SIT763: CYBER SECURITY MANAGEMENT Assessment 3
Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: daixieit
SIT763: CYBER SECURITY MANAGEMENT
Assessment 3: Critical thinking task
This is an individual assessment task.
This assessment is intended to help you demonstrate and apply your knowledge of the human factors that contribute to cybersecurity incidents, how to manage the security incidents, and how to mitigate threats due to human factors.
Key information
• Due: by 8:00pm (AEDT) Sunday, 15 January 2023 (by the end of Week 8)
• Weight: 20% of total mark for this unit
• Submit: electronically via DeakinSync Unit Site.
Learning outcomes
In this assignment, you will be focusing on the following unit learning outcomes (ULOs):
ULO2 – Assess security risks, threats and vulnerabilities to the organisation and implement appropriate information security protection mechanisms by analysing requirements, plans and IT security policies.
ULO3 – Identify personnel security, training and security education needs, and associated legal and ethical awareness and propose strategies for corporations taking into account cost benefit ratios.
These ULOs will contribute to three of your Deakin graduate learning outcomes (GLOs) in the form of discipline knowledge (GLO1), critical thinking (GLO4) and problem solving (GLO5).
Background information
Case study: A recent cyber security risk analysis identified a ransomware via spear-phishing to be a significant business risk to XYZ Realty Group (XYZRG). The chief information security officer (CISO) has advised XYZRG management and was given the go-ahead to institute a thorough SEAT programme and a comprehensive incident response plan to adequately deal with a ransomware attack.
You have been hired by XYZRG to
• develop and offer a social engineering SETA program specifically focused on spear- phishing attacks to its staff.
• develop a cybersecurity incident response plan based on the NIST Incident Response framework.
Task 1: Security Education Training and Awareness (SETA) Programme
Create a role-based SETA programme in the following three roles: real estate agents, data centre operators, and cyber security engineers. For each role, recommend the most appropriate and unique SETA element using the table shown below . Here is the description of each criterion:
• Goals – identify two unique and meaningful goals. Explain why you have chosen them.
• Objectives – identify one or more unique objectives for each goal. Explain why you have chosen them and how the objectives help attain the goals.
• Programmes – choose from security education, security training, or security awareness the most appropriate program for the role. Justify why you choose it.
• Delivery – identify a suitable SETA element delivery method. Explain and justify why the method will be effective for the role.
• Value – explain what the attendees can take away from the programme that will help or advance their knowledge, skill, or awareness level.
When writing your answer for each criterion, consider the background and skill level of the staff in each role. Also, make sure you explain and provide justifications that are supported by relevant references.
Task 2: Incident Management and Response
You will use the NIST Incident Response framework to develop a cybersecurity incident response plan. Answer the following questions.
2.1 Create a visual representation (diagram) of the cybersecurity incident response plan's critical phases. Give a brief explanation of the important message conveyed by the diagram.
2.2 Using the diagram above, briefly describe the incident response steps taken by the security incident response team after a critical data breach is detected.
2.3 Explain how the information gathered during the incident response process will be used.
Your response to the above questions must be supported by references, theory and demonstrate application of critical thinking skills.
Task 2: Incident Management and Response
Q2.1: Diagrammatic representation of IRP phases.
Figure 1: Provide caption here
• Provide the caption to the figure
• Give a brief explanation of the important message conveyed by the diagram. Q2.2: Explanation of incident response steps
• Using the diagram above, briefly describe the incident response steps taken by the security incident response team after a critical data breach is detected.
Q2.3: Explanation of information gathered
• Explain how the information gathered during the incident response process will be used.
What do I do now?
• Start reading the reference material provided.
• Look at the assessment rubric and the unit learning outcomes to ensure that you understand what you are being assessed (and marked) on.
• Maximum size of your submission is 3 pages including references. The font size should be 12pt.
• Your submission must be in either MS Word or PDF format.
• This assessment covers material up to the week 6. To complete this assessment, you will need to have followed the theoretical material and completed the workshops for weeks 1-7.
• Ensure you keep a backup copy of your work.
• The IEEE Referencing Style is to be used for this assignment where appropriate.
https://www.deakin.edu.au/students/studying/study-support/referencing/ieee
Assignment Extensions
Please discuss with the Unit Chair if you have any existing issues that may impede your chances of completing the assessments as early as possible.
To seek an extension for this assignment, you will need to apply via the online Assignment Extension Tool in the SIT763 unit site via DeakinSync.
Your request must be submitted at least one working day (excluding public holidays and weekends) before the due date.
Please carefully read the conditions for granting an extension available at the following link.
o https://www.deakin.edu.au/students/faculties/sebe/assignment-extensions
An extension will only be granted where the reason meets one of these conditions. When requesting an extension, please provide all supporting documentation including evidence showing progress made on the assessment task.
Penalties for Late Submission
5% will be deducted from available marks for each day up to five days. Work that is submitted more than five days after the due date will not be marked; you will receive 0% for the task.
o https://www.deakin.edu.au/students/faculties/sebe/assignment-extensions
Referencing, plagiarism and collusion
Any work that you submit for assessment must be your own work. Please note that this unit has systems in place to detect plagiarism and all submissions are submitted to this system.
Submitting written work, in whole or in part, that is copied or paraphrased from other authors (including students), without correct acknowledgement, is considered one of the most serious academic offences. This practice is equivalent to cheating in examinations and it may lead to expulsion from the University. For further information, you should refer to Regulation 4.1(1),
Part 2 —Academic Misconduct, via(Current university legislation).
Please note that these regulations are not intended to discourage group work and exchange of views and information with other students and staff. Such interaction is most desirable, provided that you ultimately write your own answers and acknowledge any quoted sources.
We see responsible attitudes to plagiarism as part of general good ethical practice. Ensure you have familiarised yourself with the rules and regulations on plagiarism and collusion.
2023-01-04
Critical thinking task