Stuxnet
migzs
CIS560grade1.docx|
Points: 60 |
Case Study 1: Stuxnet |
|||
|
Criteria |
Unacceptable Below 70% F |
Fair 70-79% C |
Proficient 80-89% B |
Exemplary 90-100% A |
|
1. Analyze the level of security requirements between industrial systems and consumer devices such as desktop computers. Address if they should be the same or different. Weight: 20% |
Did not submit or incompletely analyzed the level of security requirements between industrial systems and consumer devices such as desktop computers. Did not submit or incompletely addressed if they should be the same or different. |
Partially analyzed the level of security requirements between industrial systems and consumer devices such as desktop computers. Partially addressed if they should be the same or different. |
Satisfactorily analyzed the level of security requirements between industrial systems and consumer devices such as desktop computers. Satisfactorily addressed if they should be the same or different. |
Thoroughly analyzed the level of security requirements between industrial systems and consumer devices such as desktop computers. Thoroughly addressed if they should be the same or different. |
|
2. Analyze the anatomy of Stuxnet and how it was able to damage Iran’s SCADA systems. Weight: 20% |
Did not submit or incompletely analyzed the anatomy of Stuxnet and how it was able to damage Iran’s SCADA systems. |
Partially analyzed the anatomy of Stuxnet and how it was able to damage Iran’s SCADA systems. |
Satisfactorily analyzed the anatomy of Stuxnet and how it was able to damage Iran’s SCADA systems. |
Thoroughly analyzed the anatomy of Stuxnet and how it was able to damage Iran’s SCADA systems. |
|
3. Evaluate the lessons that were learned from Stuxnet about the vulnerability of Iran’s SCADA systems. Suggest how the attacks could have been prevented. Weight: 25% |
Did not submit or incompletely evaluated the lessons that were learned from Stuxnet about the vulnerability of Iran’s SCADA systems. Did not submit or incompletely suggested how the attacks could have been prevented. |
Partially evaluated the lessons that were learned from Stuxnet about the vulnerability of Iran’s SCADA systems. Partially suggested how the attacks could have been prevented. |
Satisfactorily evaluated the lessons that were learned from Stuxnet about the vulnerability of Iran’s SCADA systems. Satisfactorily suggested how the attacks could have been prevented. |
Thoroughly evaluated the lessons that were learned from Stuxnet about the vulnerability of Iran’s SCADA systems. Thoroughly suggested how the attacks could have been prevented. |
|
4 Provide five (5) guidelines that should be used to reduce a network’s attack surface for industrial control system. Weight: 20% |
Did not submit or incompletely provided five (5) guidelines that should be used to reduce a network’s attack surface for industrial control system. |
Partially provided five (5) guidelines that should be used to reduce a network’s attack surface for industrial control system. |
Satisfactorily provided five (5) guidelines that should be used to reduce a network’s attack surface for industrial control system. |
Thoroughly provided five (5) guidelines that should be used to reduce a network’s attack surface for industrial control system. |
|
5. 3 references Weight: 5% |
No references provided |
Does not meet the required number of references; some or all references poor quality choices. |
Meets number of required references; all references high quality choices. |
Exceeds number of required references; all references high quality choices. |
|
6. Clarity, writing mechanics, and formatting requirements Weight: 10% |
More than 6 errors present |
5-6 errors present |
3-4 errors present |
0-2 errors present |
