U23 – web security & regulations
24
U23 – WEB SECURITY & REGULATIONS
-
Upload
s-angland -
Category
Technology
-
view
1.320 -
download
3
description
Transcript of U23 – web security & regulations
U23 – WEB SECURITY &
REGULATIONS
Health Warning Please remember that the Exam Board
doesn’t provide Mas for anything beyond U4, so this is my best interpretation of the markgrids and other paperwork…
Note: this one is HEAVY on research – and the answers aren’t that easy to locate! You gotta have heart!
Health Warning – Extra!
People tend to pick this Unit because they think it is short – only has 4 AOs, right? Gotta be easy…
Oh, in your dreams…. This is a heavy-on-the-research Unit:
and for me to pass it, you’ll need up-to-date info, spot on examples, and a real understanding of the issues.
Scenario
A prominent PC- techie type magazine is doing a series of articles on the state of the World Wide Web, more than a decade after TBL suggested it to CERN. Among concerns in modern days has been cyber-terrorism in all its forms, hacking for all sorts of reasons, and general security issues.
That’s where YOU come in.
Task 1: What Are We Talking About? As always, AO1 is research. Here you need
to research and describe, with examples:3 security breaches2 examples of fraudulent use of e-
communications1 hazard through site overload
○ And a partridge in a pear tree…. OOPS! Sorry –
2 examples of hardware OR software contamination through e-communications
Oh – and explain the vulnerability of WLANS too
Task 1: What Are We Talking About? So that’s pretty much anything I tweet
about! (@Angelsoft_ICT remember!) Those fools not brave enough to tie their
names to anything, calling themselves Anonymous could be included here.
Also phishing, DDOS, flaming, hardware violations, spamming, software infections, theft of credit card details
This isn’t about LOSS: it’s THEFT you’re looking for…
Markgrid – AO1 PASS
Candidates research and provide a basic description, supported with few examples, of: ○ three security breaches, ○ two examples of fraudulent use of e-
communications, ○ one hazard through site overload ○ two examples of hardware or software being
contaminated or ruined through e-communications.
They describe, in basic terms, the vulnerability of WLANs (wireless local area networks).
Markgrid – AO1 MERIT
Candidates research and provide a detailed description, supported with appropriate examples, of: ○ three security breaches, ○ two examples of fraudulent use of e-communications, ○ two hazards through site overload ○ two examples of hardware or software being
contaminated or ruined through e-communications.
They clearly describe the vulnerability of WLANs.
Markgrid – AO1 DISTINCTION
○ Candidates research and provide a comprehensive description, supported with a variety of well chosen examples, of:
○ three security breaches, ○ two examples of fraudulent use of e-communications, ○ two hazards through site overload and ○ two examples of hardware or software being
contaminated or ruined through e-communications.
They evaluate the vulnerability of WLANs. NB – by now you’re being far more technical
about WLAN construction and security!
Task 2- Protection
So now we’re all scared witless – this is when you start to show how we can protect ourselves from most threats.
There is really nothing ‘civilised’ that can deter a serious thief: they have nothing to lose. But most thieves aren’t that inhuman – most can be persuaded otherwise…
Task 2- Protection
So show an understanding of valid measures (number depends on level – so check the grid) covering hardware AND software that a WEBSITE CONTROLLER could use. NOT a private citizen!!!
Also show understanding (depth in levels again) of two ways to control access to a website
Task 2- Protection
So that could be…Firewalls, anti-virus software, encryption
(PGP and digital sigs included here) anonymisers, remailers
Quarantine machines in the networkPasswords, machine id logs, activity
monitoring, backup and restore proceduresUser registration, password access, account
access levels…
Markgrid – AO2
PASSCandidates demonstrate a basic
understanding, supported with few examples, of four valid measures, covering hardware and software that a website controller could use.
They demonstrate a basic understanding of two ways of controlling access to a website.
Markgrid – AO2
MERITCandidates demonstrate understanding,
supported with appropriate examples, of the effectiveness of six valid measures, covering hardware, software and procedures that a website controller could use.
They demonstrate understanding of two ways of controlling access to a website.
Markgrid – AO2
DISTINCTIONCandidates demonstrate understanding,
supported with a variety of well chosen examples, of the effectiveness of eight valid measures, covering hardware, software and procedures that a website controller could use.
They demonstrate understanding of the effectiveness of two ways of controlling access to a website.
Task Three: Repairing the damage One way or another, we all get caught
by something. So how to repair the damage?Backups? (cloud or local? – issues arising?)Manual repair?File recovery?Repair Programs?
Markgrid – AO3
PASSCandidates describe generic methods of
repair. ○ Short but sweet. Even here, though, you need
a bit more than ‘try ctrl-Z’: OK?
Markgrid – AO3
MERITCandidates describe generic methods of
repair, using appropriate examples to support their descriptions.
Markgrid – AO3
DISTINCTIONCandidates describe in detail methods of
repair, using a variety of well chosen examples to support their descriptions.
Task 4: The Stinker
Yup – this is where you may well regret taking this Unit. Just remember: I did warn you…
In this AO you are looking at how website legislation has been applied by business. For the higher grades you’ll also be looking at the impact through evaluation of this action.
Task 4: The Stinker
So you’re looking at things like things like this AS A MINIMUM:PASS
○ Privacy Directive, Copyright and Intellectual Property laws
MERIT○ Pass stuff, plus e-Commerce regulations
DISTINCTION○ All of that plus accessibility requirements
Markgrid – AO4
PASSCandidates will briefly describe how
website legislation has been applied by businesses.
Their report is supported by few examples and based on limited research.
Website legislation covered will include, as a minimum, Privacy Directive and Copyright and Intellectual Property laws.
Markgrid – AO4 MERIT
Candidates will describe in detail how website legislation has been applied by businesses.
Their report is supported by a range of examples and based on research.
Website legislation covered will include, as a minimum, eCommerce regulations, Privacy Directive, Copyright and Intellectual Property laws.
Markgrid – AO4 DISTINCTION
Candidates will provide a comprehensive evaluation of how website legislation has been applied by businesses.
Their report is, supported by a wide range of examples and based on extensive research.
Website legislation covered will include, as a minimum, accessibility requirements, eCommerce regulations, Privacy Directive, Copyright and Intellectual Property laws.
