SBD403_Assessment 2_Brief_Report_Module Due 8 Page 1 of 8 Task Summary Individually, assess a selected event where a security system was attacked, and subsequently compromised (or survived the attack)...

1 answer below »

SBD403_Assessment 2_Brief_Report_Module Due 8 Page 1 of 8
Task Summary
Individually, assess a selected event where a security system was attacked, and
subsequently compromised (or survived the attack) and with information related to the
event examine, discuss, and
eak down the event. Issues that arose, and possible solutions
to the issues should also be presented. The report should be around XXXXXXXXXXwords in
Security (and the maintenance of security) is an issue that many companies have to
consider, often constantly, in order to protect both corporate and user data, assets, and
other general information. Breaches of this security have happened in the past, at many
different levels. A
each often has many effects, affecting both the consumer and the
The report you produce will assess your understanding and ability to
eak down instances
of failure within the security space. With the provided case study and resources (as well as
other material), you will demonstrate your understanding of complex issues - such as
Subject Code and Title SBD403 - Secure by Design
Assessment Report - System attack evaluation.
Individual/Group Individual
Learning Outcomes This assessment addresses the Subject Learning Outcomes outlined
at the bottom of this document.
Submission Due by 11:55pm AEST Sunday end of Module 8.
Weighting 35%
Total Marks 100 marks
SBD403_Assessment 2_Brief_Report_Module Due 8 Page 2 of 8
This report should cover topics such as:
- An example of an SDL model, with appropriate justification and explanation as to
why this model should have been followed (or was not followed) and how it
would have affected the
- The security level of the system at the time of the
each - both at a technical
and practical level. Was the system updated regularly? Were users afforded all
possible protections?
- How effectively risks were mitigated (or not mitigated) and how the company
chose to safeguard against those risks.
Each of these points should be addressed in detail, as well as evaluated based on their
espective successes or failures. You will write a report that also focuses on the positive
esponse of a company, not just the negatives. For example, if the company proceeded in
the best possible way (implementing new security procedures, creating two-factor
authentication, etc.), the report can address the value of their actions, and not just areas
that they underperformed in.
Task Instructions
This assessment requires you to investigate a case of your choosing (this will require
approval from the facilitator, and you need to make sure it is ready for the facilitator to
check before the module 6 meeting). You will also need to determine the base failures that
led to the issues that the company faced. You will write a report that focuses on the
following three areas:
 Key Failings - what went wrong, why did it go wrong, and whose responsibility was
it? (A system may be responsible; it doesn’t necessarily have to be a person.)
 Immediate actions - what actions did the parties affected take, and how effective
was their immediate response?
 Long-term changes - were there any visible changes from the company? If so, what
were they, how effective were they, and how do they stack up against the core
concepts covered in this module?
These three areas should cover approximately 75% of the overall report.
The conclusion of the report should contain no less than 2 recommendations that you
would make to the company - in line with existing secure by design principles - which you
must justify as well. This conclusion and recommendation section should cover the
emaining 25% of the paper.
You must directly gather information about the case that you have selected. This is to
ensure that you have all the information that you require in order to present your
understanding and recommendations.
SBD403_Assessment 2_Brief_Report_Module Due 8 Page 3 of 8
You will be assessed on the justification and understanding of the events that took place, as
well as how well your recommendations follow Secure by Design principles, and how well
they are argued. The quality of your research will also be assessed, you may include
eferences relating to the case, as well as non-academic references.
Referencing is essential for this assessment. A minimum of 10-12 references is required for
this, including at least 8 academic sources.
(An academic source is one that has been peer-reviewed).
Your references will be evaluated for their relevance to the case study. Remember you must
ensure that your arguments and justifications are based on sound reasoning and clear
Ensure that you reference according to the appropriate APA style, for citing and
eferencing information, as well as all appropriate research sources.
Please see more information on referencing here:
Submission Instructions
Submit your Assessment 2 Report via the Assessment link in the main navigation menu in
SBD403 Secure By Design. Please name your file in the following format: Lastname_First
initial_course code_assessment number, e.g., Smith_A_SBD403_A2. The Learning Facilitator
will provide feedback via the Grade Centre in the LMS portal. Feedback can be viewed in My
SBD403_Assessment 2_Brief_Report_Module Due 8 Page 4 of 8
Assessment Ru
(Yet to achieve
minimum standard)
High Distinction
Knowledge and
understanding of Cyber
Attack Reviewing,
evaluation, and
ecommendation in a
technical environment.
Percentage for this
criterion = 40%
Demonstrates a partially-
developed understanding
of Cyber attacks, with the
following components:
 Incomplete or flawed
assessment of the
situation; little
understanding o
easoning is shown.
 Understanding of the
immediate actions
taken is either not
present or poorly
explained; there is no
explanation of the
effect of those
 There are either zero,
very few, or poorly
made regarding the
Demonstrates a functional
knowledge of Cyber attacks
and their response by
 Adequate assessment of
the situation that
ed; some reasoning
or understanding is
 Understanding of the
immediate actions is
present, and discussed at
a base level; some
explanation of the effects
of these actions is
 A few recommendations
have been made, and
justified to a small extent.
Further consequences o
evaluations of these are
not considered.
Demonstrates proficient
knowledge of (Cyber
attacks) by
 Accurately assessing
the situation that
ed. Reasoning
and understanding is
provided. Some core
contributors are
highlighted and
 Immediate actions are
covered in some detail,
and discussed to a mid-
level. The effects of
these actions are
discussed, and flow-on
effects are touched on.
 Some
ecommendations have
een made, with
justification and
Demonstrates advanced
knowledge of (Cyber
attacks) by
 Assessing the situation
in detail. Reasoning,
understanding, and
justification of decisions
(and result) is
presented. Core
contributors are
highlighted and
explained in detail.
 Immediate actions are
completely covered,
and discussed to a high
level. The effects of
these actions, as well as
flow-on effects, are
discussed in depth, with
a particular focus on
overall context.
 Recommendations are
made, backed up with
Demonstrates exceptional
knowledge of (Cyber
attacks) by
 Assessing the situation
in complete detail.
understanding and
justification of
decisions (and thei
esults) are presented,
analysed, and
presented. Core
contributors are
highlighted and
explained in complete
 Immediate actions are
detailed, and discussed
at both at a high level
and with an
understanding of
context. The effects of
these actions (and thei
SBD403_Assessment 2_Brief_Report_Module Due 8 Page 5 of 8
presented situation. provided. Some
consequences of these
ecommendations are
discussed, and some
evidence is provided to
support the
justification and
Consequences of these
ecommendations are
discussed in detail, with
enefits against cu
systems being
highlighted and
explained with the
supporting evidence.
flow-on effects) are
presented and
discussed in context as
 The recommendations
in this report are of a
high quality, and
address the core issues
ehind the security
each. Benefits across
the systems are
highlighted and
supported with clea
Evaluation of
information selected to
support the case study
Percentage for this
criterion = 30%
Limited understanding of
key concepts required to
support the case study.
Confuses logic and
emotion. Information
taken from reliable
sources but without a
coherent analysis or
synthesis. Some sources
may be unreliable at
Resembles a recall or
summary of key ideas.
Often conflates/confuses
assertion of core issues with
information substantiated by
evidence from the
esearch/course materials.
Supports information
substantiated by evidence
from the research/course
Demonstrates a capacity to
explain and apply relevant
concepts, in conjunction
with using evidence to
support these concepts.
Discriminates between
assertion of personal
opinion and information
substantiated by robust
evidence from the
esearch/course materials
and extended reading.
Well demonstrated capacity
to explain and apply
elevant concepts.
Systematically and critically
discriminates between
assertion of issues present
and information
substantiated by robust
evidence from both the
esearch/course materials
and extended reading.
Information is taken from
sources with a high level of
interpretation/evaluation to
develop a comprehensive
SBD403_Assessment 2_Brief_Report_Module Due 8 Page 6 of 8
Viewpoints of experts are
taken as fact with little
questioning, and source
quality is na
ow in scope.
Analysis and evaluation do
not reflect expert judgement,
intellectual independence,
igor and adaptability.
Viewpoints from experts are
oader, with a few different
Identifies logical flaws in the
systems, as well as
explaining the seriousness
of these flaws.
Questions viewpoints of
experts, as well as
presenting different
viewpoints of experts in an
accurate manner.
Viewpoint of experts are
subject to questioning.
Analysis and evaluation
eflect growing judgement,
intellectual independence,
igor and adaptability.
critical analysis or synthesis.
Answered 1 days AfterApr 06, 2022Torrens University Australia


Tanisha answered on Apr 08 2022
14 Votes
    The incident of cyber attack over Sony Play station draws a big attention towards the theft of personal data in such a big digital world. The evaluation of such an attack shows what are the important points that are needed to safeguard the people’s information and maintains a trustworthy relationship between the client and customers. We will focus on different parameters for security risks and further recommendations that can be followed for such security
    Many organizations do experience cyber security attacks when their systems are not under any proper security mechanisms. One of the incident that is of April 2011 where Sony experienced a cyber attack in its online service known as PlayStation Network indulged in the loss of personal information such as credit card information etc. Sony estimated that losses were up to $171 million. We will research on such crisis finding the key points of success and failures regarding security
Sony PlayStation Case Overview
    Sony found itself in the security
each on April 2011 where executives realized some abnormality activities on the Play station Network with the exposing of customers’ credit card information and other private details. Sony after the
each shutdown the network and got to know about the hacking and invested $170 million to cover up the expenses of stolen data. We will also focus on different models that can help us to understand the hacking case of Sony Play station.
Addressing the Crisis through Model Management
    We can say that the crisis can be labeled as an event where a compromise can be made with regards to some one’s safety, or any community or any customers or any risks or threats that can tarnish the public trust in the organization. So for such a crisis to be maintained, there should be some model management that focuses more on preventing crisis from happening which is called as Anticipatory Model of Crisis Management. AMCM was previously designed to address issues coming from technology used in organization but now it is beyond technology and helps in evaluating the crisis in the organization. Cu
ently AMCM assumptions consists of three measures such as expectations, enactment and an act of control where expectations deals whether one takes proper measures during the likelihood of any mishappenings, enactment deals with the consequences that occurs from the actions that leads to crisis and an act of control that deals with the degree of energy an organization has to handle the crisis. Here the act of control intertwines with expectations and enactments to such a level that expectations will have influence over the enactments and decision made will exert over the crisis situation. These three measures are hierarchical in nature rather than mutually exclusive.
Key Failings
While using the AMCM, we basically use common method as case study. Regarding case study of Sony PlayStation, examiners researched on different news reports and used the logic of AMCM to check the assessment of the decisions made. There are four points that comes up regarding the case. Firstly, Sony failed to provide information to the customers about the
each and also about the stolen of credit card information until a week is over from the mishappenings. They believed that there was no theft made to financial information about the customers. Secondly, Sony did not shut down its network immediately and thirdly, it accused one of the hacker groups inaccurately without any evidence. Fourthly, Sony provided a timeline to make things functional again which never met.
So as per the AMCM, Expectation principle failed as Sony did not provide immediate notification to the customers regarding the stealing of credit card information and the
each that happened. Even enactment principle failed as Sony did not close the network although they knew crisis was still happening and control principle failed as it only owns the network that should be closed if crisis was going on.
Sony was able to control over the security measures that can be taken during the
each and its lack of effective decision system compromise on its public image as well as questions on the security mechanisms. When attackers demonstrated their intentions regarding the security
each, they mentioned that was owned by a very simple SQL injection which is one of the basic vulnerability.
Sony blamed an anonymous group as after intrusion they found the file named anonymous in their servers. Further, it set up the timeline to do restoration of the network without doing ample amount of investigation and so it did not meet the expectations.
Immediate Actions Enacted After the Intrusion
    Sony took a week after the crisis to work on the investigation. They realized that there should be some encryption mechanism in security field. Apart from this, they set up the timeline for restoring the network. They used rigid protocols under the control of centralized structures to promote the event – response relationship.
Long Term Changes
Using AMCM mitigation principles for pre-crisis planning is followed. This will emphasize over the identification and clarification of the potential problem areas where there is an inclusion of more trainings towards risk management.
Mostly organization cannot afford primitive methods for the advanced technologies as it does not meet with societal expectations. Interaction through social media or any other outlets can help to get more opinions and allow to take faster and smarter decisions....

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here