BISM7213 �C Securing Business Information �C 2022
Assignment 2 �C Six questions covering seminars 6 to 12
(inclusive) (30% of overall course marks)
This assignment must be completed individually by each student. The submission deadline is 2pm,
Monday 13th June 2022. This assignment requires a student to answer six questions (each with
sub-parts) that relate to the course content of the remaining seminars. Assignment 2 is worth 30%
of the overall course marks. A student��s answer to each of the questions (that is, each question
and all its sub-parts) cannot exceed 300 words. This word limit per question requires a student to
soundly analyse/research each question and then structure a response in a concise business-
informative fashion. There is no need to reference an answer unless referencing is specifically
requested in the question. A student must construct each answer in her/his own words �C and in
��plain English�� business language (not technical language that would be more suited to computing
? One PDF submission via the Blackboard BISM7213 site (full details closer to submission
? Please ensure your student details (name, number, email address) are contained on each
page of the report of the report in a suitably designed footer
Assignment Marking Guide
Each submission will be marked according to the following criteria:
? The completeness of the answer �C does the answer show that the student has grasped the
full meaning of the question and that the student has included all relevant points in the
? Does the answer identify and accurately analyse the interdependencies of the relevant
points that are relevant?
? Is the answer presented in ��plain English�� business language? The student must present
answers (often discussing technical issues) in terminology/language that is clearly and easily
understood by a business analyst/business manager
Please answer the following questions in relation to our topic ��symmetric key cryptography��.
a) You are consulting to a major Australian real estate firm. The firm wants to communicate
confidentially with its 2500 individual clients. A partner within the firm has suggested that
symmetric key cryptography system would be the ideal solution to provide this
confidentiality. What is your advice?
b) You are planning to explain to your work colleagues as to how ��human�� friendly data is
encrypted via (1) ASCII conversion and (2) the Exclusive OR (XOR) function. In your
explanation, you need to concisely describe:
I. The ASCII conversion approach, its major limitation, and how this limitation has since
II. The XOR function �C what it does and why it is popular in implementing ciphers on
digital computing platforms?
2 BISM7213 assignment 2 �C Semester 1, 2022
III. Demonstrate (I.) and (II.) above by encrypting the ��plain text message�� Owl with the
cipher key XyZ (as shown in the relevant slide 18 of week 6 seminar).
Please answer the following questions in relation to our topics of hybrid security protocols (TLS) and
You are a business analyst working for an online retailing business ��Travel Shoppers��. Travel
Shoppers works within a global PKI and the digital certificate supporting its web sales process is a
central asset. Your manager needs you to explain to him how this digital certificate is secured so that
it can distribute the Travel Shoppers public key with trust. He needs to know how all Travel Shoppers
clients can fully trust that fraudulent copies of the Travel Shoppers digital certificate will be quickly
and effectively detected. His central need is to be assured that all Travel Shoppers clients can totally
trust that �C when securely making a transaction-based secure connection with Travel Shoppers, the
clients are indeed dealing with the legitimate Travel Shoppers web server. Finally, he wants to know
what is the central strategy that Travel Shoppers needs to focus upon to support TLS in this specific
Please answer the following questions in relation to our topic of Firewalls and the DMZ. The network
diagram that relates to this question is at the end of this assignment with the heading ��Network
Diagram �C Travel Shoppers��.
a) Your manager is very interested in the firewall design for ��Travel Shoppers��. He asks for an
explanation of the two major types of firewalls that have been used in the Travel Shoppers
network design and the advantages of these firewall types. He asks if �C and how �C the chosen
firewall design would effectively deal with ��spoofing�� attacks and ��malicious�� code attacks.
b) Your manager has heard of the DMZ concept, however he wants to know why it is needed,
how it works and how ��breaking the connection�� delivers better security to Travel Shoppers.
Please answer the following question in relation to our coverage of IDS.
The concept of an IDS is not familiar to your manager at ��Travel Shoppers��. He wants to know how
an IDS differs to a firewall, does an IDS explicitly cooperate with a firewall, and if not, what is the
point of having both concepts (i.e., IDS and firewalls). Your manager asks why the IDS for Travel
Shoppers has been deployed on the network as shown in the attached network diagram (contained
at the end of this assignment). He asks if there is a general rule that the business should follow for
3 BISM7213 assignment 2 �C Semester 1, 2022
Your manager at ��Travel Shoppers�� wants to know more about the PCI DSS. Specifically, he asks what
the CDE is and why it is so significant to the PCI DSS? In addition, he wants you to list the system
components of Travel Shopper��s CDE (Network Diagram contained at the end of this assignment).
Your manager is also considering using the ISO27001/27002 as a fundamental reference for the
security architecture of the company. He asks you how the ISO27001/27002 would work with PCI-
DSS? Specifically, you must address in your answer the area of the business targeted by each
standard, the level of compliance required by each standard, and the penalties (if applicable) for non-
compliance levied by each.
Please answer the following questions in relation to our coverage of the Bitcoin blockchain.
The concept of the ��blockchain�� very much interests your manager at Travel Shoppers. He has been
advised that the blockchain ��employs cryptographic and algorithmic methods to record and
synchronise data across a network in an immutable manner�� �C he wants to know what this means
and, concisely, how it is achieved.
Your manager also wants to know what the bitcoin blockchain ��proof of work�� concept is all about �C
how it works and what it is designed to achieve.
Finally, your manager wants to know why/why not a bitcoin blockchain could replace the current
database used by the business to support its web sales process (as shown in the network diagram at
the end of this assignment).
Semester 1, 2022
Network Diagram follows on next page