want to make my assignment
Microsoft Word - CMP71001_Assignment_1_2018 S3 Assignment 1 Risk assessment. Due Date Learning Friday 11pm 23 August 2019 Week 7 Outcomes Graduate 1, 2,4,5 Attributes 3, 4 & 5 Weight 20% of overall unit assessment Suggestion This assignment is developmental and cumulative. You are strongly advised to start doing this assignment from Week-3 in your study. Leaving your starting date to the week before the due date is a very poor strategy for success in the unit. Task Description You are interviewed by an organisation for a position of cybersecurity consultant to work in a cybersecurity program in the organisation such as your educational institute SCU, a legal firm, a division of large business/government organisation, or other moderate sized organisation. As part of the interview, you are required to complete the following tasks: • Task 1: risk assessment - discuss why risk assessment is the most critical step in developing and managing cyber security in the organisation and identify the limitations of the current risk assessment methods. • Task 2: Threat landscape - develop five questions and justify why you think they allow you to identify the most critical information assets of the organisation. Create a WFA template to rank the assets (you will fill this WFA when you do Ass2). We just need the template. • Task 3: Threat landscape - identify the top five threats to the organisation information assets. Support you finding by quoting reputable sources of information. • Task 4: Threat landscape for website – the open doorway to your organisation. Let us assume that an organisation’s website is one of the most critical information assets of the organisation. Discuss how the top five threats identified in Task 3 could or could not impact the asset. Rank the threats based on their levels of impact on the asset. Support your discussion by quoting reputable sources of information. You are free to make any assumption(s) you wish regarding the organisation structure, mission, vision, business profile, etc. which will need to be documented in the appropriate sections of your report. CMP71001 – Cybersecurity Assignment-1, S2 2019 2 Assignment-1 Guideline Task 1: The importance of risk assessment To complete this task, use the following questions to guide your discussion: • What is risk assessment? • What do you know by performing cybersecurity risk assessment? • What do you think is difficult for you to do/obtain in the risk assessment process? • How risk assessment results are used to develop and manage cybersecurity and how they can affect the business decision making process? Task 2: Critical asset identification To complete this task, use the following questions to guide your thought: • What is an information asset? • What make an information asset critical? • What can be included in WFA to classify the organisation information assets? Task 3: Threat identification To complete this task, use the following guidelines: • Clearly understand the difference between important security concepts including threats, hazards, attacks and incidents. • Search for security threat, incident and trend reports and use the results from reputable sources such as government organisations and security companies. • Identify relevant threats by studying statistics and figures found in the reports. • Summarize each threat, threat agent, method of delivery and working mechanism Task 4: Threat assessment To complete this task, use the following guidelines: • Identify potential weaknesses (vulnerabilities) of the asset based on three information security components: confidentiality, integrity and availability. • Study the working mechanism of each threat to assess the potential impact of the threat on the asset by exploiting the vulnerabilities. Use your own and public domain knowledge to help you with the impact assessment. CMP71001 – Cybersecurity Assignment-1, S2 2019 3 Format and Presentation You are recommended to present the assignment in a standard report format with the title page that details your name, student-id, unit, course and date/time information. You will also provide a TOC page for the navigation. There is no report template to be used in this assignment, so you can design your own template or refer to online resources. However, the report should be well presented with clear headings, titles and subtitles. Assignment-1 marking rubric The following marking rubric will be used for the marking of your submission. It contains a detailed breakdown of the marking criteria for this assignment. Make sure you read CAREFULLY this to understand how your work would be graded against each of the defined criteria. Criteria Max Mark Note to the student Task1 6 Define risk assessment in the context of cybersecurity 1.5 The definition correctly and precisely shows the essence of the risk assessment process and its objectives. Identify knowledge obtained by performing risk assessment 1.5 Think about the objectives of risk assessments to help you identify the important information you want to know by undertaking the assessment Discuss how risk assessment results are used 1.5 Provide solid arguments and support of the use of risk assessment results in improving cybersecurity Identify limitations of the current risk assessment approaches 1.5 Think about what are not trivial and difficult for you when performing risk assessments? Task 2 4 Five questions to identify the most critical information assets 2 Questions should allow to identify most critical assets of the given organisation. The questions are well formatted. You should make clear who is the questions are designed for. Avoid generic questions, like what is the most critical asset. Instead, the questions should be concrete enough, so they can be answered. WFA worksheet (template) 2 WFA should include at least 3 well designed criteria that match with the given context. Task 3 5 Top five threats to the organisation information assets 5 Correctly identify the threats; each threat is sufficiently detailed Task 4 4 Identify the asset vulnerabilities 2 Correctly identify the vulnerabilities; each vulnerability is sufficiently detailed CMP71001 – Cybersecurity Assignment-1, S2 2019 4 Discuss impact of the threats and rank them 2 Support your threat ranking by analysing the possible damage each threat can bring to the asset and how the damage will affect the organisation business continuity. Documentation 1 Professional presentation. 1 Correct grammars and spelling; Arguments are well and logically supported; Cite all reference sources. Total 20 Submission Format When you have completed the assignment, you are required to submit your assignment in the PDF/DOC format. The file will be named using the following convention: filename = FirstInitialYourLastName_CMP71001_A1_S2_2019.pdf (i.e. DJones_CMP71001_A1_S2_2019.pdf) Original Work It is a University requirement that a student’s work complies with the Academic Integrity Policy. It is a student’s responsibility to be familiar with the Policy. Failure to comply with the Policy can have severe consequences in the form of University sanctions. For information on this Policy please refer to Student Academic Integrity policy at the following website: http://policies.scu.edu.au/view.current.php?id=00141 As part of a University initiative to support the development of academic integrity, assessments may be checked for plagiarism, including through an electronic system, either internally or by a plagiarism checking service, and be held for future checking and matching purposes. Retain Duplicate Copy Before submitting the assignment, you are advised to retain electronic copies of original work. In the event of any uncertainty regarding the submission of assessment items, you may be requested to reproduce a final copy. School Extension Policy In general, I will NOT give extension unless where there are exceptional circumstances. Students wanting an extension must make a request at least 24 hours before the assessment item is due and the request must be received in writing by the unit assessor or designated academic through student service (please visit https://www.scu.edu.au/currentstudents/student-administration/special-consideration/ for details) . Extensions within 24 hours of submission or following the submission deadline will not be granted (unless supported by a doctor’s certificate or where there are exceptional circumstances – this will be at unit assessor’s discretion and will be CMP71001 – Cybersecurity Assignment-1, S2 2019 5 considered on a case by case basis). Extensions will be for a maximum of 48 hours (longer extensions supported by a doctor’s certificate or alike to be considered on a case by case basis). A penalty of 5% of the total available grade will accrue for each 24-hour period that an assessment item is submitted late. Therefore, an assessment item worth 20 marks will have 1 mark deducted for every 24-hour period