part i e the Problems section is | Assignment Collections
Take Home Portion
Directions: Problems (150pts). This part, i.e. the Problems section is ‘open internet’ meaning that you can use any online source, physical book, slides from class, or personal notes on the take home portion. Doing so will result in a significant grade penalty (an F for the course). I will be employing a number of cheat detection mechanisms to ensure compliance.
You must submit all of your answers as typed text in-line in this test document. Graphs may be hand-drawn and scanned in or created digitally.
Problems [___/150]
- (90pts) you are a security analyst that is consulting with an industrial factory called Fictional Terrible Company (FTC) that makes a special type of chemical called “Destructoviralbacteriumuraniumpostapocalypseicus” (DVBUP for short). FTC is regulated by the Environmental Protection Agency (EPA) and has to pay for each violation they have:
- (60pts) You are given the following policy from the NIST SP 800-53.
The EPA provides the following information about penalties:
Laws and regulations
Fine for each violation (per day per incident)
Hazardous Waste Disposal
$71,264
Clean Air Act
$95,284
Clean Water Act
$52,414
Safe Drinking Water Act
$54,789
FTC provides the following information about their industrial plant
Below is the table of the past problems we have had.
Problem
Incidents
Avg. Number of Days to mitigate
Sabotage Pipe breakages that have led to DVBUP release
16 times in the past 8 years
2
Insecure SCADA system that has led to DVBUP release
2 times in the past 8 years
15
FTC also states the following:
- 8 of the pipe breakages caused a Clean Air Act violation, 4 caused a Clean Water Act violation, and 4 lead to violations of both the Clean Air and Clean Water acts
- 1 of the times, when hackers breached our SCADA systems, they released materials into the air, the other led to a release that went into the water, but also got into the drinking water table causing us to pay penalties for the both the clean water act and the safe drinking water act
- We’ve not had any Hazardous Waste Disposal issues
- (35pts) State the two security problems as threats quantitatively using Expected Threat Impact (ETI) and Annual Threat Loss Expectancy (ATLE). Show all of the work.
- (35pts) Given your calculations in a) you confer with Bill Mahoney of the UNO Cybersecurity department to come up with a secure SCADA architecture. Bill says that, for $600,000 he can assemble a team of students at UNO that can mitigate the problem. Based on a look at the national numbers, you figure the solution will reduce the number of exploitations to once in 10 years – but wont change how long it takes to mitigate. You also confer with a physical security company to look into new fencing that will reduce the sabotage incident frequency by 90% (i.e. to once every 5 years). The fencing will cost $500,000. Draw a single decision tree that shows ALL of the different options available. Use the information above to estimate the probabilities and costs at each step.
- (20pts) Assuming a risk neutral approach, is it cheaper to mitigate one SCADA, sabotage, both problems, or to do nothing in a 1 year time interval? What about a 5 year time interval? Use the decision tree to justify your answer
IA-3: DEVICE IDENTIFICATION AND AUTHENTICATION
The information system uniquely identifies and authenticates [Assignment: organization-defined specific and/or types of devices] before establishing a [Selection (one or more): local; remote; network] connection.
Assume the organization in question – FTC from question 1, has instantiated the policy using the following selections as follows.
The information system uniquely identifies and authenticates mobile phones and IoT devices before establishing a network connection.
- (35pts) Write a first order logic statement that represents the control for FTC.
- (15pts) Identify a non-compliant state (i.e. scenario that is not acceptable by the policy) using first order logic.
- (10pts) Given your answers, draw a Venn diagram that visibly shows the “secure states” and “insecure states” for the information system. Assume a closed-world assumption is in place (i.e. only your logic statement defines what is secure and insecure.
We give our students 100% satisfaction with their assignments, which is one of the most important reasons students prefer us to other helpers. Our professional group and planners have more than ten years of rich experience. The only reason is that we have successfully helped more than 100000 students with their assignments on our inception days. Our expert group has more than 2200 professionals in different topics, and that is not all; we get more than 300 jobs every day more than 90% of the assignment get the conversion for payment.