PRSE 6212

Principles of Security

Assignment 1

Nivad Ramdass

By submitting this assignment, I acknowledge that I have read and understood all the rules as
per the terms in the registration contract, in particular the assignment and assessment rules
in The IIE Assessment Strategy and Policy (IE009), the intellectual integrity and plagiarism
rules in the Intellectual Integrity and Property Rights Policy (IE023), as well as any rules
and regulations published in the student portal.

© 2024 The Independent Institute of Education (Pty) Ltd 2024

 1

Plagiarism Statements

Statement Signature Statement Signature

I have read the

I have not shared this
assessment rules
assessment with any
provided in this
other student.
declaration.

I have not presented

This assessment is my the work of
own work. published sources as
my own work.

I have not copied any I have correctly cited

other student’s work in all my sources of
this assessment. information.

I have not uploaded

the assessment My referencing is
question to any technically correct,
website or App consistent, and
offering assessment congruent.
assistance.

I have not downloaded I have acted in an

my assessment academically honest
response from a way in this
website. assessment.

I have not used any AI

tool without reviewing,
re-writing, and
re-working this
information, and
referencing any AI
tools in my work.
Question 1
Q1.1. The South African banking sector, classified by institutions such as FNB, Absa, and Nedbank,
is increasingly integrating AI into its operations to enhance security, customer service, and
operational efficiency. Banks traditionally used signature-based systems to detect fraudulent
activities. These systems compare incoming data against known patterns of fraud or money
laundering. For example, if a transaction closely resembles known fraudulent patterns, the system
will flag it. While effective for known threats, these systems are limited when it comes to new or
evolving types of fraud. Banks also rely on rule-based detection, where transactions that exceed
certain thresholds or occur in high-risk regions might trigger alerts. This method, however,
requires constant updates and may miss sophisticated or well-disguised fraud attempts.

FNB's "Manila" system is great in anomaly detection by analyzing customer data from different
sources, such as customer spending habits (Darangwa, 2021). AI network models learn what
constitutes normal behavior for each customer, making it possible to detect anomalies that
could indicate fraudulent activity such as money laundering. This allows for the identification of
what would previously be unseen threats. AI systems can go beyond simple pattern matching by
analyzing complex behaviors and interactions. For example, if a customer's behavior deviates
from their usual spending habits, the AI system could flag this as suspicious, even if it doesn't
match known fraud patterns.

A conventional fraud detection system might flag a transaction after it's been processed, leading
to delayed responses in preventing financial loss. AI systems can monitor transactions in real-
time and respond almost instantaneously. For the Manila system would identify and halt a
fraudulent transaction as it's happening, based on real-time data analysis, reducing the likelihood
of financial loss. This rapid response time is crucial in minimizing the impact of security breaches.
AI systems provide faster and more accurate responses to threats. In banking, this can prevent
fraudulent transactions from being completed, thereby protecting both the bank and its
customers.

Traditional methods are generally seen as less adaptable. This is because banks must
continuously update rules and signatures to keep up with new threats. For instance, if a new and
unrecognized type of fraud emerges, banks would have to manually update their detection
systems to recognize this threat. Machine learning systems, like those employed by FNB, are
dynamic and self-learning. They can adapt to new fraud tactics by analyzing patterns and
updating their models accordingly. This technology benefits from the data that large businesses
keep. This adaptability also reduces the need for manual updates to the cybersecurity systems
and allows for more effective detection of novel threats. AI systems can learn and adapt to new
fraud tactics without requiring manual intervention. This is particularly important in the fast-
evolving landscape of financial crime.

Scaling traditional cybersecurity measures across a large network of branches and online
platforms would be resource-intensive. For example, updating fraud detection rules across all
systems in a bank like Absa would require significant time and effort. AI systems can scale more
efficiently across various platforms. As seen with Absa’s AI chatbots and QR payment systems,
these technologies can be deployed widely with minimal additional resources. This scalability
makes it easier for banks to extend security measures across all digital and physical touchpoints.
AI can handle vast amounts of transactional data, making it ideal for large institutions like FNB,
Absa, and Nedbank. Implementing AI systems can be complex and costly. Banks need to invest in
the necessary infrastructure and expertise to manage these systems effectively.

Q1.2. In recent years, South African businesses have increasingly turned to AI to bolster their
cybersecurity measures, reflecting a broader global trend of integrating AI technologies to
combat sophisticated cyber threats.

Trend Micro, a prominent cybersecurity firm, has been instrumental in transforming the local
cybersecurity landscape with its AI-based solutions (Ranjan, 2024). Their platform, Trend Vision
One, leverages AI to enhance threat detection and response times. This system integrates
Extended Detection and Response (XDR) capabilities, which significantly improves security
posture and collaboration within Security Operations Centers (SOC). Trend Micro's AI tools have
been crucial in detecting and mitigating threats at scale, including blocking over 225 million
threats in South Africa alone. The adoption of AI in their cybersecurity suite has led to a
remarkable 95% reduction in detection and investigation times, showcasing the efficiency of AI-
driven cybersecurity approaches in real-world applications.

Ernst & Young (EY) has also been at the forefront of integrating AI into cybersecurity strategies
across various South African businesses. Their approach involves using AI to automate tasks,
optimize visibility across attack surfaces, and reduce response times. According to a 2023 study
by EY, organizations classified as "Secure Creators" have successfully reduced their cyber
incident detection and response times by over 50% by adopting AI and machine learning
technologies. These advancements allow businesses to process and analyze vast amounts of data
quickly, enabling them to stay ahead of increasingly sophisticated cyber threats (Watson,
Bergman, & Ciepiela, 2024).

These examples illustrate how AI is reshaping cybersecurity in South Africa, offering enhanced
threat detection, quicker response times, and more scalable solutions compared to traditional
methods. The key benefits include reduced operational costs, improved security postures, and
faster incident management. However, these technologies also introduce new challenges, such
as potential vulnerabilities in AI models and the need for continuous updates to address
emerging threats.

Q1.3. Implementing AI-driven cybersecurity solutions often requires significant financial

investment. Costs can arise from acquiring advanced AI tools, integrating them with existing
systems, and training personnel to use these technologies effectively. For many South African
businesses, particularly small and medium-sized enterprises (SMEs), these costs may be
prohibitive. High upfront costs and ongoing expenses, such as software updates and
maintenance, could limit the adoption of AI in cybersecurity. To mitigate these costs, businesses
can explore collaborative models, such as shared services or cloud-based AI cybersecurity
solutions, which distribute costs across multiple users. Additionally, government incentives or
subsidies could encourage more widespread adoption by reducing the financial burden on
businesses.

AI implementation requires not only financial resources but also skilled personnel who can
develop, deploy, and maintain these systems. South Africa faces a skills shortage in both AI and
cybersecurity, which can impede the effective implementation of AI-driven solutions. The lack of
trained cybersecurity professionals capable of managing AI systems may result in suboptimal use
of these technologies or increased vulnerability to cyber threats.

AI in cybersecurity must adhere to strict regulatory frameworks to ensure data privacy and
security. South African laws, such as the Protection of Personal Information Act (POPIA), impose
stringent requirements on how personal data is processed and protected. AI systems that handle
sensitive data must be designed to comply with these regulations, which can add complexity to
their implementation.

Question 2
Lisa's identity is verified using RFID card authentication, which ties her unique card to her
authorized access level within the bank. This method provides a straightforward and efficient
means of confirming identity, ensuring that only individuals with the correct RFID card can enter
the data center. Kwame undergoes biometric facial recognition, where his facial features are
scanned and matched against stored biometric data. This method is highly secure, as it relies on
unique biological characteristics that are difficult to replicate, making it an effective deterrent
against impostors. Sipho’s identity is personally validated by Nandi, a security personnel who
knows him well. This personal recognition adds an additional layer of security through direct
human oversight, ensuring that even in the presence of advanced technology, a human element
contributes to the verification process. Finally, within the data center, knowledge-based
verification through complex passwords is required. This method ensures that only individuals
with specific knowledge, in this case, a password known only to authorized personnel, can access
highly secure systems.

Lisa and Kwame's identities are first confirmed using biometric fingerprint authentication. This
technology relies on capturing and comparing the unique patterns of ridges and valleys on a
person's fingertip. Fingerprints are highly individual, with even identical twins having distinct
fingerprints. The system scans the fingerprint and compares it to a stored digital template,
ensuring that only those whose biological data matches the authorized profiles can gain access.
This method is highly effective due to its uniqueness and difficulty

being replicated. It's in place to prevent impersonation and unauthorized access, particularly
from attackers who might steal or forge access credentials like passwords or ID cards.

Lisa also uses an RFID (Radio Frequency Identification) card, which is a contactless smart card
containing a unique identifier linked to her profile within the bank's security system. RFID
technology uses electromagnetic fields to automatically identify, and track tags attached to
objects—in this case, the RFID card. When Lisa holds her card up to the reader, it verifies her
identity by matching the card's ID with the stored data in the system. RFID cards are effective
because they offer a quick, seamless authentication process and can store more complex
information than traditional magnetic stripe cards. They are in place to control physical access to
secure areas and ensure that only individuals with the correct access level can enter.

The employee’s identity is further verified through facial recognition technology, which captures
and analyzes specific facial features such as the distance between the eyes, the shape of the
cheekbones, and the contour of the lips. This biometric method compares the captured image
with stored biometric data to confirm the individual's identity. Facial recognition is effective due
to its non-intrusive nature and the difficulty of faking one's facial features. It's implemented to
provide a seamless and secure way of ensuring that the person accessing the data center is
indeed an authorized individual, even if they attempt to disguise their appearance.

The multi-layered authentication approaches employed by the South African bank's financial
data center are grounded in a robust understanding of security best practices, particularly the
importance of combining different methods to protect against a wide range of threats. Each of
the technologies—biometric fingerprinting, RFID cards, facial recognition, personal validation,
and knowledge-based verification—plays a critical role in ensuring comprehensive security.

Biometric technologies, such as fingerprinting and facial recognition, are widely recognized for
their effectiveness due to their reliance on unique physiological traits that are difficult to
replicate. According to Jain et al. (2016), biometric systems are among the most secure methods
of authentication because they are based on individual characteristics that are nearly impossible
to duplicate, making them highly reliable in preventing unauthorized access. However, it is
important to consider that while biometrics provide strong security, they also raise privacy
concerns and require sophisticated systems to manage and store sensitive biometric data
securely.

RFID technology, on the other hand, offers a convenient and efficient way to manage access
control in physical security systems. Jain et al. (2019) highlight the advantages of RFID in security
applications, noting its ability to quickly authenticate users and its flexibility in integrating with
other security measures. However, RFID systems can be susceptible to certain types of attacks,
such as skimming or cloning, which necessitates the use of additional security measures, such as
encryption and multi-factor authentication, to bolster their effectiveness.

Personal validation by security personnel provides a human element to the authentication

process, which can be crucial in situations where automated systems might fail or be insufficient.
This approach ensures that there is an additional check that can recognize and respond to
anomalies that technology might miss, although it also relies heavily on the vigilance and
integrity of the personnel involved.

Finally, knowledge-based verification remains a critical component of cybersecurity, particularly

in environments where sensitive information is handled. This method, while potentially
vulnerable to phishing or social engineering attacks, provides a necessary safeguard when
combined with other forms of authentication, ensuring that multiple barriers must be overcome
to gain unauthorized access.

In summary, the combination of these technologies creates a strong, multi-layered defense that
significantly enhances the security of the bank's financial data center. By leveraging the strengths
of each method and mitigating their weaknesses through complementary approaches, the bank
can protect its sensitive data from a broad spectrum of threats.

Each of these authentication factors—biometric fingerprinting, RFID cards, facial recognition,

personal validation, and knowledge-based verification—plays a crucial role in safeguarding the
data center. By combining multiple forms of authentication, the bank minimizes the risk of
unauthorized access and reinforces the security of its critical financial infrastructure.

Question 3
Q3.1. Physical security measures are crucial for protecting network infrastructure on campus,
and they encompass a range of strategies designed to prevent unauthorized access and ensure
the safety of critical assets. Access control systems, such as student cards and Face ID
technology, play a significant role in this effort. Student cards, embedded with RFID chips or
magnetic strips, regulate entry to campus facilities, ensuring that only authorized individuals can
access sensitive areas like server rooms and network closets. Face ID systems add an extra layer
of security by using biometric data to verify identities, further restricting access to critical
locations.

Surveillance cameras are strategically placed around sensitive areas, including data centers and
network infrastructure rooms, to monitor and record activities. These cameras deter
unauthorized access and provide valuable evidence if security incidents occur. Remote
monitoring capabilities enhance this protection by allowing security personnel to view live feeds
from various locations, enabling prompt responses to potential threats.

Security personnel are another vital component of the campus security strategy. On-site guards
manage access control at key entry points and sensitive areas, verify identities, and respond to
security incidents. Regular patrols by security staff further ensure vigilance and address potential
security issues, contributing to the overall protection of network infrastructure.

Sign-in registers, both manual and digital, provide a record of access to sensitive areas. Manual
logs require individuals to record their entry details, which helps in tracking and auditing access.
Digital sign-in systems, often integrated with access control mechanisms, offer enhanced
tracking and analysis capabilities, improving the accuracy and efficiency of monitoring access.

Public Wi-Fi networks on campus are also safeguarded through various measures. Password
protection restricts access to authorized users, reducing the risk of unauthorized connections.
Encryption protocols, such as WPA2/WPA3, secure data transmitted over the public Wi-Fi
network, protecting it from interception. Additionally, network segmentation ensures that public
Wi-Fi users cannot access sensitive areas of the campus network, further mitigating the risk of
security breaches.

Additional physical security measures, such as locked doors, secure enclosures, and fencing,
provide barriers to unauthorized physical access. Environmental controls, including climate
control systems, fire suppression, and flood protection, safeguard equipment from
environmental hazards, ensure its continued operation and minimize damage risk.

Q3.2. Access control systems, including student cards and Face ID technology, are generally
effective in deterring unauthorized access by enforcing stringent entry requirements. Student
cards can be circumvented if lost or stolen, but their combination with biometric Face ID systems
adds a robust layer of security that is more difficult to bypass. However, Face ID systems must be
properly calibrated and maintained to ensure accuracy and prevent false rejections or
acceptances.
Surveillance cameras significantly contribute to detecting and recording suspicious activities,
acting as both a deterrent and a monitoring tool. The effectiveness of these cameras depends on
their placement and the quality of their feeds. Properly positioned cameras with high-resolution
capabilities and reliable remote monitoring can quickly detect unauthorized access attempts and
provide real-time information, aiding in swift responses. However, cameras alone cannot
prevent breaches; they need to be complemented by active monitoring and response protocols
to be fully effective.

Security personnel are crucial in responding to potential threats. On-site guards and regular
patrols offer immediate intervention capabilities, which enhance the campus’s ability to address
security issues as they arise. Their effectiveness is influenced by their training, vigilance, and
response protocols. If guards are well-trained and respond promptly to alerts from access
control systems or surveillance cameras, they can significantly mitigate potential breaches.
Delays in response times or inadequate training, however, can undermine their effectiveness.

Sign-in registers, both manual and digital, provide a record of access but are less effective in real-
time detection and response. Manual logs can be prone to inaccuracies and delays in recording,
while digital systems, though more efficient, still require integration with other security
measures for real-time effectiveness. Digital registers offer better tracking and analysis but are
dependent on the integrity of the access control systems.

Public Wi-Fi networks, protected by passwords and encryption, contribute to overall network
security by limiting unauthorized access. While password protection helps reduce unauthorized
connections, weak passwords or outdated encryption protocols can be vulnerable to attack.
Network segmentation further enhances security by preventing public Wi-Fi users from
accessing sensitive areas, though it requires careful implementation to ensure that segmentation
is effective.

Overall, the existing physical security defenses provide a strong foundation for protecting
network infrastructure, but their effectiveness is contingent on proper implementation,
maintenance, and integration. The ease of circumvention, response times, and overall security
posture can vary depending on how well these defenses are managed and coordinated. Regular
reviews and updates to security protocols, along with continuous training for security personnel,
are essential to maintaining a robust security posture and effectively addressing evolving threats.

Q3.3. To further enhance the security of the network on campus, several additional physical
security measures can be implemented to address limitations in the current defenses. First,
integrating advanced intrusion detection systems (IDS) and alarm systems into the existing
security infrastructure would provide a more proactive approach to threat detection. These
systems can detect unusual activities or unauthorized attempts to breach secured areas,
triggering alarms and alerts that enable quicker response times. This measure addresses the gap
in real-time threat detection and enhances the campus’s ability to respond promptly to potential
breaches.

Another recommendation is to implement multi-factor authentication (MFA) for accessing

sensitive areas. While student cards and Face ID offer strong single-factor authentication, MFA
would add an additional layer of security by requiring two or more verification methods, such as
a password or a security token, in conjunction with existing methods. This added layer addresses
the potential circumvention of current access control systems and strengthens overall access
security.

To improve response capabilities, increasing the number of security personnel and incorporating
a centralized security operations center (SOC) would be beneficial. A SOC would provide a
dedicated space for monitoring surveillance feeds, managing alarm systems, and coordinating
responses to security incidents. This setup ensures that all security measures are integrated and
managed efficiently, addressing potential delays in response and improving overall coordination
during security events.

Additionally, enhancing public Wi-Fi security through the implementation of advanced network
monitoring and threat detection tools would be prudent. These tools can analyze network traffic
for anomalies and potential security threats, ensuring that encryption and password protection
are complemented by real-time monitoring. This measure would address vulnerabilities in public
Wi-Fi and ensure that any potential threats are quickly identified and mitigated.

Lastly, investing in physical barriers such as reinforced access doors, security gates, and
improved locking mechanisms for sensitive areas would further deter unauthorized access.
These barriers make physical breaches more difficult and provide a tangible obstacle to potential
intruders, addressing any gaps in the current physical security measures related to physical
access control.

Question 4
Q4.1. Ciampa (2024) argues that firewalls are frequently misunderstood as the ultimate security
device, a misconception driven by their name and portrayals in media. This perception
inaccurately suggests that firewalls provide comprehensive protection, which can lead to a false
sense of security. Although firewalls are a crucial component of network security, they have
limitations that can make them insufficient on their own.
Firewalls function by filtering network traffic based on a set of predefined rules, examining both
incoming and outgoing packets to determine whether to allow or block them. These rules can be
based on parameters such as source and destination addresses, ports, protocols, and traffic
direction. While firewalls are effective at blocking known threats, they may not address all
potential vulnerabilities. For instance, a firewall might fail to detect sophisticated attacks that
use legitimate communication channels or protocols, highlighting the limits of rule-based
filtering. Additionally, firewalls often lack the context needed to fully understand network traffic,
making it possible for attackers to exploit legitimate sources or use advanced techniques to
bypass rules.

The misconception that firewalls are an all-encompassing security solution overlooks the
complexity of modern cyber threats. Firewalls are designed to filter traffic but do not address
issues like zero-day vulnerabilities or sophisticated malware that can evade traditional detection
methods. This misunderstanding can lead organizations to focus too heavily on firewall
configuration while neglecting other critical security measures, such as intrusion detection
systems (IDS), anti-malware solutions, and regular updates.

Recent incidents in South Africa illustrate the limitations of relying solely on firewalls. For
example, the South African Revenue Service (SARS) experienced a significant cyberattack in 2020
that disrupted its operations. Despite having firewalls, attackers exploited system vulnerabilities,
leading to data breaches and operational challenges. Similarly, in 2019, the City of Johannesburg
faced a ransomware attack that compromised its financial and IT systems. The attackers
bypassed the city's firewalls, encrypting critical data and demanding ransom. These incidents
underscore the necessity of a multi-layered security approach that includes various controls and
practices beyond traditional firewalls.

In conclusion, Ciampa’s perspective that firewalls are not the ultimate security device is
accurate. While firewalls are an essential part of network security, they are not a complete
solution. A comprehensive security strategy that incorporates multiple layers of protection and
additional security measures is vital for effectively safeguarding against cyber threats. The
limitations of firewalls, as highlighted by recent South African cyber incidents, demonstrate the
need for a broader, more nuanced approach to network security.

Q4.2. Ciampa (2024) highlights several limitations and challenges that firewalls face in
contemporary cybersecurity. Despite their crucial role in filtering network traffic and enforcing
security policies, firewalls are limited by their rule-based nature, which can fall short against
sophisticated and evolving cyber threats. They primarily operate by inspecting traffic based on
predefined rules related to addresses, ports, and protocols, which may not cover advanced
attacks or zero-day vulnerabilities. Additionally, firewalls often lack contextual understanding of
network traffic, making them susceptible to evasion techniques that exploit legitimate channels.
The reliance on static rules can lead to gaps in security, especially as attackers develop methods
to bypass traditional filtering mechanisms. Moreover, firewalls alone cannot address insider
threats, social engineering, or application-level vulnerabilities, underscoring the need for a multi-
layered security approach that includes additional tools and practices to effectively protect
against modern cyber threats.

References
1. Darangwa, V.P., 2021. Exploring artificial intelligence in the South African banking
industry. Master's dissertation. North-West University (NWU).
2. Jain, A.K., Ross, A. & Nandakumar, K., 2016. Introduction to Biometrics. Springer.
3. Jain, A., Kumar, A. & Dua, M., 2021. A comprehensive taxonomy of security and privacy
issues in RFID. Complex & Intelligent Systems.
4. Ranjan, A., 2024. Trend Micro and Intel Partner to Enhance AI-Driven Security for
Consumers. Available at: https://www.techafricanews.com/2024/07/23/trend-micro-
and-intel-partner-to-enhance-ai-driven-security-for-consumers/#:~

=By%20integrating%20Intel's%20Lunar%20Lake,tampering%20and%20knowledge%20base%20p
oisoning[Accessed 9 September 2024].

5. Watson, R., Bergman, R. & Ciepiela, P., 2024. How can cybersecurity transform to
accelerate value from AI? [Online] Available at:
https://www.ey.com/en_za/insights/consulting/transform-cybersecurity-to-accelerate-
value-from-ai [Accessed 9 September 2024].