NMIMS Global Access
School for Continuing Education (NGA-SCE)
Course: IT Security and Risk Management
Internal Assignment Applicable for June 2023 Examination
Assignment Marks: 30
Instructions:
- All Questions carry equal marks.
- All Questions are compulsory
- All answers to be explained in not more than 1000 words for question 1 and 2 and for question 3 in not more than 500 words for each subsection. Use relevant examples, illustrations as far as possible.
- All answers to be written individually. Discussion and group work is not advisable.
- Students are free to refer to any books/reference material/website/internet for attempting their assignments, but are not allowed to copy the matter as it is from the source of reference.
- Students should write the assignment in their own words. Copying of assignments from other students is not allowed
- Students should follow the following parameter for answering the assignment questions
For Theoretical Answer
Assessment Parameter | Weightage |
Introduction | 20% |
Concepts and Application | 60% |
related to the question | |
Conclusion | 20% |
For Numerical Answer
Assessment Parameter | Weightage |
Understanding and usage | 20% |
of the formula | |
Procedure / Steps | 60% |
Correct Answer & | 20% |
Interpretation |
- Even in this age of Google Pay, Apple Pay and Samsung Pay, where you can use virtual payments to purchase items in real stores and restaurants with your smartphone, the
“old fashioned” credit card and debit card isn’t going away anytime soon. With that said, many people who use them are afraid that the payment information that’s on those cards could be lifted by hackers, even if they remain inside a wallet. That fear includes
NMIMS Global Access
School for Continuing Education (NGA-SCE)
Course: IT Security and Risk Management
Internal Assignment Applicable for June 2023 Examination
the newer credit and debit cards that have RFID chips inside. That’s why some folks who use those kinds of cards are buying RFID blocking wallets, which are supposed to keep hackers from taking your payment information. Explain RFID Hacking and ways
to avoid it. (10 Marks)
- Access control is a method of guaranteeing that users are who they say they are and that they have the appropriate access to company data. Most security professionals
understand how critical access control is to their organization, which access control techniques would you want or expect your bank to employ to keep your bank account
safe? Give detailed justifications for your recommendations. (10 Marks)
3. CovidLock is a new Android ransomware that conducts a lock-screen attack against its victims. A security research Team, in the course of monitoring newly registered Coronavirus and COVID labeled domain names, discovered a website luring users into downloading an Android application under the guise of a COVID-19 heat map. The coronavirusapp.site domain initially contained an iframe sourcing directly from infection2020.com (a website from an independent developer for tracking US-based COVID-19 news) and a small banner above that encouraged the installation of the malicious application for real time updates.
The app portrays itself as a Coronavirus Tracker. As soon as it starts running, it asks the user to allow it to conduct battery optimization. The ransomware does this to keep itself running in the background and to make sure that Android does not close the app to optimize battery performance. Once the initial phase is over, the app requests access to Android’s Accessibility feature. By integrating accessibility features and services, Android developers can improve the app’s usability, particularly for users with disabilities. But it is common for attackers to use this functionality to keep the malware persistent.
NMIMS Global Access
School for Continuing Education (NGA-SCE)
Course: IT Security and Risk Management
Internal Assignment Applicable for June 2023 Examination
Once admin rights are achieved by the app, the attack is launched. As soon as the victim clicks on “Scan Area For Coronavirus,” the phone locks itself with a message on the locked screen. It asks for $250 as ransom in the form of bitcoins. Failure to do so, according to the attacker, can lead to the leaking of the victim’s private data, including photos, videos, and more.
- Explain the various types of malware and how is ransomware different from a
virus/worm? (5 Marks)
- What precautions should an employer of an SME take to prevent ransomware attacks
on a company resources? (5 Marks)
**********
Reviews
There are no reviews yet.