already paid
ICTNWK511 Manage Network Security | Page 1 of 8 Version 3: July 2017 CRICOS Name: Pass Global Pty Ltd Trading as Australian Learning, Training & Education Centre Provider Code: 22034 CRICOS Code: 02926D 6. Assessment Tasks Assessment Task 1: Assessment Task Team: Identify and Categorise Network Security Threats Outcomes Assessed Performance Criteria: 2.1, 2.2, 2.3, 2.4, 2.5, 4.1 Addresses some elements of performance evidence and knowledge evidence as shown in the Assessment Matrix Description: A threat refers to anything that has the potential to cause serious harm to a computer system. A threat is something that may or may not happen, but has the potential to cause serious damage to the network (techopedia, 2014). In this team‐based assessment task, teams (maximum three members) will be formed in a role‐play exercise to simulate a real‐life environment. For the purpose of this task, your trainer/assessor will play the role of the manager or supervisor. Consider the following scenario; Business Profile: ABX is a Legal and Accounting firm with approximately 200 local and international clients ranging from large businesses with complex financial and legal needs to individuals with a modest financial holding. In line with business and statutory requirements there is a formal set of organisational procedures for keeping data secure, confidential and safe. At company’s head office, there’s a cafeteria and conference room on the ground floor, Legal on the second floor and Accounting on the first floor. There is an open plan work environment, with at least two closed offices on each floor for senior management. There is a workstation in the reception area and in each closed office, and four workstations in the conference room. Individual workstations are scattered around the open plan office to meet business needs. Since the last system upgrade, the company has set up remote access for some of the employees to allow them to work from home and access the files relevant to their job functions. Task: Your team have been given the task to; Identify and categorise potential network threats during each of the following likely attack stages (typical network attack pattern); 1. Footprint 2. Penetration 3. Elevation of privilege 4. Exploit 5. Cover‐up ICTNWK511 Manage Network Security | Page 2 of 8 Version 3: July 2017 CRICOS Name: Pass Global Pty Ltd Trading as Australian Learning, Training & Education Centre Provider Code: 22034 CRICOS Code: 02926D Using the STRIDE model, identify and categorise threats using the above network as an example to; 1. Define the scope of the threats (e.g. the hardware/software that will be evaluated) 2. Analyse system vulnerabilities and predict the threats 3. Identify and define likely types and sources of threats 4. Categorise the threat under each of the six STRIDE categories Alternatively, a similar network diagram (resembling the given business profile) can be used for this task. Consult with your trainer/assessor (manager role‐play) to confirm the network to be used. Write your evaluation/analysis in a well‐structured word document with appropriate headings and sub‐ headings. This task is expected to be completed within one team session and must be done during a designated assessment session in the classroom. Your communication, analytical, and technical skills will be observed and assessed. Assessment Criteria The following assessment criteria will be used for marking this assessment task. Ensure that you have addressed all of the criteria in your work; • The document is appropriately structured and presented as a formal document • Appropriate headings and sub‐headings are used to structure the contents • The content flow covers all the required elements of the analysis and contains a logical sequence of the topics • Appropriate consultation is maintained within the team and with the manager/supervisor (role‐play) throughout • Maintained effective communication within the team and resumed responsibility for own tasks • Demonstrated analytical skills in analysing network topology and predicting potential threat • Modelling of potential threat demonstrates the required technical knowledge and skills relevant to the task • Developed the threat model based on likely/typical attack stages (Footprint, penetration, elevation of privilege, exploit, cover‐up • Used the STRIDE model to categorise threats • Team work and the final document demonstrates a structured approach to identifying and categorising threats Submission Guidelines The proposal must be submitted in a professional, word‐processed layout using the document structure suggested above as a guide for key headings. Submit; • Word processed threat modelling document with an assignment cover sheet (signed by all team members) Electronic versions of the assessment task and email/electronic submission arrangements are at further discretion of the trainer/assessor. Note: Keep a copy of all your work/documents as you may need them in the subsequent tasks. ICTNWK511 Manage Network Security | Page 3 of 8 Version 3: July 2017 CRICOS Name: Pass Global Pty Ltd Trading as Australian Learning, Training & Education Centre Provider Code: 22034 CRICOS Code: 02926D Assessment Task 2: Assessment Task Write a Network Security Policy Outcomes Assessed Performance Criteria: 4.4, Performance Evidence (Part) Addresses some elements of performance evidence and knowledge evidence as shown in the Assessment Matrix Description: A network security policy, or NSP, is a generic document that outlines rules for computer network access, determines how policies are enforced and lays out some of the basic architecture of the company security/ network security environment (NIST, 2014). In this assessment task, you will be required to “write” a Network Security Policy resembling a real‐life policy based on the fundamental CIA Triad approach of; 1. Confidentiality and privacy of company’s information and data 2. Integrity and protection of company’s information 3. Availability/access of company’s information This is an individual task. You will use the organisation profile used in Assessment Task1 for the required context and relevance (or any other organisational context if a different network/organisation was chose in the previous task). There is no fixed format for the policy document. However, it is expected that you will include the typical policy components of; Purpose Scope Definitions Audience Relevant laws/standards Policy Responsibility You may use these as possible heading for your policy document. The policy should be neatly drafted and presented as a formal document. Assessment Criteria The following assessment criteria will be used for marking this assessment task. Ensure that you have addressed all of the criteria in your work; • The policy documents is developed within the given purpose and context • The policy document is appropriately structured and presented as a formal document • Appropriate headings and sub‐headings are used to structure the contents • The content flow covers all the required sections and contains a logical sequence of the information • Target audience and policy scope are identified and described • Reference to the relevant laws/regulations (information, privacy, disclosure, access etc.) and standards are made within the policy documents ICTNWK511 Manage Network Security | Page 4 of 8 Version 3: July 2017 CRICOS Name: Pass Global Pty Ltd Trading as Australian Learning, Training & Education Centre Provider Code: 22034 CRICOS Code: 02926D • The policy contents follow the CIA Triad approach to address all the required areas (i.e. Confidentiality, Integrity, and Access) • The policy contents demonstrate understanding of organisational and security requirements • Overall, the contents, language, and presentation resemble a real‐life approach to writing a formal policy document Submission Guidelines The proposal must be submitted in a professional, word‐processed layout using the document structure suggested above as a guide for key headings. Submit; • Word processed policy document with an assignment cover sheet Electronic versions of the assessment task and email/electronic submission arrangements are at further discretion of the trainer/assessor. Note: Keep a copy of all your work/documents as you may need them in the subsequent tasks. ICTNWK511 Manage Network Security | Page 5 of 8 Version 3: July 2017 CRICOS Name: Pass Global Pty Ltd Trading as Australian Learning, Training & Education Centre Provider Code: 22034 CRICOS Code: 02926D Assessment Task 3: Assessment Task Team: Develop a Risk Management Plan Outcomes Assessed Performance Criteria: 2.3, 2.4, 3.1, 3.2, 3.3, 3.4, 4.1, 4.3, 5.3 Addresses some elements of performance evidence and knowledge evidence as shown in the Assessment Matrix Description: A risk analysis is a document process showing an organisation's vulnerabilities and the estimated cost of recovery in the event of damage. A "risk" is the expectation that a threat may succeed and the potential damage that can occur. The risk management plan summarises defensive measures and associated costs based on the amount of risk the organization is willing to accept (PC Mag, Encyclopaedia, 2014). For the purpose of this task, you will need to use a sample, lab‐based, network to assess the security risk from both internal (someone having internal access of the network) and external (visible to public through the internet) perspectives. Note: The teams formed for the Assessment task1 may continue in this task, or new teams formed as per the group requirements. Alternatively, this task can also be undertaken as an individual task if the trainer/assessor deems it appropriate based on student abilities. You will use the same business profile and security context used in Assessment Tasks 1 & 2. Your