Assessment 1: Case Study Write a report to discuss recent types of information security attacks, protection mechanisms and risk management.
Assessment Brief: BIS3004 IS Security and Risk Management
Trimester-1 2024
Assessment Overview
Assessment Task
Type Weighting Due Length ULO
Assessment 1: Case Study Write a report to discuss recent types of information security attacks, protection mechanisms and risk management.
Individual
30% Week 6 2500 words
ULO-2 ULO-3 ULO-4
equiv. – equivalent word count based on the Assessment Load Equivalence Guide. It means this assessment is
equivalent to the normally expected time requirement for a written submission containing the specified
number of words.
Note for all assessment tasks:
• Students can generate/modify/create text generated by AI. They are then asked to
modify the text according to the brief of the assignment.
• During the preparation and writing of an assignment, students use AI tools, but may
not include any AI-generated material in their final report.
• AI tools are used by students in researching topics and preparing assignments, but
all AI-generated content must be acknowledged in the final report as follows:
Assessment 1: Case Studies (Use case analysis, Risk Identification and
Assessment)
Due date: Week 6
Group/individual: Individual
Word count / Time provided: 2500
Weighting: 30%
Unit Learning Outcomes: ULO-2, ULO-3, ULO-4
Format
I acknowledge the use of [insert the name of the AI system and link] to [describe how it was used]. The prompts used were entered on [enter the date in ddmmyyy:] [list the prompts that were used]
Example
Tools I acknowledge the use of ChatGPT https://chat.openai.com to create content to plan and brainstorm ideas for my assessment. The prompts used were entered on 18 March 2023:
• What are some key challenges in running an online business?
https://chat.openai.com/
Justification
There is a noticeable increase in the occurrence of data intrusions within the financial and healthcare
sectors in Australia. The Australian government is currently revising its cybersecurity frameworks and
policies to strengthen resilience against nation-state threat actors and thereby disrupt this adverse
trend.
In the past 4 years, numerous data breaches have occurred in Australia. Several of them affected many
users. Table 1 is a comprehensive compilation of noteworthy instances of data breaches that have
transpired in recent years.
Table 1: Major Data Breach Incidents in Australia
Company Name Date of Impact
Latitude March 2023
Medibank December 2022
Optus September 2022
Eastern Health March 2021
Northern Territory Government February 2021
Canva May 2019
Australian Parliament House February 2019
Approach Analysis You are required to choose one of the data breaches from the list above in Table 1 and create a report
on it. Your report must include the following information.
1. Detail of the Attack:
This section of your report should include the elements below.
• What was the attack? What vulnerability was exploited?
• Was the vulnerability already known? When did it happen?
• Were there any controls implemented against the vulnerability and yet it was
exploited?
2. Analysis and Action:
This section of your report should include the elements below.
• When and how did the target figure out about the attack?
• For how long, the risk was not actioned?
• Did the organisation have a risk assessment policy and procedure?
https://www.upguard.com/security-report/eastern-health
• Did the organisation maintain a risk register?
• Was the vulnerability included in the risk register?
• How was the risk perceived (critical/non-critical/high/medium/low)?
• What the attacker(s) did, stole, and wanted?
• Did the organisation pay anything because of the attack?
• What action did they adopt to avoid further damage?
3. Risk assessment
a. Risk Identification
b. Risk Analysis
c. Risk Evaluation
Risk Identification and Assessment
In this section, you need to identify risks and conduct an analysis of the selected use case. Regarding
the selected scenario, reasonable assumptions can be made if they are adequately documented and
supported. To perform risk identification and analysis, you can choose either of the following tools or
a combination of them.
• Factors Analysis in Information Risk (FAIR)
• NIST Privacy Risk Assessment Methodology (PRAM)
• NIST CyberSecurity Framework (CSF)
Assessment Description
Assume you have been recruited as a cybersecurity specialist by the client organisation (the use case
you chose). You are responsible for conducting a security risk assessment and preparing this report
for the board members. In most organisations, board members have minimal levels of computer
literacy and risk-related knowledge. Include the following information in your report preparation:
1. Introduction
2. Details of the attack
3. Analysis and action
4. Risk Assessment
a. Risk Identification
b. Risk Analysis
c. Risk Evaluation
5. Conclusion
6. References
Note: Your responses to the above questions must be supported by APA-style citations and
references.
Additional Information
When conducting research, you may find the following URLs or research tools useful:
✓ https://ieeexplore.ieee.org/Xplore/home.jsp
✓ https://dl.acm.org/
✓ https://scholar.google.com/
https://ieeexplore.ieee.org/Xplore/home.jsp
https://dl.acm.org/
https://scholar.google.com/
Marking Criteria and Rubric: The assessment will be marked out of 100 and will be weighted 30% of the total unit mark.
Marking Criteria
Not satisfactory
(0-49%) of the criterion mark
Satisfactory
(50-64%) of the criterion mark
Good
(65-74%) of the criterion mark
Very Good
(75-84%) of the criterion mark
Excellent
(85-100%) of the criterion mark
Introduction (10 marks)
The introduction lacks clarity, and an engaging hook, and disorganised, lacks originality
The introduction is generally clear, includes a moderately engaging opener, presents a well- articulated statement, about the topic, provides some pertinent context, is adequately organised, and lacks significant originality.
The introduction is clear, contains an engaging hook, presents a well- articulated statement, about the topic, provides relevant context, and is well- organized.
The introduction is well written with a clear discussion about the case analysis, Risk Identification and Assessment
The introduction is exceptionally clear, contains a highly engaging hook, presents a well- articulated topic, provides pertinent context, is flawlessly organised, and demonstrates originality.
Details of the Attack (15)
The report lacks clarity and detail, providing little to no information about the details of the attack and its various aspects.
The report provides a basic overview of the details of the attack, covering some of the necessary details but lacking depth in one or more areas, such as what vulnerability was exploited.
Generally, good discussion about the details of the attacks , including clear identification, a thorough explanation of the attack
Very clear discussion about the details of the attack. The answer is supported with reference and in-text citations
In-depth and very clear discussion about the details of the attack. Accurate answers are supported with reference and in-text citations
Analysis and action (10)
Poor discussion with irrelevant information
A brief discussion about the analysis and action. The analysis provides a basic impact assessment but lacks comprehensive details.
Generally, good discussion regarding the analysis and action. The impact assessment is reasonable but may lack some depth
Very clear discussion about the analysis and action. The answer is supported with references and in-text citations
In-depth and very clear discussion about the analysis and action. The report provides a complete strategy of how the target found out about the attack and the way they dealt with it with accurate answers supported with references and in-text citations.
Risk Identification (15)
Poor discussion with irrelevant information
A brief discussion about risk identification. Displayed a basic understanding of the threat landscape but it lacks depth. One of the provided tools was not utilised correctly.
Generally good discussion about risk identification. Shows a good grasp of the threat landscape but may overlook using one of the given tools.
Very clear discussion regarding risk identification. Properly use one of the given tools. The answer is supported by the reference and in-text citation
Using one of the
provided tools
demonstrates an
exceptional
understanding of the
threat landscape with
accurate responses
supported by
references and in-text
citations.
Risk Analysis (15)
Poor risk assessment. No assets were mentioned,
A brief discussion about risk analysis.
Some relevant assets were identified, but
Most relevant assets are identified with
A very clear and in-depth
nor were any threats evaluated.
Few threats are evaluated.
important ones are missing. Some threats were assessed but lacked detail or accuracy.
minor omissions or inaccuracies. Well- documented threats with minor omissions or inconsistencies. The answer is supported with reference and in-text citation
Comprehensive identification of all relevant assets, including data, systems, and applications. A thorough assessment of potential threats, their likelihood, and potential impact. The answer is supported with reference and in- text citation
Risk Evaluation (20)
Poor evaluation of risk. There are no identified threats or vulnerabilities.
A brief discussion about risk evaluation. Few threats and vulnerabilities are identified.
Most threats are identified, but some important ones are missing. Some vulnerabilities were identified, but important ones are missing.
Comprehensive threat identification with minor omissions. Most vulnerabilities were identified and assessed with minor omissions. The answer is supported with reference and in-text citation
Thorough identification of potential threats, including emerging and known threats. Comprehensive identification and evaluation of vulnerabilities. The answer is supported with reference and in-text citation
Conclusion (10)
The conclusion is unclear, fails to summarize key points, has little to no impact, lacks coherence, and lacks originality
The conclusion is somewhat unclear, lacks a thorough summary of key points, has a limited impact, struggles with coherence, and lacks originality.
The conclusion is generally clear, summarizes key points adequately, has a moderate impact, maintains satisfactory coherence, and lacks significant originality.
The conclusion is clear, effectively summarizes key points, has a positive impact, maintains good coherence, and shows some originality.
The conclusion is exceptionally clear, effectively summarizes key points, has a significant impact, maintains excellent coherence, and demonstrates originality.
Formatting and referencing (5 marks)
Includes misspelt words, incorrect language, incorrect punctuation, improper formatting, and reference citation based on applicable standards; satisfies minimum page length requirements
Few spelling, grammatical, and punctuation problems are present. A few formatting or citation problems according to proper standards; fulfils minimal page requirements.
Few spelling, grammatical, and punctuation problems are present with a few citation problems
Few spelling, grammatical, and punctuation problems are present.
There are no spelling or grammar mistakes. The paper’s format and citation of sources conform to applicable criteria; the minimum number of pages is met.
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
