Phishing and Pharming
You have just graduated, and are employed by “Business Communications
Consulting” as an IT security expert. Your boss, the Director of Technical Systems,
has been asked to provide the board of directors with a report about “phishing” and
“pharming” and the threats these pose to the company and its employees using
company resources, so that the board can determine whether there are any
implications for its strategic plan. Your boss is too busy to do it himself and
delegates the task to you. He gives you the following guidance:
Find information about “phishing” and “pharming”, including:
· What the terms mean and the difference between them;
· the threats these issues pose to the company and its employees;
· any secondary threats that these may be used to introduce;
· the possible vulnerabilities to each of these threats;
· the mechanisms that may be involved in exploiting these vulnerabilities;
· what mechanisms are available counter the threats; and
· how much these security mechanisms could impact on legitimate users.
Make sure you use at least five different sources of information, and around
1500 - 2000 words should be enough for the level of detail I’m after.
At least one of the sources you use must have been through a “peerreviewed”
process, meaning that it is published in a scholarly journal or presented
at an international (or international-quality) conference. When counting words, you
should not include the executive summary (or abstract), references or lengthy
You are free to choose between the IEEE and Harvard referencing style.
It is important that you consistently use one of these styles. As a reminder, there
are marks allocated for references.
You should structure your report logically. You should use headings where
they will help the reader. It is not necessary to structure your report strictly
according to the details your boss asked for, although you may judge that to be
The word count suggestion is not a “hard limit”. You can go over or under a
little if necessary. However, be aware that communication skills are very important.
If you were, for example, to submit a 5000 word assignment, you may be
demonstrating an inability to follow instructions or an inability to communicate
clearly and succinctly.
This is an individual assignment, not one to be done by groups. Locating
information is an important skill that is assessed in this course. While it would be
acceptable to give another student help, the actual task of finding, selecting, and
judging individual information sources must be done by each student.
You are required to read information from a number of sources, understand a
topic, and then formulate your own words to answer the particular questions asked
above. Where you can find no better way to express an individual idea than the
words used by one of your sources, you should enclose those words in quotation
marks, and refer to their source. Anything less is plagiarism.
Submission deadline is Friday 3pm, February 12, 2010. Penalty for late
submission is 10% of your mark per day your submission is late. All submission
items need to be submitted before this date and time.
The following items need to be submitted:
· A printed version of your assignment to be submitted to me or to the Ms.
Josephine Magada(IC office). Your assignment submission must be accompanied by
a signed coversheet declaring.
· You also need to submit an electronic version of your assignment in PDF
(preferred) through the class forum.
Description of “phishing” and “pharming” and the threats these pose
to the company and its employees, including any secondary threats
that these may be used to introduce (Demonstrate correct
interpretation and application of security vocabulary, and adequate
comprehension of literature.)
Description of the vulnerabilities that may be exploited to realise
those threats and the mechanisms that may be involved in exploiting
these vulnerabilities. (Demonstrate correct interpretation and
application of security vocabulary, and adequate comprehension of
Description of the mechanisms available to counter the threats and
how much these security mechanisms could impact on legitimate
users. (Demonstrate correct interpretation and application of security
vocabulary, and adequate comprehension of literature. Adequate
explanation of why the threat will no longer succeed, or be less likely
to succeed. Identification of potential impact on legitimate use.)
Information sources. Locate and use at least one peer-reviewed
resource. You should use at least three independent quality sources
on “phishing” and use at least two on any secondary threats you
identify. (It might not be possible to find peer-reviewed papers on
“pharming” yet.) Wikipedia is not an academic quality resource. You
must cite it if you use it, but it will not be one of your five quality
Citation and Referencing. (Citations and reference list contains
necessary information, chosen formatting is used consistently.)
Report Presentation and Structure (logical flow, formatting, grammar,