a) Defenses against security attacks should be based on five fundamental security principles: layering, limiting, diversity, obscurity, and simplicity. Select one of the recent attacks as discussed in the lecture or search on the Internet and provide answers for the following questions related to that.
i. Explain the security attack briefly (please provide reference for the source of the information).
ii. How could the attack be prevented if the five fundamental security principles had been applied? Explain how each of the them could have been used to mitigate the attack.
b) Insider attacks caused by employees, contractors and other trusted parties are more difficult to defend than external attacks in an organisation. Explain and justify this statement with an example.
Answer the following questions regarding different types of security attacks.
a) Malicious software, or malware, is a software that enters a computer system without the owner’s knowledge or consent and could damage a system. Viruses and worms are two types of malware that could attack a system.
i. Explain the differences between viruses and worms in terms of the actions they perform and how they spread into the system.
ii. What is your recommended defense mechanism against virus and worms for any organisation?
b) Detecting phishing emails can often be difficult. Do some research on ways to detect phishing emails and write a summary on what you have learned about the ways of detection of phishing emails.