Grand Assignment

Q 1. Consult RFC 4949 and write down what the following terms mean in cyber security.
Please note that copied text from the RFC or other sources will be awarded zero marks. You
should write in your own words. (28x0.5=14 marks)

Access Control
The process in which grantor grants the authority and acquiescence to administrator and also the regulation of
system resources according to the security policy as it is allowed only to authorized entities defined from that
policy, known as access control.
Following are the key terms of access control;
a Who can do authentication?
a What type of resource actions can be performed on different resources?
a Which identity can do what type of resource action on protected resource?
Access Control List
The implementation of access control by categorizing the system entities for system resource that are allowed
to access the resource either indirectly or directly according to the access modes granted to each entity
Attack
The planned action of violation of entity’s privacy and security by attacker, is known as attack.
Authentication
The establishment to a specified level of assurance that defines identification is authentic, the process is
known as authentication.
Availability
Availability refers to the systems, apps and data presence for clients whenever the need it.
Backdoor
The procedure that provides normal security measures and high-level root access to system, software and
network, towards authorize and unauthorized user, known as backdoor.
Brute force
The cryptographic hack that is based on guessing possible combinations of passwords until the right password
will be discovered, known as brute force.
Buffer overflow
A process in which data volume run over the storage capacity of memory buffer then the resultant program
tries to write the data to buffer and overflow the end-to-end memory locations, known as buffer overflow.
Computer Emergency Response Team (CERT)
An authorized expertise information security group responsible for protection, detection and response to an
organization’s cybersecurity events, known to be CERT.
Computer security
The process that revolves around protection and detection of computer system from unauthorized use, hack
and theft, known as computer security.
Computer Security Incident Response Team (CSIRT)
An IT professional group regarding to the prevention, management and coordination of
potential cybersecurity-related emergencies and delivers an organization with services and support
surrounding.

Cryptoanalysis
The methodology for obtaining the meaning of encrypted information without retrieving the surreptitious
information that is obligatory to do work, known as cryptoanalysis.
Daemon
A program that runs a background process and answering requests for services, known as daemon.
Zombie
A computer which is connected to Internet and compromised by hacker, virus and trojan that is used to
perform malicious activities remotely.
Data Confidentiality
The process that is referred to protecting data from unauthorized access, known as data confidentiality.
Data Integrity
The process that is referred to protecting data from unauthorized access to ensure that it is accurate and
consistent, known as data integrity.
Data Origin Authentication
A property that tells a message has not been changed while in transit mode and that the receiving party can
authenticate the foundation of the message, known as data origin authentication.
Digital Signature
The process that ensures that messages have not been altered in transit mode, known as digital signature.
Discretionary Access Control
An access control type that is defined by the Trusted Computer System Evaluation Criteria for the source of
confining access to items based on the uniqueness of themes and assemblages to which they belong, known
as discretionary access control.
Intranet
A type of sensitive that requires robust security and comprise delicate, corporate serious information, known
as intranet.
Internet
It is the aspect in cyber security and computer security that focuses on threats and vulnerabilities of online
access of data.
Intrusion
An authorized activity on a computer system by some intruder, known as intrusion.
Intrusion Detection
A device or software that views a network for malevolent movement or strategy violations, known as intrusion
detection.
Key space
The set of valid, possible and distinct keys of cryptosystem included in key space.
End-to-end encryption

PAGE 2
A process of encryption that protects messages and all other chat contents via making them unreadable,
known as end-to-end encryption.
Security perimeter
Placing necessary security at the entrance of private data to protect it from hacker, known as security
perimeter.
System integrity
System integrity involves system maintenance, consistency and trustworthiness of data over the life cycle.
Q 2. Construct a Playfair matrix using INFORMATION SECURITY AND ASSURANCE as key and
encrypt the plaintext “this is class of information security and assurance”. Please note that
you should write i/j together in one cell. (3+3=6)

Key
Network and Management and security.
Plain text
This is class of information security and assurance.
Plain text pairs
TH IS IS CL AS SO FI NF OR MA TI ON SE CU RI TY AN DA SX SU RA NC EX
Play fair
N E T W O
R K A D M
G S C U I/J
Y B F H L
P Q V X Z

Encryption
WF GC GC IF KC IE LC TY NM RD OC NE BK UI MG NF RT MD UQ CI KD TG WQ
___________________________________________________________________________

Q 3. The following ciphertext is achieved by encrypting the plaintext with a row

transposition cipher. The key used to encrypt the plaintext is “3156247” and the ciphertext
is given below in the box. Your task is to recover the plaintext by performing decryption of
the ciphertext. Write down all the steps you perform on your answer sheet. (10 marks)

HRKEHELHCTAURIROEYECTERMTTIWAIRWSNEU
EOVDEYFTERLEHAHOOHGYFNIBDOOGAWLUEE

PAGE 3
 3 1 5 6 2 4 7
T H E H A R D
E R Y O U W O
R K F O R S O
M E T H I N G
T H E G R E A
T E R Y O U W
I L L F E E L
W H E N Y O U
A C H I E V E
I I A B C D E

Plain Text
The harder you work for something the greater you will feel when you Achieve.

Grand Assignment

Q 1. Consult RFC 4949 and write down what the following terms mean in cyber security.
Please note that copied text from the RFC or other sources will be awarded zero marks. You
should write in your own words. (28x0.5=14 marks)

Access Control
The process in which grantor grants the authority and acquiescence to administrator and also the regulation of
system resources according to the security policy as it is allowed only to authorized entities defined from that
policy, known as access control.
Following are the key terms of access control;
a Who can do authentication?
a What type of resource actions can be performed on different resources?
a Which identity can do what type of resource action on protected resource?
Access Control List
The implementation of access control by categorizing the system entities for system resource that are allowed
to access the resource either indirectly or directly according to the access modes granted to each entity
Attack
The planned action of violation of entity’s privacy and security by attacker, is known as attack.
Authentication

PAGE 4
The establishment to a specified level of assurance that defines identification is authentic, the process is
known as authentication.
Availability
Availability refers to the systems, apps and data presence for clients whenever the need it.
Backdoor
The procedure that provides normal security measures and high-level root access to system, software and
network, towards authorize and unauthorized user, known as backdoor.
Brute force
The cryptographic hack that is based on guessing possible combinations of passwords until the right password
will be discovered, known as brute force.
Buffer overflow
A process in which data volume run over the storage capacity of memory buffer then the resultant program
tries to write the data to buffer and overflow the end-to-end memory locations, known as buffer overflow.
Computer Emergency Response Team (CERT)
An authorized expertise information security group responsible for protection, detection and response to an
organization’s cybersecurity events, known to be CERT.
Computer security
The process that revolves around protection and detection of computer system from unauthorized use, hack
and theft, known as computer security.
Computer Security Incident Response Team (CSIRT)
An IT professional group regarding to the prevention, management and coordination of
potential cybersecurity-related emergencies and delivers an organization with services and support
surrounding.

Cryptoanalysis
The methodology for obtaining the meaning of encrypted information without retrieving the surreptitious
information that is obligatory to do work, known as cryptoanalysis.
Daemon
A program that runs a background process and answering requests for services, known as daemon.
Zombie
A computer which is connected to Internet and compromised by hacker, virus and trojan that is used to
perform malicious activities remotely.
Data Confidentiality
The process that is referred to protecting data from unauthorized access, known as data confidentiality.
Data Integrity
The process that is referred to protecting data from unauthorized access to ensure that it is accurate and
consistent, known as data integrity.
Data Origin Authentication
A property that tells a message has not been changed while in transit mode and that the receiving party can
authenticate the foundation of the message, known as data origin authentication.
Digital Signature
The process that ensures that messages have not been altered in transit mode, known as digital signature.
Discretionary Access Control

PAGE 5
An access control type that is defined by the Trusted Computer System Evaluation Criteria for the source of
confining access to items based on the uniqueness of themes and assemblages to which they belong, known
as discretionary access control.
Intranet
A type of sensitive that requires robust security and comprise delicate, corporate serious information, known
as intranet.
Internet
It is the aspect in cyber security and computer security that focuses on threats and vulnerabilities of online
access of data.
Intrusion
An authorized activity on a computer system by some intruder, known as intrusion.
Intrusion Detection
A device or software that views a network for malevolent movement or strategy violations, known as intrusion
detection.
Key space
The set of valid, possible and distinct keys of cryptosystem included in key space.
End-to-end encryption
A process of encryption that protects messages and all other chat contents via making them unreadable,
known as end-to-end encryption.
Security perimeter
Placing necessary security at the entrance of private data to protect it from hacker, known as security
perimeter.
System integrity
System integrity involves system maintenance, consistency and trustworthiness of data over the life cycle.
Q 2. Construct a Playfair matrix using INFORMATION SECURITY AND ASSURANCE as key and
encrypt the plaintext “this is class of information security and assurance”. Please note that
you should write i/j together in one cell. (3+3=6)

Key
Network and Management and security.
Plain text
This is class of information security and assurance.
Plain text pairs
TH IS IS CL AS SO FI NF OR MA TI ON SE CU RI TY AN DA SX SU RA NC EX
Play fair
N E T W O
R K A D M
G S C U I/J
Y B F H L

PAGE 6
 P Q V X Z

Encryption
WF GC GC IF KC IE LC TY NM RD OC NE BK UI MG NF RT MD UQ CI KD TG WQ
___________________________________________________________________________

Q 3. The following ciphertext is achieved by encrypting the plaintext with a row

transposition cipher. The key used to encrypt the plaintext is “3156247” and the ciphertext
is given below in the box. Your task is to recover the plaintext by performing decryption of
the ciphertext. Write down all the steps you perform on your answer sheet. (10 marks)

HRKEHELHCTAURIROEYECTERMTTIWAIRWSNEU
EOVDEYFTERLEHAHOOHGYFNIBDOOGAWLUEE

3 1 5 6 2 4 7
T H E H A R D
E R Y O U W O
R K F O R S O
M E T H I N G
T H E G R E A
T E R Y O U W
I L L F E E L
W H E N Y O U
A C H I E V E
I I A B C D E

Plain Text
The harder you work for something the greater you will feel when you Achieve.

Grand Assignment

PAGE 7
Q 1. Consult RFC 4949 and write down what the following terms mean in cyber security.
Please note that copied text from the RFC or other sources will be awarded zero marks. You
should write in your own words. (28x0.5=14 marks)

Access Control
The process in which grantor grants the authority and acquiescence to administrator and also the regulation of
system resources according to the security policy as it is allowed only to authorized entities defined from that
policy, known as access control.
Following are the key terms of access control;
a Who can do authentication?
a What type of resource actions can be performed on different resources?
a Which identity can do what type of resource action on protected resource?
Access Control List
The implementation of access control by categorizing the system entities for system resource that are allowed
to access the resource either indirectly or directly according to the access modes granted to each entity
Attack
The planned action of violation of entity’s privacy and security by attacker, is known as attack.
Authentication
The establishment to a specified level of assurance that defines identification is authentic, the process is
known as authentication.
Availability
Availability refers to the systems, apps and data presence for clients whenever the need it.
Backdoor
The procedure that provides normal security measures and high-level root access to system, software and
network, towards authorize and unauthorized user, known as backdoor.
Brute force
The cryptographic hack that is based on guessing possible combinations of passwords until the right password
will be discovered, known as brute force.
Buffer overflow
A process in which data volume run over the storage capacity of memory buffer then the resultant program
tries to write the data to buffer and overflow the end-to-end memory locations, known as buffer overflow.
Computer Emergency Response Team (CERT)
An authorized expertise information security group responsible for protection, detection and response to an
organization’s cybersecurity events, known to be CERT.
Computer security
The process that revolves around protection and detection of computer system from unauthorized use, hack
and theft, known as computer security.
Computer Security Incident Response Team (CSIRT)
An IT professional group regarding to the prevention, management and coordination of
potential cybersecurity-related emergencies and delivers an organization with services and support
surrounding.

Cryptoanalysis

PAGE 8
The methodology for obtaining the meaning of encrypted information without retrieving the surreptitious
information that is obligatory to do work, known as cryptoanalysis.
Daemon
A program that runs a background process and answering requests for services, known as daemon.
Zombie
A computer which is connected to Internet and compromised by hacker, virus and trojan that is used to
perform malicious activities remotely.
Data Confidentiality
The process that is referred to protecting data from unauthorized access, known as data confidentiality.
Data Integrity
The process that is referred to protecting data from unauthorized access to ensure that it is accurate and
consistent, known as data integrity.
Data Origin Authentication
A property that tells a message has not been changed while in transit mode and that the receiving party can
authenticate the foundation of the message, known as data origin authentication.
Digital Signature
The process that ensures that messages have not been altered in transit mode, known as digital signature.
Discretionary Access Control
An access control type that is defined by the Trusted Computer System Evaluation Criteria for the source of
confining access to items based on the uniqueness of themes and assemblages to which they belong, known
as discretionary access control.
Intranet
A type of sensitive that requires robust security and comprise delicate, corporate serious information, known
as intranet.
Internet
It is the aspect in cyber security and computer security that focuses on threats and vulnerabilities of online
access of data.
Intrusion
An authorized activity on a computer system by some intruder, known as intrusion.
Intrusion Detection
A device or software that views a network for malevolent movement or strategy violations, known as intrusion
detection.
Key space
The set of valid, possible and distinct keys of cryptosystem included in key space.
End-to-end encryption
A process of encryption that protects messages and all other chat contents via making them unreadable,
known as end-to-end encryption.
Security perimeter
Placing necessary security at the entrance of private data to protect it from hacker, known as security
perimeter.
System integrity
System integrity involves system maintenance, consistency and trustworthiness of data over the life cycle.

PAGE 9
Q 2. Construct a Playfair matrix using INFORMATION SECURITY AND ASSURANCE as key and
encrypt the plaintext “this is class of information security and assurance”. Please note that
you should write i/j together in one cell. (3+3=6)

Key
Network and Management and security.
Plain text
This is class of information security and assurance.
Plain text pairs
TH IS IS CL AS SO FI NF OR MA TI ON SE CU RI TY AN DA SX SU RA NC EX
Play fair
N E T W O
R K A D M
G S C U I/J
Y B F H L
P Q V X Z

Encryption
WF GC GC IF KC IE LC TY NM RD OC NE BK UI MG NF RT MD UQ CI KD TG WQ
___________________________________________________________________________

Q 3. The following ciphertext is achieved by encrypting the plaintext with a row

transposition cipher. The key used to encrypt the plaintext is “3156247” and the ciphertext
is given below in the box. Your task is to recover the plaintext by performing decryption of
the ciphertext. Write down all the steps you perform on your answer sheet. (10 marks)

HRKEHELHCTAURIROEYECTERMTTIWAIRWSNEU
EOVDEYFTERLEHAHOOHGYFNIBDOOGAWLUEE

3 1 5 6 2 4 7
T H E H A R D
E R Y O U W O
R K F O R S O
M E T H I N G
T H E G R E A
T E R Y O U W

PAGE 10
 I L L F E E L
W H E N Y O U
A C H I E V E
I I A B C D E

Plain Text
The harder you work for something the greater you will feel when you Achieve.

PAGE 11