Enterprise Cyber Security (M)
COMPSCI 5077
(Answer ALL 3 questions)
This examination paper is worth a total of 60 marks
Summer diet 1 Continued Overleaf/
1. Bartik and Spence have created a successful financial start-up in Lilliput, a country not
part of the European Union (EU) or the European Economic Area (EEA). The pair have
decided to create a branch of the financial start-up company in France, a country that is
part of the European Union (EU). The pair are encountering fierce competition, in both
France and Lilliput, from various similar financial start-up companies.
Bartik and Spence are keen to ensure they demonstrate a professional, high-quality
service that customers will recommend to friends and family. The pair want to use cloud
computing to ensure their company can scale, but have limited technical knowledge
and experience. Bartik also highlights that both governments have strict financial
regulations, that while loosening, are likely to change as the countries are in the process
of negotiating a wide-spread trade agreement.
a. The pair have decided to use cloud computing, but the pair are unsure of the
optimal cloud deployment model.
Critique FOUR different cloud deployment models in the given context. Argue
for the optimal solution in the given context.
(approximately 400 words)
[8]
b. Spence is concerned about the confidentiality of customer data, specifically
personal data leaking from use of cloud computing infrastructure or as the result
of a cyber-attack. Spence is also concerned that once data is compromised,
unauthorised individuals could infer insight from data, potentially giving an
advantage to competitors. Spence initially considered encryption to further
protect customer data, but felt it was not realistic or optimal. Bartik agrees, but
argues they must still ensure they can efficiently utilise customer data pertaining
to profiling repayment habits and transaction history for individual customers.
A customer record contains various items of information, such as annual salary
and gender, as well as sensitive information, including racial origin and
religious beliefs.
Argue for TWO obfuscation-based inference controls that would be optimal in
the given context.
(approximately 200 words)
[4]
c. Spence states that they could offer existing French customers better financial
products and interest rates, if the pair stored and processed all data at their
Lilliput branch. Spence argues all that would be required is to transfer and store
all existing customer data at the Lilliput branch. Bartik argues that since Lilliput
is not part of the European Union (EU), no such data transfer can occur. Spence
argues this is not a problem as the company’s customer data is transited all over
Summer diet 2 Continued Overleaf/
the world, effectively passing through various non-EU networks to their backup systems in various other EU countries.
Appraise different options for the restricted transfer of customer data in the
given context and argue whether the different positions adopted by Bartik and
Spence are accurate.
(approximately 400 words)
[8]
2. The Lena Corporation design various Image Processing Units (IPUs) for portable
devices, such as smartphones and tablets. The company remains competitive due to a
number of valuable trade secrets related to the design of its IPUs. However, many of
these trade secrets have now been leaked to the public in a suspected cyber-attack.
The management team are concerned that attackers have intruded into company
systems that were perceived as secure from such threats. The management team have
requested Simon, Stallman and Stroustrup to investigate and to determine the anatomy
of the suspected cyber-attack as well as suggest appropriate defences.
a. Simon, Stallman and Stroustrup have reviewed the log of security incidents, that
have been reported in the past 12 months within the company. The pair have
already determined several relevant incidents:
Two removable media drives (USB memory drives) with the label ‘HR
department’ written on them have been discovered in the toilets in separate
site offices. The USB memory drives contain various Microsoft Excel files.
36 suspicious emails have been reported within the organisation,
specifically in the administration office. Each email has been structured to
appear from the immediate superior to the recipient, such as their line
manager or team leader.
14 suspicious attachments, specifically Microsoft Excel files, that appear
relevant to the recipient’s role and benign, but contain a malicious payload.
An example would be a financial analyst receiving a spreadsheet labelled
‘Annual Budget’.
Remote administration tools have been located on various employee
systems, that were not present at the previous inspection.
Several employees report receiving suspicious friend requests and messages
on social networking services from profiles masquerading as colleagues.
The trio agree that the identified incidents alone are not sufficient to gain insight
into the anatomy of the cyber-attack. The trio propose using an approach to
better understand the cyber-attack, but cannot agree on an optimal approach.
Summer diet 3 Continued Overleaf/
Simon proposes using Attack Trees, Stallman suggests the Cyber Kill Chain
approach, while Stroustrup advocates for the STRIDE approach.
Appraise each of the proposed approaches from Simon, Stallman and Stroustrup
in the given context. Argue for the optimal approach and formulate the anatomy
of the cyber-attack in the given context.
(approximately 750 words)
[15]
b. The management team want to ensure that the company is not susceptible to
such a cyber-attack in the future.
Argue for THREE distinct defensive steps that could be taken to optimally
defend against the attack identified in (a) and at what stage they should be taken.
(approximately 450 words)
[9]
3. Perlman and Sammet is a British multinational retailer that specialises in clothing and
food products. The company has been established for 150 years with more than 950
stores operating 24 hours a day. In the 1970s, Perlman and Sammet made considerable
investment in a bespoke transaction system to manage customer transactions.
The company has 3 million visitors every 24 hours, 1 million of these visits conclude
with a transaction and each transaction typically generates £10 of profit. The ageing
transaction system has become the backbone of the company and is critical in the sale
of goods. Nevertheless, the management team have become concerned about the
dependency of the business on the transaction system.
a. The management team have determined they can withstand a loss of £5 million
profit from transactions, but major business units would be compromised after
losses reach £20 million profit from failure of the transaction system. The
management team believe the business would be irreparably damaged if the
company could not process transactions after 72 hours. The technical support
team state the transaction system could be restored within 36 hours from failure
and so the business will not become irreparably damaged.
Discuss RPO, RTO and MTPOD in the given context and argue whether the
statement from the technical support team is accurate.
(approximately 300 words)
[6]
Summer diet 4 /END
b. Perlman and Sammet currently rely on an ageing back-up tape-based system.
The management team are considering replacing the system with a modern diskbased approach as it may reduce the time taken to restore valuable systems.
The technical support team argue that while a modern disk-based approach
could replace the existing tape-based system, it would incur unforeseen costs.
The technical support team argue several systems that interact with the back-up
system would need to be replaced as a result and considerable staff training
would also be required to utilise the new back-up system. The technical support
team also argue little infrastructure investment is necessary as the current
infrastructure supports a periodic back-up every 72 hours, that covers 12 hours
of transactions.
Argue whether the position of the technical support team is accurate in the given
context.
(approximately 300 words)
[6]
c. The management team are keen to rapidly expand use of the transaction system,
specifically to consumers as to increase the number of profitable transactions.
The system support team are concerned though that the ageing transaction
system may not be able to cope with the additional demand and that in widening
access to customers previously unknown security vulnerabilities may arise. The
management team state they will provide resources and need to expand the
system within a relatively short timeframe. The system support team argue that
many aspects of the ageing systems, such as source code, cannot be updated as
they lack software engineers with sufficient knowledge of the systems. The
system support team also state that no alternative system is available, if the
current ageing system was to collapse.
Appraise FOUR approaches to evolve legacy systems and argue for the optimal
approach in the given context.
(approximately 200 words)
[4]
