ICT5352 Cyber Security Management Trimester-3 Assignment Help

Assessment Overview

Assessment Task 

Type 

Weighting 

Due 

Length 

ULOs

Assessment 1: Workshop Quiz 

Students will complete in class  

workshop including situation analyses  and practical application of skills.

Individual 

Invigilated

20% 

Week 4 

1 hour  

(equiv. 

1000  

words)

ULO1 

ULO2

Assessment 2: Report 

Threat and Risk Assessment Report.

Individual 

30% 

Week 6 

2500  

words

ULO3  

ULO4

Assessment 3a: Report 

Students will develop an Information  Security Roadmap for a given situation.  

Assessment 3b: Presentation 

The Information Security Roadmap  generated in part A will be presented in  a plenary session to the class.

Group 

Invigilated

Part A  

20% 

Part B 

10%

Part A 

Week 10 

Part B 

Weeks  

10, 11

Part A 

3000 

words 

Part B 

(equiv. 

1500 

words)

ULO1  

ULO2 

ULO3  

ULO4

Assessment 4: Critique Report 

Students will be allocated a roadmap  from another group submitted as part  of Assessment 3. Each student will  prepare a critique on that report  identifying strengths and weaknesses in  the report and providing

Individual 

20% 

Week  

12

1500 

words

ULO1  

ULO2 

ULO3  

ULO4

equiv. – equivalent word count based on the Assessment Load Equivalency Guide. It means this assessment is  equivalent to the normally expected time requirement for a written submission containing the specified  number of words.

Assessment 1: Workshop Quiz 

Due date: 

Week 4

Group/individual: 

Individual

Word count/Time provided: 

1 hour (equiv. 1000 words)

Weighting: 

20%

Unit Learning Outcomes: 

ULO1, ULO2

Assessment 1 Detail 

Students will complete a class workshop quiz including situation analyses and practical application of  skills. This assessment covers the topics of Week 1 and Week 2. The quiz will be conducted individually and under your instructor’s invigilation in the class of Week 4. The student must attend the class in  Week 4 to perform this quiz.  

The Quiz has two parts:  

Part 1: 20 Multiple-choice (MC) questions 

Part 2: 10 short answer questions 

You need to answer all questions. 

Assessment 1 Marking Criteria and Rubric 

The assessment will be marked out of 100 and will be weighted 20% of the total unit mark. The  marking criteria and rubric are shown on the following page. 

Assessment 2: Report 

Due date: 

Week 6

Group/individual: 

Individual

Word count/Time provided: 

2500 words

Weighting: 

30%

Unit Learning Outcomes: 

ULO3, ULO4

Assessment 2 Detail 

Threat and Risk Assessment Report  

XYZ Ltd. is a medium-sized company specializing in providing software development services to  various industries. The company has been operational for 8 years and has a growing client base that  includes both small and large enterprises. XYZ Ltd. stores sensitive client information, including  intellectual property, contracts, and financial data, on its internal systems and cloud-based solutions.  Recently, the company has experienced an increase in cyber threats and is concerned about the  security of its data and systems. 

Assumptions 

Operating Systems

o Servers: Windows Server 2019 

o Workstations: Windows 10/11 Pro and macOS 

o Mobile Devices: iOS and Android 

Cloud Services: AWS (Amazon Web Services) for cloud infrastructure, including EC2, S3, and  RDS. 

Database: PostgreSQL 13 

Development Tools: GitHub for version control and Jenkins for CI/CD pipelines. Network Security: Basic firewall and VPN setup for remote access. 

Data Storage: Client data is stored in both on-premises and cloud-based PostgreSQL  databases. 

Use reasonable assumptions for any additional required information, such as which network  architecture is used, applications, etc.

You need to write a threat and risk assessment report. The report will be graded based on the following  components: 

1. Identification of potential risks  

The student accurately identifies and describes potential vulnerabilities in the company’s  systems, network, and sensitive information. 

The student identifies and describes potential cyber threats facing the organization,  including current trends and techniques used by attackers. (This point and the previous  point are referred to them as the threat analysis in the marking rubric) 

The identified vulnerabilities and threats should lead to at least ten risks

2. Risk assessment 

The student presents a comprehensive risk analysis, which includes the classification of  impacted assets. 

The student provides a thorough analysis of the likelihood and impact of each risk. 

The student uses quantitative risk assessment or qualitative risk assessment as appropriate. The report must include both quantitative and qualitative risk assessments. 

The student uses the risk matrix to present a clear and actionable picture of the overall risk  to the organization. 

3. Recommendations for risk response 

The student provides clear and practical recommendations for the appropriate risk response for the identified risks. 

The student demonstrates an understanding of industry best practices and standards for  information security. 

4. Presentation and organization  

The student presents the information in a clear and organized manner. 

The report is well-written and easy to understand. 

5. Research and references 

The student uses credible sources to support the analysis and recommendations. The student properly cites all sources used in the report. 

Assessments 2 Marking Criteria and Rubric 

The assessment will be marked out of 100 and will be weighted 30% of the total unit mark. The  marking criteria and rubric are shown on the following page. 

 

Assessment 2 Marking Criteria and Rubric

Marking Criteria 

Not Satisfactory  

(0-49% of the criterion  

mark)

Satisfactory 

(50-64% of the criterion  mark)

Good 

(65-74% of the criterion  mark)

Very Good 

(75-84% of the criterion  mark)

Excellent 

(85-100% of the criterion  mark)

Identification of potential  risks (30 marks)

The student does not  

identify any potential risks  or provides an inadequate  analysis and no threat  

analysis.

The student identifies a  minimal number of potential  risks and basic threat  

analysis.

The student identifies a few  potential risks with  

providing a basic threat  analysis.

The student identifies  

several potential risks, along  with providing a clear threat  analysis.

The student demonstrates a  thorough understanding of  the company’s systems,  along with providing a clear  and specific threat analysis.

Risk assessment (30 marks) 

The student does not  

present a risk analysis and  risk matrix.

The student presents a  

minimal or inadequate risk  analysis and risk matrix.

The student presents a risk  quantitative and qualitative  analysis and risk matrix that  may lack detail or accuracy.

The student presents a  

detailed quantitative and  qualitative risk analysis and  risk matrix, but they may  not be completely accurate  or actionable.

The student presents a  

comprehensive and  

accurate quantitative and  qualitative risk analysis,  using a risk matrix that  

presents a clear and  

actionable picture of the  overall risk to the  

organisation.

Recommendations for risk response (20 marks)

Student does not provide any recommendations for  the appropriate risk  

response, or the  

recommendations provided  are not practical or do not  demonstrate an  

understanding of industry  best practices and standards  for information security.

Student provides some 

recommendations for the  appropriate risk response,  but they are weak or missing  key components.

Student provides basic 

recommendations for the  appropriate risk response,  but they are not well 

supported or do not  

demonstrate a strong  

understanding of industry  best practices and standards  for information security.

Student provides clear and practical recommendations  for the appropriate risk  

response and demonstrates  a good understanding of  industry best practices and  standards for information  security.

Student provides clear, 

practical, and well 

supported  

recommendations for the  appropriate risk response,  and demonstrates an in depth understanding of  industry best practices and  standards for information  security.


Presentation and  

organization (10 marks)

The student presents the  information in an  

inadequate or unorganized  manner, with severe issues  in writing and  

understanding.

The student presents the  information in a limited or  disorganized manner, with  significant issues in writing  and understanding.

The student presents the  information in an adequate  manner, but the report may  have some issues in  

organization and writing.

The student presents the  information in an organized  manner, but the report may  have some minor issues in  writing and understanding.

The student presents the  information in a clear and  organised manner, with  well-written and easy-to understand report.

Research and references (10 marks)

The student does not use  any sources to support their  analysis and  

recommendations or does  not cite sources correctly. 

The student uses minimal  sources to support their  analysis and  

recommendations, and may  not cite all sources used in  the report or may not use  exclusively reputable  

sources.

The student uses a limited  number of sources to  

support their analysis and  recommendations, and may  not cite all sources used in  the report or may not use  exclusively reputable  

sources.

The student uses a variety of  sources to support their  analysis and  

recommendations, but may  not cite all sources used in  the report or may not use  exclusively reputable  

sources.

The student uses a variety of  reputable sources to  

support their analysis and  recommendations, and  

correctly cites all sources  used in the report.

Assessment 3a: Report 

Due date: 

Week 10

Group/individual: 

Group

Word count/Time provided: 

3000 words

Weighting: 

20%

Unit Learning Outcomes: 

ULO1, ULO2, ULO3, ULO4

Assessment 3a Detail 

Students will develop an Information Security Roadmap for a given situation.  

Your group (a maximum of three members) has been hired as an information security consultant by a  selected Company/Organisation that operates in one of the listed industries below. They store  sensitive information such as client’s intellectual property and financial data on their network and  cloud infrastructure. The company/organization has been experiencing a rise in cyber-attacks and is  concerned about the security of their sensitive information and the potential impact on their  operations and reputation. The company’s management team has asked your group to develop an  Information Security Roadmap that aligns with their strategic objectives and addresses the identified  risks and incidents. 

By Week 4, each group will be allocated one of the following industries: 

1. Banks 

2. Healthcare providers 

3. Retail companies 

4. Educational institutions 

5. Government agencies 

6. Technology companies 

7. Energy companies 

8. Manufacturing companies 

9. Transport and logistics companies 

10. Insurance companies 

11. Service providers (e.g., consulting, legal, accounting) 

12. Non-profit organizations 

13. Media and entertainment companies 

14. Telecommunications companies 

15. Pharmaceutical companies 

Each group will select a specific real-world company/organization that belongs to their allocated  industry. The group should gather any required information from the selected company’s official  website (or any other authentic sources). Otherwise, reasonable assumptions should be used for any  required information that could not be obtained officially about the selected company.

The report will be graded based on the following components: 

1. Strategic Objectives  

The student accurately identifies the company’s strategic objectives and explains how the  information security plan aligns with them. 

The student demonstrates an understanding of the company’s goals and objectives and how  they relate to information security. 

2. Risk Assessment 

The student conducts a thorough risk assessment, identifying potential vulnerabilities,  threats, and risks (at least 10 risks) facing the company’s systems, network and cloud  infrastructure, and sensitive information. 

The student provides a clear and actionable picture of the overall risk to the organization. 

3. Information Security Program 

The student develops a comprehensive security program that includes appropriate controls  and treatments for the identified risks. 

The student demonstrates an understanding of industry best practices and standards for  information security. 

4. Incident Management and Response 

The student develops a clear and comprehensive incident management and response plan  that includes procedures for identifying, reporting, and responding to security incidents (at  least 10 incidents). 

The student demonstrates an understanding of incident response best practices. 

5. Implementation Roadmap Plan 

The student provides a clear and comprehensive implementation plan that includes  timelines, resources, and milestones required to implement the security program and  incident management. 

The student demonstrates an understanding of information security roadmap best practices. 

6. Presentation and Organisation 

The student presents the information in a clear and organized manner. 

The report is well-written and easy to understand. 

7. Research and References 

The student uses credible sources to support the analysis and recommendations, and  properly cites all sources used in the report. 

• The student demonstrates an understanding of research and referencing best practices

 

Assessment 3b: Presentation

Due date: 

Week 10, Week 11

Group/individual: 

Group

Word count/Time provided: 

(equiv. 1500 words)

Weighting: 

10%

Unit Learning Outcomes: 

ULO1, ULO2, ULO3, ULO4

Assessment 3b Detail 

The Information Security Roadmap generated in part A will be presented in a plenary session to the  class. 

The presentation should focus on the main findings and recommendations of the report, including  the strategic objectives, risk assessment, security program, incident management and response,  implementation plan, monitoring and evaluation, and any other relevant information. 

The presentation should cover the main elements of the report within 15 minutes (5 minutes for  each member). 

During the presentation, all group members should actively participate and take turns presenting  different parts of the report. The group members should also be prepared to answer any questions  or clarifications at the end of the presentation. 

This presentation will be graded based on the group’s ability to effectively communicate the main  findings and recommendations of the report, as well as their ability to answer any questions and  engage with the class during the presentation. The presentation skills and response to the questions  will be marked individually (see the Criteria and Rubric for more details). 

The presentation should be delivered in a clear and organized manner, and the slides should be well designed, visually appealing, and easy to read. 

Assessment 3 Marking Criteria and Rubric 

The assessment will be marked out of 100 and will be weighted 30% of the total unit mark. The  marking criteria and rubric are shown on the following page. 

 

Assessment 3 Marking Criteria and Rubric

Marking Criteria 

Not Satisfactory  

(0-49% of the criterion  

mark)

Satisfactory 

(50-64% of the criterion  mark)

Good 

(65-74% of the criterion  mark)

Very Good 

(75-84% of the criterion  mark)

Excellent 

(85-100% of the criterion  mark)

Strategic Objectives (8 

marks)

The student does not  

identify the company’s  

strategic objectives or  

provide an explanation of  how the information  

the security plan aligns with  them.

The student identifies some  of the company’s strategic  objectives, but does not  provide a clear or complete  explanation of how the  

the information security plan  aligns with them.

The student identifies the  company’s strategic  

objectives, but does not  provide a clear explanation  of how the information  

the security plan aligns with  them.

The student identifies the  company’s strategic  

objectives and provides a  general explanation of how  the information security  plan aligns with them.

The student accurately  

identifies the company’s  strategic objectives and  provides a clear and detailed  explanation of how the  

information security plan  aligns with them.

Risk Assessment (8 marks) 

The student does not  

identify any potential  

vulnerabilities, threats, and  risks facing the company or  provides an inadequate  analysis of likelihood and  impact.

The student identifies a  minimal number of potential  vulnerabilities, threats, and  risks facing the company, or  provides an inadequate  analysis of likelihood and  impact.

The student identifies a few  potential vulnerabilities,  threats, and risks facing the  company, but the risk  

assessment may lack detail.

The student identifies  

several potential  

vulnerabilities, threats, and  risks facing the company,  but the risk assessment may  not be as complete as the  Excellent Level 

The student conducts a  

thorough risk assessment  and identifies multiple  

potential vulnerabilities,  threats, and risks facing the  company. The student  

provides a clear and  

actionable picture of the  overall risk to the  

organisation.

Information Security  

Program (15 marks)

The student does not  

develop a security program  or the program is not  

relevant to the identified  risks.

The student develops a  

security program that  

includes minimal controls  and treatments for  

identified risks, or the  

program may not be  

relevant to the identified  risks.

The student develops a  

security program that  

includes some controls and  treatments for identified  risks, but the program may  lack detail or not fully  

address all risks.

The student develops a  

security program that  

includes appropriate  

controls and treatments for  identified risks, but the  

program may not be as  

comprehensive as the  

Excellent Level.

The student develops a  

comprehensive security  program that includes  

appropriate controls and  treatments for identified  risks. The student  

demonstrates an  

understanding of industry  best practices and standards  for information security.

 

Incident Management and  Response (15 marks) 

The student does not  

develop an incident  

management and response  plan or the plan is not  

relevant to the identified  risks.

The student develops an  incident management and  response plan that includes  minimal procedures for  

identifying, reporting, and  responding to security  

incidents, or the plan may  not be relevant to the  

identified risks.

The student develops an  incident management and  response plan that includes  some procedures for  

identifying, reporting, and  responding to security  

incidents, but the plan may  lack detail or not fully  

address all aspects of  

incident

The student develops an  incident management and  response plan that includes  procedures for identifying,  reporting, and responding to  security incidents, but the  plan may not be as  

comprehensive as the  

Excellent Level.

The student develops a clear  and comprehensive incident  management and response  plan that includes  

procedures for identifying,  reporting, and responding to  security incidents. The  

student demonstrates an  understanding of incident  response best practices.

Implementation roadmap  Plan (15 marks)

The student does not  

provide an implementation  plan or the plan is not  

relevant to the identified  risks. 

The student provides an  implementation plan that  includes minimal timelines,  resources, and milestones  required to implement the  security program and  

incident management and  response plan, or the plan  may not be relevant to the  identified risks.

The student provides an  implementation plan that  includes some timelines,  resources, and milestones  required to implement the  security program and  

incident management and  response plan, but the plan  may lack detail or not fully  address all aspects of  

implementation.

The student provides an  implementation plan that  includes timelines,  

resources, and milestones  required to implement the  security program and  

incident management and  response plan, but the plan  may not be as  

comprehensive as the  

Excellent Level.

The student provides a clear  and comprehensive  

implementation plan that  includes timelines,  

resources, and milestones  required to implement the  security program and  

incident management and  response plan. The student  demonstrates an  

understanding of project management best practices.

Presentation and  

Organization (3 marks)

The student presents the  information in an  

inadequate or unorganized  manner, with severe issues  in writing and  

understanding.

The student presents the  information in a limited or  disorganized manner, with  significant issues in writing  and understanding.

The student presents the  information in an adequate  manner, but the report may  have some issues in  

organization and writing.

The student presents the  information in an organized  manner, but the report may  have some minor issues in  writing and understanding.

The student presents the  information in a clear and  organised manner, with  well-written and easy-to understand report.

Research and References (3 marks)

The student does not use  any sources to support their  analysis and  

recommendations or does  not cite sources correctly. 

The student uses minimal  sources to support their  analysis and  

recommendations, and may  not cite all sources used in  the report or may not use  exclusively reputable  

sources.

The student uses a limited  number of sources to  

support their analysis and  recommendations, and may  not cite all sources used in  the report or may not use  exclusively reputable  

sources.

The student uses a variety of  sources to support their  analysis and  

recommendations, but may  not cite all sources used in  the report or may not use  exclusively reputable  

sources.

The student uses a variety of  reputable sources to  

support their analysis and  recommendations, and  

correctly cites all sources  used in the report.

 

Content (9 marks) 

Group

The presentation does not  cover any of the main  

elements of the report or  includes inaccuracies.

The presentation covers a  minimal number of the main  elements of the report and  includes minimal relevant  information, or the  

information provided may  not be accurate.

The presentation covers  some of the main elements  of the report and includes  some relevant information,  but may lack detail or  

accuracy in many areas.

The presentation covers  most of the main elements  of the report and includes  relevant information, but  may lack detail or accuracy  in some areas.

The presentation effectively  covers all the main elements  of the report and includes  relevant and accurate  

information.

Organization and Visual  Aids (9 marks) 

Group

The presentation is not  

organized and is difficult to  follow. 

The visual aids are not used  in the presentation, or they  are so poorly designed and  

unprofessional that they  detract from the overall  effectiveness of the  

presentation.

The presentation is  

minimally organized, and may lack detail or have  

many inconsistencies. 

The visual aids are poorly  designed, unprofessional,  and do not effectively  

support the content of the  presentation. 

The presentation is  

somewhat organized but may lack detail or have  

many inconsistencies. 

The visual aids are  

functional, but may not be  as well-designed or  

professional at the higher  levels. 

The presentation is  

generally well-organized,  but may lack detail or have  some inconsistencies. 

The visual aids are well 

designed and support the  content of the presentation,  but there may be some  

minor errors or  

inconsistencies. 

The presentation is well organised, easy to follow,  and logical. The  

presentation is easy to  

follow and understand. 

The visual aids are well 

designed, professional, and  effectively support the  

content of the presentation. 

Presentation Skills (9 

marks) 

Individual 

The student does not  

present the information in a  clear, concise, and confident  manner, and has many  

issues with verbal and  

nonverbal communication.

The student presents the  information in a minimal  manner, and may lack  

confidence or have many  issues with verbal and  

nonverbal communication.

The student presents the  information in a general  manner, and may lack  

confidence or have many  issues with verbal and  

nonverbal communication.

The student presents the  information in a clear and  concise manner, but may  

lack confidence or have  some issues with verbal and  nonverbal communication.

The student presents the  information in a clear,  

concise, and confident  

manner, and demonstrates  good verbal and nonverbal  communication skills.

Knowledge (6 marks) 

Individual

Lack or poor knowledge of  the topic is presented, and  most questions were left  unanswered.

Basic knowledge of the topic  is presented, and many  

questions were left  

unanswered.

Good understanding of  

some parts of topic is  

presented, but few  

elements went unanswered. 

Very Good understanding of  most parts of topic. The  response was informative, but few elements went  

unclear.

Extensive knowledge of the  topic is presented. The  

member showed complete  understanding of  

assignment. Accurately  

answered all questions  

posed.

Assessment 4: Critique Report 

Due date: 

Week 12

Group/individual: 

Individual

Word count/Time provided: 

1500 words

Weighting: 

20%

Unit Learning Outcomes: 

ULO1, ULO2, ULO3, ULO4

Assessment 4 Detail 

Students will be allocated a roadmap from another group submitted as part of Assessment 3. Each  student will prepare a critique on that report identifying strengths and weaknesses in the report and  providing recommendations for improvement. 

The critique should focus on evaluating the report’s content, organization, and presentation, as well  as the effectiveness of the security program, incident management and response, implementation  plan, monitoring and evaluation, and any other relevant information. 

The student should aim to provide a balanced critique that identifies both the strengths and  weaknesses of the report and provides specific examples to support their evaluation. The student should also provide relevant and feasible recommendations for improvement, highlighting areas  where the report could be enhanced or strengthened. 

The critique should be presented in a clear, well-organized and logical manner, using appropriate  language, grammar, and free of errors. The critique should be easy to follow and understand. 

The critique will be graded based on the student’s ability to effectively evaluate the report and  provide relevant and feasible recommendations for improvement. The critique should also be well organized, easy to follow and understand, and the language used should be appropriate and free of  errors. 

Submission: Each student has to submit his/her critique as a report (pdf file) containing the following  components: 

1. Identification of Strengths 

2. Identification of Weaknesses 

3. Recommendations for Improvement 

Assessments 4 Marking Criteria and Rubric 

The assessment will be marked out of 100 and will be weighted 20% of the total unit mark. The  marking criteria and rubric are shown on the following page. 

 

Assessment 4 Marking Criteria and Rubric

Marking Criteria 

Total: 40 marks

Not Satisfactory  

(0-49% of the criterion  

mark)

Satisfactory 

(50-64% of the criterion  mark)

Good 

(65-74% of the criterion  mark)

Very Good 

(75-84% of the criterion  mark)

Excellent 

(85-100% of the criterion  mark)

Identification of Strengths  (30 marks)

The student does not  

identify any strengths in the  report or the evaluation is  not relevant to the report.

The student identifies  

minimal strengths in the  report and provides minimal  examples to support their  evaluation, or the evaluation  may not be relevant to the  report.

The student identifies some  strengths in the report and  provides examples to  

support their evaluation, but  the evaluation may lack  detail or not fully address all  strengths.

The student identifies a  range of strengths in the  report and provides  

examples to support their  evaluation, but the  

evaluation may lack detail or  not fully address all  

strengths.

The student identifies a  comprehensive range of  strengths in the report and  provides specific examples  to support their evaluation. or the evaluation may not  be relevant to the report.

Identification of  

Weaknesses (30 marks)

The student does not  

identify any weaknesses in  the report or the evaluation  is not relevant to the report.

The student identifies  

minimal weaknesses in the  report and provides minimal  examples to support their  evaluation, or the evaluation  may not be relevant to the  report.

The student identifies some  weaknesses in the report  and provides examples to  support their evaluation, but  the evaluation may lack  detail or not fully address all  weaknesses.

The student identifies a  range of weaknesses in the  report and provides  

examples to support their  evaluation, but the  

evaluation may lack detail or  not fully address all  

weaknesses.

The student identifies a  comprehensive range of  weaknesses in the report  and provides specific  

examples to support their  evaluation.

Recommendations for  

Improvement (30 marks)

The student does not  

provide any  

recommendations for  

improvement or the  

recommendations are not  relevant to the report.

The student provides  

minimal recommendations  for improvement that are  relevant and specific, or the  recommendations may not  be relevant to the report.

The student provides some  recommendations for  

improvement that are  

relevant and specific, but  may lack detail or not fully  address all areas for  

improvement.

The student provides a  

range of recommendations  for improvement that are  relevant and specific, but  may lack detail or not fully  address all areas for  

improvement.

The student provides a  

comprehensive range of  recommendations for  

improvement that are  

relevant, specific, and  

feasible.

Organization and Clarity (10 marks)

The student presents the critique in a disorganized  and difficult to follow  

manner, and the language  used has errors that affect  the understanding of the  critique.

The student presents the critique in a minimal  

organized manner, and may  lack detail or have many  inconsistencies. The  

language used may have  many errors.

The student presents the critique in a somewhat  

organized manner, but may  lack detail or have many  inconsistencies. The  

language used is  

appropriate, but may have  some errors.

The student presents the critique in a generally clear  and well-organized manner,  but may lack detail or have  some inconsistencies. The  language used is  

appropriate, but may have  some errors.

The student presents the critique in a clear, well 

organised, and logical  

manner, easy to follow and  understand. The language  used is appropriate,  

grammatically correct and  free of errors.