聯系方式

您當前位置:首頁 >> Java編程Java編程

日期:2019-12-15 10:33

CMP71001

Assignment 1 Risk assessment.

Due Date

Learning

16th Dec 2019 11.00pm (QLD Time)

Outcomes

Graduate

1, 2

Attributes 3, 4 & 5

Weight 20% of overall unit assessment

Suggestion This assignment is developmental and cumulative. You are strongly advised to

start doing this assignment from Week-4 in your study. Leaving your starting

date to the week before the due date is a very poor strategy for success in the unit.


Task Description

You are a cybersecurity consultant working for one of the big-4 consulting firms. In your client

portfolio you have the choice of working on a cybersecurity program for the following clients;

an educational institute (such as a university), a small-to-medium sized business (SME), and a

division of large business/government organisation. You are to choose one client.

As part of your work for the client, you have chosen you are required to provide a client report

that explains the importance of cybersecurity risk assessments. To successfully write this report,

you must complete the following tasks:

? Task 1: discuss why risk assessment is the most critical step in developing and managing

cyber security in the organisation and identify any limitations of the current risk assessment

methods.

? Task 2: create five questions that will identify the most critical information assets of the

organisation and justify how the five questions you have created achieve this. For example,

you could assume that an organisation website is one of the most critical information assets

of the organisation. Create a WFA template to rank the top five assets.

? Task 3: identify the top five threats to the organisation information assets. Support your

findings by referencing reputable sources of information.

? Task 4: Discuss how the top five threats identified in Task 3 could/could not impact the

asset. Rank the threats and define the risk values based on their likelihood of exposure and

levels of impact (potential consequences) on the asset. Support your discussion by quoting

reputable sources of information. You are free to make any assumption(s) you wish

regarding the organisation structure, mission, vision, business profile, etc. which will need

to be documented in the appropriate sections of your report.

CMP71001 – Cybersecurity Assignment-1, S3 2019

4

Assessment Criteria

Criteria Max Mark

Task1 6

Concept of risk assessment in the context of cybersecurity 1.5

Identification of knowledge by performing risk assessment 1.5

Application of risk assessment results for risk management 1.5

Limitations of the current risk assessment approaches 1.5


Task 2 4

Questions design to identify the most critical information assets 2

WFA worksheet to rank the assets. 2

Task 3 4

Threats to the organisation information assets 4

Task 4 4

Risk analysis (Impact analysis and risk ranking) 4

Documentation 2

Professional presentation. 1

Referencing 1

Total 20


Format, Presentation and length

There is no report template to be used in this assignment, so you can design your own template or

refer to online resources. However, the report should be well presented in a standard report

format.

Due to the system setting constraint, the report 1 length was set with 1000 words in the unit UIG.

You are advised that there is no formal word limit for the report. However, a good report is

expected to be somewhere in the vicinity of 2,000 - 3,000 words from Introduction to Conclusion.

Note that this is a very rough estimate and there will be no penalties imposed based on the number

of words (no real ceiling if the content is precise and relevant!)

Assignment-1 marking rubric

The following marking rubric will be used for the marking of your submission. It contains a detailed breakdown of the marking criteria for this assignment.

Make sure you read CAREFULLY this to understand how your work would be graded against each of the defined criteria.

Criteria Level of Student Performance

HD (85-100%) D (75-85%) C (65-75%) P (50-65%) F (0-49%)

Task 1

Risk assessment

Concept

? Correct and accurate definition of

risk assessment;

? A clear description that precisely

shows the essence of the risk

assessment process and its

objectives.

? Correct and accurate

definition of risk assessment;

? A clear description that

shows the essence of the risk

assessment process and its

objectives.

? Reasonably correct

definition of risk

assessment;

? Adequate description

that shows the most essence

of the risk assessment

process and its objectives

? Reasonably correct definition

of risk assessment;

? A very brief description that

shows some essence of the

risk assessment process and

its objectives.

Little or no correct

description that shows

essence of the risk

assessment process and its

objectives

Knowledge

Identification

Clear and correct information that

indicates at least 4/5 different

points of usefulness in line with the

objectives of risk assessments.

Clear and correct information

that indicates at least 3

different points of usefulness

in line with the objectives of

risk assessments.

Clear and correct

information that indicates at

least 2 different points of

usefulness in line with the

objectives of risk

assessments

Adequate information that

indicates at least 2 different

points of usefulness in line with

the objectives of risk

assessments

Little or no relevant

information in line with the

objectives of risk

assessments.

Application of risk

assessment results

? Comprehensive and solid

arguments of the use of risk

assessment results in developing

and managing cybersecurity;

? Clearly explain how they can

affect the business decisionmaking

process.

? Comprehensive arguments of

the use of risk assessment

results in developing and

managing cybersecurity;

? Clearly explain how they can

affect the business decisionmaking

process

? Comprehensive arguments

of the use of risk

assessment results in

developing and managing

cybersecurity;

? Briefly explain how they

can affect the business

decision-making process

? Adequate arguments of the use

of risk assessment results in

developing and managing

cybersecurity;

? Briefly explain how they can

affect the business decisionmaking

process

? Little or no valid

arguments of the use of

risk assessment results in

developing and managing

cybersecurity.

limitations of the

risk assessment

approach

Critical analysis of the limitations

inherited with both qualitative and

qualitative methods.

Detail description but not

critical analysis of the

limitations inherited with both

Detail description of the

limitations inherited with

either qualitative and

Brief description of the

limitations inherited with both

qualitative and qualitative

methods.

Little or no description of the

limitations inherited with

both qualitative and

qualitative methods.

CMP71001 – Cybersecurity Assignment-1, S3 2019

4

qualitative and qualitative

methods.

qualitative methods but not

both.

Task 2

Questions to ask

for the most critical

information assets

? Define and discuss five questions

you would ask to identify most

critical assets of the given

organisation.

? Clear justification why those

assets are critical to the

organisation.

? Define and discuss at least

four questions you would

ask to identify most critical

assets of the given

organisation.

? Clear justification why those

assets are critical to the

organisation.

? Define and discuss at least

three questions you would

ask to identify most critical

assets of the given

organisation.

? Reasonable justification

why those assets are critical

to the organisation.

? Briefly define and discuss at

least five questions you would

ask to identify most critical

assets of the given

organisation.

? No justification provided why

those assets are critical to the

organisation.

Little to no response to this

task.

WFA worksheet ? Clearly define at least 3 criteria

that match with the given context.

? Explain the importance of those

criteria.

? Define and justify their impact

factor.

? Clearly define at least 3

criteria that match with the

given context.

? Explain the importance of

those criteria.

? Define their impact factor.

? Clearly define at least 3

criteria that match with

the given context.

? Explain the importance of

those criteria.

? Briefly define at least 2

criteria that match with the

given context.

? Briefly explain the

importance of those criteria.

Little to no discussion on

WFA worksheet

Task 3

Threats ? Correctly identify at least five

threats;

? Discuss each threat sufficiently

detailed with threat agent, method

of delivery and working

mechanism.

? Justify why do you feel these are

the critical threats to the

organization.

? Correctly identify at least

five threats;

? Discuss most of them

sufficiently detailed with

threat agent, method of

delivery and working

mechanism.

? Briefly justify why do you

feel these are the critical

threats to the organization.

? Correctly identify at least

4 threats;

? Briefly discuss most of

them with threat agent,

method of delivery and

working mechanism.

? Briefly justify why do you

feel these are the critical

threats to the organization

? Correctly identify at least 2

threats;

? Briefly discuss them with

threat agent, method of

delivery and working

mechanism.

? Briefly Justify why do you

feel these are the critical

threats to the organization

Little to no threats

identification or discussion

Task 4

Impact assessment

and ranking

? Comprehensive qualitative risk

assessment presented to rank and

prioritise risks for all items

identified above.

? Comprehensive qualitative

risk assessment presented to

rank and prioritise risks for

most of the items identified

above.

? Qualitative risk

assessment presented to

rank and prioritise risks

for most of the items

identified above.

? Brief risk assessment

presented to rank and

prioritise risks for most of the

items identified above

? Little or no justification of

those mapping.

? Little or no assesses done

for ranking or prioritization.

CMP71001 – Cybersecurity Assignment-1, S3 2019

4

? Detail justification of those

mapping using own and public

domain knowledge.

? Detail justification of those

mapping using own and

public domain knowledge.

? Inadequate justification of

those mapping.

Documentation

Report

Presentation

Information is presented in a logical,

interesting way, which is easy to

follow.

Information is mostly

presented in a logical manner,

which is easily followed.

Information is generally, if

not always, presented in a

logical manner, which is

easily followed.

Work is difficult to follow as

there is lack of apparent

structure or continuity or

sequencing of ideas

Issues such as sentence

structure, word choice, and

lack of transitions and/or

sequencing of ideas make

reading and understanding

difficult.

Referencing Correct and appropriate references

and in-text citation following any

standard style.

At least 80% appropriate

references and in-text citation

following any standard style.

At least 60% appropriate

references and in-text

citation following any

standard style.

Major inadequacies in

references and in-text citation

Very few or no references.

Submission Format

When you have completed the assignment, you are required to submit your assignment in

the DOC format. The file will be named using the following convention:

filename = FirstInitialYourLastName_CMP71001_A1_S3_2019.doc (i.e.

DJones_CMP71001_A1_S3_2019.doc)

Original Work

It is a University requirement that a student’s work complies with the Academic Integrity

Policy. It is a student’s responsibility to be familiar with the Policy.

Failure to comply with the Policy can have severe consequences in the form of University

sanctions. For information on this Policy please refer to Student Academic Integrity policy

at the following website:

http://policies.scu.edu.au/view.current.php?id=00141

As part of a University initiative to support the development of academic integrity,

assessments may be checked for plagiarism, including through an electronic system, either

internally or by a plagiarism checking service, and be held for future checking and

matching purposes.

A Turnitin link has been set up to provide you with an opportunity to check the

originality of your work until your due date. Please make sure you review the report

generated by the system and make changes (if necessary!) to minimise the issues of

improper citation or potential plagiarism. If you fail to follow this step, your report

may not be graded or may incur late feedback.

Retain Duplicate Copy

Before submitting the assignment, you are advised to retain electronic copies of original

work. In the event of any uncertainty regarding the submission of assessment items, you

may be requested to reproduce a final copy.

School Extension Policy

In general, I will NOT give extension unless where there are exceptional circumstances.

Students wanting an extension must make a request at least 24 hours before the assessment

item is due and the request must be received in writing by the unit assessor or designated

academic through student service (please visit https://www.scu.edu.au/currentstudents/student-administration/special-consideration/

for details). Extensions within 24

hours of submission or following the submission deadline will not be granted (unless

supported by a doctor’s certificate or where there are exceptional circumstances – this will

be at unit assessor’s discretion and will be considered on a case by case basis). Extensions

will be for a maximum of 48 hours (longer extensions supported by a doctor’s certificate

or alike to be considered on a case by case basis).

CMP71001 – Cybersecurity Assignment-1, S3 2019

4

A penalty of 5% of the total available grade will accrue for each 24-hour period that an

assessment item is submitted late. Therefore, an assessment item worth 20 marks will have

1 mark deducted for every 24-hour period and at the end of 20 days will receive 0 marks.

Students who fail to submit following the guidelines in this Unit Information Guide will

be deemed to have not submitted the assessment item and the above penalty will be

applied until the specified submission guidelines are followed.

Marks and Feedback

All assessment materials submitted during the semester will normally be marked and

returned within two weeks of the required date of submission (provided that the

assessment materials have been submitted by the due date).

Marks will be made available to each student via the MySCU Grade book.


版權所有:編程輔導網 2018 All Rights Reserved 聯系方式:QQ:99515681 電子信箱:[email protected]
免責聲明:本站部分內容從網絡整理而來,只供參考!如有版權問題可聯系本站刪除。

25选5一等奖多少钱