NMIMS Global Access
School for Continuing Education (NGA-SCE)
Course: IT Security and Risk Management

Internal Assignment Applicable for December 2020 Examination

1. A device or an application needed to track a network or system for malicious activities
or violation of policies is known as Intrusion Detection System. Whereas, the testing
that examines the security of an organization prior to an attack on the network by a
hacker is known as penetration testing. What are the challenges and benefits of

Intrusion detection system and penetration testing for an organization in their security?
Also is it necessary to have both these strategies implemented in a single organization?
Justify your opinion. (10 Marks)
2. MSME companies over the last decade have invested in various cyber security
detection and prevention policies. These include, corporate firewalls, antivirus,
malware removal tools, and many others. In the current pandemic situation, all these
investments which were done for providing security to specific locations (office space)
have proved to be redundant. Majority of the workforce is working from home and
hence a review of these investments is being undertaken in preparation for the new
normal.
Discuss the technologies and policies which would help organizations to meet the
challenges of an increasingly distributed work environment. Kindly remember to factor
in budgetary and other resource constraints which the MSME sector faces while
making your recommendations (10 Marks)
3. Mrs. Sharma felt all was not well with her 79-year-old father who used to live alone in
his hometown. When they talked on the phone, he would tell her about a woman he
met online and occasionally sent money to via his mobile phone. Even though her
father never met the woman in person, she had gained her father’s confidence through
instant messaging and voice chats, she would ask him to send her money to feed her
and her daughter. Mrs. Sharma told her father that he was being conned, but he would
not listen and continued to send the woman money anyway. It was only after Mrs.
Sharma went to her hometown to check on her father due to ill health that she realized
the extent of the scam. She found numerous messages from the woman asking for
money, including receipts from wire transfers on her father’s phone. After doing a little

digging, Mrs. Sharma found that her father had sent the woman more than Rs. 9,00,000
over a course of two years; practically his life’s savings. Majority of these transaction
were done by gaining access to her father’s provident fund account. The attacker had
hacked the account using the private information gained through chat and voice
messages. Unfortunately, this is not uncommon. According to research by the Stanford
Center on Longevity and the Financial Industry Regulatory Authority’s Investor
Education Foundation, those over the age of 65 are more likely to have lost money due
to a financial scam than someone in their 40s.

a. Why are elderly frequent targets of cyber fraud? What tactics the fraudsters use to gain
access to bank accounts of elderly? (5 Marks)

b. What are the ways and measures to protect people especially seniors from such attacks?