Reference no: EM133064535

SIT763 Cyber Security Management - Deakin University

Brief description of assessment task

This task requires students to determine a suitable SETA (Security Education Training and Awareness) Program for corporate organisations. Students will be required to formulate SETA approaches to meet the requirements for various stakeholders within the organisation. Students will need to show the relationship between the policy statements of the organisation, the actions required to meet the SETA needs for each stakeholder or group and the associated risk(s) that the program serves to control. Students will be assessed on their ability to compare and contrast the purposes of the SETA elements and suitably match these to the policy statements of the organisation.

This is an individual assessment task. The student is required to submit their solution for given task along with the evidence to support findings, and a bibliography. The solution sheet should consist of:

The results of an analysis presented in the form of a matrix that compares the SETA requirements for various stakeholders based on a defined policy statement and identified risk for the given organisation. How success in terms of SETA effectiveness will be measured must also be addressed.

Background information
This assessment has been designed for you to demonstrate and apply understanding of SETA approaches for cybersecurity management programs. The purpose is to provide you with the experience necessary to learn and apply SETA approaches for cyber security management within an organization you may or already are working for.

This is a critical thinking task. You need to demonstrate application and extension of the knowledge learned from the content provided and participation/discussion in the workshops. Your level of knowledge and experience will determine the extent of research required to be performed by you to complete the matrix.
The following is a really good resource providing examples from industry experts on phishing attack identification, prevention and avoidance. It is recommended reading to gather ideas and help with completing the matrix.

Instructions
Use the SecureWorx SAD (Solution Architecture Document) New Organisational Management System Version 1-00 to complete this assessment task where required.

Task 1: Transcon SETA Matrix

Transcon have defined the following policy statement for managing instances of social engineering, particularly relating to various types of phishing attacks.

Policy Statement: Social Engineering
Transcon will provide the necessary SETA program to maintain the protection of the NOMS IT infrastructure, services and data from all types of social engineering attacks.

An organizational SETA program consists of three elements: security education, security training, and security awareness. You have been hired by Transcon to provide a SETA program for the NOMS system. This will be based on developing a strategy for the following 3 roles: 1. CIO; 2. Senior ICT Security Specialist; and 3. Administrative staff.

You are required to develop one strategy for each role. You MUST choose which SETA element is best suited for each role based on your knowledge and research. You may choose more than one element for a particular role e.g. both awareness and training for administration staff. It is most important that your choice is appropriately justified.

Use the criteria below to complete ‘Table 1 Transcon SETA Matrix' that will result in providing the SETA program for Transcon.

Element - State and justify the SETA element i.e. education, training, awareness; for each role.
Risk- Describe an example of how a social engineering spear-phishing attack could be used to target each role. When writing your example, consider the background and skill level of the users in each role to ensure they understand its meaning.
Method - identify a suitable method to implement the SETA element. Explain why the method will be effective for each role and use a reference to support your answer.
Learning - identify a suitable activity the user in each role will complete to measure their learning. Explain why you have chosen this particular activity and use a reference to support your answer.
ROI (Return on Investment) - Describe a favourable outcome of the SETA element that will demonstrate to Transcon management that it has been successful in terms of protecting users from spear-phishing attacks.

Task 2: Evaluation of Transcon Controls

Identify from the SAD what security controls Transcon already has in place that could assist with the prevention of spear-phishing attacks. Hint: refer to section ‘7 Interfaces'.

Provide Transcon with a recommendation of a suitable technology solution to help protect the NOMS system from spear-phishing attacks. Ensure to provide Transcon with a reason for your recommendation and explain how it would fit in with the NOMS High-level integration diagram displayed in Figure 7 of the SAD.

Table 1 Transcon SETA Matrix

Attachment:- Cyber Security Management.rar