Assignment 1 Risk assessment.
Learning Sunday 23:59:59 of the week 8.
Graduate 1, 2
Attributes 3, 4 & 5
Weight 20% of overall unit assessment
Suggestion This assignment is developmental and cumulative. You are strongly advised to start doing this assignment from Week-4 in your study. Leaving your starting date to the week before the due date is a very poor strategy for success in the unit.
Marks A marking scheme will be posted on MySCU to help you direct your efforts successfully.
You are interviewed by Southern Cross University for a position of cybersecurity consultant to work in a university's cybersecurity program. As part of the interview, you are required to complete the following tasks:
• Task 1: discuss why risk assessment is the most critical step in developing and managing cyber security in the university and identify the limitations of the current risk assessment methods.
• Task 2: develop five questions that allow you to identify the most critical information assets of the university. Create a WFA template to rank the assets.
• Task 3: identify the top five threats to the university information assets. Support you finding by quoting reputable sources of information.
• Task 4: let's assume that the university website is one of the most critical information asset of the university. Discuss how the top five threats could/could not impact the asset. Rank the threats based on their levels of impact on the asset. Support your discussion by quoting reputable sources of information.
Task 1: The importance of risk assessment
To complete this task, use the following questions to guide your discussion:
• What is risk assessment?
• What do you know by performing cybersecurity risk assessment?
• What do you think is difficult for you to do/obtain in the risk assessment process?
• How risk assessment results are used to develop and manage cybersecurity and how they can affect the business decision making process?
Task 2: Critical asset identification
To complete this task, use the following questions to guide your thought:
• What is an information asset?
• What make an information asset critical?
• What can be included in WFA to classify the university information assets? Task 3: Threat identification
To complete this task, use the following guidelines:
• Clearly understand the difference between important security concepts including threats, hazards, attacks and incidents.
• Search for security threat, incident and trend reports and use the results from reputable sources such as government organisations and security companies.
• Identify relevant threats by studying statistics and figures found in the reports.
• Summarize each threat, threat agent, method of delivery and working mechanism Task 4: Threat assessment
To complete this task, use the following guidelines:
• Identify potential weaknesses (vulnerabilities) of the asset based on three information security components: confidentiality, integrity and availability.
• Study the working mechanism of each threat to assess the potential impact of the threat on the asset by exploiting the vulnerabilities. Use your own and public domain knowledge to help you with the impact assessment.
Format and Presentation
You are recommended to present the assignment in a standard report format with the title page that details your name, student-id, unit, course and date/time information. You will also provide a TOC page for the navigation. There is no report template to be used in this assignment so you can design your own template or refer to online resources. However, the report should be well presented with clear headings, titles and subtitles.
Assignment-1 Marking Rubric
A spreadsheet that will be used for the marking of your site is provided (co-located with this assignment specification) on MySCU to itemise exactly what tutors will be looking at in relation to marking your assignment. It contains a detailed breakdown of the marking criteria for this assignment. I strongly suggest you peruse this spreadsheet.
When you have completed the assignment, you are required to submit your assignment in the PDF/DOC format. The file will be named using the following convention:
filename = FirstInitialYourLastName_CMP71001_A1.pdf (i.e. FJones_CMP71001_A1.pdf)
Note to IBS students: Please check with your local lecturer/tutor the submission requirements for your assignments. Typically, they will be different from on-shore students of Southern Cross University.
It is a University requirement that a student’s work complies with the Academic Policy, Chapter 4.20 on Student Academic Integrity. It is a student’s responsibility to be familiar with the Policy.
Failure to comply with the Policy can have severe consequences in the form of University sanctions. For information on this Policy please refer to Chapter 4.20 on Student Academic Integrity at the following website:
As part of a University initiative to support the development of academic integrity, assessments may be checked for plagiarism, including through an electronic system, either internally or by a plagiarism checking service, and be held for future checking and matching purposes.
Retain duplicate copy
Before submitting the assignment, you are advised to retain electronic copies of original work. In the event of any uncertainty regarding the submission of assessment items, you may be requested to reproduce a final copy.
School Extension Policy
In general, I will NOT give extension unless where there are exceptional circumstances. Students wanting an extension must make a request at least 24 hours before the assessment item is due and the request must be received in writing by the unit assessor or designated academic. Extensions within 24 hours of submission or following the submission deadline will not be granted (unless supported by a doctor’s certificate or where there are exceptional circumstances – this will be at unit assessor’s discretion and will be considered on a case by case basis). Extensions will be for a maximum of 48 hours (longer extensions supported by a doctor’s certificate or alike to be considered on a case by case basis).
A penalty of 5% of the total available grade will accrue for each 24-hour period that an assessment item is submitted late. Therefore, an assessment item worth 20 marks will have
1 marks deducted for every 24-hour period and at the end of 20 days will receive 0 marks.
Students who fail to submit following the guidelines in this Unit Information Guide will be deemed to have not submitted the assessment item and the above penalty will be applied until the specified submission guidelines are followed.
Marks and Feedback
All assessment materials submitted during the semester will normally be marked and returned within two weeks of the required date of submission (provided that the assessment materials have been submitted by the due date).
Marks will be made available to each student via the MySCU Grade book.