The learning objectives of this assessment task are to: • Explain the basic approach to computer security including access control, and verifying the identity of an individual. • Describe the steps necessary to minimize the cyber-attack on a system. • Explain how social engineering is used as a means to gain access to computers and networks and how an organisation should deal with it. • Identify and describe various types of cryptography. • Determine and apply the appropriate use of tools to facilitate network security. 1 | Page Task A. Basic Approach to Computer Security [Marks: 16] The following table provides examples of scenarios where a certain security principle has been violated. Name the security principle in the right column and provide a reason why it has been violated. Security Principle Scenario Name of Security Principle The office secretary got a virus that was able to reconfigure her computer because she always logged in with an administrator account. It was discovered that the project leader purchased equipment that was overpriced and was also getting money on the side from the vendor. The kiosk in the lobby was used to go to go to web sites other than the company directory and map. John is fired, but his employer soon discovers he was the only one who knew how to configure the firewalls. The network was easily taken down by the attackers once they got past the company's only real defence, which was a firewall. Vulnerability in the Cisco routers was published on the Internet. The company only used Cisco routers. Hackers discover a "hidden" web site featuring the company directory with confidential information on it. Hackers attempting to break into a computer acting as a mail server were unsuccessful. They discovered that the same server also had a web server service on it and were able to break into the server that way. [Marking scheme: 1 mark for each correct name of Violated