Reference no: EM132793337

SIT763 Cyber Security Management - Deakin University

Assessment: Teamwork Report

Cyber Security Risk Management Report

Learning outcome 1: Work as a team and apply organisational planning and project management principles to IT security planning.

Learning outcome 2: Assess security risks, threats and vulnerabilities to the organisation and implement appropriate information security protection mechanisms by analysing requirements, plans and IT security policies.

Learning outcome 3: Identify personnel security, training and security education needs, and associated legal and ethical awareness and propose strategies for corporations taking into account cost benefit ratios.

Brief description of assessment task

Students will be required to work as a team to produce a cyber security risk management report and slide deck for a corporate organisation that will be delivered as a presentation during a scheduled interview with a member of the teaching team. This will include performing a cyber security risk assessment as well as outlining methods for monitoring, auditing and vulnerability testing as part of the review process for cyber security management.

This is a group assessment task. Student teams must prepare a report of approximately 2500 words and a slide deck to be delivered at an interview and must include:

• Written report of 2500 words
• Slide deck for presentation
• Evidence that each team member has appropriately contributed to the team deliverables
• A detailed analysis of the corporate environment
• List of risks, threats and controls
• Analysis of findings
• Review and reflection on the findings and propose justified recommendations

Background information
This assessment has been designed for you to experience working in a team to produce an assessment report for an organisation based on the ISO 27001/ISO27002 standards. The purpose is to provide you with knowledge of the standard and templates necessary to practice performing a gap analysis against the standard for cyber security management within an organization you may or already are working for.

The success of this task will be defined by the performance of the team. It is the responsibility of each individual to maintain consistent communication and to regularly participate in team discussions as well as provide evidence of contributions to the final report. This is teamwork, NOT individuals working on separate tasks that are combined at the end.

Use the SecureWorx SAD (Solution Architecture Document) New Organisational Management System Version 1-00 to complete this assessment task.

A channel on TEAMS has been provided for queries related to assessment 5. Questions requesting specific answers or solutions will NOT be responded to. You will need to allow up to 48 hours for a response to a query.

Task 1: Self and Peer Review of Teamwork Skills

This is an individual-based task. Each team member will be required to demonstrate evidence of their contribution and performance in the team by rating their own and other team members' contribution.

The steps required to be completed for this task are presented in ‘Assessment 5: Teamwork report' on the Unit site.

Please carefully read all instructions and pay particular attention to the due dates for the steps which are sperate from the submission of the teamwork report.

Task 2: Teamwork Report

The report is based on your team performing an assessment of the SecureWorx SAD (Solution Architecture Document) New Organisational Management System Version 1-00 using 4 documents from the ‘ISO27k toolkit' presented in Workshop 9.

Your team MUST use the versions provided in the Assessment 5 folder on the Unit Site that have been customised for this task. Only 1 Team member is required to submit these 4 documents to the submission link on the Unit site.

The following describes the requirements to be completed for each of the 4 documents.

1. ISO27k Asset Register.xlsx

Refer to ‘Figure 6 - Infrastructure Architecture Diagram' of the SAD.

i. Complete a sheet in the ISO27k Assest Register.xlsx to provide Transcon with an ‘asset register' for the 16 assets in the ‘Private Cloud Environment' of the ‘Secure data centre'. Add additional sheets as necessary.
ii. Include an ‘Asset ID' for each asset according to what is mentioned in the SAD. Unless there is any related information mentioned in the SAD, leave all the remaining fields blank for the asset details.
iii. Complete the CIA of security for each asset by entering either L (Low), or M (Medium), or H (High) into the highlighted cells to compute a corresponding asset value.

2. ISO27k ISMS Information risk register.xlsm

iv. Complete the ISO27k ISMS Information risk register.xlsm to provide Transcon with a ‘risk register' for 8 assets in the ‘Private Cloud Environment' of the ‘Secure data centre'.
v. Assign a unique reference for the ‘Risk ID' for each asset and complete the risk register for Transcon using the ‘Worked example', ‘Guidance on usage', and Guidance on scoring.
vi. Sort the risks from highest to lowest based on their rating.

3. ISO27k Information security program maturity assessment tool.xlsm

vii. Complete the ‘Assessment' sheet in the ‘ISO27k Information security program maturity assessment tool.xlsm' to provide Transcon with the current maturity level of their organisation against ISO27002.
viii. Use the ISO/IEC 21827:2008 scoring method presented on the ‘Scoring' sheet to enter the relevant maturity level value for each question in the ‘Maturity Level' column of the ‘Assessment' sheet.
ix. Place a reference in the ‘Notes' column for each of the 101 questions according to what is mentioned in the SAD.

*4. ISO27k ISMS and controls status with SoA and gaps.xlsm

x. Translate the ‘Maturity Level' scores for each of the 101 questions from ‘ISO27k Information security program maturity assessment tool.xlsm' to a ‘Status' value in the ‘Annex A controls' of the ‘ISO27k ISMS and controls status with SoA and gaps.xlsm'.
xi. Record the ‘Status' scores and review the graphical representation of the ISMS implementation status and Infosec controls status. NOTE: the ‘Mandatory ISMS requirements' sheet has been completed with the ‘Status' values to generate the ISMS implementation status.
xii. Present a summary of the results and relationship between requirements 1, 2, 3 and 4 as part of the Presentation Interview.

Task 3: Presentation Interview

Details and requirements for Task 3 are provided below.

The Presentation Interview is scheduled prior to submission of the report (21 February 2021). This means your team has time to complete the report following the interview.

Schedule: 15 February to 19 February 2021.
Time: Can select time on Monday to Friday between 12.00-4.00pm and between 5.00-9.00pm.
Purpose:
Presentation: Present your results and findings of the assessment performed in Task 2. It is the responsibility of the team to determine how to present this.
Interview: The teaching team will ask questions to understand how the team worked together to make decisions and how knowledge and skills of cyber security management were applied.
Location: ALL PRESENTATION INTERVIEWS WILL BE ON MS TEAMS.
Duration: 20 minutes.
Presenters: EACH MEMBER of the team MUST present during the presentation.
Content: MUST include excerpts from all 4 documents, present the relationship between them and process performed to complete report. The maturity of Transcon related to ISO27001 and ISO27002 is to be included.
Format: PowerPoint presentation

Note: Need only TASK 2 - QUESTION 4 ( x, xi, xii)

Attachment:- Cyber Security Risk Management Report.rar