Assignment 1 ISCG8047 Cybersecurity and Cloud Computing Semester 1, 2016 Department of Computing Analysis of Cybersecurity Capabilities Individual Assignment Due Date: Saturday 9 April 2016 Percentage Mark (Total 30%):  Report 30% Word length for body of report: 3000 (excludes any appendices or references) Aim: Apply analytical framework to cybersecurity capabilities, in order to bridge the gap between available technologies and desirable security properties. In doing so, understand and grasp the concepts and terminologies in this field, and gain experience in exploiting existing knowledge bases toward specific control objectives. Instructions: 1. Understand technical characteristics. Pick two open-source tools for security assessment and control from different categories, e.g.: a. Network Intrusion Detection System (Snort, Bro, etc.) b. Host Intrusion Detection System (OSSEC, etc.) c. Web Application Firewall (mod_security, etc.) d. Honeypot (Kippo, etc.) e. Security Information and Event Management (Cyberoam iView, etc.) f. Network Vulnerability Scanner (nessus, etc.) and understand their technical characteristics – i.e., what is the input and output, how they interact with, analyze, or aggregate input, and how they interact with operators. Use publicly available resources to help your understanding, e.g., manuals, white papers, slides, source code, and configuration examples. Install and use these tools in your environment if possible. Confine the use of vulnerability scanner or other potentially offensive software within your own environment, e.g., by using virtual machines or physical separation. During any experiment, follow the ethical guideline and acceptable use policy of Unitec. 2. Analyze cybersecurity capabilities. Based on the understanding of technical characteristics, discuss and analyze where they are effective (vulnerabilities, threats, risks), their limits, and identify residual risks (Note that we will introduce these concepts and terminologies in the class). You may combine or contrast the two tools that you have chosen, in order to develop unique views. In order to elaborate the discussion and analysis, use existing threat models (e.g., STRIDE) and existing risk management standard (ISO/IEC 27001). You may also use CVE, CWE and CAPEC to derive examples in your discussion. In your analysis, identify requirements to people (administrators, operators) and process (e.g., reporting duties, periodicity) in order to develop cybersecurity capabilities at organization level. 3. Report Writing. Prepare a comprehensive report which incorporates results of investigation, discussion and analysis from previous steps. Your ability to correctly use terminologies, existing models, knowledge base standards and risk management standards will be evaluated during our review. Organize your report for readability and integrity, and create Appendices wherever appropriate. Grading: 1. Criteria on Report (30%) Your report will deserve an A grade when above requirements are met in full. Your reports will be marked on content, report style, and appropriate and correct English. While I will be concentrating on the quality and comprehensiveness of your report, weakness in one area will result in a B grade. Poor critiquing will receive a score no more than C grade. Marks may be deducted for failure to follow the Department of Computing referencing and plagiarism guidelines. Plagiarism will be reported to the Programme Leader who may award zero marks or refer the matter to the Faculty Discipline Committee, which has powers of suspension/exclusion. Delivery: A “soft” copy of the report must be submitted via the turnitin.com by midnight 09/04/2016 (Saturday). A “hard” copy of the report must be submitted to the Lecture by 5pm on 09/04/2016 (Saturday)