IT Security and Risk Management
June 2023 Examination

1. Even in this age of Google Pay, Apple Pay and Samsung Pay, where you can use
virtual payments to purchase items in real stores and restaurants with your
smartphone, the “old fashioned” credit card and debit card isn’t going away
anytime soon. With that said, many people who use them are afraid that the payment
information that’s on those cards could be lifted by hackers, even if they remain inside
a wallet. That fear includes the newer credit and debit cards that have RFID chips
inside. That’s why some folks who use those kinds of cards are buying RFID
blocking wallets, which are supposed to keep hackers from taking your payment
information. Explain RFID Hacking and ways to avoid it. (10 Marks)
It is only half solved
Get Complete assignment help from us
Price – 290/ assignment
NMIMS Complete Solved Assignments
Available for session JUNE 2023
The last date is 29th MAY- 2023
Our assignment help is affordable
Our goal is to provide you with the best and the cheapest
services
Contact No – 8791514139 (WhatsApp)
OR
Mail us- [email protected]
Our website – www.assignmentsupport.in

2. Access control is a method of guaranteeing that users are who they say they are and
that they have the appropriate access to company data. Most security professionals
understand how critical access control is to their organization, which access control
techniques would you want or expect your bank to employ to keep your bank account
safe? Give detailed justifications for your recommendations. (10 Marks)

3. CovidLock is a new Android ransomware that conducts a lock-screen attack against its
victims. A security research Team, in the course of monitoring newly registered
Coronavirus and COVID labeled domain names, discovered a website luring users into
downloading an Android application under the guise of a COVID-19 heat map.
The coronavirusapp.site domain initially contained an iframe sourcing directly from
infection2020.com (a website from an independent developer for tracking US-based
COVID-19 news) and a small banner above that encouraged the installation of the
malicious application for real time updates.
The app portrays itself as a Coronavirus Tracker. As soon as it starts running, it asks the
user to allow it to conduct battery optimization. The ransomware does this to keep itself
running in the background and to make sure that Android does not close the app
to optimize battery performance. Once the initial phase is over, the app requests access to
Android’s Accessibility feature. By integrating accessibility features and services,
Android developers can improve the app’s usability, particularly for users with
disabilities. But it is common for attackers to use this functionality to keep the malware
persistent.
Once admin rights are achieved by the app, the attack is launched. As soon as the victim
clicks on “Scan Area For Coronavirus,” the phone locks itself with a message on the
locked screen. It asks for $250 as ransom in the form of bitcoins. Failure to do so,
according to the attacker, can lead to the leaking of the victim’s private data, including
photos, videos, and more.

a. Explain the various types of malware and how is ransomware different from a
virus/worm? (5 Marks)

b. What precautions should an employer of an SME take to prevent ransomware attacks
on a company resources? (5 Marks)