Recent Question/Assignment

ASSESSMENT 2 BRIEF
Subject Code and Title MIS607 Cybersecurity
Assessment Threat Model Report
Individual/Group Individual
Length 1500 words (+/-10%)
Learning Outcomes The Subject Learning Outcomes demonstrated by successful completion of the task below include:
b) Explore and articulate cyber trends, threats and staying safe in cyberspace, plus protecting personal and company data.
c) Analyse issues associated with organisational data networks and security to recommend practical solutions towards their resolution.
d) Evaluate and communicate relevant technical and ethical considerations related to the design, deployment and/or the uses of secure technologies within various organisational contexts.
Submission For regular class (12 Weeks Duration):
By 11:55 pm AEST/AEDT Sunday of Module 4.1 (week 7) For intensive class (6 Weeks Duration):
By 11:55 pm AEST/AEDT Sunday of Module 4.2 (week 4)
Weighting 30%
Total Marks 100 Marks
Assessment Task and Context
The goal of this assessment is to identify the threats or vulnerabilities in the case scenario described in the associated file, Assessment Initial Case Scenario.docx. NOT all threats or vulnerabilities you “discover” are in the initial case scenario. The scenario discusses some elements of the business that are needing mitigation, but you will need to also “discover” other threats or vulnerabilities.
You should use this assessment brief document to guide what to include in this assessment and use the provided case study to help demonstrate understanding of the topic.
Instructions
To successfully complete this assessment, your MIS607 Assessment 2 MUST include:
? Data Flow Diagram (DFD) – The DFD must relate to the business described in the initial case scenario. You must remember that the DFD is the FIRST step in the “Risk Analysis” process, but it is not the main output of this assessment. The main output of MIS607 Assessment 2 is the categorized threats (see below).
For the DFD section of your report, you will need to present at least a “Context Diagram” and a “Level-0 Diagram”. You can include further levels of DFD (e.g. Level-1, Level-2) if you feel they are needed to show a threat boundary, but it’s not necessary.
The level-0 diagram (and further level diagrams, if needed) must not break the rule for proper DFD formation/development. And the DFDs (excluding the Context Diagram) MUST have labelled threat boundaries.
You MUST use the below symbol conventions shown and used in classes when developing and drawing the DFDs:
? Threats Discovery – The main output of MIS607 Assessment 2 should be a table with a set of minimum 10 threats or vulnerabilities that need mitigation in the case scenario organisation. Out of these 10 threats or vulnerabilities, choose 3 and explain them in more depth below the table. You will discover these threats or vulnerabilities with the help of the DFDs and the threat boundaries.
Imagine yourself as a consultant called into work inside the business to discover threats. For this assessment, business acumen and business logic in approaching threats is what is required.
The main threat for this assessment resembles a real-world attack. You need to develop a brief, factual overview of the real-world attack (web links can count as references here since the attack might not yet be covered academically). You are required to reference suggested mitigations, or costs in the real-world attack as this will help enormously with both MIS607 Assessment 2 and Assessment 3 and will be taken into consideration when marking. IMPORTANT NOTE: Any explanation of the real-world case is based on real information/data, NOT speculation or simulated “discovery”.
It is important to understand that you need to “discover” additional threats or vulnerabilities on the associated initial case scenario. The case scenario is only an initial assessment of the organisation. The “discovery” can be simulated based on your simulated investigation. Obviously, you must cover the main threats already identified in the case scenario, but other threats or vulnerabilities should be “discovered” by you. In this regards, inform the reader about what discovery techniques were used. In bullet points inform the audience …. “who you talked to”, “questions you asked” – but keep this very brief (maximum 8-10 bullet points).
? STRIDE Methodology – will be used in this assessment. Note carefully that the DFDs are NOT the main output of this assessment. The main result of this assessment is a “set of threats or vulnerabilities”. Important points to consider are:
? Try to map these threats or vulnerabilities as best you can against threat boundaries;
? And categorize the identified threats or vulnerabilities as best you can, against STRIDE categories.
The STRIDE categories are NOT the threats. Do not be concerned if the threats you discover do not fit all STRIDE categories. In a full real-world assessment with hundreds of threats, this would be the case, but with around 10 threats this will probably not be possible. You can make assumptions, but the report is written from the point of view of a consultant who has made “discoveries” from their investigations. In the simulation you may gather needed information from stakeholders. Assessment markers are aware that the technical information “discovered” by you might not be 100% accurate in all details. However, your discoveries should be somewhat realistic.
The report should have the following heading structure.
Title page
The title page should include subject code and name, assessment number, report title, assessment due date, word count (actual), student name and surname, student ID, Torrens’s email address, learning facilitator name and surname.
Executive Summary
Mainly this section is where you “Summarize” your report. The best time to write the Executive Summary is when you have finished working on your assessment. By then you will be able to “Summarise” your work. It should be written in a simple and easy to read language. IMPORTANT NOTE: Make sure to ONLY provide the summarised version of the report.
1. Introduction
In this section introduce your assessment/report to the reader. Think of the purpose and objectives of your assessment and ask this question from yourself that why this assessment is valuable and important? You will need to provide a short description of the case scenario. Overall, the introduction section is about “What the assessment is going to be about?”.
2. Main Discussion
IMPORTANT NOTE: The required discussions for sub-sections 2.1, 2.2 and 2.3 are discussed earlier in this assessment brief document (see above).
2.1. Data Flow Diagrams (DFDs)
2.2. Threats Discovery
2.3. Threats List and STRIDE Categorisation
3. Conclusion
In this section, you will wrap up your discussion in a clear and simple way. Overall, the conclusion section reminds the reader what the report/assessment has been about. Indicate and discuss the major findings and/or recommendation of your report.
4. References
A minimum of three (3) references are required in this assessment. At least one (1) reference needs to be a “peer-reviewed” journal article or a conference paper.
IMPORTANT NOTE: You are welcome to use more than three (3) references in your MIS607 Assessment 2 based on your decision and preference; however, the minimum number of references to be used in this assessment is three (3) references. Make sure to list the references alphabetically and where possible, make sure to use the most recent references.
5. Appendices (Appendix 1, Appendix 2, etc.)
Overall, there is no need to have an Appendix in this assessment; however, if there is any EXTRA information which you might think of being necessary in your assessment, you can use this section to highlight it. IMPORTANT NOTE: ALL important and necessary information (e.g. DFDs, Threats, STRIDE, etc.) for your report MUST be inserted and discussed within the report and NOT in Appendices (Appendix 1, Appendix 2, etc.) section.
IMPORTANT NOTES FOR MIS607 ASSESSMENT 2 SUBMISSION:
? This assessment must be submitted as a WORD document (*.docx OR *.doc).
? The report should use Arial or Calibri fonts, 11 point. It should be line spaced at 1.5 and must have page numbers on the bottom of each page.
? The word count for this assessment is 1500 words (+/- 10%), NOT counting Tables, Figures, Executive Summary, Cover Sheet, References, and Appendices (if any).
? It is highly advised that you read the “case scenario” several times. Then, read through this assessment brief document and take notes for your assessment writing task. Furthermore, make sure to check the Marking Rubric for more information on how marking is completed.
? You must be careful NOT to use up the word count discussing any type of general information such as cybersecurity basics and etc. This is NOT an exercise in summarising class notes and etc. Discussing general information and material will not count towards marks.
? Make sure to use a reasonable number of Tables and Figures in your assessment.
? ALL inserted/used Tables and Figures within the report MUST be captioned/labelled and numbered (e.g. Table 1, Table 2, etc.).
? ALL inserted/used Tables and Figures within the report require being initially introduced and then discussed in a clear, focused and simple way.
? Within the assessment document, when referring to Tables and Figures, you require to refer to them by their captions. NOTE: Tables and Figures without a caption may be treated as if they are not in the report.
? Discovery techniques for your assessment can include interviews, questionnaires, observations, and documentation. You might use other techniques as well. Overall, to “discover threats or vulnerabilities” you can use one of these techniques.
? Leading into MIS607 Assessment 3, try to concentrate on threats with “corresponding controls”. IMPORTANT NOTE: The “controls” are NOT part of MIS607 Assessment 2 but be prepared to find the “controls” for your MIS607 Assessment 3. For instance:
? Weak Passwords: Password policy and/or 2 factor
? Fire: Fire alarms and extinguishers and/or fire insurance,
? Theft: CCTV system
? Please be advised that if you do not perform so well with MIS607 Assessment 2 (Your Assessment 2 mark is less than 60%), you will need to fix the issues noted in your assessment 2 once the feedback is provided and then you must include your MIS607 Assessment 2 in your MIS607 Assessment 3 “Appendix 1” section. IMPORTANT NOTE: There will be NO MARKS for the remediation of MIS607 Assessment 2.
Referencing
It is essential that students use appropriate APA style for citing and referencing research. Please see more information on referencing here in the Academic Writing Guide found via the Academic Skills website.
Submission Instructions
Please submit ONE Microsoft Word document (.doc or.docx) via the Assessment link in the main navigation menu in Blackboard. The Learning Facilitator will provide feedback via the Grade Centre in the LMS portal. Feedback can be viewed in My Grades.
Academic Integrity
All students are responsible for ensuring that all work submitted is their own and is appropriately referenced and academically written according to the Academic Writing Guide. Students also need to have read and be aware of Torrens University Australia Academic Integrity Policy and Procedure and subsequent penalties for academic misconduct. These are viewable online.
Students also must keep a copy of all submitted material and any assessment drafts.
Special Consideration
To apply for special consideration for a modification to an assessment or exam due to unexpected or extenuating circumstances, please consult the Assessment Policy for Higher Education Coursework and ELICOS and, if applicable to your circumstance, submit a completed Application for Assessment Special Consideration Form to your Learning Facilitator

Assessment Rubric
Assessment Attributes Ratings Pts
Citation Practice and Engagement with Relevant Literature ? Cited material and citations related to report.
? APA citation style
? At least 1 peer-reviewed article
? Three or more references
? Correct citation and referencing
? Peer-reviewed citation(s) used more than once.
Pts for this criterion = 20 Pts 20 Pts
High
Distinction Exceeds expectation 15-19 Pts
Distinction
High quality 13-14 Pts
Credit
Meets basic expectation 11-12 Pts
Pass Pass level work 0-10 Pts
NN
Fails to meet basic expectation
20 Pts
DFD and Threat Boundaries
? Diagrams related to case scenario
? All data flows start or end in a process
? At least context diagram and level-0 diagram
? Properly recognised entities, data stores, data flows and processes
? All elements appropriately named, including data flows
? Verbs used in processes (Not in Context Diagram)
? Threat boundaries named
? Threat boundaries make sense
Pts for this criterion = 20 Pts 20 Pts
High
Distinction Exceeds expectation 15-19 Pts
Distinction
High quality 13-14 Pts
Credit
Meets basic expectation 11-12 Pts
Pass Pass level work 0-10 Pts
NN
Fails to meet basic expectation
20 Pts
Threat Discovery
? At least ten threats clearly identified
? Real-world attach in the case scenario timeline and brief explanation
? Real-world attack covered in the threat list
? Threats mapped against STRIDE categories
? Threats cover vulnerabilities in management, operational, and technical 35 Pts
High
Distinction Exceeds expectation 26-34 Pts
Distinction
High quality 22-25 Pts
Credit
Meets basic expectation 19-21 Pts
Pass Pass level work 0-18 Pts
NN
Fails to meet basic expectation
processes
? Overall threat “discovery” techniques explained well, with a few discussed in more detail
? Threats make sense in the case scenario (e.g. appropriate for the size of the organisation)
? List of threat
Pts for this criterion = 35 Pts 35 Pts
MIS607_Assessment 2 Brief_Threat Model Report Page 6 of 7
Communication and Presentation
? Writing is persuasive, logical and communicates meaning clearly
? Uses appropriate vocabulary consistently ? Spelling and punctuation completely accurate.
? Consistently integrates research and ideas from relevant and appropriate sources
? Consistently uses accurate references, appropriately positioned
? Executive Summary is appropriate for a business report and is in past tense, summarises what has been done and is not a mere covering of basic theory from classes
? Demonstration of topics and principles acquired from course material
? Use of relevant theories, concepts and frameworks to support analysis; own input, insight and interpretation Pts for this criterion = 15 Pts 15 Pts High Distinction Exceeds expectation
12-14 Pts
Distinction
High quality 10-11 Pts
Credit
Meets basic expectation 8-9 Pts
Pass Pass level work 0-7 Pts
NN
Fails to meet basic expectation
15 Pts
Basic Formatting and Submission Requirements
? Captioning of all figures, etc. and referred to only by caption
? Correct file submission and Word format
? Correct student and facilitator information
? Academic Integrity Declaration
? Page numbers
Pts for this criterion = 10 Pts 10 Pts High Distinction
Exceeds expectation 8-9 Pts
Distinction
High quality 6-7 Pts
Credit
Meets basic expectation 4-5 Pts
Pass Pass level work 0-3 Pts
NN
Fails to meet basic expectation
10 Pts
The following Subject Learning Outcomes are addressed in this assessment
SLO b) Explore and articulate cyber trends, threats and staying safe in cyberspace, plus protecting personal and company data.
SLO c) Analyse issues associated with organisational data networks and security to recommend practical solutions towards their resolution.
SLO d) Evaluate and communicate relevant technical and ethical considerations related to the design, deployment and/or the uses of secure technologies within various organisational contexts.
MIS607_Assessment 2 Brief_Threat Model Report Page 7 of 7

Looking for answers ?