I have uploaded the assignment file and list of references file in the attachment. You have to follow the Harvard reference style. All the assignment details and marking rubric are mentioned in the file.
Microsoft Word - CMP71001_Assignment_1_2019 S31-Final Unit code CMP71001 Assignment 1 Risk assessment. Due Date Learning Outcomes Graduate 7th Dec 2019 11.00pm (QLD Time) 1, 2 Attributes 3, 4 & 5 Weight 20% of overall unit assessment Suggestion This assignment is developmental and cumulative. You are strongly advised to start doing this assignment from Week-4 in your study. Leaving your starting date to the week before the due date is a very poor strategy for success in the unit. Task Description You are a cybersecurity consultant working for one of the big-4 consulting firms. In your client portfolio you have the choice of working on a cybersecurity program for the following clients; an educational institute (such as a university), a small-to-medium sized business (SME), and a division of large business/government organisation. You are to choose one client. As part of your work for the client, you have chosen you are required to provide a client report that explains the importance of cybersecurity risk assessments. To successfully write this report, you must complete the following tasks: • Task 1: discuss why risk assessment is the most critical step in developing and managing cyber security in the organisation and identify any limitations of the current risk assessment methods. • Task 2: create five questions that will identify the most critical information assets of the organisation and justify how the five questions you have created achieve this. For example, you could assume that an organisation website is one of the most critical information assets of the organisation. Create a WFA template to rank the top five assets. • Task 3: identify the top five threats to the organisation information assets. Support your findings by referencing reputable sources of information. • Task 4: Discuss how the top five threats identified in Task 3 could/could not impact the asset. Rank the threats and define the risk values based on their likelihood of exposure and levels of impact (potential consequences) on the asset. Support your discussion by quoting reputable sources of information. You are free to make any assumption(s) you wish regarding the organisation structure, mission, vision, business profile, etc. which will need to be documented in the appropriate sections of your report. CMP71001 – Cybersecurity Assignment-1, S3 2019 Assessment Criteria Criteria Max Mark Task1 6 Concept of risk assessment in the context of cybersecurity 1.5 Identification of knowledge by performing risk assessment 1.5 Application of risk assessment results for risk management 1.5 Limitations of the current risk assessment approaches 1.5 Task 2 4 Questions design to identify the most critical information assets 2 WFA worksheet to rank the assets. 2 Task 3 4 Threats to the organisation information assets 4 Task 4 4 Risk analysis (Impact analysis and risk ranking) 4 Documentation 2 Professional presentation. 1 Referencing 1 Total 20 Format, Presentation and length There is no report template to be used in this assignment, so you can design your own template or refer to online resources. However, the report should be well presented in a standard report format. Due to the system setting constraint, the report 1 length was set with 1000 words in the unit UIG. You are advised that there is no formal word limit for the report. However, a good report is expected to be somewhere in the vicinity of 2,000 - 3,000 words from Introduction to Conclusion. Note that this is a very rough estimate and there will be no penalties imposed based on the number of words (no real ceiling if the content is precise and relevant!) 4 Assignment-1 marking rubric The following marking rubric will be used for the marking of your submission. It contains a detailed breakdown of the marking criteria for this assignment. Make sure you read CAREFULLY this to understand how your work would be graded against each of the defined criteria. Criteria Task 1 Level of Student Performance HD (85-100%) D (75-85%) C (65-75%) P (50-65%) F (0-49%) Risk assessment Concept Knowledge Identification Correct and accurate definition of risk assessment; A clear description that precisely shows the essence of the risk assessment process and its objectives. Clear and correct information that indicates at least 4/5 different points of usefulness in line with the objectives of risk assessments. Correct and accurate definition of risk assessment; A clear description that shows the essence of the risk assessment process and its objectives. Clear and correct information that indicates at least 3 different points of usefulness in line with the objectives of risk assessments. Reasonably correct definition of risk assessment; Adequate description that shows the most essence of the risk assessment process and its objectives Clear and correct information that indicates at least 2 different points of usefulness in line with the objectives of risk assessments Reasonably correct definition of risk assessment; A very brief description that shows some essence of the risk assessment process and its objectives. Adequate information that indicates at least 2 different points of usefulness in line with the objectives of risk assessments Little or no correct description that shows essence of the risk assessment process and its objectives Little or no relevant information in line with the objectives of risk assessments. Application of risk Comprehensive and solid Comprehensive arguments of Comprehensive arguments Adequate arguments of the use Little or no valid assessment results arguments of the use of risk the use of risk assessment of the use of risk of risk assessment results in arguments of the use of assessment results in developing results in developing and assessment results in developing and managing risk assessment results in and managing cybersecurity; managing cybersecurity; developing and managing cybersecurity; developing and managing Clearly explain how they can affect the business decision- Clearly explain how they can affect the business decision- cybersecurity; Briefly explain how they Briefly explain how they can affect the business decision- cybersecurity. making process. making process can affect the business making process decision-making process limitations of the Critical analysis of the limitations Detail description but not Detail description of the Brief description of the Little or no description of the risk assessment inherited with both qualitative and critical analysis of the limitations inherited with limitations inherited with both limitations inherited with approach qualitative methods. limitations inherited with both either qualitative and qualitative and qualitative both qualitative and methods. qualitative methods. CMP71001 – Cybersecurity Assignment-1, S3 2019 4 qualitative and qualitative methods. qualitative methods but not both. Task 2 Questions to ask for the most critical information assets Define and discuss five questions you would ask to identify most critical assets of the given organisation. Clear justification why those assets are critical to the organisation. Define and discuss at least four questions you would ask to identify most critical assets of the given organisation. Clear justification why those assets are critical to the organisation. Define and discuss at least three questions you would ask to identify most critical assets of the given organisation. Reasonable justification why those assets are critical to the organisation. Briefly define and discuss at least five questions you would ask to identify most critical assets of the given organisation. No justification provided why those assets are critical to the organisation. Little to no response to this task. WFA worksheet Clearly define at least 3 criteria that match with the given context. Explain the importance of those criteria. Define and justify their impact factor. Clearly define at least 3 criteria that match with the given context. Explain the importance of those criteria. Define their impact factor. Clearly define at least 3 criteria that match with the given context. Explain the importance of those criteria. Briefly define at least 2 criteria that match with the given context. Briefly explain the importance of those criteria. Little to no discussion on WFA worksheet Task 3 Threats Correctly identify at least five threats; Discuss each threat sufficiently detailed with threat agent, method of delivery and working mechanism. Justify why do you feel these are the critical threats to the organization. Correctly identify at least five threats; Discuss most of them sufficiently detailed with threat agent, method of delivery and working mechanism. Briefly justify why do you feel these are the critical threats to the organization. Correctly identify at least 4 threats; Briefly discuss most of them with threat agent, method of delivery and working mechanism. Briefly justify why do you feel these are the critical threats to the organization Correctly identify at least 2 threats; Briefly discuss them with threat agent, method of delivery and working mechanism. Briefly Justify why do you feel these are the critical threats to the organization Little to no threats identification or discussion Task 4 Impact assessment and ranking Comprehensive qualitative risk assessment presented to rank and prioritise risks for all items identified above. Comprehensive qualitative risk assessment presented to rank and prioritise risks for most of the items identified above. Qualitative risk assessment presented to rank and prioritise risks for most of the items identified above. Brief risk assessment presented to rank and prioritise risks for most of the items identified above Little or