Kibata

Sign In

Our Services

Get 15% Discount on your First Order

Order Now
[rank_math_breadcrumb]

Case Study-IS Security & Risk Management

Assessment Brief: BIS3004 IS Security and Risk Management

Trimester-1 2024

Assessment Overview

Assessment Task

Type Weighting Due Length ULO

Assessment 1: Case Study
Write a report to discuss recent
types of information security
attacks, protection mechanisms and
risk management.

Individual

30% Week 6 2500
words

ULO-2
ULO-3
ULO-4

equiv. – equivalent word count based on the Assessment Load Equivalence Guide. It means this assessment is

equivalent to the normally expected time requirement for a written submission containing the specified

number of words.

Note for all assessment tasks:

• Students can generate/modify/create text generated by AI. They are then asked to

modify the text according to the brief of the assignment.

• During the preparation and writing of an assignment, students use AI tools, but may

not include any AI-generated material in their final report.

• AI tools are used by students in researching topics and preparing assignments, but

all AI-generated content must be acknowledged in the final report as follows:

Assessment 1: Case Studies (Use case analysis, Risk Identification and

Assessment)

Due date: Week 6

Group/individual: Individual

Word count / Time provided: 2500

Weighting: 30%

Unit Learning Outcomes: ULO-2, ULO-3, ULO-4

Format

I acknowledge the use of [insert the name of the AI system and link] to [describe how it was
used]. The prompts used were entered on [enter the date in ddmmyyy:] [list the prompts
that were used]

Example

Tools
I acknowledge the use of ChatGPT to create content to plan and
brainstorm ideas for my assessment. The prompts used were entered on 18 March 2023:

• What are some key challenges in running an online business?

/

Justification

There is a noticeable increase in the occurrence of data intrusions within the financial and healthcare

sectors in Australia. The Australian government is currently revising its cybersecurity frameworks and

policies to strengthen resilience against nation-state threat actors and thereby disrupt this adverse

trend.

In the past 4 years, numerous data breaches have occurred in Australia. Several of them affected many

users. Table 1 is a comprehensive compilation of noteworthy instances of data breaches that have

transpired in recent years.

Table 1: Major Data Breach Incidents in Australia

Company Name Date of Impact

Latitude March 2023

Medibank December 2022

Optus September 2022

Eastern Health March 2021

Northern Territory Government February 2021

Canva May 2019

Australian Parliament House February 2019

Approach Analysis
You are required to choose one of the data breaches from the list above in Table 1 and create a report

on it. Your report must include the following information.

1. Detail of the Attack:

This section of your report should include the elements below.

• What was the attack? What vulnerability was exploited?

• Was the vulnerability already known? When did it happen?

• Were there any controls implemented against the vulnerability and yet it was

exploited?

2. Analysis and Action:

This section of your report should include the elements below.

• When and how did the target figure out about the attack?

• For how long, the risk was not actioned?

• Did the organisation have a risk assessment policy and procedure?

• Did the organisation maintain a risk register?

• Was the vulnerability included in the risk register?

• How was the risk perceived (critical/non-critical/high/medium/low)?

• What the attacker(s) did, stole, and wanted?

• Did the organisation pay anything because of the attack?

• What action did they adopt to avoid further damage?

3. Risk assessment

a. Risk Identification

b. Risk Analysis

c. Risk Evaluation

Risk Identification and Assessment

In this section, you need to identify risks and conduct an analysis of the selected use case. Regarding

the selected scenario, reasonable assumptions can be made if they are adequately documented and

supported. To perform risk identification and analysis, you can choose either of the following tools or

a combination of them.

• Factors Analysis in Information Risk (FAIR)

• NIST Privacy Risk Assessment Methodology (PRAM)

• NIST CyberSecurity Framework (CSF)

Assessment Description

Assume you have been recruited as a cybersecurity specialist by the client organisation (the use case

you chose). You are responsible for conducting a security risk assessment and preparing this report

for the board members. In most organisations, board members have minimal levels of computer

literacy and risk-related knowledge. Include the following information in your report preparation:

1. Introduction

2. Details of the attack

3. Analysis and action

4. Risk Assessment

a. Risk Identification

b. Risk Analysis

c. Risk Evaluation

5. Conclusion

6. References

Note: Your responses to the above questions must be supported by APA-style citations and

references.

Additional Information

When conducting research, you may find the following URLs or research tools useful:

Marking Criteria and Rubric: The assessment will be marked out of 100 and will be weighted 30%
of the total unit mark.

Marking
Criteria

Not satisfactory

(0-49%) of the
criterion mark

Satisfactory

(50-64%) of the
criterion mark

Good

(65-74%) of the
criterion mark

Very Good

(75-84%) of the
criterion mark

Excellent

(85-100%) of the
criterion mark

Introduction
(10 marks)

The introduction lacks
clarity, and an engaging
hook, and disorganised,
lacks originality

The introduction is
generally clear,
includes a moderately
engaging opener,
presents a well-
articulated statement,
about the topic,
provides some
pertinent context, is
adequately organised,
and lacks significant
originality.

The introduction is
clear, contains an
engaging hook,
presents a well-
articulated statement,
about the topic,
provides relevant
context, and is well-
organized.

The introduction is
well written with a
clear discussion about
the case analysis, Risk
Identification and
Assessment

The introduction is
exceptionally clear,
contains a highly
engaging hook,
presents a well-
articulated topic,
provides pertinent
context, is flawlessly
organised, and
demonstrates
originality.

Details of the
Attack (15)

The report lacks clarity
and detail, providing
little to no information
about the details of the
attack and its various
aspects.

The report provides a
basic overview of the
details of the attack,
covering some of the
necessary details but
lacking depth in one
or more areas, such as
what vulnerability was
exploited.

Generally, good
discussion about the
details of the attacks
, including clear
identification, a
thorough explanation
of the attack

Very clear discussion
about the details of
the attack. The answer
is supported with
reference and in-text
citations

In-depth and very
clear discussion about
the details of the
attack. Accurate
answers are
supported with
reference and in-text
citations

Analysis and action
(10)

Poor discussion with
irrelevant information

A brief discussion
about the analysis and
action. The analysis
provides a basic
impact assessment
but lacks
comprehensive
details.

Generally, good
discussion regarding
the analysis and
action. The impact
assessment is
reasonable but may
lack some depth

Very clear discussion
about the analysis and
action. The answer is
supported with
references and in-text
citations

In-depth and very
clear discussion about
the analysis and
action. The report
provides a complete
strategy of how the
target found out
about the attack and
the way they dealt
with it with accurate
answers supported
with references and
in-text citations.

Risk Identification
(15)

Poor discussion with
irrelevant information

A brief discussion
about risk
identification.
Displayed a basic
understanding of the
threat landscape but it
lacks depth. One of
the provided tools was
not utilised correctly.

Generally good
discussion about
risk identification.
Shows a good grasp of
the threat landscape
but may overlook
using one of the given
tools.

Very clear discussion
regarding risk
identification.
Properly use one of
the given tools.
The answer is
supported by the
reference and in-text
citation

Using one of the

provided tools

demonstrates an

exceptional

understanding of the

threat landscape with

accurate responses

supported by

references and in-text

citations.

Risk Analysis
(15)

Poor risk assessment. No
assets were mentioned,

A brief discussion
about risk analysis.

Some relevant assets
were identified, but

Most relevant assets
are identified with

A very clear and
in-depth

nor were any threats
evaluated.

Few threats are
evaluated.

important ones are
missing. Some threats
were assessed but
lacked detail or
accuracy.

minor omissions or
inaccuracies. Well-
documented threats
with minor omissions
or inconsistencies.
The answer is
supported with
reference and in-text
citation

Comprehensive
identification of all
relevant assets,
including data,
systems, and
applications. A
thorough assessment
of potential threats,
their likelihood, and
potential impact. The
answer is supported
with reference and in-
text citation

Risk Evaluation
(20)

Poor evaluation of risk.
There are no identified
threats or vulnerabilities.

A brief discussion
about risk evaluation.
Few threats and
vulnerabilities are
identified.

Most threats are
identified, but some
important ones are
missing.
Some vulnerabilities
were identified, but
important ones are
missing.

Comprehensive threat
identification with
minor omissions. Most
vulnerabilities were
identified and
assessed with minor
omissions.
The answer is
supported with
reference and in-text
citation

Thorough
identification of
potential threats,
including emerging
and known threats.
Comprehensive
identification and
evaluation of
vulnerabilities.
The answer is
supported with
reference and in-text
citation

Conclusion
(10)

The conclusion is
unclear, fails to
summarize key points,
has little to no impact,
lacks coherence, and
lacks originality

The conclusion is
somewhat unclear,
lacks a thorough
summary of key
points, has a limited
impact, struggles with
coherence, and lacks
originality.

The conclusion is
generally clear,
summarizes key points
adequately, has a
moderate impact,
maintains satisfactory
coherence, and lacks
significant originality.

The conclusion is
clear, effectively
summarizes key
points, has a positive
impact, maintains
good coherence, and
shows some
originality.

The conclusion is
exceptionally clear,
effectively
summarizes key
points, has a
significant impact,
maintains excellent
coherence, and
demonstrates
originality.

Formatting and
referencing
(5 marks)

Includes misspelt words,
incorrect language,
incorrect punctuation,
improper formatting,
and reference citation
based on applicable
standards; satisfies
minimum page length
requirements

Few spelling,
grammatical, and
punctuation problems
are present. A few
formatting or citation
problems according to
proper standards;
fulfils minimal page
requirements.

Few spelling,
grammatical, and
punctuation problems
are present with a few
citation problems

Few spelling,
grammatical, and
punctuation problems
are present.

There are no spelling
or grammar mistakes.
The paper’s format
and citation of sources
conform to applicable
criteria; the minimum
number of pages is
met.

Share This Post

Email
WhatsApp
Facebook
Twitter
LinkedIn
Pinterest
Reddit

Order a Similar Paper and get 15% Discount on your First Order

Order Now

Related Questions

Computer Science 2 Assignments

Operational Excellence Week 2 Assignment Information Systems for Business and Beyond Questions: · Chapter 3 – study questions 1-8, Exercise 2, 4 & 5 Information Technology and Organizational Learning Assignment: Chapter 3 – Complete the two essay assignments noted below:  · Review the strategic integration section.  Note what strategic integration is and how

Discussion 3: generative adversarial nets

  Generative adversarial nets are mentioned in 2014 by Ian Goodfellow et al.  Why is generative adversarial network a key turning point in the history of generative modeling? Why is the field of image generation important? 

Week 3 – Linear Regression & Business Decision Making

attached file.  An asset management company must replace the manager of its two signature mutual funds, who is about to retire. Two candidates have been short-listed. The management team is divided and cannot decide which of the two candidates would make the better mutual fund manager. The retiring manager presents

data science

Final Exam Due Saturday 11:59 pm (Week 15) You cannot use any of the datasets in our assignments, class notes, and your own midterm project. If you are using the same one, you will receive 0 for your final project. 1. Question Formulation (5 points): You need to devise a

Letter of Recommendations

Hi  Attached is the sample of Letter of recommendation  Please write about it accordingly  1. Write about author :AUTHOR WILL BE professor David Kimble I will give links about his Biography write accordingly or you can use your own search engines about him to write it. 2 . How the

Letter of Recommendations

Hi  Attached is the sample of Letter of recommendation  Please write about it accordingly  1. Write about author :AUTHOR WILL BE professor David Kimble I will give links about his Biography write accordingly or you can use your own search engines about him to write it. 2 . How the

data science

Final Exam Due Saturday 11:59 pm (Week 15) You cannot use any of the datasets in our assignments, class notes, and your own midterm project. If you are using the same one, you will receive 0 for your final project. 1. Question Formulation (5 points): You need to devise a

IT 202

5/15/24, 10:59 AM Assignment Information 1/3 IT 202 Project One Milestone Guidelines and Rubric Overview For the purposes of this assignment, imagine that you are a systems architect at a medium-sized publishing company with 130 employees. The company primarily publishes books, both in print and online. It also produces other

Assessments

Perimeter defense techniques Evaluate the types of assessments, select one that you might use, and explain why it is important. Of the top eight areas to research when conducting an assessment, select no less than three and explain how one should approach the research and why it should be approached

project ppt presentation

Project 3 – Ensemble Methods and Unsupervised Learning In this project you will explore some techniques in unsupervised learning as well as ensemble methods. It is important to realize that understanding an algorithm or technique requires understanding how it behaves under a variety of circumstances. You will go through the

Week 2 understanding on Python.

PDF for reference purpose other file is requirement Python Installation & Examples Atif Farid Mohammad PhD 1. Open any Browser 2. Go to 3. Click at Download button 4. Go to your Download Folder (In both Windows and Mac) a. In Windows you will have the file: Anaconda3-2022.05-Windows-x86_64.exe b. Double

Computer Science Assignments

Operational Excellence Week 2 Assignment information Systems for Business and Beyond Questions · Chapter 2 – study questions 1-10, Exercise 2      Information Technology and Organizational Learning Questions · Chapter 2 – Note why the IT organizational structure is an important concept to understand.  Also, note the role of

Computer Science IT project assignment

Pg. 01 Project I Project Deadline: Sunday 12/5/2024 @ 23:59 [Total Mark is 14] Introduction to Database IT244 College of Computing and Informatics Project Instructions · You can work on this project as a group (minimum 2 and maximum 3 students). Each group member must submit the project individually with

project ppt presentation

Project 3 – Ensemble Methods and Unsupervised Learning In this project you will explore some techniques in unsupervised learning as well as ensemble methods. It is important to realize that understanding an algorithm or technique requires understanding how it behaves under a variety of circumstances. You will go through the

coding

Assignment 6 Due Saturday 11:59 pm (Week 14) Part 1 (50 points) We will explore the Marvel Network Universe. The dataset which you will find in Blackboard consists of the hero’s networks. For this dataset, you will need to ask yourself 3 questions (i.e which superhero knows more superheroes?) ,

project ppt presentation

Project 3 – Ensemble Methods and Unsupervised Learning In this project you will explore some techniques in unsupervised learning as well as ensemble methods. It is important to realize that understanding an algorithm or technique requires understanding how it behaves under a variety of circumstances. You will go through the

How hackers get info

Identify at least two ways in which hackers gather information about companies. What can companies do to limit this access, specifically to the ways you have identified? Which type of information can be gathered with enumeration? How and why should companies protect themselves against enumeration attempts?