ICT5352 Cyber Security Management Trimester-3 Assignment Help

Assessment Overview

Assessment Task	Type	Weighting	Due	Length	ULOs
Assessment 1: Workshop Quiz Students will complete in class workshop including situation analyses and practical application of skills.	Individual Invigilated	20%	Week 4	1 hour (equiv. 1000 words)	ULO1 ULO2
Assessment 2: Report Threat and Risk Assessment Report.	Individual	30%	Week 6	2500 words	ULO3 ULO4
Assessment 3a: Report Students will develop an Information Security Roadmap for a given situation. Assessment 3b: Presentation The Information Security Roadmap generated in part A will be presented in a plenary session to the class.	Group Invigilated	Part A 20% Part B 10%	Part A Week 10 Part B Weeks 10, 11	Part A 3000 words Part B (equiv. 1500 words)	ULO1 ULO2 ULO3 ULO4
Assessment 4: Critique Report Students will be allocated a roadmap from another group submitted as part of Assessment 3. Each student will prepare a critique on that report identifying strengths and weaknesses in the report and providing	Individual	20%	Week 12	1500 words	ULO1 ULO2 ULO3 ULO4

Assessment Task

Type

Weighting

Due

Length

ULOs

Assessment 1: Workshop Quiz

Students will complete in class

workshop including situation analyses and practical application of skills.

Individual

Invigilated

20%

Week 4

1 hour

(equiv.

1000

words)

ULO1

ULO2

Assessment 2: Report

Threat and Risk Assessment Report.

Individual

30%

Week 6

2500

words

ULO3

ULO4

Assessment 3a: Report

Students will develop an Information Security Roadmap for a given situation.

Assessment 3b: Presentation

The Information Security Roadmap generated in part A will be presented in a plenary session to the class.

Group

Invigilated

Part A

20%

Part B

10%

Part A

Week 10

Part B

Weeks

10, 11

Part A

3000

words

Part B

(equiv.

1500

words)

ULO1

ULO2

ULO3

ULO4

Assessment 4: Critique Report

Students will be allocated a roadmap from another group submitted as part of Assessment 3. Each student will prepare a critique on that report identifying strengths and weaknesses in the report and providing

Individual

20%

Week

1500

words

ULO1

ULO2

ULO3

ULO4

equiv. – equivalent word count based on the Assessment Load Equivalency Guide. It means this assessment is equivalent to the normally expected time requirement for a written submission containing the specified number of words.

Assessment 1: Workshop Quiz

Due date:	Week 4
Group/individual:	Individual
Word count/Time provided:	1 hour (equiv. 1000 words)
Weighting:	20%
Unit Learning Outcomes:	ULO1, ULO2

Assessment 1 Detail

Students will complete a class workshop quiz including situation analyses and practical application of skills. This assessment covers the topics of Week 1 and Week 2. The quiz will be conducted individually and under your instructor’s invigilation in the class of Week 4. The student must attend the class in Week 4 to perform this quiz.

The Quiz has two parts:

Part 1: 20 Multiple-choice (MC) questions

Part 2: 10 short answer questions

You need to answer all questions.

Assessment 1 Marking Criteria and Rubric

The assessment will be marked out of 100 and will be weighted 20% of the total unit mark. The marking criteria and rubric are shown on the following page.

Assessment 2: Report

Due date:	Week 6
Group/individual:	Individual
Word count/Time provided:	2500 words
Weighting:	30%
Unit Learning Outcomes:	ULO3, ULO4

Assessment 2 Detail

Threat and Risk Assessment Report

XYZ Ltd. is a medium-sized company specializing in providing software development services to various industries. The company has been operational for 8 years and has a growing client base that includes both small and large enterprises. XYZ Ltd. stores sensitive client information, including intellectual property, contracts, and financial data, on its internal systems and cloud-based solutions. Recently, the company has experienced an increase in cyber threats and is concerned about the security of its data and systems.

Assumptions

• Operating Systems:

o Servers: Windows Server 2019

o Workstations: Windows 10/11 Pro and macOS

o Mobile Devices: iOS and Android

• Cloud Services: AWS (Amazon Web Services) for cloud infrastructure, including EC2, S3, and RDS.

• Database: PostgreSQL 13

• Development Tools: GitHub for version control and Jenkins for CI/CD pipelines. • Network Security: Basic firewall and VPN setup for remote access.

• Data Storage: Client data is stored in both on-premises and cloud-based PostgreSQL databases.

Use reasonable assumptions for any additional required information, such as which network architecture is used, applications, etc.

You need to write a threat and risk assessment report. The report will be graded based on the following components:

1. Identification of potential risks

• The student accurately identifies and describes potential vulnerabilities in the company’s systems, network, and sensitive information.

• The student identifies and describes potential cyber threats facing the organization, including current trends and techniques used by attackers. (This point and the previous point are referred to them as the threat analysis in the marking rubric)

• The identified vulnerabilities and threats should lead to at least ten risks.

2. Risk assessment

• The student presents a comprehensive risk analysis, which includes the classification of impacted assets.

• The student provides a thorough analysis of the likelihood and impact of each risk.

• The student uses quantitative risk assessment or qualitative risk assessment as appropriate. The report must include both quantitative and qualitative risk assessments.

• The student uses the risk matrix to present a clear and actionable picture of the overall risk to the organization.

3. Recommendations for risk response

• The student provides clear and practical recommendations for the appropriate risk response for the identified risks.

• The student demonstrates an understanding of industry best practices and standards for information security.

4. Presentation and organization

• The student presents the information in a clear and organized manner.

• The report is well-written and easy to understand.

5. Research and references

• The student uses credible sources to support the analysis and recommendations. • The student properly cites all sources used in the report.

Assessments 2 Marking Criteria and Rubric

The assessment will be marked out of 100 and will be weighted 30% of the total unit mark. The marking criteria and rubric are shown on the following page.

Assessment 2 Marking Criteria and Rubric

Marking Criteria

Not Satisfactory

(0-49% of the criterion

mark)

Satisfactory

(50-64% of the criterion mark)

Good

(65-74% of the criterion mark)

Very Good

(75-84% of the criterion mark)

Excellent

(85-100% of the criterion mark)

Identification of potential risks (30 marks)

The student does not

identify any potential risks or provides an inadequate analysis and no threat

analysis.

The student identifies a minimal number of potential risks and basic threat

analysis.

The student identifies a few potential risks with

providing a basic threat analysis.

The student identifies

several potential risks, along with providing a clear threat analysis.

The student demonstrates a thorough understanding of the company’s systems, along with providing a clear and specific threat analysis.

Risk assessment (30 marks)

The student does not

present a risk analysis and risk matrix.

The student presents a

minimal or inadequate risk analysis and risk matrix.

The student presents a risk quantitative and qualitative analysis and risk matrix that may lack detail or accuracy.

The student presents a

detailed quantitative and qualitative risk analysis and risk matrix, but they may not be completely accurate or actionable.

The student presents a

comprehensive and

accurate quantitative and qualitative risk analysis, using a risk matrix that

presents a clear and

actionable picture of the overall risk to the

organisation.

Recommendations for risk response (20 marks)

Student does not provide any recommendations for the appropriate risk

response, or the

recommendations provided are not practical or do not demonstrate an

understanding of industry best practices and standards for information security.

Student provides some

recommendations for the appropriate risk response, but they are weak or missing key components.

Student provides basic

recommendations for the appropriate risk response, but they are not well

supported or do not

demonstrate a strong

understanding of industry best practices and standards for information security.

Student provides clear and practical recommendations for the appropriate risk

response and demonstrates a good understanding of industry best practices and standards for information security.

Student provides clear,

practical, and well

supported

recommendations for the appropriate risk response, and demonstrates an in depth understanding of industry best practices and standards for information security.

Presentation and

organization (10 marks)

The student presents the information in an

inadequate or unorganized manner, with severe issues in writing and

understanding.

The student presents the information in a limited or disorganized manner, with significant issues in writing and understanding.

The student presents the information in an adequate manner, but the report may have some issues in

organization and writing.

The student presents the information in an organized manner, but the report may have some minor issues in writing and understanding.

The student presents the information in a clear and organised manner, with well-written and easy-to understand report.

Research and references (10 marks)

The student does not use any sources to support their analysis and

recommendations or does not cite sources correctly.

The student uses minimal sources to support their analysis and

recommendations, and may not cite all sources used in the report or may not use exclusively reputable

sources.

The student uses a limited number of sources to

support their analysis and recommendations, and may not cite all sources used in the report or may not use exclusively reputable

sources.

The student uses a variety of sources to support their analysis and

recommendations, but may not cite all sources used in the report or may not use exclusively reputable

sources.

The student uses a variety of reputable sources to

support their analysis and recommendations, and

correctly cites all sources used in the report.

Assessment 3a: Report

Due date:	Week 10
Group/individual:	Group
Word count/Time provided:	3000 words
Weighting:	20%
Unit Learning Outcomes:	ULO1, ULO2, ULO3, ULO4

Assessment 3a Detail

Students will develop an Information Security Roadmap for a given situation.

Your group (a maximum of three members) has been hired as an information security consultant by a selected Company/Organisation that operates in one of the listed industries below. They store sensitive information such as client’s intellectual property and financial data on their network and cloud infrastructure. The company/organization has been experiencing a rise in cyber-attacks and is concerned about the security of their sensitive information and the potential impact on their operations and reputation. The company’s management team has asked your group to develop an Information Security Roadmap that aligns with their strategic objectives and addresses the identified risks and incidents.

By Week 4, each group will be allocated one of the following industries:

1. Banks

2. Healthcare providers

3. Retail companies

4. Educational institutions

5. Government agencies

6. Technology companies

7. Energy companies

8. Manufacturing companies

9. Transport and logistics companies

10. Insurance companies

11. Service providers (e.g., consulting, legal, accounting)

12. Non-profit organizations

13. Media and entertainment companies

14. Telecommunications companies

15. Pharmaceutical companies

Each group will select a specific real-world company/organization that belongs to their allocated industry. The group should gather any required information from the selected company’s official website (or any other authentic sources). Otherwise, reasonable assumptions should be used for any required information that could not be obtained officially about the selected company.

The report will be graded based on the following components:

1. Strategic Objectives

• The student accurately identifies the company’s strategic objectives and explains how the information security plan aligns with them.

• The student demonstrates an understanding of the company’s goals and objectives and how they relate to information security.

2. Risk Assessment

• The student conducts a thorough risk assessment, identifying potential vulnerabilities, threats, and risks (at least 10 risks) facing the company’s systems, network and cloud infrastructure, and sensitive information.

• The student provides a clear and actionable picture of the overall risk to the organization.

3. Information Security Program

• The student develops a comprehensive security program that includes appropriate controls and treatments for the identified risks.

• The student demonstrates an understanding of industry best practices and standards for information security.

4. Incident Management and Response

• The student develops a clear and comprehensive incident management and response plan that includes procedures for identifying, reporting, and responding to security incidents (at least 10 incidents).

• The student demonstrates an understanding of incident response best practices.

5. Implementation Roadmap Plan

• The student provides a clear and comprehensive implementation plan that includes timelines, resources, and milestones required to implement the security program and incident management.

• The student demonstrates an understanding of information security roadmap best practices.

6. Presentation and Organisation

• The student presents the information in a clear and organized manner.

• The report is well-written and easy to understand.

7. Research and References

• The student uses credible sources to support the analysis and recommendations, and properly cites all sources used in the report.

• The student demonstrates an understanding of research and referencing best practices

Assessment 3b: Presentation

Due date:	Week 10, Week 11
Group/individual:	Group
Word count/Time provided:	(equiv. 1500 words)
Weighting:	10%
Unit Learning Outcomes:	ULO1, ULO2, ULO3, ULO4

Assessment 3b Detail

The Information Security Roadmap generated in part A will be presented in a plenary session to the class.

The presentation should focus on the main findings and recommendations of the report, including the strategic objectives, risk assessment, security program, incident management and response, implementation plan, monitoring and evaluation, and any other relevant information.

The presentation should cover the main elements of the report within 15 minutes (5 minutes for each member).

During the presentation, all group members should actively participate and take turns presenting different parts of the report. The group members should also be prepared to answer any questions or clarifications at the end of the presentation.

This presentation will be graded based on the group’s ability to effectively communicate the main findings and recommendations of the report, as well as their ability to answer any questions and engage with the class during the presentation. The presentation skills and response to the questions will be marked individually (see the Criteria and Rubric for more details).

The presentation should be delivered in a clear and organized manner, and the slides should be well designed, visually appealing, and easy to read.

Assessment 3 Marking Criteria and Rubric

The assessment will be marked out of 100 and will be weighted 30% of the total unit mark. The marking criteria and rubric are shown on the following page.

Assessment 3 Marking Criteria and Rubric

Marking Criteria

Not Satisfactory

(0-49% of the criterion

mark)

Satisfactory

(50-64% of the criterion mark)

Good

(65-74% of the criterion mark)

Very Good

(75-84% of the criterion mark)

Excellent

(85-100% of the criterion mark)

Strategic Objectives (8

marks)

The student does not

identify the company’s

strategic objectives or

provide an explanation of how the information

the security plan aligns with them.

The student identifies some of the company’s strategic objectives, but does not provide a clear or complete explanation of how the

the information security plan aligns with them.

The student identifies the company’s strategic

objectives, but does not provide a clear explanation of how the information

the security plan aligns with them.

The student identifies the company’s strategic

objectives and provides a general explanation of how the information security plan aligns with them.

The student accurately

identifies the company’s strategic objectives and provides a clear and detailed explanation of how the

information security plan aligns with them.

Risk Assessment (8 marks)

The student does not

identify any potential

vulnerabilities, threats, and risks facing the company or provides an inadequate analysis of likelihood and impact.

The student identifies a minimal number of potential vulnerabilities, threats, and risks facing the company, or provides an inadequate analysis of likelihood and impact.

The student identifies a few potential vulnerabilities, threats, and risks facing the company, but the risk

assessment may lack detail.

The student identifies

several potential

vulnerabilities, threats, and risks facing the company, but the risk assessment may not be as complete as the Excellent Level

The student conducts a

thorough risk assessment and identifies multiple

potential vulnerabilities, threats, and risks facing the company. The student

provides a clear and

actionable picture of the overall risk to the

organisation.

Information Security

Program (15 marks)

The student does not

develop a security program or the program is not

relevant to the identified risks.

The student develops a

security program that

includes minimal controls and treatments for

identified risks, or the

program may not be

relevant to the identified risks.

The student develops a

security program that

includes some controls and treatments for identified risks, but the program may lack detail or not fully

address all risks.

The student develops a

security program that

includes appropriate

controls and treatments for identified risks, but the

program may not be as

comprehensive as the

Excellent Level.

The student develops a

comprehensive security program that includes

appropriate controls and treatments for identified risks. The student

demonstrates an

understanding of industry best practices and standards for information security.

Incident Management and Response (15 marks)

The student does not

develop an incident

management and response plan or the plan is not

relevant to the identified risks.

The student develops an incident management and response plan that includes minimal procedures for

identifying, reporting, and responding to security

incidents, or the plan may not be relevant to the

identified risks.

The student develops an incident management and response plan that includes some procedures for

identifying, reporting, and responding to security

incidents, but the plan may lack detail or not fully

address all aspects of

incident

The student develops an incident management and response plan that includes procedures for identifying, reporting, and responding to security incidents, but the plan may not be as

comprehensive as the

Excellent Level.

The student develops a clear and comprehensive incident management and response plan that includes

procedures for identifying, reporting, and responding to security incidents. The

student demonstrates an understanding of incident response best practices.

Implementation roadmap Plan (15 marks)

The student does not

provide an implementation plan or the plan is not

relevant to the identified risks.

The student provides an implementation plan that includes minimal timelines, resources, and milestones required to implement the security program and

incident management and response plan, or the plan may not be relevant to the identified risks.

The student provides an implementation plan that includes some timelines, resources, and milestones required to implement the security program and

incident management and response plan, but the plan may lack detail or not fully address all aspects of

implementation.

The student provides an implementation plan that includes timelines,

resources, and milestones required to implement the security program and

incident management and response plan, but the plan may not be as

comprehensive as the

Excellent Level.

The student provides a clear and comprehensive

implementation plan that includes timelines,

resources, and milestones required to implement the security program and

incident management and response plan. The student demonstrates an

understanding of project management best practices.

Presentation and

Organization (3 marks)

The student presents the information in an

inadequate or unorganized manner, with severe issues in writing and

understanding.

The student presents the information in a limited or disorganized manner, with significant issues in writing and understanding.

The student presents the information in an adequate manner, but the report may have some issues in

organization and writing.

The student presents the information in an organized manner, but the report may have some minor issues in writing and understanding.

The student presents the information in a clear and organised manner, with well-written and easy-to understand report.

Research and References (3 marks)

The student does not use any sources to support their analysis and

recommendations or does not cite sources correctly.

The student uses minimal sources to support their analysis and

recommendations, and may not cite all sources used in the report or may not use exclusively reputable

sources.

The student uses a limited number of sources to

support their analysis and recommendations, and may not cite all sources used in the report or may not use exclusively reputable

sources.

The student uses a variety of sources to support their analysis and

recommendations, but may not cite all sources used in the report or may not use exclusively reputable

sources.

The student uses a variety of reputable sources to

support their analysis and recommendations, and

correctly cites all sources used in the report.

Content (9 marks)

Group

The presentation does not cover any of the main

elements of the report or includes inaccuracies.

The presentation covers a minimal number of the main elements of the report and includes minimal relevant information, or the

information provided may not be accurate.

The presentation covers some of the main elements of the report and includes some relevant information, but may lack detail or

accuracy in many areas.

The presentation covers most of the main elements of the report and includes relevant information, but may lack detail or accuracy in some areas.

The presentation effectively covers all the main elements of the report and includes relevant and accurate

information.

Organization and Visual Aids (9 marks)

Group

The presentation is not

organized and is difficult to follow.

The visual aids are not used in the presentation, or they are so poorly designed and

unprofessional that they detract from the overall effectiveness of the

presentation.

The presentation is

minimally organized, and may lack detail or have

many inconsistencies.

The visual aids are poorly designed, unprofessional, and do not effectively

support the content of the presentation.

The presentation is

somewhat organized but may lack detail or have

many inconsistencies.

The visual aids are

functional, but may not be as well-designed or

professional at the higher levels.

The presentation is

generally well-organized, but may lack detail or have some inconsistencies.

The visual aids are well

designed and support the content of the presentation, but there may be some

minor errors or

inconsistencies.

The presentation is well organised, easy to follow, and logical. The

presentation is easy to

follow and understand.

The visual aids are well

designed, professional, and effectively support the

content of the presentation.

Presentation Skills (9

marks)

Individual

The student does not

present the information in a clear, concise, and confident manner, and has many

issues with verbal and

nonverbal communication.

The student presents the information in a minimal manner, and may lack

confidence or have many issues with verbal and

nonverbal communication.

The student presents the information in a general manner, and may lack

confidence or have many issues with verbal and

nonverbal communication.

The student presents the information in a clear and concise manner, but may

lack confidence or have some issues with verbal and nonverbal communication.

The student presents the information in a clear,

concise, and confident

manner, and demonstrates good verbal and nonverbal communication skills.

Knowledge (6 marks)

Individual

Lack or poor knowledge of the topic is presented, and most questions were left unanswered.

Basic knowledge of the topic is presented, and many

questions were left

unanswered.

Good understanding of

some parts of topic is

presented, but few

elements went unanswered.

Very Good understanding of most parts of topic. The response was informative, but few elements went

unclear.

Extensive knowledge of the topic is presented. The

member showed complete understanding of

assignment. Accurately

answered all questions

posed.

Assessment 4: Critique Report

Due date:	Week 12
Group/individual:	Individual
Word count/Time provided:	1500 words
Weighting:	20%
Unit Learning Outcomes:	ULO1, ULO2, ULO3, ULO4

Assessment 4 Detail

The critique should focus on evaluating the report’s content, organization, and presentation, as well as the effectiveness of the security program, incident management and response, implementation plan, monitoring and evaluation, and any other relevant information.

The student should aim to provide a balanced critique that identifies both the strengths and weaknesses of the report and provides specific examples to support their evaluation. The student should also provide relevant and feasible recommendations for improvement, highlighting areas where the report could be enhanced or strengthened.

The critique should be presented in a clear, well-organized and logical manner, using appropriate language, grammar, and free of errors. The critique should be easy to follow and understand.

The critique will be graded based on the student’s ability to effectively evaluate the report and provide relevant and feasible recommendations for improvement. The critique should also be well organized, easy to follow and understand, and the language used should be appropriate and free of errors.

Submission: Each student has to submit his/her critique as a report (pdf file) containing the following components:

1. Identification of Strengths

2. Identification of Weaknesses

3. Recommendations for Improvement

Assessments 4 Marking Criteria and Rubric

The assessment will be marked out of 100 and will be weighted 20% of the total unit mark. The marking criteria and rubric are shown on the following page.

Assessment 4 Marking Criteria and Rubric

Marking Criteria

Total: 40 marks

Not Satisfactory

(0-49% of the criterion

mark)

Satisfactory

(50-64% of the criterion mark)

Good

(65-74% of the criterion mark)

Very Good

(75-84% of the criterion mark)

Excellent

(85-100% of the criterion mark)

Identification of Strengths (30 marks)

The student does not

identify any strengths in the report or the evaluation is not relevant to the report.

The student identifies

minimal strengths in the report and provides minimal examples to support their evaluation, or the evaluation may not be relevant to the report.

The student identifies some strengths in the report and provides examples to

support their evaluation, but the evaluation may lack detail or not fully address all strengths.

The student identifies a range of strengths in the report and provides

examples to support their evaluation, but the

evaluation may lack detail or not fully address all

strengths.

The student identifies a comprehensive range of strengths in the report and provides specific examples to support their evaluation. or the evaluation may not be relevant to the report.

Identification of

Weaknesses (30 marks)

The student does not

identify any weaknesses in the report or the evaluation is not relevant to the report.

The student identifies

minimal weaknesses in the report and provides minimal examples to support their evaluation, or the evaluation may not be relevant to the report.

The student identifies some weaknesses in the report and provides examples to support their evaluation, but the evaluation may lack detail or not fully address all weaknesses.

The student identifies a range of weaknesses in the report and provides

examples to support their evaluation, but the

evaluation may lack detail or not fully address all

weaknesses.

The student identifies a comprehensive range of weaknesses in the report and provides specific

examples to support their evaluation.

Recommendations for

Improvement (30 marks)

The student does not

provide any

recommendations for

improvement or the

recommendations are not relevant to the report.

The student provides

minimal recommendations for improvement that are relevant and specific, or the recommendations may not be relevant to the report.

The student provides some recommendations for

improvement that are

relevant and specific, but may lack detail or not fully address all areas for

improvement.

The student provides a

range of recommendations for improvement that are relevant and specific, but may lack detail or not fully address all areas for

improvement.

The student provides a

comprehensive range of recommendations for

improvement that are

relevant, specific, and

feasible.

Organization and Clarity (10 marks)

The student presents the critique in a disorganized and difficult to follow

manner, and the language used has errors that affect the understanding of the critique.

The student presents the critique in a minimal

organized manner, and may lack detail or have many inconsistencies. The

language used may have many errors.

The student presents the critique in a somewhat

organized manner, but may lack detail or have many inconsistencies. The

language used is

appropriate, but may have some errors.

The student presents the critique in a generally clear and well-organized manner, but may lack detail or have some inconsistencies. The language used is

appropriate, but may have some errors.

The student presents the critique in a clear, well

organised, and logical

manner, easy to follow and understand. The language used is appropriate,

grammatically correct and free of errors.