Major Assessment: Risk Assessment
Due Week 11, Worth 25%
In this assignment, your task is to create a report on the threat scope against a specific target. There are three profiles for these threats, of which you choose one.
The three profiles are:
1) Policy Profile: You are the Chief Information Security Officer (CISO) for a large multinational enterprise with a very large collection of intellectual property that represents a major portion of your business’ holdings. What are the threats against your corporate network, where do they come from and what do you need to mitigate against them? Keep in mind that, as a CISO, you are more interested in developing Policy and Procedure than day to day threat management.
2) Response Profile: You are a threat researcher for a Computer Emergency Response Team (CERT) that is responsible for protecting Government networks. The Government will be releasing an unpopular policy in the near future and is expecting attacks from “hacktivists”. What are the sorts of cyber-attacks that can be expected? How can the agency organise itself now to help reduce the impact of those cyber-threats? Remember that Government agencies often have lots of partners and social media accounts.
3) Technical Level: You are a penetration tester providing services to a client (i.e. not the company you work for), who is a major national accounting firm. Identify the risks to your company in performing the penetration test, identify the standard framework for conducting a penetration test and the methods that you would employ to conduct the test.
Your assignment is to choose one of those profiles, and write a report that is at least 3000 words or 15 pages (whichever is longer). Your assignment should cover the above brief for your profile, and to also cover the following aspects:
• What are the countermeasures to those threats, and how do they fit within the Situational Crime Prevention framework?
• How does the current law help or hinder your countermeasures? Are there any proposals for laws that would assist?
• Is your problem of international scope and, if so, how?
See the scoring sheet for this assignment, which is on the next page, and ensure that your report fulfils the criteria listed.
Type Score Description
Fits with a profile 10 Appropriately choose a profile and stay within the parameters given. Reports that go outside the bounds will lose marks from this category.
Profile completion 30 Completes the problems identified within the profile. You gain marks for ensuring that all of the points mentioned in the profile are covered in your report.
Situational Crime Prevention 10 Places your countermeasures in the Situational Crime Prevention framework.
Law 10 Reports should cover the impact of the law on their profile
International scope 10 Your problem is placed within the international security scene and appropriately justified.
Subtotal: 70 Subtotal for content
Spelling and Grammar 10 The presentation’s content is appropriately written in English, with no spelling errors and grammar issues.
Presentation and Style 10 The report is well presented, with diagrams, headings, tables and other visual aids.
References 10 The report contains appropriate references and referencing style.
Subtotal: 30 Subtotal for presentation