Assignment 2 - SIT284 Cybersecurity Management
This assessment requires you to conduct investigation of serious security management issue in corporate organisations. You are required to prepare a security management report based on the findings of your investigation. This task assesses your achievement of these learning outcome(s)
• ULO2 Assess security risks, threats and vulnerabilities to the organisation and implement appropriate information security protection mechanisms.
• ULO3 Conduct investigation of security management issues in organisation by analysing requirements, plans and IT security policies.
• ULO4 Identify personnel security, training and security education needs, and associated legal and ethical awareness and propose strategies for corporations taking into account cost benefit ratios.
• This is an individual assessment task and worth 20% (numerically marked) of your overall mark. You are required to submit a report of approximately 2000 words along with exhibits to support findings and a list of bibliography.
• Any information directly related to the case may be assumed, but make sure that your assumptions are clearly stated and that the assumptions are plausible and justified.
• The report submission should be made electronically via CloudDeakin and is due by 17 September 2018 at 5:00PM (AEST).
• Assignments submitted late without documented approval of the Unit Chair will be penalised.
• We only accept MS Word (docx) and PDF. No scanned files are accepted and no cover sheet is required.
References, Citations and Quotations
• You must provide references (extra to the page limit). Use Harvard style referencing in your report. Deakin portal provides an example of Harvard referencing style. Any other referencing style will be penalised.
• Plagiarism is the copying of another person's ideas or expressions without appropriate acknowledgment and presenting these ideas or forms of expression as your own.” Deakin University, as well as the Faculty of Science and Technology and the School of IT view plagiarism as a serious offence and impose heavy penalties on students found guilty of the offence.
Case Study: Metro Healthcare System
The same as in assignment 1.
1. Briefly explain how Metro can be vulnerable to phishing threats and the damage that can result from a successful attack.
2. Explain why Metro should use cybersecurity awareness training as a primary defense method against phishing threats.
3. Suppose you are a cybersecurity manager at Metro. You are asked to develop and deliver a cybersecurity awareness training specifically focused on phishing attack to Metro employees.
a. List and explain three key messages that you want the participants to retain from the training. Justify why you consider them key messages and provide at least one reference that validates your justification.
b. Describe two most suitable training delivery methods you will use to deliver the awareness training. Briefly explain why they are best suited to deliver the three key awareness messages and provide at least one reference that validates your justification.
c. Describe how you will evaluate the success of your security awareness training.