Computer Security.

Midterm.

PART A: Bank Security

This part is worth 60% of the mark for the mid-term.

You are chief security manager for one of the biggest private banks in your city. Many customers including people and companies have accounts there and rely to these accounts financially. Computer security for banks is very important because banks are frequently targeted by hackers and adversaries. If hackers can hack the bank's network and find the private information of customers or if they can prevent customers from accessing their accounts, they will lose their trust in the bank and will close their accounts and withdraw their monies.

Computer security for banks is also complex because a lot of different types of people and organizations use their network and services:

Customers use different apps and online banking websites to access their accounts. Additionally, they may need onsite services.

Bankers and bank staffs that have directly access to the core banking systems

Companies that need the services provided by the bank (such as online payment services)

Other banks and branches, the bank should be able to work with other banks and branches to send or receive data about its customers

ATMs are also a part of the system

Many of the systems used by these different stakeholders will be different from each other (e.g. a mobile app for managing accounts by customers or a SWIFT service which is used for the execution of financial transactions and payments between banks worldwide), but there are services, such as the online banking services, though in different forms and with different levels of access. As a security manager you need to keep up to date on possible threats to the bank. For this coursework, you should research 3 specific threats that could affect a bank (e.g. a specific piece of malware or a specific type of DDoS attack), describe that threat and suggest a security mechanism to protect against it, and explain how it will defend against the attack.

Marking criteria for Part A:

Has the student explained the attack and how it would affect the bank?

0: No, or the explanation is incorrect

4: Yes, but the explanation is missing elements, or has minor errors or the attack is not relevant to the situation

5: Yes, but the explanation shows little evidence of independent research

7: Yes, the explanation is clear and correct as far as I can tell, and include good evidence of independent research

8: Yes, the explanation is clear and correct as far as I can tell, and include evidence of deep independent research and important insights

10: Wow, this is a professional level analysis of a security threat citing many sources and adding new insights to the research

Has the student suggested realistic defenses, and explain how they protect against the attack?

0: No, or the explanation is incorrect

4: Yes, but the explanation is missing elements, or has minor errors, or is not fully appropriate to the attack

5: Yes, but the explanation shows little evidence of independent research

7: Yes, the explanation is clear and correct as far as I can tell, and include good evidence of independent research

8: Yes, the explanation is clear and correct as far as I can tell, and include evidence of deep independent research and important insights

10: Wow, this is a professional level analysis of the application of a defensive technique citing many sources and adding new insights to the research