BN 223
Prepared by: Dr. Ghassan Kbar Moderated by: Dr Sihui (Sue) Zhou March, 2019 Assessment Details and Submission Guidelines Trimester T1, 2019 Unit Code BN223 Unit Title Cyber Security Principles Assessment Author Dr Ghassan Kbar Assessment Type Individual (Assignment 1) Assessment Title Assignment 1 – Cyber Security Threats, Vulnerabilities and Risk Unit Learning Outcomes covered in this assessment Students should be able to demonstrate their achievements in the following unit learning outcomes: a. Understand the common types of threat and vulnerabilities to cyber systems and data Weight 15% of Total Assessment Total Marks 100 Word limit See instructions Due Date Wek 8 Friday 10/5/2019 11:55PM Submission Guidelines All work must be submitted on Moodle by the due date along with a completed Assignment Cover Page. The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2 cm margins on all four sides of your page with appropriate section headings. Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using APA or IEEE referencing style for School of Business and School of Information Technology and Engineering respectively. Extension If an extension of time to submit work is required, a Special Consideration Application must be submitted directly to the School's Administration Officer, in Melbourne on Level 6 or in Sydney on Level 7. You must submit this application three working days prior to the due date of the assignment. Further information is available at: http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and- guidelines/specialconsiderationdeferment Academic Misconduct Academic Misconduct is a serious offence. Depending on the seriousness of the case, penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at: http://www.mit.edu.au/about-mit/institute- publications/policies-procedures-and-guidelines/Plagiarism-Academic- Misconduct-Policy-Procedure. For further information, please refer to the Academic Integrity Section in your Unit Description. http://www.mit.edu.au/about http://www.mit.edu.au/about http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure BN223 Cyber Security Principles Page 2 of total pages Prepared by: Dr. Ghassan Kbar Moderated by: Dr Sihui (Sue) Zhou March, 2019 Assignment Description Tasks: There are two parts to this assignment, i.e. part A and part B. A. Write a review article for the topic described below. Note that final mark of part A would be affected by the presentation result of part B. This is to assure that students understand the work presented in part A. overall mark of part A could be deducted by 50% for poor presentation 90 marks B. Presentation (to present in 5-8 slides only in 5-8 minutes during Laboratory time) 10 marks Part A description: 1. Topic - Network security Vulnerability and its impact on threats and attacks System security challenges have increased over the years especially with critical systems such as banking, healthcare, and the use of advance utilities becoming more connected. On the other hand, the malicious actors have evolved from early-day hackers whose intentions were mostly curiosity to modern-day hackers who has the intentions of financial gain to espionage and beyond. To effectively secure against these threats and attacks, it is important to understand what we are securing, how we are securing it, and who we are securing against. You need to cover the following topics to secure the company network: 1. Identify a target company: You need to select an existing company and describe its current network setup, business mission/objectives, and historical attacks if existed. This company should have multiple branches nationally and/or internationally that are connected over internet. 2. Know The Enemy. You need to conduct a research and identify the possible enemy according to business of the selected company, and what would motivate them to conduct possible attacks. 3. Know The Self. Threat is the presence of something valuable that makes a threat credible. The value and nature of a valuable define the nature of the threat, the risk posed by a threat, and the cost of defense. You need to define/list the assets that you have to protect, the risks associated with those assets, and the costs of protecting or not protecting them, so you can define the threat to your network. This analysis of an organization’s assets and risks would lead to create a proper security policy. You need to prepare the following: BN223 Cyber Security Principles Page 3 of total pages Prepared by: Dr. Ghassan Kbar Moderated by: Dr Sihui (Sue) Zhou March, 2019 a. Assess the vulnerability of the company system network. Discuss the possible vulnerabilities might exist at the company and how to check for them. b. Discuss the different type of threats facing this company. c. What could be the potential risks and how to mitigate them. d. The cost of defence for addressing the important risks. e. Describe the steps for security policy needed to secure the company’s network. f. What is the role of security standards in improving the network security? You can give example of NIST framework g. Search for CISCO SAFE model (as shown in the reference below) and describe their method for analyzing threats, risks, and policies across an organization and implementing controls. Reference: “SAFE Overview Guide: Threats, Capabilities, and the Security Reference Architecture,” http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design- zone-security/safe-overview-guide.pdf Instructions: Prepare your article as below 1. Go to the IEEE website and download the WORD template for the format. https://www.ieee.org/publications_standards/publications/authors/author_templates.html 2. Another link for the template: https://www.ieee.org/publications_standards/publications/journmag/ieee_tj_template_17.pdf 3. Read and familiarize yourself with the instructions carefully. 4. Prepare a paper using the IEEE format and the example attached. Follow the template if there are any confusions. Also, refer to the link below to have ideas how to start (see section 6). (https://www.ieee.org/publications_standards/publications/authors/author_guide_interactive.pdf) 5. Complete the assignment (minimum 5 and maximum 8 pages) including all the sections below. The number of words will be counted thoroughly and you must keep the minimum number of words to avoid any penalties. Title (maximum 15 words) Abstract (200 – 250 words) Introduction (500 – 1000 words) Literature Review (500 – 1000 words) Main body (1000 – 1500 words) Conclusion (200 – 300 words) Future Works (150 – 300 words) https://www.ieee.org/publications_standards/publications/authors/author_templates.html BN223 Cyber Security Principles Page 4 of total pages Prepared by: Dr. Ghassan Kbar Moderated by: Dr Sihui (Sue) Zhou March, 2019 References (minimum 10 references) 6. The article must be a ‘Review’1 article including at least 10 references and not more than 25. 7. Strictly follow the IEEE reference format for in-body citations and the references section. 8. See the files listed in 4 for guidance on how to prepare a review paper. You can also find thorough instructions from IEEE and the Internet. 9. Contents must include: History and background of the topic What are the challenges and drawbacks, what solutions and workouts they found? Possible options (solutions) and future research areas proposed Scopes of topic, progress of developments such as requirements, benchmarking, purposes & objectives, stakeholders, owners, roles and responsibilities where applicable. Flowchart Include a minimum of two (2) figures to show the overall concept and summarized overview of the topic from the review of minimum 10 – 15 (but not limited to) papers. Include a couple of tables to summarize the result of findings How each organization approaches, initiates, develops procedures and ownerships, and what results they got, and how it affected their businesses. What you conclude in terms of the topic/solutions to implement in an organization. Consider other aspects to include for a good review paper. 10. Remember to strictly follow the template and the instructions above to avoid penalties. Part B description: Prepare slides (between 5– 8 slides) for presentation during the lab class. Read the instruction attached carefully. 1 See http://www.editage.com/insights/6-article-types-that-journals-publish-a-guide-for-early-career-researchers BN223 Cyber Security Principles Page 5 of total pages Prepared by: Dr. Ghassan Kbar Moderated by: Dr Sihui (Sue) Zhou March, 2019 Marking criteria: Example of marking criteria is shown in following table. Marks are allocated as follows: Note: The marking criteria varies for each assignment Section to be included in the report Detailed Description of the Criteria Marks Conforming to the template and format No marks will be given and severe penalties will apply for any breach of the format and template. Fonts, sizes, spacing, captions, headings, page size limitation etc. will also be checked thoroughly. Be thorough and follow fully when using the template and format instruction to avoid penalties. 5 Figures and tables created They should be created yourself and not copied from elsewhere. For full marks you should create at least 2 figures and