Recent Question/Assignment

ASSESSMENT 3 BRIEF
Subject Code and Title MIS607 Cybersecurity
Assessment Mitigation Plan for Threat Report
Individual/Group Individual
Length 2500 Words (+/- 10%)
Learning Outcomes The Subject Learning Outcomes demonstrated by successful completion of the task below include:
b) Explore and articulate cyber trends, threats and staying safe in cyberspace, plus protecting personal and company data.
c) Analyse issues associated with organisational data networks and security to recommend practical solutions towards their resolution.
d) Evaluate and communicate relevant technical and ethical considerations related to the design, deployment and/or the uses of secure technologies within various organisational contexts.
Submission For regular class (12 Weeks Duration):
By 11:55 pm AEST/AEDT Sunday of Module 6.1 (week 11)
For intensive class (6 Weeks Duration):
By 11:55 pm AEST/AEDT Sunday of Module 6.2 (week 6)
Weighting 50%
Total Marks 100 Marks
Assessment Task and Context
Reflecting on your MIS607 Assessment 2, the organisation has decided to continue to employ you as a consultant for the next phase: Risk Analysis and Development of the Mitigation Plan.
The organisation has become aware that the Australia Government (AG) has developed strict privacy requirements for businesses. The company wishes you to produce a brief summary of these based on real-world Australian government requirements (similar to how you used real-world information in MIS607 Assessment 2 for real-world attack). These include the Australian Privacy Policies (APPs) especially the requirements on notifiable data breaches. The company wants you to examine these requirements and advise them on their legal requirements. Also ensure that your threat list includes attacks on customer data breaches. The company wishes to know if the GDPR applies to them.
Instructions
MIS607 Assessment 3 is in many ways a continuation of MIS607 Assessment 2. You will start with the threat list from your MIS607 Assessment 2, although feel free to make changes to the threat list if it is not suitable for MIS607 Assessment 3. You may need to include threats related to privacy concerns. Beginning with the threat list:
? You need to align threats or vulnerabilities, as much as possible, with controls.
? Perform a risk analysis and determine controls to be employed.
? Combine the controls into a project of mitigation.
? Give advice on the need for ongoing cybersecurity, after your main mitigation steps.
To successfully complete this assessment:
? You must use the risk matrix approach covered in classes (Risk = likelihood x consequence)
? You should show evidence of gathering data on “likelihood” and “consequence” for each of the threat you have identified. You should briefly explain how this was done.
? At least ONE (1) of the risks must be so trivial and/or expensive to control that you decide not to use it (In other words, in this case, you are accepting the risk). At least ONE (1) of the risks, but obviously not all.
? Provide cost estimates for the controls including policy or training controls. You can make up these values but try to justify at least ONE (1) of the costs (if possible, use links to justify costs).
Report Structure and Format:
The report should have the following heading structure.
Title page
The title page should include subject code and name, assessment number, report title, assessment due date, word count (actual), student name and surname, student ID, Torrens’s email address, learning facilitator name and surname.
Executive Summary
Mainly this section is where you “Summarize” your report. The best time to write the Executive Summary is when you have finished working on your assessment. By then you will be able to “Summarise” your work. It should be written in a simple and easy to read language. IMPORTANT NOTE: Make sure to ONLY provide the summarised version of the report.
1. Introduction
In this section introduce your assessment/report to the reader. Think of the purpose and objectives of your assessment and ask this question from yourself that why this assessment is valuable and important? You will need to provide a short description of the case scenario. Overall, the introduction section is about “What the assessment is going to be about?”.
2. Main Discussion
IMPORTANT NOTE: The required discussions for sub-sections 2.1, 2.2, 2.3 and 2.4 are discussed earlier in this assessment brief document (see above).
2.1. Threats List and STRIDE Categorisation Summary
2.2. Threats Analysis (Using Risk Matrix)
2.3. Threats and Controls
2.4. Mitigation Scheme
3. Conclusion
In this section, you will wrap up your discussion in a clear and simple way. Overall, the conclusion section reminds the reader what the report/assessment has been about. Indicate and discuss the major findings and/or recommendation of your report.
4. References
A minimum of Five (5) references are required in this assessment. Please be advised that you can use as many references you require in your assessment; however, the minimum number of references is 5 references). At least three (3) references MUST be from peer-reviewed sources (e.g. conferences, journals).
You can put a “*” after such peer-reviewed references in the references section when you want to highlight they are peer reviewed. One (1) of the peer-reviewed articles MUST be uploaded in PDF format along with your MIS607 Assessment 3 report on Blackboard. This PDF file will be referred as the “nominated article”.
IMPORTANT NOTE: Zero marks for referencing if the nominated article is not itself peerreviewed or if there is no peer-reviewed article submitted with your MIS607 Assessment 3. Of course, the nominated article should be properly referenced and cited; however, you also need to cite an important direct quote from within the article (with page number), not just a brief sentence from the abstract. The quote should also relate to the main topic of the article, not just a side issue.
5. Appendices (Appendix 1, Appendix 2, etc.)
An Appendix is NOT necessary for your assessment UNLESS for any of the following two reasons:
? Your MIS607 Assessment 2 has been marked 60 and below and you had to work on your assessment 2 and make relevant changes and once improved attach it within the Appendices section as Appendix 1.
? There is EXTRA general information which you think is helpful for your assessment.
IMPORTANT NOTE: ALL important and necessary information for your report (e.g. Risk Matrix, etc.) must be inserted and discussed within the body of your assessment and NOT in Appendices section.
IMPORTANT NOTES FOR MIS607 ASSESSMENT 3 SUBMISSION:
? This assessment must be submitted as a WORD document (*.doc OR *.docx).
? You are highly advised to read the “case scenario”, several times. Then, it is advised to read through this Assessment Brief document and note requirements. It is highly advised to also check the Marking Rubric for more information how the assessment will be marked.
? Any used information/discussion from your MIS607 Assessment 2 requires to be accurately and completely referenced to avoid Academic misconduct such as “self-plagiarism”.
? The report should use Arial or Calibri fonts, 11 point. It should be line spaced at 1.5 and must have page numbers on the bottom of each page.
? The word count for this assessment is 2500 words (+/- 10%), NOT counting tables, figures, executive summary, cover sheet, references, and appendices (if any).
? You must be careful NOT to use up the word count discussing cybersecurity basics. This is not an exercise in summarising class notes and etc. Discussing general information and material will not count towards marks.
? Make sure to use a reasonable number of Tables and Figures in your assessment.
? ALL inserted/used Tables and Figures within the report MUST be captioned/labelled and numbered (e.g. Table 1, Table 2, etc.).
? ALL inserted/used Tables and Figures within the report require being initially introduced and then discussed in a clear, focused and simple way.
? Within the assessment document, when referring to Tables and Figures, you require to refer to them by their captions (note that publishers do not guarantee Tables and Figures to be placed the same order or location as in your article). NOTE: Tables and Figures without a caption may be treated as if they are not in the report.
? If you have not performed so well with MIS607 Assessment 2 (Your mark was less than 60%), you will need to fix the issues noted in your MIS607 Assessment 2 based on the provided feedback and then include your MIS607 Assessment 2 in your MIS607 Assessment 3 “Appendix 1” section. IMPORTANT NOTE: There will be NO MARKS for the remediation of MIS607 Assessment 2.
Referencing
It is essential that students use appropriate APA style for citing and referencing research. Please see more information on referencing here in the Academic Writing Guide found via the Academic Skills website.
Submission Instructions
Please submit ONE Microsoft Word document (.doc or.docx) via the Assessment link in the main navigation menu in Blackboard. The Learning Facilitator will provide feedback via the Grade Centre in the LMS portal. Feedback can be viewed in My Grades.
Academic Integrity
All students are responsible for ensuring that all work submitted is their own and is appropriately referenced and academically written according to the Academic Writing Guide. Students also need to have read and be aware of Torrens University Australia Academic Integrity Policy and Procedure and subsequent penalties for academic misconduct. These are viewable online.
Students also must keep a copy of all submitted material and any assessment drafts.
Special Consideration
To apply for special consideration for a modification to an assessment or exam due to unexpected or extenuating circumstances, please consult the Assessment Policy for Higher Education Coursework and ELICOS and, if applicable to your circumstance, submit a completed Application for Assessment Special
Consideration Form to your Learning Facilitator
MIS607_Assessment 2 Brief_Threat Model Report
Page 4 of 6
Assessment Rubric
Assessment Attributes Ratings Pts
Citation practice and engagement with relevant literature
? Cited material and citations related to report
? APA citation Style
? At least 3 peer-reviewed articles
? Nominated PDF of peer-reviewed article
? Five or more references
? Correct citation and referencing
? Most peer-reviewed citations used more than once Pts for this criterion = 20 Pts 20 Pts
High
Distinction Exceeds expectation 15-19 Pts
Distinction
High quality 13-14 Pts
Credit
Meets basic expectation 11-12 Pts
Pass Pass level work 0-10 Pts
NN
Fails to meet basic expectation
20 Pts
Threat Analysis
? Assessment 2 remediation, if needed
? Clear threat list, related to STRIDE categories and threat boundaries (mostly 30 Pts
High
Distinction 22-29 Pts
Distinction
High quality 20-21 Pts
Credit
Meets basic 16-19 Pts
Pass
Pass level 0-15 Pts
NN
Fails to
coming from Assessment 2, but changes can be made) ? Brief explanation of government privacy requirements
? At least one threat related to government privacy requirement
? Discovery of likelihood and consequences for each identified threat, with explanation of technique and a few details
? Clear results from likelihood and consequence discovery
? Risk Matrix explained and applied correctly to threats
? Risks tabled and ranked correctly from highest to lowest
? Table contains risk decision, controls and implementation cost estimation
? At least one risk accepted
? Table is clear to all stakeholders. Pts for this criterion = 30 Pts Exceeds expectation
expectation
work
meet basic expectation
30 Pts
Mitigation Scheme
? Mitigation scheme covers the list of identified threats
? Controls are mapped against threats
? Mitigation derives clearly from threat analysis
? Mitigation scheme costed
? Project for mitigation clearly conveyed Pts for this criterion = 20 Pts 20 Pts
High
Distinction Exceeds expectation 15-19 Pts
Distinction
High quality 13-14 Pts
Credit
Meets basic expectation 11-12 Pts
Pass Pass level work 0-10 Pts
NN
Fails to meet basic expectation
20 Pts
MIS607_Assessment 3 Brief_Mitigation Plan for Threat Report Page 5 of 6
Communication and Presentation
? Writing is persuasive, logical and communication is clear
? Uses appropriate vocabulary consistently. Spelling and punctuation is completely accurate.
? Consistently integrates research and ideas from relevant and appropriate sources/references.
? Consistently uses accurate references, appropriately positioned.
? Executive Summary is appropriate for a business report and is written in past tense. It summarises what has been done and is not a mere covering of basic theory from classes.
? Demonstration of topics and principles acquired from course material; use of relevant theories, concepts and frameworks to support analysis; own input, insight and interpretation. Pts for this criterion = 20 Pts 20 Pts
High
Distinction Exceeds expectation 15-19 Pts
Distinction
High quality 13-14 Pts
Credit
Meets basic expectation 11-12 Pts
Pass Pass level work 0-10 Pts
NN
Fails to meet basic expectation
20 Pts
Basic Formatting and Submission Requirements
? Captioning of all figures, etc. and referred to only by caption
? Correct assessment submission and Word format
? Page numbers
? Correct student and facilitator information
? Academic Integrity Declaration
? Correct heading structure Pts for this criterion = 10 Pts 10 Pts
High
Distinction Exceeds expectation 8-9 Pts
Distinction
High quality 6-7 Pts
Credit
Meets basic expectation 4-5 Pts
Pass Pass level work 0-3 Pts
NN
Fails to meet basic expectation
10 Pts
The following Subject Learning Outcomes are addressed in this assessment
SLO b) Explore and articulate cyber trends, threats and staying safe in cyberspace, plus protecting personal and company data.
SLO c) Analyse issues associated with organisational data networks and security to recommend practical solutions towards their resolution.
SLO d) Evaluate and communicate relevant technical and ethical considerations related to the design, deployment and/or the uses of secure technologies within various organisational contexts.
MIS607_Assessment 3 Brief_Mitigation Plan for Threat Report Page 6 of 6