want a very good assignment.and i will send you the case study later on after talking about the budget
Page 1 ISYS1003 Assignment 1 Unit code ISYS1003 Assignment 1 Initial CISO Report (Preliminary Cybersecurity Risk Assessment and Strategic Planning) Due Date Learning 05 April 11.00pm (AEST - QLD Time) Outcomes 1, 5 Weight 30% of overall unit assessment Suggestion Assignments in this unit are developmental and cumulative. You are strongly advised to start planning your assignments from Week-1 in your study. Leaving your starting date to the week before the due date is a very poor strategy for success in this unit. Requirements: A. Carefully read the Case Study scenario document. You may use information provided in the case study but do not simply just copy and paste information. This will result in poor grades. Well researched and high-quality external content will be necessary for you to succeed in this assignment. B. Develop your initial CISO report for your new employer and organisation (‘Norman Joe’). You should read the case study and consider very carefully the type of organisation, the sector and all other details provided in the case study. Tasks: 1. State clearly the difference between the roles of management and leadership within Norman Joe, related to security. i. Consider the responses in the case study document, which type of leadership do you expect Norman Joe to have? State clear reasons for your decision. ii. What are the roles of management? Briefly outline what Norman Joe’s security management team should do. 2. Develop a strategic plan for Norman Joe. i. This should begin with: • Mission Statement • Vision Statement • Values Statement ii. This plan should then include the following: • The strategic security goals for Norman Joe using best practice and industry standards. • Information Security governance processes using best practice and industry standards. • Asset identification and classification strategy (Note: you do not need to necessarily know the organisation’s list of assets to do this Page 2 ISYS1003 Assignment 1 exercise, use an industry standard approach to classify assets using general categories) iii. Be sure to include details indicating how this plan can be used protect the information assets that will be held by Norman Joe. 3. A detailed statement of the expected threats and vulnerabilities for ‘Norman Joe’ the retailer, with clear reasons justifying your inclusions of these threats and vulnerabilities. • As part of a preliminary threat modelling exercise to present to ‘the board’ of the company, use the Mitre Att&ck Framework and Navigator based on one of the attack examples (Social engineering, ransomware or DDoS). Tables and screenshots may assist you, though you will have to explain your assessment process. • Include what Mitre Att&ck Framework techniques and sub- techniques may be used in the attack. 4. Propose the security personnel required and their roles within Norman Joe (e.g., a security hierarchy for Norman Joe’s Australian organisation i. Include any security training requirements for the company. 5. A cybersecurity project management plan for Norman Joe. Be sure to include: i. The security processes that you expect to be managed and how you might manage the roll-out. ii. An outline of the proposed structure for this management process. iii. Project management tools will assist you (e.g., Gantt chart). Requirements and marking rubric out of 30 marks (30%): 1. Management and Leadership [4%] a. Detailed description with supporting arguments for the type of security Leadership that you propose for Norman Joe. (2%) b. Detail your proposed structure of the security management team for Norman Joe. Include the roles you would expect from the different members of this team. (2%) 2. Strategic Plan [6%] a. Clearly stated Mission, Vision & Values statements for security. (1.5%) b. Clearly stated strategic security goals for Norman Joe. (3%) c. Asset identification and classification strategy 3. Expected Threats and Vulnerabilities [8%] Identify as a list the anticipated threats and vulnerabilities that Norman Joe expects in its operation in Australia. (1.5%) Justify with appropriate documentary support, the reasons for the inclusion of each threat and vulnerability. (1.5%) Threat modelling exercise meets the specifications outlined (e.g., Mitre Att&ck techniques appropriately identified and used) (5%) 4. Propose the security personnel required (a hierarchy or tree structure may help) [5%] 5. Project Management [4%] a. Security processes identified and some evidence of scheduling (e.g. Gantt chart) (2%) b. Proposed management structure. (2%) 6. Referencing [3%] a. Well researched and high quality referenced sources [1.5%] b. Consistent format [1.5%] Page 3 ISYS1003 Assignment 1 Submission Format No SCU cover sheet is required – do not include an SCU cover sheet. A simple table of contents and simple introduction is required. While there is no enforced word limit for this assignment, simply writing more does not equal better grades! You will be assessed on how effectively you can communicate your responses to tasks and report on these activities. When you have completed the assignment, you are required to submit your assignment in the DOC or PDF format. The file will be named using the following convention: filename = FirstInitialYourLastName_SSC93001_A1_S2_20xx.doc (i.e. NJoe_ISYS1003_A1_S1_2021.doc) Original Work It is a University requirement that a student’s work complies with the Academic Integrity Policy. It is a student’s responsibility to be familiar with the Policy. Failure to comply with the Policy can have severe consequences in the form of University sanctions. For information on this Policy please refer to Student Academic Integrity policy at the following website: http://policies.scu.edu.au/view.current.php?id=00141 As part of a University initiative to support the development of academic integrity, assessments may be checked for plagiarism, including through an electronic system, either internally or by a plagiarism checking service, and be held for future checking and matching purposes. A Turnitin link has been set up to provide you with an opportunity to check the originality of your work until your due date. Please make sure you review the report generated by the system and make changes (if necessary!) to minimise the issues of improper citation or potential plagiarism. Retain Duplicate Copy Before submitting the assignment, you are advised to retain electronic copies of original work. In the event of any uncertainty regarding the submission of assessment items, you may be requested to reproduce a final copy. Page 4 ISYS1003 Assignment 1 School Extension Policy In general, I will NOT give extension unless where there are exceptional circumstances in line with University policy. Students wanting an extension must make a request at least 24 hours before the assessment item is due and the request must be received in writing by the unit assessor or designated staff member through the formal process outlined on the unit site. Extensions within 24 hours of submission or following the submission deadline will not be granted (unless supported by a doctor’s certificate or where there are exceptional circumstances – this will be at unit assessor’s discretion and will be considered on a case by case basis). Extensions will be for a maximum of 48 hours (longer extensions supported by a doctor’s certificate or alike to be considered on a case by case basis). A penalty of 5% of the total available grade will accrue for each 24-hour period that an assessment item is submitted late. Therefore, an assessment item worth 30 marks will have 1.5 marks deducted for every 24-hour period and at the end of 20 days will receive 0 marks. Students who fail to submit following the guidelines will be deemed to have not submitted the assessment item and the above penalty will be applied until the specified submission guidelines are followed. Submission Format Original Work Retain Duplicate Copy School Extension Policy ISYS1003 Cybersecurity Management Page 1 ISYS1003 Case Study Case Study Table of Contents Introduction 1. Aim and Scope 2. Company Description 3. Motivation 4. Driving Cyber Security for the Fleet 5. Norman Joe’s Cyber Security Company Administration 6. Norman Joe’s Cyber Security Threat Prevention and Defence 7. Norman Joe’s Response 8. Antivirus 9. Norman Joe’s personnel Online Behaviour 10. Norman Joe’s Network Design as it applies to Cyber Security 11. Training 12. Recovery Introduction You have just been appointed to be the Chief Information Security Officer (CISO) for the multi-national retailer ‘Norman Joe’ (Aust) Pty Ltd. Norman Joe seek to sell “the most affordable white goods, computer and electronics, furniture and furnishings, and household appliances “. The brand tagline of the company is “for good value!” You and your team are based in Australia. While Norman Joe has been in the online sales arena for many years, the new Australian operation is just being established and it is expected to be fully operational for customer orders and shipments by the end of 2021. Due to Covid-19, the company made a strategic decision to take most of their business operations online, closing a number of “bricks and mortar” stores. Norman Joe knows that, as it is dealing online for most of its business, it is working in a high-risk area; there are constant threats of cyber-attacks. As such, there is a constant requirement to secure electronic data, online ordering, billing services and other transactional processes, customer and employee data, communications with customers who can browse online catalogues held on Norman Joe’s servers and