docx
keyboard_arrow_up
School
Australian College of Business and Technology, Colombo *
*We aren’t endorsed by this school
Course
ICT
Subject
Information Systems
Date
Jun 12, 2024
Type
docx
Pages
30
Uploaded by CommodoreFireFox42
Student
Assessment Guide:
ICTCYS612 Design and implement virtualized
cyber security infrastructure for organizations
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
Copyright 2023
Australian College of Business Intelligence
All rights reserved
Version: 23.0
Date Modified: July 2023
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise without the prior written permission of the Australian College of Business Intelligence.
Disclaimer:
The Australian College of Business Intelligence does not invite reliance upon, nor accept responsibility for, the information it provides. The Australian College of Business Intelligence makes every effort to provide a high-quality service. However, neither the Australian College of Business Intelligence, nor the providers of data, gives any guarantees, undertakings or warranties concerning the accuracy, completeness or up-to-date nature of the information provided. Users should confirm information from another source if it is of sufficient importance for them to do so.
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 2 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
Content
s
1. Assessment Information
......................................................................................................
4
A. Purpose of assessment
........................................................................................................................
4
B. What you are required to do
...............................................................................................................
4
C. Competencies being assessed
.............................................................................................................
4
D. Important resources for completing this assessment
.........................................................................
5
E. A note on plagiarism and referencing
..................................................................................................
6
F. A note on questions with role plays
.....................................................................................................
6
G. Instructions for completing this assessment
.......................................................................................
6
2. Assessment Coversheet
.......................................................................................................
8
3. Assessment Questions
.........................................................................................................
9
A. Task A - Demonstrate knowledge of virtualized cyber security infrastructure
....................................
9
B. Task B -
Plan infrastructure ...............................................................................................................
14
C. Task C - Implement infrastructure
.....................................................................................................
18
D. Task D - Test infrastructure
...............................................................................................................
18
4. Student Self Checklist
........................................................................................................
20
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 3 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
1. Assessment Information
A. Purpose of assessment
This assessment will develop your skills and knowledge required to research, design, implement and test
virtualised cyber security infrastructure in a small to medium sized organisation.
B. What you are required to do
For this assessment, you are required to complete 4 tasks:
Task A – Demonstrate knowledge of virtualized cyber security infrastructure
Task B – Plan infrastructure
Task C – Implement infrastructure
Task D – Test infrastructure
All tasks of this assessment require you to use the provided case study information relating to the fictional company Bains & Co.
C. Competencies being assessed
Elements
To achieve competency in this unit you must demonstrate your ability to:
1.
Prepare to design infrastructure
2.
Design and plan infrastructure
3.
Implement infrastructure
4.
Test infrastructure
Performance Evidence
Evidence of the ability to:
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 4 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
Design and implement cyber security infrastructure and review results against organisational needs on at least two different occasions
Knowledge Evidence
You must demonstrate knowledge of:
Features and implementation methodologies of cyber security
Cyber security infrastructure features including:
o
Application security
o
Business continuity planning
o
Disaster recovery planning
o
Operational security (OPSEC)
o
Threat vectors
Organisational business processes and applicable cyber security requirements design and implementation
Organisational procedures applicable to designing and implementing cybersecurity infrastructure, including:
o
Documenting established requirements, risks and work performed
o
Establishing requirements and features of cyber security infrastructure
o
Establishing maintenance and alert processes
o
Testing methods and procedures
Security risks, and tolerance of risk in an organisation
Industry standard cyber security providers
Industry standards and regulations applicable to implementing cyber security infrastructure in an organisation
Organisation, infrastructure and cyber security requirements.
For further information on the competencies of this unit, please refer to: https://training.gov.au/Training/Details/ICTCYS612
D. Important resources for completing this assessment
To complete this assessment, please refer to the following resources provided on Moodle:
ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations learner guide
ICTCYS612 Observation checklist
ICTCYS612 Marking Guide
ICTCYS612 Case study folder
Additional student assessment information
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 5 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
E. A note on plagiarism and referencing
Plagiarism is a form of theft where the work, ideas, inventions etc. of other people are presented as your
own. When quoting or paraphrasing from a source such as the Internet, the source must be recognised. If you
are quoting a source, make sure to acknowledge this by including “quotation marks” around the relevant words/sentences or ideas. Note the source at the point at which it is included within your assessment, such as by using a citation. Then list the full details of the source in a ‘references’ section at the end of your assessment. All sources used for your assessment should be detailed in a ‘references’ section. It is advisable to never
copy another person’s work.
F. A note on questions with role plays
Task B, Question B7 involves a role play. For this question, as outlined below, you will be assessed on your ability to role play being an IT manager at WESEC, a company specialized in providing secretarial services for corporate organisations. This question requires you to lead a meeting and take notes on what is discussed. Please note: You will also need to attend separate meetings organised by other students whereby you role play being other people. This allows other students in your unit to also role play being the Senior Human Resources Manager. G. Instructions for completing this assessment
Answer the questions below using the spaces provided:
Answer all parts of each question
Use your own words and give examples wherever possible
The quality of your answer is more important than how long it is
Enter your answers in this document
You may use various sources of information to inform your answers, including your resources provided by ACBI, books, and online sources. You must acknowledge and cite your sources. Student Assessment Guide: ICTCYS612
Version: v23.0
Page 6 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
Submission via Moodle
Please refer to the “Instructions for Submitting Your Assessment” found within the unit course page on Moodle. NOTE: Please take care to follow all instructions listed. Assessments uploaded with a draft status on Moodle may not be graded.
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 7 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
2. Assessment Coversheet
Candidate Name:
Student ID:
Contact Number:
Email:
Trainer / Assessor Name:
Qualification:
ICT60220 Advanced Diploma of Information Technology Units of Competency:
ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
Assessment Tasks:
☐
A. Demonstrate knowledge of virtualized cyber security infrastructure
☐
B. Plan infrastructure ☐
C. Implement infrastructure
☐
D. Test infrastructure
Due Date:
Date Submitted:
Declaration:
I have read and understood the following information at the beginning of this assessment guide (please tick): ☐
Assessment information
☐
Submitting assessments
☐
Plagiarism and referencing
I declare this assessment is my own work and where the work is of others, I have fully referenced that material.
Name (please print):
Candidate signature:
Date:
3. Assessment Questions
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 8 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
A. Task A - Demonstrate knowledge of virtualized cyber security infrastructure
Task A instructions
Answer the following questions to demonstrate your knowledge of virtualized cyber security infrastructure.
A1. Describe governance and protection principles of cyber security.
NOTE: Refer to https://www.cyber.gov.au/acsc/view-all-content/guidance/cyber-security-principles to
inform your answer. Answer in 100-200 words.
Governance principle: The governance concept is a cornerstone of cybersecurity and is essential to
protecting a company's digital assets. Monitoring network activity in real-time for
indications of anomalous behaviour is a cornerstone of governance. This
watchfulness encompasses the identification and management of possible
hazards in both the actual and virtual worlds.
Quickly identifying anomalies in network behaviour that may indicate intrusion,
data breaches, and even cyberattacks is crucial for effective governance.
Organizations can reduce the impact of new risks and ensure compliance with
regulations by keeping a tight eye on network activity.
Protection principle: Defending against many types of cyber-attacks, protection is a cornerstone notion
in cybersecurity. Security measures are put in place to protect a company's
network and information against intrusion by hackers (
Kure et al., 2022
).
Firewall settings, IDS/IPS, encryption methods, access restrictions, and thorough
security policies are all part of these safeguards. When used together, these
safeguards provide a strong obstacle to cyber criminals who would exploit any
openings in order to get into the system and steal sensitive data
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 9 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
A2. Explain which of the following methods can be used to protect against these cyber security threats:
a.
Malware
b.
Emotet
c.
Denial of Service
d.
Man in the Middle
e.
Phishing
f.
SQL Injection
g.
Password Attacks
Answer in 100-200 words.
Password attacks: During a password attack, an authorized user's credentials
are misused in conjunction with automated password attack instruments in order
to speed up the process of guessing and cracking passwords. The attacker uses
several methods to steal and disclose legitimate user credentials in order to
assume their identity and gain entry rights. The usage of a username and
password is one providing the first forms of account security (
Xu et al., 2023
). As
a result, adversaries were given time to develop a wide variety of methods for
cracking easily guessed passwords. Furthermore, programs that depend entirely
on authentication using passwords are susceptible to password assaults since
their weaknesses are well-known.
Figure 1: Password attack
(Source: websitesecuritystore
, 2022)
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 10 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
A3. Describe what kind of cyber security infrastructure you can use and features of that cyber security infrastructure for the following important areas of cyber security:
a.
Application security
b.
Business continuity planning
c.
Disaster recovery planning
d.
Operational Security (OPSEC)
e.
Threat vectors
Answer in 200-400 words.
a. Application security: The term "application security," or "app sec," refers to
the practice of securing computer programs against outside attacks by using
various forms of security technology, including software, hardware,
methodologies, best practices, and processes. The process of developing software
and the application lifecycle are both places where security practices may be
improved (
Homoliak et al., 2020
). The end purpose of software security is to
safeguard data from being accessed, modified, or deleted by unauthorized
parties.
b. Business continuity planning: BCP entails preparing for and recovering
from potential cyber threats to an organization or assuring process continuity
following a cyberattack. Guidelines for identifying, managing, and reducing cyber
hazards should be included in business continuity plans.
c. Disaster recovery planning: In most cases, firms may prevent catastrophic
disruptions to their operations by implementing the procedures outlined in a plan
for disaster recovery. An earthquake, flood, or other natural catastrophe, a
malicious cyberattack, or a computer or router failing are all examples of such
situations.
d. Operational Security (OPSEC): The definition of operational security is the
process of figuring out what apparently harmless behaviors could really let a
hacker in on sensitive information (
Elliott et al., 2020
). By encouraging IT and
security professionals to take a look at their systems and processes through the
eyes of a possible attacker, OPSEC serves as both a procedure and a strategy.
Analytic procedures and tools like behaviour and social media monitoring, as well
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 11 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
as security best practices, are all part of this.
e. Threat vectors: An entry point for attackers into a system or network is
known as a threat vector. Social engineering, credentials theft, vulnerability
exploitation, and inadequate insider threat prevention are common attack
vectors. The safety of information relies heavily on the detection and elimination
of potential entry points for malicious actors.
A4. Describe how cyber security can be designed and implemented for an organizational business process.
Answer in 100-200 words.
Here are the actions people need to take when creating and implementing
cybersecurity for a business process in the organisation. ●
To start, do a thorough process analysis to unearth any hidden cyber
threats or weak spots. ●
Create a custom cybersecurity framework with features like as access
restrictions, encryption, and IDS/IPS.
●
Next, include these safety checks into the procedure while making sure
they don't cause any downtime (
Taherdoost, 2022
). ●
Keep an eye out for new threats by doing frequent evaluations of
vulnerabilities and penetration testing. ●
To quickly discover and prevent any type of safety breaches, continuous
monitoring plus swift reaction procedures are essential.
A5. Describe organisational procedures applicable to designing and implementing cybersecurity infrastructure for the following processes:
Documenting established requirements, risks and work performed
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 12 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
Establishing requirements and features of cyber security infrastructure
Establishing maintenance and alert processes
Testing methods and procedures
Answer in 200-400 words.
There are several potential security threats to small businesses. The number of
cyberattacks, such as phishing along with ransomware, that target small
companies is on the increase. Because of their lack of resources, their defences
are generally weak. Sensitive information may be compromised due to
carelessness on the part of employees, and vulnerabilities in obsolete software
may go unpatched. In addition to being prime targets for cybercriminals looking
for routes into bigger networks, small firms sometimes serve as vendors or
affiliates in bigger supply chains (
Del Giorgio Solfa, 2022
). Problems in
maintaining compliance may result in fines and other financial losses. To lessen
their impact, small businesses need to prioritise spending money on
cybersecurity, educating their staff, and managing risks proactively.
A6. Explain key security risks for small to large enterprises today.
Answer in 100-200 words.
●
The incidence of cyberattacks against small firms has seen a notable rise,
with hackers specifically focusing on perpetrating data breaches,
ransomware assaults, and instances of financial fraud.
●
The presence of resource constraints, such as limited financial resources
and staff, poses significant challenges in the implementation of
comprehensive cybersecurity measures and effective threat detection.
●
The occurrence of employee negligence in the context of cybersecurity
might result from insufficient training, hence increasing the likelihood of
unintentional data disclosure or susceptibility to phishing attempts
(
Florackis et al., 2023
).
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 13 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
●
The failure to update and repair software may result in the persistence of
vulnerabilities, which can be exploited by hackers who specifically target
these well-known problems.
●
The presence of vulnerability in supply chains may be seen, particularly in
the context of small firms, which might potentially act as gateways for
larger-scale supply chain assaults. Consequently, these small enterprises
become susceptible to indirect risks emanating from cyber attackers.
A7. Explain tolerance of risk in an organisation.
Answer in 100-200 words.
A business's risk tolerance is the degree to which a company is prepared to
incorporate risk management into its day-to-day activities and decision-making. It
shows that the company is not afraid to take chances in order to achieve its long-
term objectives, although being aware of the possible drawbacks (
Alhamdi, 2022
).
The degree to which an organisation is willing to take risks influences this
tolerance, and this willingness is not uniform across industries. Defining the level
of risk an organisation is willing to accept may assist direct risk management
activities and keep them in line with the company's goals and values. It allows for
well-considered choices to be made, striking a balance between seizing
possibilities and protecting against their possible drawbacks.
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 14 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
Figure 2: Risk tolerance
(Source: wallstreetmojo
, n.d)
A8. Research three industry standard cyber security providers. Identify who they are and what products or services they offer.
Answer in 200-400 words.
Service provider Services Cipher CIS
Services
for
Cyber
Technology
Integration,
Cyber
Information
Services, and Administration Risk and
Compliance, Managed Monitoring and
Response, and Red Teams (
Marques et
al., 2020
).
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 15 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
Security HQ
Managed
Security
Services,
Vulnerability Administration Service,
The infiltration Testing, Web-Based
Security Testing, Controlled IBM
Guardium, User Behaviour Analytics,
Network Flow Data analysis, Managed
Defender by Microsoft ATP, Security
Information and Event Management as
a
Service,
Controlled
Security
Operations Centre (
Strand, 2023
).
Cisco Firewall, Anti-Malware, Email, The
endpoint,
Cloud,
Multi-Factor
Identification, and Security Services.
A9. Explain industry standards and regulations applicable to implementing cyber security infrastructure in an organisation.
Answer in 100-200 words.
When it comes to protecting their electronic property and data, businesses should
adhere to the industry standards established for cybersecurity infrastructure. ●
"ISO/IEC 27001" is a standard that has gained worldwide recognition
because of its methodical approach to creating, implementing, sustaining,
and upgrading an ISMS (
Culot et al., 2021
). It's a full-fledged cybersecurity
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 16 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
framework that takes into account risk evaluation, security policy, controls,
and constant monitoring.
●
Guidelines for handling and decreasing cybersecurity risk are provided by
the "NIST Cybersecurity Framework", which was developed by the United
States "National Institute of Standards and Technology (NIST)". It's a
scalable solution for businesses of any size, with a concentration on the five
essentials of identification, protection, detection, response, and recovery.
Prioritizing efforts to better cybersecurity, the CIS Controls are a collection
of best practices and recommendations provided by the “Centre for
Internet Security (CIS)” (
Samara et al., 2023
). With the use of these
measures, businesses may build a solid security infrastructure.
●
Governments and regulatory bodies set regulations relating to
cybersecurity infrastructure as obligatory measures to guarantee that
businesses secure private information and uphold cybersecurity standards.
Depending on your line of work and where you live, you may be required by
law to comply with certain rules. GDPR, HIPAA, and the PCI DSS are all
examples of common regulations.
A10. Explain organisation, infrastructure, and cyber security requirements.
Answer in 100-200 words.
In today's interconnected world, it's crucial for businesses to embed cybersecurity
into every aspect of how they operate. The first step is to build a solid
infrastructure that makes cybersecurity a high priority across the board. It is
crucial to have well-defined governance frameworks in place that assign roles and
duties for the management of cybersecurity (
Lee, 2021
). For cybersecurity to get
the investment and focus it requires, top-level support is essential. Companies
should hire specialist cybersecurity staff to promote security awareness across
the organization. Regular risk assessment and identification of vulnerabilities are
essential for fostering a culture of risk awareness. Organizations may reduce their
total risk exposure through using such practises, which allow them to proactively
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 17 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
address risks and weaknesses.
Cybersecurity's technological backbone is the system's infrastructure. Protecting
digital assets requires an infrastructure that is both robust and secure. Firewall
settings, anti-intrusion software, and secure methods of communication are all
vital components of a safe and secure network. Perimeter security measures,
which include PCs, mobile phones, and IoT gadgets, are equally important
(
Moşteanu, 2020
). Protecting against threats to these endpoints requires installing
the latest security patches, using robust encryption, and enforcing strict access
rules. Encryption of data at rested and in motion is essential for data security. A
backup data centre and thorough recovery processes are essential redundancy
measures for disaster recovery. These precautions lessen the likelihood of
disruptions and lost information in the case of cyber attacks or natural
catastrophes.
To strengthen its defenses and response capabilities, an organization must meet
cybersecurity criteria across a wide range of areas. Addressing recognised
weaknesses in systems and programs requires consistent upgrades and careful
patch management. Multi-factor authentication (MFA) and other forms of access
control ensure that only authorised users have access to mission-critical
infrastructure and private information. Cybersecurity response plans detail the
specific actions to be taken in the event of an attack, with the goal of limiting the
incident's impact and facilitating a swift, well-coordinated response. The danger of
human error may be drastically reduced by providing thorough training on safety
best practices to all employees (
Rajan et al., 2021
). Finally, the organization must
always operate within the legal and security frameworks established by its
industry and territory. This may be achieved by strictly adhering to industry
norms and international cybersecurity standards. It is impossible to successfully
navigate today's complicated digital world without meeting these organizational,
infrastructural, including cybersecurity criteria. Student Assessment Guide: ICTCYS612
Version: v23.0
Page 18 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 19 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
B. Task B – Plan infrastructure Task B instructions
You are an IT manager at WESEC, a company specialized in providing secretarial services for corporate
organisations. You are part of the information technology department. Your responsibilities include introducing innovation and efficiency and looking after the information security implementation. In Task B you are to design and plan infrastructure for your virtualized POC infrastructure.
Read the “ICTCYS612 Case study information” document provided on Moodle, then answer the questions below.
Please note: WESEC is a fictional company invented for the purpose of this assessment.
B1. Analyse WESEC’s operations to determine their cyber security needs. Specify these needs in a one-two page summary for the organisation’s executives.
Answer in 300-600 words.
Write your answer here
B2. Research and identify industry standard network security options and security technologies, which you may use as benchmark and inspiration for your design.
Answer in 100-200 words.
Write your answer here
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 20 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
B3. Determine data types, security levels, mission-critical network servers and secure boundary requirements for the existing network of WESEC.
Answer in 100-200 words.
Write your answer here
B4. Design and document infrastructure requirements according to organisational requirements.
Answer in 100-200 words.
Write your answer here
B5. Document an implementation plan and timeframes for your POC. Your important tasks will be:
Prepare a network diagram
Allocate IP scheme
Decide what versions of the software you will be using
Prepare implementation plan along with timelines
Prepare firewall rules
Prepare network monitoring policy
NOTE: You may refer to the “Implementation plan template” provided on Moodle to inform your answer. Answer in 300-600 words.
Write your answer here
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 21 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
B6. Document a network security monitoring strategy according to the design.
Answer in 200-400 words.
Write your answer here
B7. THE SCENARIO:
Now you need to distribute your documentation to others. Set up a meeting with:
An employee at WESEC, as role played by another student in your unit
WHAT YOU NEED TO DO BEFORE YOUR MEETING:
Organise a day and time for your meeting, in line with the availability of other students in your unit as well as your Trainer & Assessor. This meeting should take no more than 10 minutes. You are required to lead the meeting. Prior to the meeting ensure you have read the instructions below on what you’ll be required to do during the meeting and prepare as necessary. WHAT YOU NEED TO DO DURING YOUR MEETING:
Use the meeting to:
Present your documentation
Seek feedback on the documentation and respond to the feedback
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 22 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
Ensure you take note of what you discuss during the meeting.
WHAT YOU NEED TO DO AFTER YOUR MEETING:
Record notes of what was discussed during your meeting, including the feedback you received. Answer in 75-150 words.
Meeting notes
Write your answer here
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 23 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
C. Task C – Implement infrastructure
Task C instructions
Task C follows on from Task B.
You are to implement your design with the tools and software you have created based on your network design.
Ensure you have read the “ICTCYS612 Case study information” document provided on Moodle, then answer the questions below. C1. Establish and create network boundaries according to the infrastructure plan requirements.
Take a screenshot(s) of the network boundaries and insert them below.
Insert your screenshot(s) here
C2. Implement network and server technologies according to infrastructure plan requirements.
Take a screenshot(s) of your implementation and insert them below.
Insert your screenshot(s) here
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 24 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
C3. Implement user security technologies according to infrastructure plan requirements.
Take a screenshot(s) of your implementation and insert them below.
Insert your screenshot(s) here
C4. Set security levels and user access according to organisational requirements.
Take a screenshot(s) of the security levels and user access and insert them below.
Insert your screenshot(s) here
C5. Establish a network security monitoring strategy according to plan requirements.
NOTE: You may refer to the “Additional information – vendor resources” resource provided on Moodle to inform your answer. Answer in 300-600 words.
Write your answer here
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 25 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
D. Task D – Test infrastructure
Task D instructions
Task D follows on from Task C.
You are now required to test that your POC is working as per your design and organizational objectives.
Ensure you have read the “ICTCYS612 Case study information” document provided on Moodle, then answer the questions below.
D1. Test deployment of security infrastructure and its components according to technical specifications and infrastructure plan requirements.
Take a screenshot(s) of your testing and insert them below.
Insert your screenshot(s) here
D2. Obtain and analyse test results, logs and user feedback.
Answer in 150-300 words.
Write your answer here
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 26 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
D3. Troubleshoot and adjust implemented technologies according to organisational requirements and user feedback.
Take a screenshot(s) of your troubleshooting and adjustments and insert them below.
Insert your screenshot(s) here
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 27 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
4. Student Self Checklist
A. Student Self Checklist for Tasks A - D
Candidate name:
Unit of Competency:
ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
Instructions:
Place a tick ‘
✓
’ in the Yes (“Y”) column for each question you have completed all parts for.
Task A – Demonstrate knowledge of virtualized cyber security infrastructure
Did you:
Y
✓
A1:
Describe governance and protection principles of cyber security?
A2:
Explain which of the following methods can be used to protect against these cyber security threats:
a.
Malware?
b.
Emotet?
c.
Denial of Service?
d.
Man in the Middle?
e.
Phishing?
f.
SQL Injection?
g.
Password Attacks?
A3:
Describe what kind of cyber security infrastructure can be used and features of that cyber security infrastructure for the following important areas of cyber security:
a.
Application security?
b.
Business continuity planning?
c.
Disaster recovery planning?
d.
Operational Security (OPSEC)?
e.
Threat vectors?
A4:
Describe how cyber security can be designed and implemented for an organizational
business process?
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 28 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
A5:
Describe organisational procedures applicable to designing and implementing cybersecurity infrastructure for the following processes:
Documenting established requirements, risks and work performed?
Establishing requirements and features of cyber security infrastructure?
Establishing maintenance and alert processes?
Testing methods and procedures?
A6:
Explain key security risks for small to large enterprises today?
A7:
Explain tolerance of risk in an organisation?
A8: Research three industry standard cyber security providers? Identify who they are and what products or services they offer?
A9: Explain industry standards and regulations applicable to implementing cyber security infrastructure in an organisation?
A10: Explain organisation, infrastructure, and cyber security requirements?
Task B - Plan infrastructure Did you:
Y
✓
B1:
Analyse WESEC’s operations to determine their cyber security needs? Specify these needs in a one-two page summary for the organisation’s executives?
B2: Research and identify industry standard network security options and security technologies, which you may use as benchmark and inspiration for your design?
B3:
Determine data types, security levels, mission-critical network servers and secure boundary requirements for the existing network of WESEC?
B4:
Design and document infrastructure requirements according to organisational requirements?
B5: Document an implementation plan and timeframes for their POC, ensuring it considers the following important tasks:
Prepare a network diagram?
Allocate IP scheme?
Decide what versions of the software they will be using?
Prepare implementation plan along with timelines?
Prepare firewall rules?
Prepare network monitoring policy?
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 29 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
ICT60220 Advanced Diploma of Information Technology
Student Assessment Guide: ICTCYS612 Design and implement virtualized cyber security infrastructure for organizations
B6: Document a network security monitoring strategy according to the design?
B7: Set up a meeting with:
An employee at WESEC, as role played by another student in your unit?
Use the meeting to:
Present your documentation?
Seek feedback on the documentation and respond to the feedback?
After the meeting, record notes of what was discussed, including the feedback received?
Task C - Implement infrastructure
Did you:
Y
✓
C1:
Establish and create network boundaries according to the infrastructure plan requirements?
C2:
Implement network and server technologies according to infrastructure plan requirements?
C3:
Implement user security technologies according to infrastructure plan requirements?
C4:
Set security levels and user access according to organisational requirements?
C5:
Establish a network security monitoring strategy according to plan requirements?
Task D – Test infrastructure
Did you:
Y
✓
D1:
Test deployment of security infrastructure and its components according to technical specifications and infrastructure plan requirements?
D2:
Obtain and analyse test results, logs and user feedback?
D3:
Troubleshoot and adjust implemented technologies according to organisational requirements and user feedback?
Student Assessment Guide: ICTCYS612
Version: v23.0
Page 30 of 30
Developed by: ACBI
Approved by: DoS
Issued: July 2021
Review: July 2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help