Security Week 8

2022 Exam Question

Suppose X is an agent of a foreign power interested in accessing some of the research and correspondence of our guest speaker on Bioterror Dr Merlin Crossley. ย X has been tasked with finding his staff ID and his MyUNSW password.

You'll be assessed on how realistic, specific, simple, effective, non-risky, time consuming (sooner is better than later!) X's strategy is, and how likely X is to be able to learn the required information.

  1. Identify some significant (but not personal or intrusive) things about him which will help X carry out their social engineering attack
  2. Clearly explain a practical and safe social engineering strategy X could follow to learn his staff ID and his MyUNSW password.
  3. What cognitive vulnerability is X mainly targeting?
  4. Evaluate with reasons how likely it is that X's social engineering strategy will work.

CASE STUDY

ย ๐Ÿš•Jonny Cabย ๐Ÿš•

  1. Split up into groups
  2. Do the question for 20 mins SOLO
  3. Mark each others response and discuss inside your small group
  4. Create a summary for you group to discuss with the class

ย 

  1. Identify your assets (2 marks)
  2. List risks you are concerned about ( 4 marks)
  3. What you should do to address each risk and who should do it (6 marks)
  4. Conclusion (3 marks)

Admin

SAP

  • SA Submit
  • 2 page summary as a guide for the marker;
    • First page being what they did
    • Second page addressing the rest of the criteria (eg. reflection)
  • An appendix can be included - Appendix not included in the 2 page limit. Can submit an arbitrary number of files - prefer a consolidated one rather than many sparse.

  • Video is max 60 seconds long and is a demo of their work
    In short; itโ€™s a summary, and what you are most proud of

  • Code must be submitted in VCS; GitHub
    • No screenshots
    • Analysis must be submitted for code (what does this mean)
    • Ie. explain how the code works, and also what they learnt

SAP

  • Law students have 2 portals they can submit marking for - ie. the student can decide whether they want their project to be a law, or a technical project
    • They can either get marked by Lyria, or the original marker
  • Extension? ๐Ÿ‘€

Exam

  • Exam movie: Dr. Strangelove
  • Exam is online
  • 2022 Exam was released as an activity in Module 7
  • Everything is accessible - for 6841 this includes war games
    • Except for weekly movies
  • Checkout the Hall of Fame
    • Michelle
  • In next week's tutorial, we will you will be presenting your SA to the class. This involves showcasing your work in 1-3 mins. No marks associated
Made with Slides.com