Type of assignment: This assignment is individual.

Points: The maximum number of points for this assignment is 23, which will be prorated accordingly after all assignments are posted. Weight of each problem is in parenthesis.

Format: Assignment submissions are accepted in the following formats only: (plain) ASCII text (extension .txt), HTML (.html), PDF (.pdf). Assignments submitted in any other format will be discarded without marking and 0 points will be given. All text in the assignment submissions must be typed and figures (if any) plotted to be easy to read and understood. Spelling, grammar, and other language errors will result in fewer points credited to the corresponding problem solutions.

Problems

1. (6 points) Analysis of a real incident:
   1. Using no more than half a page, summarize a real security incident that has been reported in English-speaking online public media after May 2008. Provide proper reference (in IEEE Transactions format) to the original report and the corresponding URL. The TA should be able to verify the information in your summary by accessing the original report using your reference or URL.
   2. Using another half a page, analyze 1) the value of the assets at risk, 2) threats to these assets, and 3) threat agents, for the stakeholder(s) that experienced most damage, as a result of that incident. If necessary make reasonable assumptions and state them clearly. Classify which of the CIA properties of the valuable assets were reduced as a result of the incident.
2. (6 points) Analyze 1) the value of the assets at risk, 2) threats to these assets, and 3) threat agents, for any two of the following systems used in the following scenarios:
   1. You are using your smartphone at the free WiFi hot-spot in a Blenz coffee shop on the corner of Davie and Granville Streets in Vancouver downtown to pay your apartment rent. You downloaded specialized application for accessing your bank from versiontracker.com. The application description said that it was developed by your bank.
   2. You and your friend went to watch a new movie at a small theatre on Hastings Street East, Vancouver. The show starts 10 PM. You are waiting for your friend in front of the theatre right before the show.
   3. You are placing an order for your new laptop at www.bestbye.com using your credit card.
   4. You found on on eBay.com a great deal on an expensive laptop, which gives you 40% off the price tag in Future Shop. But the seller is currently visiting UK and therefore cannot accept a credit card payment. She asks you to transfer the payment using Western Union. You cannot resist such a good deal and transfer $2K (the laptop price) to the seller using Western Union.

Classify the above threats according to the threat types

3. (5 points) For each threat in problem #2, classify which of the CIA properties of the assets would be reduced if the threat were realized.
4. (6 points) Describe countermeasures, either existing or proposed by you, that would reduce the risks associated with the threats and assets from problems #1 & #2.