COURSEWORK ASSIGNMENT

Module Title: Computer Systems Security

Module Code: 6COM1033-0901

Assignment Title: Assignment 2 – Scoping and Planning A System Security Test

Individual Assignment - Yes

ASSIGNMENT BRIEF

Students, you should delete this section before submitting your work.

This Assignment assesses the following module Learning Outcomes (Take these from the module DMD):

Knowledge and understanding of:

3. computer systems risks, vulnerabilities, threats analysis, and software security,

Skills and Attributes:

Students will develop the ability to:

1. apply particular computer security techniques to analysis and testing

2. analyse and solve problems in secure systems design and implementation

3. achieve familiarity with methods of secure systems development and to exercise critical evaluation of information accessed from a wide variety of sources

Assignment Brief:

This is an individual assessment, which carries 30% of the overall module mark. The task will assess your understanding of the process of penetration testing as a method of systems security evaluation, and in particular you will focus on the preparation phase, where the pen testing scope is discussed and evaluated, a standard operating procedure (SOP) is devised and agreed with the client, and an Attack Tree is prepared and shared with the pen testing team, in order for them to follow it, when decisions need to be made during the test.

All academic reports that you write as part of your coursework assessments are in fact technical reports, and as such the following report structure is expected:

1. A professional title page

2. A Contents page with page numbers, and also numbers for each section or subsection

3. A professional layout of the whole report, with numbered sections and subsections headings, and indentation for subsections as well

4. An Introduction (which obviously will be numbered as 1.0), where you will introduce the topics of penetration testing types, methodologies involved, and then you introduce the report itself

5. Main Body, where you will develop your arguments, by critically discussing and analysing the topics you introduced in the introduction. You will draw conclusions as you analyse.

5.1 Pen Testing Methodologies

5.2 Standard Operating Procedure

5.3 Decision Making Tree (or Attack Tree)

6. Conclusions section, where you sum arise the conclusions previously drawn, evaluate those conclusions, and make recommendations, or draw lessons for the future

7. References, aim for an average of 12-15 references for the report

8. Appendixes

You are expected to demonstrate an insight into the implications of the problem introduced in the task by using clear and concise arguments. The reports should be well written (and word-processed), showing good skills in creativity and design. Sentences should be of an appropriate length and the writing style. should be academic and informative.

During the teaching weeks you will have the opportunity to ask specific questions about the assignment in class – in person during the practical session, or online during the tutorial session. The module team will provide general (not individualised) feedback based on your questions, and will advise regarding your progress (if it is deemed necessary). The deadline for Assignment 2 is 25.11.2024.

The Assignment Task – Develop a Standard Operating Procedure and a Decision Tree for a System Security Test (Penetration Testing)

It is expected that the report for this task will be in the region of 1250 -1300 words as a minimum. Although the tasks for this assignment will require you to undertake research and reading, this is a very practical assignment, involving the development of an SOP and an attack tree. Therefore, you will report on the work that you have done. You are not expected to write an essay. You will need to first establish what test type you conduct, in order to be able to select a suitable pen testing methodology, with reasons, for your test type. Based on that decision, you will need to design and develop your Standard Operating Procedure (SOP), including an attack tree (please put these in an appendix). An SOP is defined as a set of agreed procedures compiled by an organisation to help workers carry out routine operations. For penetration testing, the SOP forms the agreement (a legal document) between the testers and the clients The SOP and attack tree should be appropriate for Assignment 3, which is the penetration test of a single Linux target, offering several network services.

As stated, the deadline for Assignment 2 is on the 25.11.2024 by electronic submission via Canvas. If you fail to do so, you either can submit until one week after the deadline with a reduced mark, being capped to a maximum of 40%, or you complete an EC (Exceptional Circumstances) form. to require a deferral to the May/June period, or a deferral in the next run of the module (this is for all assignments and it can be done even at the end of the module period). You can also apply for a maximum of seven days extension, by completing a form, and supplying evidence to SASH for the extension request. Please remember that failing one assignment does not necessarily mean failing the module. The overall mark for the module will be calculated from all three assessments.

Submission Requirements:

You are required to take and submit the coursework via StudyNet before the deadline.

You will submit a report of your practical work that you have done to prepare for your test, including the specific Standard Operating Procedure (SOP) and the Attack Tree that you have developed as part of this preparation.

This assignment is NOT an essay on pen testing methodologies, SOPs, and Decision Trees. It is a report on your practical work to scope and plan a system security test (penetration test) – select a suitable methodology, develop an SOP, and develop an Attack Tree.

This assignment is worth   30% of the overall assessment for this module.

Marks awarded for:

A note to the students:

1. For undergraduate modules, a score above 40% represent a pass performance at honours level.

2. For postgraduate modules, a score of 50% or above represents a pass mark.

3. Modules may have several components of assessment and may require a pass in all elements. For further details, please consult the relevant Module Guide or ask the Module Leader.

Typical (hours) required by the student(s) to complete the assignment: 20 hours

Date Work handed out:

w/c 28/10/2024

Date Work to be handed in:

25/11/2024

Target Date for the return of the marked assignment:

22/12/2024

Type of Feedback to be given for this assignment:

Summative feedback will be given for the assignment on StudyNet, on the submission area within four weeks after you have completed the assignment and have submitted the evidence of assignment completion on StudyNet.