Posted: September 1st, 2023

CMP71001 Assignment 2 Security consultation report

1
Unit code CMP71001
Assignment 2 Security consultation report and guideline.
Due Date
Learning
Friday 27 September 2019 Week 12.
Outcomes
Graduate
3, 4 & 6
Attributes 3, 4 & 5
Weight 30% of overall unit assessment
Suggestion This assignment is developmental and cumulative. You are strongly advised to
start doing this assignment from Week-7 in your study. Leaving your starting
date to the week before the due date is a very poor strategy for success in the unit.
Marks A marking scheme will be posted on MySCU to help you direct your efforts
successfully.
Task Description
You are hired by the organisation, such as Southern Cross University, selected in Ass1,
as a cybersecurity consultant to work on a security program to address the contemporary
and emerging risks from the cyber threats the organisation is facing. Your tasks are the
following:
• Task 1: the organisation is currently using a password based authentication system
to control the user access to the organisation’s information system. However, the
Bring Your Own Device (BYOD) policy recently implemented by the
organisation has raised some security concerns. As a security consultant, assess
the risk from the BYOD policy to the organisation’s information system.
• Task 2: After the assessing the risk from the BYOD policy, you suggest the
organisation to replace the current password-based authentication scheme with a
Certificate-Based Authentication for both device and user authentication. To
justify your suggestion, write a technical report to explain the working principle
of the Certificate-Based Authentication mechanism and discuss why the
organisation should use the mechanism in this case by comparing it with the
password-based authentication mechanism. Use figure when necessary to support
your answers.
• Task 3: You have identified “Phishing” is among the top cybersecurity threats
facing by the organisation. Use available online (e.g., Internet) resources to
develop a guideline for the organisation staff to combat with the threat. The
guideline will include the following:
o Definition of phishing and its distinctive characteristics.
o At least three (3) real examples showing the phishing characteristics.
2
o An instruction to the users of how to recognise and safely handle a
phishing attack.
o An instruction to the IT administrator of how to minimise the phishing
threat.
Assignment-2 guideline
Task 1: BOYD risk assessment
To complete this task, use the following guidelines:
• Identify the most critical components of the organisation information system – the
critical information assets.
• Identify what threats the BYOD policy may bring to the identified critical assets.
• Identify potential vulnerabilities of each asset against the identified threats.
• Assess the risk to the organisation information system using either quantitative or
qualitative risk assessment approach and document the risk assessment process.
Task 2: Certificate-based Authentication
To complete this task, use the following guidelines:
• Perform necessary research to understand the working principle, pros and cons of
the Certificate-based Authentication mechanism. Document all reference sources.
• Write a technical report to explain the working principle of the Certificate-based
Authentication mechanism. Compare the certificate-based authentication against
the password-based authentication and highlight the features you think are useful
for combating the threats from the BYOD policy for device and user
authentication at the same time.
• Note that you are not allowed to cut and paste from online resources. Use your
own words and figures. Acknowledge all reference sources.
Task 3: Anti-phishing guideline
To complete this task, use the following guidelines:
• Read online resources, such as Black (2005) “Phish to Fry: Responding to the
Phishing Problem”. Journal of Law and Information Science, 16(1), pp. 73-91
(http://classic.austlii.edu.au/au/journals/JlLawInfoSci/2005/4.html), AntiPhishing
Working Group (https://www.antiphishing.org/resources/), etc. to define what type of
electronic messages should be treated as phishing, what are the distinctive
characteristics of a phishing and what act is considered as phishing?
• Search for 3 representative examples of phishing or use your own phishing as
examples.
• Use samples from reputable online resources to help you with the development of
phishing handling instructions. The instructions should be clear, concise and
precise.
3
Assignment-2 Marking Rubric
The following marking rubric will be used for the marking of your submission. It contains a detailed
breakdown of the marking criteria for this assignment. Make sure you read CAREFULLY this to
understand how your work would be graded against each of the defined criteria.
Criteria
Mark
break
down
Note to the student
Task1 12
Identify the most critical components of the
organisation information system – the critical
information assets
3
Access control is a critical component of any
information system. WFA can help to identify the
most critical component. If you don’t use WFA,
provide arguments to justify your choice of the
critical components.
Identify what threats the BYOD policy may bring to the
identified critical assets 3 Do not bring in any threats. Think about BYOD
policy.
Identify potential vulnerabilities of each asset against
the identified threats 3 Use TVA worksheet to document this process.
Assess the risk to the organisation information system. 3
You can use either quantitative or qualitative risk
assessment method.
Task 2 10
Clearly explains the working principle of the
certificatebased authentication. 3
Compare and contrast the certificate-based
authentication and password-based authentication for
device and user authentication.
3
Correctly identify and highlight the useful features of
the certificate-based device and user authentication for
BYOD policy.
3
Quality of references
1
Reference from reputable sources e.g. textbook,
research papers, technical reports.
Task 3 7
Correctly identify the characteristics of a phishing act. 2
Provide three representative examples of phishing 2
Phishing handling instruction 3
Documentation 1
4
Professional presentation. 1 Arguments are well and logically supported; Correct
grammars and spelling.
Total 30
Submission Format
When you have completed the assignment, you are required to submit your assignment in
the PDF/DOC format. The file will be named using the following convention: filename =
FirstInitialYourLastName_CMP71001_A2_S2_2019.pdf (i.e.
DJones_CMP71001_A2_S2_2019.pdf)
Original work
It is a University requirement that a student’s work complies with the Academic Integrity
Policy. It is a student’s responsibility to be familiar with the Policy.
Failure to comply with the Policy can have severe consequences in the form of University
sanctions. For information on this Policy please refer to Student Academic Integrity policy
at the following website:
http://policies.scu.edu.au/view.current.php?id=00141
As part of a University initiative to support the development of academic integrity,
assessments may be checked for plagiarism, including through an electronic system, either
internally or by a plagiarism checking service, and be held for future checking and
matching purposes.
Retain duplicate copy
Before submitting the assignment, you are advised to retain electronic copies of original
work. In the event of any uncertainty regarding the submission of assessment items, you
may be requested to reproduce a final copy.
School Extension Policy
In general, I will NOT give extension unless where there are exceptional circumstances.
Students wanting an extension must make a request at least 24 hours before the assessment
item is due and the request must be received in writing by the unit assessor or designated
academic through student service (please visit
https://www.scu.edu.au/currentstudents/student-administration/special-consideration/ for
details) . Extensions within 24 hours of submission or following the submission deadline
will not be granted (unless supported by a doctor’s certificate or where there are
exceptional circumstances – this will be at unit assessor’s discretion and will be considered
on a case by case basis). Extensions will be for a maximum of 48 hours (longer extensions
supported by a doctor’s certificate or alike to be considered on a case by case basis).
A penalty of 5% of the total available grade will accrue for each 24-hour period that an
assessment item is submitted late. Therefore, an assessment item worth 20 marks will have
1 mark deducted for every 24-hour period and at the end of 20 days will receive 0 marks.
Students who fail to submit following the guidelines in this Unit Information Guide will
be deemed to have not submitted the assessment item and the above penalty will be applied
until the specified submission guidelines are followed.
5
Marks and Feedback
All assessment materials submitted during the semester will normally be marked and
returned within two weeks of the required date of submission (provided that the
assessment materials have been submitted by the due date).
Marks will be made available to each student via the MySCU Grade book.

Check Price Discount

Study Notes, Research Topics & Assignment Examples: BN200 Unit Network Security Fundamentals Assessment »Framework for Professional Nursing Practice