Unit Cybersecurity Management Unit code CMP73001
Assignment 1 Risk assessment
exercise
We Write Essays for Students
Tell us about your assignment and we will find the best writer for your paper
Get Help Now!Due Date: 8
April 2020 11:00PM
Learning outcomes: 1
Graduate
Attributes 4
Weight 30% of overall unit assessment
Suggestion
You are strongly advised to start doing this assignment
from Week 3 in your study. Leaving your starting date to the day before the due date is a very poor strategy
for success in the
unit.
Task Description CMP73001 Cybersecurity management
You are hired by Advanced Medicos Limited (AML), a healthcare product sell company, as a cybersecurity consultant to help in security management and to address the contemporary and emerging risks from the cyber threats the company is facing. AML is providing a platform for Australian customers to sell their product online. The vision of the company is to be among the top 5 nation-wide. The board from the advice by Chief Information Officer (CIO) and Chief Information Security Officer (CISO) has concluded that they should get to point that the key services such as web portal should be able to recover from major incidents in less than 20 minutes while other services can be up and running in less than 1 hour. In case of a disaster, they should be able to have the Web portal and payroll system fully functional in less than 2 days.
The company is a new company which is growing
rapidly. While the company uses its database server to store the information of its customers’ private data, credit
card info, etc. it has a poor- designed network with a low level of security. As the company
is responsible for the privacy
and the security of customer personal
info, credit card details, the security of payment transactions, etc. they have decided
to improve their information security.
Therefore, they have hired you to
do the following task:
- Risk assessment exercise: perform
a full cyber risk assessment exercise for this company
and document the outcomes.
Existing IT
infrastructure of AML:
- Office
365 Emails Hosting- 2 Web
server providing web services and payment options
- A
physical database server storing customer information
- DHCP and
DNS servers
- Servers
located in a server room accessible by all
staff
- There is
no virtual/cloud storage
- The backup files
are stored on a single computer connected to the internal
network
- Two
24-port Cisco Catalyst switches (1Gbps ports)
- Switches
are access layer switches
- ADSL
router
- 40 PCs
with outdated antivirus
- The operating systems
used in the company are Windows 2012 server and Windows 10
- Windows
Firewalls are on
- No
security configuration on routers and switches
- Telnet connection is used by IT people to remotely check the configuration of the network devices. Therefore, there is no
encryption in remote access.
- Two
wireless access points
- Wireless
security is WPA
- 10 Voice
over IP phones
- Servers
located in a server room accessible by all
staff
- There is
no virtual/cloud storage
- The backup files
are stored on a single computer connected to the internal
network
- There are 40 staff
including three IT people (IT staff are responsible to look after internet
connection, network devices, Wi-Fi, Voice over IP service, LAN, computers,
servers, hardware and software, and video conference facilities).
- All
staff and equipment are on a single floor.
- The roles and responsibilities of people who are responsible for information
security management are not clear
and they are not documented. All IT staff help in information
security management.
- 2 Web
For this assignment, you need to write a report to the CEO of the company and answer a number of questions. You should also identify assets, perform risk assessment, and propose solutions to mitigate risks. Your answer should be submitted in PDF/DOC files.
Assignment-1 guideline
Risk assessment exercise: perform a full cyber risk assessment exercise for AML and document the outcome.
Task 1: Identify and manage asset
- To perform a risk assessment for
this company, you should first
identify all information assets and their business values.
This is necessary
because unidentified assets
are not considered in risk
assessment. In this question, you need to identify information assets based on
your judgment and then perform the asset classification. You should classify
information assets as different categories of assets which might need different protection based on their sensitivity and their value.
Make a table
for your task
1 and add the following information in your table:- provide a list of assets (at least
10 assets should be identified) and provide a meaningful description for the assets e.g. what is it used for, and what is included etc.
- determine the asset location and ownership, assign
a unique ID for the asset. Each id
should give some hint about the asset. For instance, HW.01 can be interpreted
as Hardware Asset number 1.
- classify the identified assets
based on their sensitivity. The identified classes should be based on your understanding and experience of each asset.
You need to do some research and find at least three
common classes of information assets. Create a Weighting Factor Analysis (WFA)
to rank the identified assets.
- provide a list of assets (at least
To complete this task you need to search for asset
classification samples. The following links also give you the required
information about assets classes.
https://www.flinders.edu.au/content/dam/documents/staff/policies/facilities-info- management/information-classification-handling-procedures.pdf
- Explain how information security
governance can help AML to have efficient asset management.
- To improve the level of cybersecurity in AML, you should develop
some security policies. The policies should cover
different assets like people, technology, access control, etc. The links below give you some examples
of information security policies. For this question, at least 5 policies should
be provided. It is expected
that you first
create your Enterprise security or enterprise information policy.
https://policies.newcastle.edu.au/document/view-current.php?id=135 https://sydney.edu.au/policies/showdoc.aspx?recnum=PDOC2011/141&RendNum=0
Task 2: Vulnerability management and risk
management
- Do some research about different steps of Enterprise Risk Management by ISO
framework and briefly explain each step.
- Identify vulnerabilities in the company
assets and their
threats. This information should be shown in a table
called vulnerability assessment table (TVA worksheet). One extra
column should be added for brief vulnerability analysis.
- Now, you are responsible to develop a risk management strategy to mitigate
the existing risks to an acceptable level. You should use this template to create your strategy.
- Create a risk assessment table
including the identified threats and vulnerabilities, the likelihood of their occurrence, the expected impact of the
threats on the company’s operations, and the risk rating.
You should answer this question based on your answer to
question 2.2 and based on the
experience that you gained
in the basic
Cybersecurity unite. The risk analysis
matrix should be used in this task.
The
following link helps you to create your risk assessment table. On Page 10 of this file, there
is an example of risk assessment. Make a similar
table for this question.
Assessment Criteria
| Criteria | Max Mark |
| Task1: Identify and manage asset | 12 |
|
Task 1.1 a & b: identify assets and other required information |
3 |
|
Task 1.1 c: Classify the identified assets |
4 |
|
Tasks 1.2 & 1.3: explain the importance of information security governance and develop security policies |
5 |
|
Task 2: Vulnerability management and risk management |
15 |
|
Task 2.1: Describe risk management phases in ISO framework |
3 |
|
Task 2.2: identify vulnerabilities and their threats |
4 |
|
Task 2.3: develop a risk management strategy |
3 |
|
Task 2.4: perform risk assessment |
5 |
| Documentation | 3 |
| Professional presentation. | 1.5 |
| Referencing | 1.5 |
| Total | 30 |
Assignment-1
Marking Rubric
A spreadsheet that will be used for the marking
of your site is provided
(attached with the final
submission link) on MySCU to itemize exactly what tutors will be looking at in
relation to marking your assignment. It contains a detailed breakdown of the
marking criteria for this assignment. I
strongly suggest you peruse this spreadsheet.
Format, Presentation and Submission Format
There is no report template to be used in this
assignment, so you can design your own template or refer to online resources.
However, the report should be well presented in a standard report
format. The first
page of the report should
have a simple company logo, your
name, and student ID, CMP73001
Assignment 1, and the date you submit your assignment.
When you have completed the assignment, you are required
to submit your assignment in the
PDF/DOC format. The file will be named using the following convention:
filename = FirstInitialYourLastName_CMP73001_A1.pdf (i.e.
FJones_CMP73001_A1.pdf)
Original Work
Note that you are not allowed
to cut and paste from
online resources. Use your own words
and figures. Acknowledge all reference sources.
It is a University requirement that a student’s
work complies with the Academic
Integrity Policy. It is a
student’s responsibility to be familiar with the Policy. Failure to comply with
the Policy can have severe consequences in the form of University
sanctions. For information on this Policy please refer to Student
Academic Integrity policy
at the following website:
As part of a University initiative to support the
development of academic integrity, assessments
may be checked for plagiarism, including through an electronic system,
either internally or by a plagiarism checking service, and be held for future checking and matching
purposes.
A Turnitin link has been set up to provide you with an opportunity to check the originality of your work
until your due date. Please make sure you review the report generated by the
system and make changes (if necessary!) to minimise the issues of improper citation
or potential plagiarism. If you fail to follow
this step, your report may not be graded or may incur late feedback.
Retain
Duplicate Copy
Before submitting the assignment, you are advised to retain electronic copies of original
work. In the event of any uncertainty regarding the submission of
assessment items, you may be requested to reproduce a final copy.
School Extension Policy
In general, I will NOT give extension
unless where there are exceptional circumstances. Students wanting
an extension must make a request at least
24 hours before the assessment item is due and the request
must be received in writing by the unit assessor or designated academic through
student service (please visit https://www.scu.edu.au/current- students/student-administration/special-consideration/ for details). Extensions within 24 hours of submission or following the submission deadline will
not be granted (unless supported by a
doctor’s certificate or where there
are exceptional circumstances – this will be at unit assessor’s discretion and will be
considered on a case by case basis). Extensions will be for a maximum of 48 hours (longer
extensions supported by a doctor’s
certificate or alike to be considered on a
case by case basis).
A penalty of 5% of the total available
grade will accrue for each 24-hour period that an assessment item is submitted late. Therefore, an assessment item worth 20 marks will have 1 mark deducted for every 24-hour
period and at the end of 20 days will receive 0 marks.
Students who fail to submit following the guidelines in this Unit
Information Guide will
be deemed to have not
submitted the assessment item and the above penalty will be applied until the
specified submission guidelines are followed.
Marks and Feedback
All assessment materials submitted during the semester will normally be marked and returned
within two weeks of the required date of submission (provided that the assessment materials have been submitted by the due date).
Marks will be made available to each student via the MySCU Grade book.
Welcome to originalessaywriters.com, our friendly and experienced essay writers are available 24/7 to complete all your assignments. We offer high-quality academic essays written from scratch to guarantee top grades to all students. All our papers are 100% plagiarism-free and come with a plagiarism report, upon request
Tell Us “Write My Essay for Me” and Relax! You will get an original essay well before your submission deadline.
