Skip to content
Home » Assessment 1: Case Study Write a report to discuss recent types of information security attacks, protection mechanisms and risk management.

Assessment 1: Case Study Write a report to discuss recent types of information security attacks, protection mechanisms and risk management.

Assessment Brief: BIS3004 IS Security and Risk Management

 

Trimester-1 2024

 

Assessment Overview

 

Assessment Task

 

Type Weighting Due Length ULO

 

Assessment 1: Case Study Write a report to discuss recent types of information security attacks, protection mechanisms and risk management.

 

Individual

 

30% Week 6 2500 words

 

ULO-2 ULO-3 ULO-4

 

equiv. – equivalent word count based on the Assessment Load Equivalence Guide. It means this assessment is

 

equivalent to the normally expected time requirement for a written submission containing the specified

 

number of words.

 

Note for all assessment tasks:

 

• Students can generate/modify/create text generated by AI. They are then asked to

 

modify the text according to the brief of the assignment.

 

• During the preparation and writing of an assignment, students use AI tools, but may

 

not include any AI-generated material in their final report.

 

• AI tools are used by students in researching topics and preparing assignments, but

 

all AI-generated content must be acknowledged in the final report as follows:

 

Assessment 1: Case Studies (Use case analysis, Risk Identification and

 

Assessment)

 

Due date: Week 6

 

Group/individual: Individual

 

Word count / Time provided: 2500

 

Weighting: 30%

 

Unit Learning Outcomes: ULO-2, ULO-3, ULO-4

 

Format

 

I acknowledge the use of [insert the name of the AI system and link] to [describe how it was used]. The prompts used were entered on [enter the date in ddmmyyy:] [list the prompts that were used]

 

Example

 

Tools I acknowledge the use of ChatGPT https://chat.openai.com to create content to plan and brainstorm ideas for my assessment. The prompts used were entered on 18 March 2023:

 

• What are some key challenges in running an online business?

 

https://chat.openai.com/

Justification

 

There is a noticeable increase in the occurrence of data intrusions within the financial and healthcare

 

sectors in Australia. The Australian government is currently revising its cybersecurity frameworks and

 

policies to strengthen resilience against nation-state threat actors and thereby disrupt this adverse

 

trend.

 

In the past 4 years, numerous data breaches have occurred in Australia. Several of them affected many

 

users. Table 1 is a comprehensive compilation of noteworthy instances of data breaches that have

 

transpired in recent years.

 

Table 1: Major Data Breach Incidents in Australia

 

Company Name Date of Impact

 

Latitude March 2023

 

Medibank December 2022

 

Optus September 2022

 

Eastern Health March 2021

 

Northern Territory Government February 2021

 

Canva May 2019

 

Australian Parliament House February 2019

 

Approach Analysis You are required to choose one of the data breaches from the list above in Table 1 and create a report

 

on it. Your report must include the following information.

 

1. Detail of the Attack:

 

This section of your report should include the elements below.

 

• What was the attack? What vulnerability was exploited?

 

• Was the vulnerability already known? When did it happen?

 

• Were there any controls implemented against the vulnerability and yet it was

 

exploited?

 

2. Analysis and Action:

 

This section of your report should include the elements below.

 

• When and how did the target figure out about the attack?

 

• For how long, the risk was not actioned?

 

• Did the organisation have a risk assessment policy and procedure?

 

https://www.upguard.com/security-report/eastern-health

• Did the organisation maintain a risk register?

 

• Was the vulnerability included in the risk register?

 

• How was the risk perceived (critical/non-critical/high/medium/low)?

 

• What the attacker(s) did, stole, and wanted?

 

• Did the organisation pay anything because of the attack?

 

• What action did they adopt to avoid further damage?

 

3. Risk assessment

 

a. Risk Identification

 

b. Risk Analysis

 

c. Risk Evaluation

 

Risk Identification and Assessment

 

In this section, you need to identify risks and conduct an analysis of the selected use case. Regarding

 

the selected scenario, reasonable assumptions can be made if they are adequately documented and

 

supported. To perform risk identification and analysis, you can choose either of the following tools or

 

a combination of them.

 

• Factors Analysis in Information Risk (FAIR)

 

• NIST Privacy Risk Assessment Methodology (PRAM)

 

• NIST CyberSecurity Framework (CSF)

 

Assessment Description

 

Assume you have been recruited as a cybersecurity specialist by the client organisation (the use case

 

you chose). You are responsible for conducting a security risk assessment and preparing this report

 

for the board members. In most organisations, board members have minimal levels of computer

 

literacy and risk-related knowledge. Include the following information in your report preparation:

 

1. Introduction

 

2. Details of the attack

 

3. Analysis and action

 

4. Risk Assessment

 

a. Risk Identification

 

b. Risk Analysis

 

c. Risk Evaluation

 

5. Conclusion

 

6. References

 

Note: Your responses to the above questions must be supported by APA-style citations and

 

references.

 

Additional Information

 

When conducting research, you may find the following URLs or research tools useful:

 

œ“ https://ieeexplore.ieee.org/Xplore/home.jsp

 

œ“ https://dl.acm.org/

 

œ“ https://scholar.google.com/

 

https://ieeexplore.ieee.org/Xplore/home.jsp

https://dl.acm.org/

https://scholar.google.com/

Marking Criteria and Rubric: The assessment will be marked out of 100 and will be weighted 30% of the total unit mark.

 

Marking Criteria

 

Not satisfactory

 

(0-49%) of the criterion mark

 

Satisfactory

 

(50-64%) of the criterion mark

 

Good

 

(65-74%) of the criterion mark

 

Very Good

 

(75-84%) of the criterion mark

 

Excellent

 

(85-100%) of the criterion mark

 

Introduction (10 marks)

 

The introduction lacks clarity, and an engaging hook, and disorganised, lacks originality

 

The introduction is generally clear, includes a moderately engaging opener, presents a well- articulated statement, about the topic, provides some pertinent context, is adequately organised, and lacks significant originality.

 

The introduction is clear, contains an engaging hook, presents a well- articulated statement, about the topic, provides relevant context, and is well- organized.

 

The introduction is well written with a clear discussion about the case analysis, Risk Identification and Assessment

 

The introduction is exceptionally clear, contains a highly engaging hook, presents a well- articulated topic, provides pertinent context, is flawlessly organised, and demonstrates originality.

 

Details of the Attack (15)

 

The report lacks clarity and detail, providing little to no information about the details of the attack and its various aspects.

 

The report provides a basic overview of the details of the attack, covering some of the necessary details but lacking depth in one or more areas, such as what vulnerability was exploited.

 

Generally, good discussion about the details of the attacks , including clear identification, a thorough explanation of the attack

 

Very clear discussion about the details of the attack. The answer is supported with reference and in-text citations

 

In-depth and very clear discussion about the details of the attack. Accurate answers are supported with reference and in-text citations

 

Analysis and action (10)

 

Poor discussion with irrelevant information

 

A brief discussion about the analysis and action. The analysis provides a basic impact assessment but lacks comprehensive details.

 

Generally, good discussion regarding the analysis and action. The impact assessment is reasonable but may lack some depth

 

Very clear discussion about the analysis and action. The answer is supported with references and in-text citations

 

In-depth and very clear discussion about the analysis and action. The report provides a complete strategy of how the target found out about the attack and the way they dealt with it with accurate answers supported with references and in-text citations.

 

Risk Identification (15)

 

Poor discussion with irrelevant information

 

A brief discussion about risk identification. Displayed a basic understanding of the threat landscape but it lacks depth. One of the provided tools was not utilised correctly.

 

Generally good discussion about risk identification. Shows a good grasp of the threat landscape but may overlook using one of the given tools.

 

Very clear discussion regarding risk identification. Properly use one of the given tools. The answer is supported by the reference and in-text citation

 

Using one of the

 

provided tools

 

demonstrates an

 

exceptional

 

understanding of the

 

threat landscape with

 

accurate responses

 

supported by

 

references and in-text

 

citations.

 

Risk Analysis (15)

 

Poor risk assessment. No assets were mentioned,

 

A brief discussion about risk analysis.

 

Some relevant assets were identified, but

 

Most relevant assets are identified with

 

A very clear and in-depth

 

nor were any threats evaluated.

 

Few threats are evaluated.

 

important ones are missing. Some threats were assessed but lacked detail or accuracy.

 

minor omissions or inaccuracies. Well- documented threats with minor omissions or inconsistencies. The answer is supported with reference and in-text citation

 

Comprehensive identification of all relevant assets, including data, systems, and applications. A thorough assessment of potential threats, their likelihood, and potential impact. The answer is supported with reference and in- text citation

 

Risk Evaluation (20)

 

Poor evaluation of risk. There are no identified threats or vulnerabilities.

 

A brief discussion about risk evaluation. Few threats and vulnerabilities are identified.

 

Most threats are identified, but some important ones are missing. Some vulnerabilities were identified, but important ones are missing.

 

Comprehensive threat identification with minor omissions. Most vulnerabilities were identified and assessed with minor omissions. The answer is supported with reference and in-text citation

 

Thorough identification of potential threats, including emerging and known threats. Comprehensive identification and evaluation of vulnerabilities. The answer is supported with reference and in-text citation

 

Conclusion (10)

 

The conclusion is unclear, fails to summarize key points, has little to no impact, lacks coherence, and lacks originality

 

The conclusion is somewhat unclear, lacks a thorough summary of key points, has a limited impact, struggles with coherence, and lacks originality.

 

The conclusion is generally clear, summarizes key points adequately, has a moderate impact, maintains satisfactory coherence, and lacks significant originality.

 

The conclusion is clear, effectively summarizes key points, has a positive impact, maintains good coherence, and shows some originality.

 

The conclusion is exceptionally clear, effectively summarizes key points, has a significant impact, maintains excellent coherence, and demonstrates originality.

 

Formatting and referencing (5 marks)

 

Includes misspelt words, incorrect language, incorrect punctuation, improper formatting, and reference citation based on applicable standards; satisfies minimum page length requirements

 

Few spelling, grammatical, and punctuation problems are present. A few formatting or citation problems according to proper standards; fulfils minimal page requirements.

 

Few spelling, grammatical, and punctuation problems are present with a few citation problems

 

Few spelling, grammatical, and punctuation problems are present.

 

There are no spelling or grammar mistakes. The paper’s format and citation of sources conform to applicable criteria; the minimum number of pages is met.

Interested in getting help with this assignment?

Get a professional writing team to work on your assignment!

Order Now
Recent posts
For this final assignment, you will prepare a brief paper detailing the steps undertaken to complete a presentation that disseminates information you assemble
Please choose to answer only one of the 2 following questions. Option 1: In your opinion and based on scientific, peer-reviewed published evidence, does child
At the beginning of the previous academic year, the institution announced it would drop football at the conclusion of the season. The announcement created pub
you will review current research in Personality and provide a critical evaluation of that personality research through an annotated bibliography. An annotated
In Module 5, we considered the third in our three-part series on research design. Specifically, the focus was on the longitudinal studies, in which the resear

Need help with a similar or different Task?

We have the best writers to help you. Hire Writer Now

ORDER NOW