Reference no: EM132585854 , Length: 1125 Words
PBL: Cyber Security Risk Assignment -
Problem-based learning (PBL) Presentation in seminars of 30 minutes duration plus Q&A. The aim of this assignment is for groups to undertake a series of in-depth investigations into contemporary topics in PRT571. The presentation will cover the content provided in all the learning outcomes. This gives students a specific problem around which to research and incorporate the content provided in lectures and reading. The PBL reinforces critical thinking skills. For the PBL presentation requirement, external students can either form small groups at the beginning of the course, or as individuals as well. Students are required to submit a PowerPoint Presentation (or equivalent) with presenters' notes that, if presented orally, would extend to around 30 minutes.
In today's world, organisations must be able to protect and defend against threats in cyberspace. Effective cyber security risk management is much more than a technology solution, it must be integrated into an organisation's day-to-day operations. A company must be prepared to respond to the inevitable cyber incident, restore normal operations and ensure that company assets and the company's reputation are protected.
In this assessment, students must perform a risk analysis of a scenario organisation's cyber risk, identify threats and vulnerabilities of information assets, forecast the consequences of a successful attack and recommend how each threat should be treated.
The risk assessment must be able to cater for accidental or deliberate hardware, software and network failures or attacks. Please be aware that you will need to make assumptions and guestimates for this assessment to make your risk assessment plausible. It is perfectly okay to do this.
If you prefer to create your own report (not using a template) or use a template from another source, it is acceptable to do this.
1,500-word risk assessment allows students to explore the application of cyber security principals to a real world organisation.
Topics - The following are three scenarios to be used for the cyber security risk assessment report for Assessment.
Scenario 1 -
You have worked for Commonwealth Bank for a number of years as a Security Analyst. You have recently been promoted to their head office as an IT Security Manager. You discover that, in the week prior to your arrival, the bank was the victim of a cyberattack. You discover that they have not completed a risk assessment for a number of months. Therefore, you decide to conduct a comprehensive risk assessment of their Data Centre, which is contained in their head office, and serves the wider network and branches.
Scenario 2 -
You work for a well-known retailer, Target Australia. They recently had a major attack on their IT systems. While dealing with the aftermath of the attack, it became apparent that their cyber security risk assessment was woefully inadequate and extremely outdated. You have been tasked with creating a new cyber security risk assessment. Your risk assessment should be able to be applied to all of the retail outlet's facilities, buildings and networks.
Scenario 3 -
You work for an organization in an IT or IT security capacity. You can use your own organisation for the scenario.
There are many risk assessment templates available on the Internet which show what should be covered in a risk assessment report. Please review some of these (3 or more) and use them as a guide to creating your own risk assessment report. This is a major task. If done properly, it will take you many weeks to complete. Do not wholesale copy what are in the templates as the University plagiarism software will pick it up and you will fail the assessment.
Try to think of the important issues to the scenario organisation that you have chosen as all risk assessment reports will not be the same - they are designed to be specific to an organisation (or organisation type). It is understood that there is an element of guess-work in this but you should be able to create a good risk assessment report with the limited information you have. You should conduct preliminary research on the organisation that you are basing your RA on (structure, size, locations, management structure etc.) this way you are more likely to produce a piece of work that is realistic.
In the report you should highlight how you arrived at your likelihood, impact and overall risk rating for each of your risks/threats.
Your risk assessment controls and recommendations should be supported by references and citations. You must justify and support why you have chosen a particular control/solution/response/recommendation.
More Scenarios - Write and present an issue-specific policy for:
Bring Your Own Device (BYOD)
Social networking at work
Use of file sharing technologies
Mobile phones
Appropriate use of email
Include components such as management decisions, roles and responsibilities matrix, scope, communication plan etc.
Attachment:- Cyber Security Risk Assessment File.rar