Assignment 1 Risk assessment.
Learning 23:59:59 21 AUG 2020
Graduate 1, 2
Attributes 3, 4 & 5
Weight 20% of overall unit assessment
Suggestion This assignment is developmental and cumulative. You are strongly advised to start doing this assignment from
Week-4 in your study. Leaving your starting date to the week before the due date is a very poor strategy for success in the unit.
Marks A marking scheme is included in the document to help you direct your efforts successfully.
You are interviewed by MASA for a position of cybersecurity consultant to work in a cybersecurity program. MASA is a science-based company in the field of space engineering with customers ranging from Australian states and federal government, overseas space exploring agencies to military and navy. MASA is pioneering in the field, therefore, the Intellectual property database has 250 IPs. MASA have three offices in BNE, SYD, MEL with more than 200 employees. Currently most of the data is stored in their private cloud hosted in Sydney office and some on AWS . As part of the interview, you are required to complete the following tasks:
• Task 1: discuss why risk assessment is the most critical step in developing and managing cybersecurity program. in addition, identify and elaborate appropriate risk assessment process for the organisation.
• Task 2: develop five questions that allow you to identify the most critical information assets of the organisation then identify and rank top 5 critical assets for the organisation.
• Task 3: identify and explain the top five vulnerabilities and threats to the organisation information assets. Support you finding by quoting reputable sources of information.
• Task 4: let's assume that MASA's website is one of the most critical information asset of the organisation. Discuss how the top five threats could/could not impact
the asset. Rank the threats based on their levels of impact on the asset. Support your discussion by quoting reputable sources of information.
*****This section is provided to help you to orgnise your thoughts and work, you are not supposed to just answer these questions, you’re are expected to write In praghraphs which covers following points and more!!****
Task 1: The importance of risk assessment
To complete this task, use the following questions to guide your discussion:
• What is risk assessment?
• What do you know by performing risk assessment and what you do not know if not performing risk assessment from the cybersecurity perspective?
• How risk assessment results are used to develop and manage cybersecurity and how they can affect the business decision making process?
• what are risk assessment frameworks and methods? which ones are more suitable for this case?
Task 2: Critical asset identification
To complete this task, use the following questions to guide your thought:
• What is an information asset?
• What make an information asset critical?
• What are 5 top assets and how thery are ranked?
Task 3: Threat identification
To complete this task, use the following guidelines:
• Clearly understand the difference between important security concepts including vulnerability, threats, attacks and.
• Search for security threat, incident and trend reports and use the results from reputable sources such as government organisations and security companies.
• Identify relevant threats by studying statistics and figures found in the reports.
Task 4: Threat assessment
To complete this task, use the following guidelines:
• Identify potential weaknesses (vulnerabilities) of the asset based on three information security components: confidentiality, integrity and availability.
• Study the working mechanism of each threat to assess the potential impact of the threat on the asset by exploiting the vulnerabilities. Use your own and public domain knowledge to help you with the impact assessment.
Criteria Max Mark
Concept of risk assessment in the context of cybersecurity 1
Identification of knowledge by performing risk assessment 1
Application of risk assessment results for risk management 2
Choosing the risk assessment approaches for this organisaton 2
Task 2 4
Questions design to identify the most critical information assets 2
Using a ranking method top five critical assests are identified. 2
Task 3 4
Threats to the organisation information assets 4
Task 4 4
Identify the asset vulnerabilities 2
Discuss impact of the threats and rank them 2
Professional presentation. 1
When you have completed the assignment, you are required to submit your assignment in
the PDF/DOC format. The file will be named using the following convention:
filename = FirstInitialYourLastName_CMP71001_A1.pdf (i.e. FJones_CMP71001_A1.pdf)
Additionally, you are required to upload your site to your student directory (on the school’s server infotech.scu.edu.au) and verify that all works well.
Note to IBS students: Please check with your local lecturer/tutor the submission requirements for your assignments. Typically, they will be different from on-shore students of Southern Cross University.
Format, Presentation and length
There is no report template to be used in this assignment, so you can design your own template or refer to online resources. However, the report should be well presented in a standard report format.
Due to the system setting constraint, the report 1 length was set with 1000 words in the unit UIG. You are advised that there is no formal word limit for the report. However, a good report is expected to be somewhere in the vicinity of 2,000 - 3,000 words from Introduction to Conclusion. Note that this is a very rough estimate and there will be no penalties imposed based on the number of words (no real ceiling if the content is precise and relevant!)
It is a University requirement that a student’s work complies with the Academic Policy, Chapter 4.20 on Student Academic Integrity. It is a student’s responsibility to be familiar with the Policy.
Failure to comply with the Policy can have severe consequences in the form of University sanctions. For information on this Policy please refer to Chapter 4.20 on Student Academic Integrity at the following website:
As part of a University initiative to support the development of academic integrity, assessments may be checked for plagiarism, including through an electronic system, either internally or by a plagiarism checking service, and be held for future checking and matching purposes.
Retain duplicate copy
Before submitting the assignment, you are advised to retain electronic copies of original work. In the event of any uncertainty regarding the submission of assessment items, you may be requested to reproduce a final copy.
School Extension Policy
In general, I will NOT give extension unless where there are exceptional circumstances.
Students wanting an extension must make a request at least 24 hours before the assessment item is due and the request must be received in writing by the unit assessor or designated academic. Extensions within 24 hours of submission or following the submission deadline will not be granted (unless supported by a doctor’s certificate or where there are exceptional circumstances – this will be at unit assessor’s discretion and will be considered on a case by case basis). Extensions will be for a maximum of 48 hours (longer extensions supported by a doctor’s certificate or alike to be considered on a case by case basis).
A penalty of 5% of the total available grade will accrue for each 24-hour period that an assessment item is submitted late. Therefore, an assessment item worth 20 marks will have 1 marks deducted for every 24-hour period and at the end of 20 days will receive 0 marks.
Students who fail to submit following the guidelines in this Unit Information Guide will be deemed to have not submitted the assessment item and the above penalty will be applied until the specified submission guidelines are followed.
Marks and Feedback
All assessment materials submitted during the semester will normally be marked and returned within two weeks of the required date of submission (provided that the assessment materials have been submitted by the due date).
Marks will be made available to each student via the MySCU Grade book.