assessment should be on 2011 attack on sony's playstation network. please include intext citation and 5-6 references. 2500 words are excluding any references
SBD403_Assessment 2_Brief_Report_Module Due 8 Page 1 of 8 Task Summary Individually, assess a selected event where a security system was attacked, and subsequently compromised (or survived the attack) and with information related to the event examine, discuss, and break down the event. Issues that arose, and possible solutions to the issues should also be presented. The report should be around 2500-3000 words in length. Context Security (and the maintenance of security) is an issue that many companies have to consider, often constantly, in order to protect both corporate and user data, assets, and other general information. Breaches of this security have happened in the past, at many different levels. A breach often has many effects, affecting both the consumer and the company. The report you produce will assess your understanding and ability to break down instances of failure within the security space. With the provided case study and resources (as well as other material), you will demonstrate your understanding of complex issues - such as security breaches. ASSESSMENT 2 BRIEF Subject Code and Title SBD403 - Secure by Design Assessment Report - System attack evaluation. Individual/Group Individual Length 2500-3000 Words. Learning Outcomes This assessment addresses the Subject Learning Outcomes outlined at the bottom of this document. Submission Due by 11:55pm AEST Sunday end of Module 8. Weighting 35% Total Marks 100 marks SBD403_Assessment 2_Brief_Report_Module Due 8 Page 2 of 8 This report should cover topics such as: - An example of an SDL model, with appropriate justification and explanation as to why this model should have been followed (or was not followed) and how it would have affected the breach. - The security level of the system at the time of the breach - both at a technical and practical level. Was the system updated regularly? Were users afforded all possible protections? - How effectively risks were mitigated (or not mitigated) and how the company chose to safeguard against those risks. Each of these points should be addressed in detail, as well as evaluated based on their respective successes or failures. You will write a report that also focuses on the positive response of a company, not just the negatives. For example, if the company proceeded in the best possible way (implementing new security procedures, creating two-factor authentication, etc.), the report can address the value of their actions, and not just areas that they underperformed in. Task Instructions This assessment requires you to investigate a case of your choosing (this will require approval from the facilitator, and you need to make sure it is ready for the facilitator to check before the module 6 meeting). You will also need to determine the base failures that led to the issues that the company faced. You will write a report that focuses on the following three areas: Key Failings - what went wrong, why did it go wrong, and whose responsibility was it? (A system may be responsible; it doesn’t necessarily have to be a person.) Immediate actions - what actions did the parties affected take, and how effective was their immediate response? Long-term changes - were there any visible changes from the company? If so, what were they, how effective were they, and how do they stack up against the core concepts covered in this module? These three areas should cover approximately 75% of the overall report. The conclusion of the report should contain no less than 2 recommendations that you would make to the company - in line with existing secure by design principles - which you must justify as well. This conclusion and recommendation section should cover the remaining 25% of the paper. You must directly gather information about the case that you have selected. This is to ensure that you have all the information that you require in order to present your understanding and recommendations. SBD403_Assessment 2_Brief_Report_Module Due 8 Page 3 of 8 You will be assessed on the justification and understanding of the events that took place, as well as how well your recommendations follow Secure by Design principles, and how well they are argued. The quality of your research will also be assessed, you may include references relating to the case, as well as non-academic references. Referencing Referencing is essential for this assessment. A minimum of 10-12 references is required for this, including at least 8 academic sources. (An academic source is one that has been peer-reviewed). Your references will be evaluated for their relevance to the case study. Remember you must ensure that your arguments and justifications are based on sound reasoning and clear relevance. Ensure that you reference according to the appropriate APA style, for citing and referencing information, as well as all appropriate research sources. Please see more information on referencing here: http://library.laureate.net.au/research_skills/referencing Submission Instructions Submit your Assessment 2 Report via the Assessment link in the main navigation menu in SBD403 Secure By Design. Please name your file in the following format: Lastname_First initial_course code_assessment number, e.g., Smith_A_SBD403_A2. The Learning Facilitator will provide feedback via the Grade Centre in the LMS portal. Feedback can be viewed in My Grades. http://library.laureate.net.au/research_skills/referencing SBD403_Assessment 2_Brief_Report_Module Due 8 Page 4 of 8 Assessment Rubric Assessment Attributes Fail (Yet to achieve minimum standard) 0-49% Pass (Functional) 50-64% Credit (Proficient) 65-74% Distinction (Advanced) 75-84% High Distinction (Exceptional) 85-100% Knowledge and understanding of Cyber Attack Reviewing, evaluation, and recommendation in a technical environment. Percentage for this criterion = 40% Demonstrates a partially- developed understanding of Cyber attacks, with the following components: Incomplete or flawed assessment of the situation; little understanding or reasoning is shown. Understanding of the immediate actions taken is either not present or poorly explained; there is no explanation of the effect of those actions. There are either zero, very few, or poorly justified recommendations made regarding the Demonstrates a functional knowledge of Cyber attacks and their response by Adequate assessment of the situation that occurred; some reasoning or understanding is provided. Understanding of the immediate actions is present, and discussed at a base level; some explanation of the effects of these actions is present. A few recommendations have been made, and justified to a small extent. Further consequences or evaluations of these are not considered. Demonstrates proficient knowledge of (Cyber attacks) by Accurately assessing the situation that occurred. Reasoning and understanding is provided. Some core contributors are highlighted and explained. Immediate actions are covered in some detail, and discussed to a mid- level. The effects of these actions are discussed, and flow-on effects are touched on. Some recommendations have been made, with justification and understanding Demonstrates advanced knowledge of (Cyber attacks) by Assessing the situation in detail. Reasoning, understanding, and justification of decisions (and result) is presented. Core contributors are highlighted and explained in detail. Immediate actions are completely covered, and discussed to a high level. The effects of these actions, as well as flow-on effects, are discussed in depth, with a particular focus on overall context. Recommendations are made, backed up with Demonstrates exceptional knowledge of (Cyber attacks) by Assessing the situation in complete detail. Reasoning, understanding and justification of decisions (and their results) are presented, analysed, and presented. Core contributors are highlighted and explained in complete detail. Immediate actions are detailed, and discussed at both at a high level and with an understanding of context. The effects of these actions (and their SBD403_Assessment 2_Brief_Report_Module Due 8 Page 5 of 8 presented situation. provided. Some consequences of these recommendations are discussed, and some evidence is provided to support the recommendations. justification and understanding. Consequences of these recommendations are discussed in detail, with benefits against current systems being highlighted and explained with the supporting evidence. flow-on effects) are presented and discussed in context as well. The recommendations in this report are of a high quality, and address the core issues behind the security breach. Benefits across the systems are highlighted and supported with clear evidence. Evaluation of information selected to support the case study Percentage for this criterion = 30% Limited understanding of key concepts required to support the case study. Confuses logic and emotion. Information taken from reliable sources but without a coherent analysis or synthesis. Some sources may be unreliable at times. Resembles a recall or summary of key ideas. Often conflates/confuses assertion of core issues with information substantiated by evidence from the research/course materials. Supports information substantiated by evidence from the research/course materials. Demonstrates a capacity to explain and apply relevant concepts, in conjunction with using evidence to support these concepts. Discriminates between assertion of personal opinion and information substantiated by robust evidence from the research/course materials and extended reading. Well demonstrated capacity to explain and apply relevant concepts. Systematically and critically discriminates between assertion of issues present and information substantiated by robust evidence from both the research/course materials and extended reading. Information is taken from sources with a high level of interpretation/evaluation to develop a comprehensive SBD403_Assessment 2_Brief_Report_Module Due 8 Page 6 of 8 Viewpoints of experts are taken as fact with little questioning, and source quality is narrow in scope. Analysis and evaluation do not reflect expert judgement, intellectual independence, rigor and adaptability. Viewpoints from experts are broader, with a few different perspectives. Identifies logical flaws in the systems, as well as explaining the seriousness of these flaws. Questions viewpoints of experts, as well as presenting different viewpoints of experts in an accurate manner. Viewpoint of experts are subject to questioning. Analysis and evaluation reflect growing judgement, intellectual independence, rigor and adaptability. critical analysis or synthesis.