NMIMS Global Access
School for Continuing Education (NGA-SCE)
Course: IT Security and Risk Management
Internal Assignment Applicable for June 2022 Examination
Assignment Marks: 30
Instructions:
All Questions carry equal marks.
All Questions are compulsory
All answers to be explained in not more than 1000 words for question 1 and 2 and for
question 3 in not more than 500 words for each subsection. Use relevant examples,
illustrations as far as possible.
All answers to be written individually. Discussion and group work is not advisable.
Students are free to refer to any books/reference material/website/internet for attempting
their assignments, but are not allowed to copy the matter as it is from the source of
reference.
Students should write the assignment in their own words. Copying of assignments from
other students is not allowed.
Students should follow the following parameter for answering the assignment questions.
1. Malware is intrusive software that is designed to damage and destroy computers and
computer systems. Malware is a contraction for “malicious software.” Explain the various
types of malware and how is ransomware different from a virus/worm? (10 Marks)
| For Theoretical Answer | |
| Assessment Parameter | Weightage |
| Introduction | 20% |
| Concepts and Application related to the question | 60% |
| Conclusion | 20% |
| For Numerical Answer | |
| Assessment Parameter | Weightage |
| Understanding and usage of the formula | 20% |
| Procedure / Steps | 60% |
| Correct Answer & Interpretation | 20% |
NMIMS Global Access
School for Continuing Education (NGA-SCE)
Course: IT Security and Risk Management
Internal Assignment Applicable for June 2022 Examination
2. The estimated losses due to elder financial abuse range widely. The FBI’s Internet Crime
Complaint Center (IC3) 2018 Internet Crime Report shows that people 60 and older
submitted more than 62,000 fraud complaints in 2018 with losses totaling nearly $650
million. Some less conservative sources estimate that fraud against seniors, or what’s
known as elder financial exploitation (EFE), costs families in the U.S. upwards of $36
billion per year. Research shows that as seniors age, they’re more likely to sustain higher
average losses to senior financial scams.
Explain the most common types of attacks targeting senior citizens and suggest
precautionary measures for them with reference to these attacks? (10 Marks)
3. For a payment processing site , such as PayPal, security is of utmost important. In PayPal,
more than 12 million payment transactions are processed on a daily basis, and this number
rises to 15M million during peak days. Nowadays, PayPal has implemented a new and
advanced approach to catching bugs and vulnerabilities in its website. This security
feature was an add-on to a committed team of more than 2000 anti-fraud specialists who
are responsible for taking care of the perimeter security. Each customer accountand
payment transactions were monitored by the organisation 24/7 so that there is no
fraudulent activity, email phishing and loss of identity.
Moreover, the security was also ensured by maintaining every communication between
servers on SSL. However, in the case of any flaw in any of these security features, an
alarm should be raised.
Now, PayPal has contacted and assigned members who can work on bonus basis for the
website security. These security researchers who are paid for identifying the bugs and
possible vulnerabilities in PayPal’s website are known as bounty hunters. “There are a
lot of security researchers, there are a lot of other people out there who are experts on
security. We have a very successful bug bounty program, where researchers will find a
vulnerability on our sites that we’ve missed,” explains Shivananda.
NMIMS Global Access
School for Continuing Education (NGA-SCE)
Course: IT Security and Risk Management
Internal Assignment Applicable for June 2022 Examination
Every bug spotter looks for his/her benefit in identifying bugs. Therefore, PayPal rewards
these bounty hunters with the designation of a hero and their achievements portrayed on
the ‘Wall of Fame’. In monetary terms, a huge amount is paid to them.
PayPal pays $10,000 (about `6.5 Lakh) to identify a remote code of execution. In this
case, the spotter of an authentication bypass vulnerability will get $3000 and the one
working on cross-site scripting error would get $750.
Many companies such as Facebook and eBay have involved the community for highlevel security. Let’s understand the manner in which the bug bounty program introduced
by PayPal works. First, a security researcher enters and submits a security bug on the
PayPal portal. On its completion, the security professionals I working at PayPal test that
vulnerability and checks whether or not it is a real issue. They also understand the fixes
and communicates to the researcher saying “Yes, what you’ve submitted is a genuine
issue. Thank you for that. We’re processing it, and as we process it, we’ll come back to
you,” said Shivananda. After the bug is successfully closed, security researchers are
entitled to compensation from PayPal.
The following vulnerabilities are out-of-scope for PayPal:
Vulnerabilities based on social engineering techniques
Vulnerabilities based on brute force
The main objective of a payment processing company is to serve customers innovatively
in 200 markets taking care of the fact that the losses are a third of one percent. Along
with this, a huge amount of creativity has to be brought in designing the fraud eco-system.
PayPal invests a lot of resources in analysing the transactions, account details, and
ensuring that no fraudulent transaction is completed on their website. In fact, it’s
surprising that PayPal has the least loss in the payment industry that is one-third of one
NMIMS Global Access
School for Continuing Education (NGA-SCE)
Course: IT Security and Risk Management
Internal Assignment Applicable for June 2022 Examination
percent. The combination of machine learning and data sciences on the massive data sets
helped PayPal to attain the position where it can assure the customers regarding the safety
of their transactions.
“A loss rate of one-third of one percent is something we can brag about in the industry,”
beams Shivananda
a. Why PayPal thought of hiring bounty hunters? (5 Marks)
b. What type of issues can be faced by PayPal if there is some sort of security lapse in the
customer payment transactions? (5 Marks)
**********
No comments:
Post a Comment