Assessment item 3 back to top Assessment Item 3 Value: 20% Due Date: 30-Sep-2018 Return Date: 18-Oct-2018 Length: Submission method options: Alternative submission method Task back to top Task...

Assessment item 3

back to top

Assessment Item 3

Task

back to top

Task Description

Part 1 – Online Quiz

There will be an online quiz during Week 10 (24th Sep – 30th Sep). The online quiz must be attempted by the students individually on the Interact site for ITC596. The Quiz is worth 5 marks of the overall marks available for assessment 3.

Students need to attempt and finish the online quizzes within the specific date and time window. You will have an hour (1 hour) to complete the quiz which consists of 30 multiple choice questions. Once you start your quiz, you must complete it in one sitting. You only have one
attempt at the quiz.

The topics of the online quizzes are:

• Information Security Fundamentals


• Information Security Planning


• Information Security Policy and Program


• Information Security Management Models


• Foundations of IT Risk Management 1: Identifying Risks


• Foundations of IT Risk Management 2: Assessing Risks


• Foundations of IT Risk Management 3: Controlling Risks


• IT Security Protection Mechanisms 1: Firewalls and Intrusion Detection Systems


• IT Security Protection Mechanisms 2: Cryptographic Systems

Part 2 - Risk Assessment Report

Your deliverable for this ITC596 task is an IT Risk Assessment report, written for the intended audience of management providing a risk assessment of a project. The project can be in any of the following areas:

• Cybersecurity


• Internet of Things


• Cloud security


• Mobile health devices


• Bring Your Own Device


• Smart vehicles


• Or an area in your profession

Scenario options:

1.You can work towards the scenario provided below; or
2.You also have the opportunity to choose your own scenario-based risk assessment that could potentially be drawn from your own professional experience or context. The second option requires a discussion with and approval by your Subject Coordinator. The report structure requirements and criteria should be the same regardless of your scenario.

Provided Scenario

You have been hired as the IT Risk Assessment lead consultant for Gigantic Corporation (your specialisation is based on the area you have chosen above). Your role is to be the interface between business stakeholders and technologists, translating potential technical difficulties into risk language to facilitate effective decision-making by stakeholders. You have been engaged to assess a project that falls into your specialised area. Once you complete a full assessment, you are required to provide the IT assessment report to the management in the department or section that is running the project for Gigantic.

How to complete this task:

1. You will write a report on the project IT risks based on the scenario.
2. Your report must be a Microsoft Word document, 10 – 15 pages in length at 12 point font and single spacing. The report must address the following criteria:
An Executive Summary at the beginning of the report which provides a clear statement of the technology project that is being assessed, and an overview of your recommendations to management as to the merits of the project based on your risk assessment (2 – 3 pages in length).

A risk assessment based on threats, vulnerabilities and consequences derived from an IT control framework and any existing industry risk recommendations for the project. Identify and discuss the key threat agents. What could be done to mitigate the risks and their impact on the system? (4 – 10 pages in length).

Provide a brief summary (literature review) of protection mechanisms you could employ for the information security. (2 – 4 pages in length).
3. The report is worth 15 marks of the overall marks available for assessment 3.

Engaging with scenario-based tasks provides you with the opportunity to simulate real world application of your learning in this subject.

Rationale

back to top

This assessment task will assess the following learning outcomes:

• be able to justify the goals and various key terms used in risk management and assess IT risk in business terms.


• be able to critically analyse the various approaches for mitigating security risk, including when to use insurance to transfer IT risk.


• be able to critically evaluate IT security risks in terms of vulnerabilities targeted by hackers and the benefits of using intrusion detection systems, firewalls and vulnerability scanners to reduce risk.

Marking criteria and standards

back to top

Part 1 - Online Quiz

The quiz will involve multiple choice or true/false type questions. Marks will be given based on the correctness of the answers. Interact will be marking automatically and you will receive marks according to the following criteria:
HD - At least 85% answers were correct
DI - At least 75% answers were correct
CR - At least 65% answers were correct
PS - At least 50% answers were correct

Part 2 - Risk Assessment Report

Presentation

back to top

• Assignments are required to be submitted in either Word format (.doc, or .docx). Each assignment must be submitted as a single document.


• Assignments should be typed using Times new Roman/Arial, 12 point font. APA referencing style should be used. A reference list should be included with each assessment item.


• All diagrams that are required should be inserted into the document in the appropriate position.