Cyber Security Project_BSBXCS402_Task1_Student_1st name last name std no.(V23)-2 (1)

docx

School

Edith Cowan University *

*We aren’t endorsed by this school

Course

5103

Subject

Information Systems

Date

Oct 30, 2023

Type

docx

Pages

Uploaded by pinbarahasun

STUDENT –Signed: First / Last name student No. PRODUCT ASSESSMENT TASK Task Number 1 of 2 . Task Name Cyber Security Project National unit/s code BSBXCS402 National unit/s title Promote workplace cyber security awareness and best practices National qualification code ICT50220 National qualification title Diploma of Information Technology Program code C5402 Course code COSC7392C Section A – Assessment Information Assessment duration and/or due date You have a maximum of 7 weeks to complete this assessment. This assessment is released Week 7 * Commences in Week 7 and is to be completed by week 14 . Assessor will inform you with exact date and time for submission through canvas announcements. Task instructions Type of Product (tick which applies)  Project Summary and Purpose of Assessment This project is one of two assessment tasks that you need to complete, in order to be deemed competent for this unit. Completing this project allows you to demonstrate your ability to:  develop cyber security awareness in a work area by applying an up-to-date knowledge in line with company policies and procedures.  be able to support cyber security practice in the workplace by planning, training, and reviewing personnel behaviours on site and when working remotely.  document and report suggested improvements to specific individuals and management. Assessment Instructions This is an individual and group based ( Task 2a/b - 4 weeks* ) project to be completed in class and at home over the assessment period of 7 weeks. What? Goal of this project: You have been tasked with auditing this network/equipment to improve security. To complete this task, you will need to submit this document – signed and, create a report on your audit. Your report must contain the following:  Title Page  Table of Contents  Identifying and valuing Company assets [ Cyber Security Project ] [ 1 of 2 ] [ 21/05/2021 ] Student product assessment task © Content is subject to copyright, RMIT University FINAL APPROVED – STUDENT PRODUCT ASSESSMENT TASK TEMPLATE – June 2019_Version 2.0 Page 1 of 12

 Identifying and modelling training for Cyber Security threats  Implementing and testing training solutions to Cyber Security threats Task 1a Establish current level of awareness in work area relating to cyber security. Read the following scenario: CompanyXYZ is a new start-up (9 months) mostly an Online company which has 3 distinct departments. Their product is educational software sold to tertiary schools. 1. CEO & Office Admin 2. Sales & Marketing 3. IT Support The company has only reported 1 known security breach in the first 6 months of operations. The CEO and IT support have acknowledged the fact that security threats exist and seek your Security expertise to know how to prevent and respond to them. You conduct walk-through and hold meetings with several members of the company and discover the following data: 1. Operations and environment related to CEO (Grace) and Office Admin (Tim) a) CEO Grace uses her own laptop, the shared WIFI connected net printer, VoIP Phone - Uses the same password for everything including their outlook email account, personal email, and social media accounts. b) All CEO data is stored on their laptop. c) Door to IT Office is kept locked (Admin has additional key in their draw) d) Office Admin uses 1 PC station, shared net printer, – keeps their password on a post-it notes on the screen as they have trouble with recall, and they often forget to log off from PC. Emails are often sent from home email Gmail account as they find Outlook a bit too complicated at times to create email for internal staff. Most data are stored on PC and a few USB sticks that the admin takes home. Anti-virus software was updated 6 months ago. e) Office Admin notices a lot of emails that seem suspicious after clicking on internal links but neglects to report on them to IT support because they are so busy. 2. Operations and environment related to Sales & Marketing department (4 members: Kara, Raj, Ryan and Jiang) a) Staff members share 2 laptops between themselves, a shared net printer and use personal [ Cyber Security Project ] [ 1 of 2 ] [ 21/05/2021 ] Student product assessment task © Content is subject to copyright, RMIT University FINAL APPROVED – STUDENT PRODUCT ASSESSMENT TASK TEMPLATE – June 2019_Version 2.0 Page 2 of 12

smart phone for calls. You note that Kara loves to download movies. b) Sales representatives – travel and remotely connect to the office at airports and cafes that offer free internet when working on their smart phone and IPADs. c) Door to IT Office is not locked which joins to customer lounge– a lot of printed documents left on desktops. d) Anti-virus software & and windows 10 operating system was updated 6 months earlier. e) Guests, customers and staff can access internet using an open Wireless net. 3 . Operations and environment related to IT support (2 members Tom & Kena) a) Each member uses 1 laptop each, Windows 10 and anti-virus software was updated 3 months ago. b) Door to IT Office is not locked when unattended. c) IT staff login to WIFI using a default password. d) Net device is accessed with a generic unencrypted password (Kena’s birthday) Overall- you have perceived the following – messy / busy desks left in that state at the end of the day. Competition to use available laptops in Sales & Marketing. No security guidelines are available – staff learn on the job. Task 1a. Individual task Identify the Cyber Security Threats. * Cut and paste Table into your report : Your task is to Identify security threats to later implement and plan suitable controls. Department/Area No. of Cyber Security Threats Type of Threats Use the letter*(ABC) (A) Access (B) Data breach (C) Thef Identify 1 specific internal ( from within the company ) threat (I) per department. Identify 1 specific external threat ( from outside the company ) (E) per department CEO & Admin Sales& Marketing IT Support [ Cyber Security Project ] [ 1 of 2 ] [ 21/05/2021 ] Student product assessment task © Content is subject to copyright, RMIT University FINAL APPROVED – STUDENT PRODUCT ASSESSMENT TASK TEMPLATE – June 2019_Version 2.0 Page 3 of 12

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

Task 1b. Individual task Research Official Sites. The impact and scope of recent cyberattacks have many business and government officials concerned. Review the latest cyber threats and trend affecting Australian Businesses. Include the URL and Report (describe the threat) on the 3 common threats that could affect this company. * Cut and paste Table into your report : Threat Describe the Threat /include your URL Source 1 Ransomware – this occurs when an attacker……. URL: 2 URL: 3 URL: --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------- Task 2a [GROUP Task] Draf and Create a Security Policy – My Share link: ( paste your Onedrive share link here*) Based on the information gathered in Task 1 – work with your assigned partner to draft a security policy for company XYZ. ** Remember to keep your language in as plain and easy to read (Understandable!) as possible! Using the separate supplied word document – to share with your partner and Class Teacher in OneDrive : Correctly fill in side panel with your answers to 40 blank lines to complete the draft policy with your partner, where blank lines ____________ usually = 1 word, except follow word count required, e.g. (3) – You MUST Use the Comments section to show collaboration with your partner. Also, complete task 2b and incorporate comments between you and your partner. [ Cyber Security Project ] [ 1 of 2 ] [ 21/05/2021 ] Student product assessment task © Content is subject to copyright, RMIT University FINAL APPROVED – STUDENT PRODUCT ASSESSMENT TASK TEMPLATE – June 2019_Version 2.0 Page 4 of 12

Task 2b. Also complete [GROUP Task] with your partner using OneDrive document (see Task 2a*) Working with your partner create a list of guidelines for Best Practice for company XYZ’s Email procedures :- Student working together fills table to include at least 5 best practices to ensure secure email use. Best Practice – Do not answer here* 1 2 3 4 5 --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------- [ Cyber Security Project ] [ 1 of 2 ] [ 21/05/2021 ] Student product assessment task © Content is subject to copyright, RMIT University FINAL APPROVED – STUDENT PRODUCT ASSESSMENT TASK TEMPLATE – June 2019_Version 2.0 Page 5 of 12

Task 3 In class - Individual task: Create a Cyber Security program that reflects organization-wide best practice . Requires –Use of Template PowerPoint (see week 11 *), Video and a 5 question quiz. The company wishes to have staff working from home and travel interstate to broaden customer base for remote workers ( working from home or out of office locations ) . Ensure you support your design based on Australian Cyber Security reference documents (Guidelines & Procedures) Ensure you add thESE slides to your report --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------- Task 4 (Individual Task) Create a training plan for 2 out of the 3 topics: * Cut and paste Table into your report : Email practices, Data storage practices, Wi-Fi practices. Ensure you Cut and paste ‘ Cyber Security Training Matrix’ Table into your report: Cyber Security Training Matrix Topic 1: Email practices Topic 2: Data storage practices Topic 3 WIFI practices people, groups involved, Process - Method of Training Technology required Communicating Training outcomes for personnel Duration of Training in Minutes (m) --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------- Task 5 (Individual Task) Report to Company CEO on the outcomes of Training (Task 4) After implementing the Training workshops, the following behaviors have been seen in the workplace. Choose 7 for review from the list and document suggestions for the required improvements and [ Cyber Security Project ] [ 1 of 2 ] [ 21/05/2021 ] Student product assessment task © Content is subject to copyright, RMIT University FINAL APPROVED – STUDENT PRODUCT ASSESSMENT TASK TEMPLATE – June 2019_Version 2.0 Page 6 of 12

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

show your insight on the consequences (as in the DAMAGE if the threat does happen to company*) 1. Passwords are still left on Post IT notes around some devices. 2. Staff are storing documents on your local hard / USB drive. 3. Staff not taking action to complete software updates. 4. Staff are using personal email accounts for company comms 5. Default password used on WIFI 6. Staff are not using sensitivity labels to tag critical files. 7. Staff are not locking the desktop when leaving room. 8. Staff are not reporting phishing emails. 9. When I am working from home or in a public place accessing file on own desktop. 10. Staff uploading photos and names of colleagues of the place on social media page. 11. Staff are using outdated Group email lists. 12. Hardcopy documents still left on desktops at close of business. Cut and paste ‘Answer Table ’ into your report : NOTE, ONLY fill in your 7 out of 12 answers below : Issues No. Suggestions for the required improvements Consequences of the poor behaviour* --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------- Task 6a. (Individual Task) Identify 3 of the latest cyber security threats impacting this type of company. Requires –Use of PowerPoint ( Minimum 5 slides ) Document the following for each threat: A. Identify the threat B. Describe the risk this threat poses to the company XYZ C. Suggest an action the company will take to avoid this threat based on consultation training methods within industry authority - https://www.cyber.gov.au/acsc/services/covid-19-cyber-security-advice [ Cyber Security Project ] [ 1 of 2 ] [ 21/05/2021 ] Student product assessment task © Content is subject to copyright, RMIT University FINAL APPROVED – STUDENT PRODUCT ASSESSMENT TASK TEMPLATE – June 2019_Version 2.0 Page 7 of 12

Use this table – Paste it 3 times to fill for your identified: A.B and C (do not fill on this document*) Threat Criteria Checklist Identified the threat Described this risk this threat poses Suggested a suitable action Task 6b In class (Individual Task) Using your created PowerPoint for 6a. Communicate via a presentation to your stakeholders (teacher and class members) your findings from task 6a. In this meeting you are required to present all the information from Task 6a over 5-7 minutes to during your class time . Ensure you use your Task 6a Powerpoint to your present information. Add further information to their table entries after consultation with Threat ___ Criteria Checklist Identified the threat Described this risk this threat poses Suggested a suitable action Afer consultation with CEO (Teacher) New/modified Actions --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------- Where You will be undertaking this assessment from Week 7 to Week 14 in class time and out class times. You will complete set tasks on PCs provided or on own device. How You will be assessed against the criteria listed in the marking guide in Section B. To achieve a satisfactory result, you will need to address all criteria satisfactorily and submit work by Week 14. Conditions for assessment  This is an individual assessment task.  This is an open book assessment. You can access websites / eJournal to help answer the set questions.  You are allowed minimal support only from the assessor e.g. asking for clarification of a question.  Please make prior arrangements with the assessor at least one week prior to the assessment due date if they require special allowance or allowable adjustment to this task.  Students found in breach of assessment conditions can be charged with academic misconduct, have their results cancelled, be excluded from the program and receive other penalties. Penalties can also apply if a student’s test material is copied by others.  Plagiarism is the presentation of the work, idea or creation of another person as though it is one’s own. It is a form of [ Cyber Security Project ] [ 1 of 2 ] [ 21/05/2021 ] Student product assessment task © Content is subject to copyright, RMIT University FINAL APPROVED – STUDENT PRODUCT ASSESSMENT TASK TEMPLATE – June 2019_Version 2.0 Page 8 of 12

cheating and is a very serious academic offence that may lead to expulsion from the University.  Plagiarised material can be drawn from, and presented in, written, graphic and visual form, including electronic data, and oral presentations. Plagiarism occurs when the origin of the material used is not appropriately cited.  RMIT special consideration is to enable students to maintain your academic progress despite adverse circumstances. The process for special consideration can be found at http://www1.rmit.edu.au/students/specialconsideration  Students with a disability or long-term medical or mental health condition can apply for adjustments to their study and assessment conditions (Reasonable Adjustments and Equitable Assessment Arrangements) by registering with the Equitable Learning Services (ELS) at https://www.rmit.edu.au/students/support-and-facilities/student-support/equitable-learning- services  If you already registered with ELS and your study plan is approved, please inform your teacher if this assessment task is not adjusted in line with approved study plan.  Please ensure your full and correct name is written on this assessment task (do not use nicknames or abbreviations).  You will be assessed as satisfactory or not yet satisfactory in this assessment task. You need to achieve satisfactory (S) results in both assessments to be deemed Competent (CA).  You can appeal the assessment decision according to the RMIT Assessment Appeal Processes Instructions on submitting the Product Assessment You must submit a Zipped file containing this document with all sections attempted and your Packet Tracer file as assessment evidence for this task – failure to submit all items will result in an unsatisfactory result for this unit. 1. You must submit a file containing the assessment work on canvas. Append file title with your name & Student ID. The naming convention of the zip file is: <Student Number>_<Student Full Name>_Project.zip Additional Instructions: 1. Attempt ALL the questions/tasks in each practical test. 2. Performance requirement for each Practical test: a. Satisfactory (S) performance- complete all the steps listed for the practical task and able to answer all verbal questions correctly satisfactory and not satisfactory – unable to complete all the steps listed for the practical task or unable to answer all verbal questions correctly 3. You need to achieve satisfactory (S) results in all three (3) assessments to be deemed Competent (CA) in this course Equipment/resources students must supply (if applicable): Equipment/resources to be provided by WORK or the place (if applicable):  Home PC/laptop  Pen and paper  USB – Hard drive etc to back up their files  RMIT internet access  Onsite computers with internet connectivity  Availability of Canvas to submit project task [ Cyber Security Project ] [ 1 of 2 ] [ 21/05/2021 ] Student product assessment task © Content is subject to copyright, RMIT University FINAL APPROVED – STUDENT PRODUCT ASSESSMENT TASK TEMPLATE – June 2019_Version 2.0 Page 9 of 12

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

Section B – Marking Guide Report completed Report contains all the required information as outlined in the brief The student’s report must contain the following: ·  Title Page  Accurate Table of Contents  All Information from Tasks 1,3-6 (Note - Task 2a/b is stored on OneDrive Criteria for assessment Satisfacto ry Not Satisfactory Task 1a Students complete requirements and fill table: Type of Threats as shown on R.H.S And specific example of Threat at Interna l and External levels ☐ ☐ Task 1.b Student must describe current 3 threats in the industry- include URL* ☐ ☐ Task 2a Student must fill answers collaboratively with their partner on OneDrive share ☐ ☐ Task 2b Student must mention at least 5 from the sample answers collaboratively with their partner on OneDrive share ☐ ☐ Task 3. Students require at least 6 guidelines for staff remotely working: ☐ ☐ Task 4 Create a training plan ☐ ☐ Task 5 Student must fill answers as shown to action and impact related to each of the 6 points ☐ ☐ Task 6a Student has written the following in their report for 3 threats researched – including RISK description and resolution related to training. ☐ ☐ Task 6b Student must present the following for 3 different Threats:  Identify the threat.  Describe the risk this threat poses to the company XYZ. ☐ ☐ [ Cyber Security Project ] [ 1 of 2 ] [ 21/05/2021 ] Student product assessment task © Content is subject to copyright, RMIT University FINAL APPROVED – STUDENT PRODUCT ASSESSMENT TASK TEMPLATE – June 2019_Version 2.0 Page 10 of 12

 Suggest an action the company will take to avoid this threat [ Cyber Security Project ] [ 1 of 2 ] [ 21/05/2021 ] Student product assessment task © Content is subject to copyright, RMIT University FINAL APPROVED – STUDENT PRODUCT ASSESSMENT TASK TEMPLATE – June 2019_Version 2.0 Page 11 of 12

Section C – Feedback to Student Has the student successfully completed the task? Yes No Feedback to student: Assessor Name Date [ Cyber Security Project ] [ 1 of 2 ] [ 21/05/2021 ] Student product assessment task © Content is subject to copyright, RMIT University FINAL APPROVED – STUDENT PRODUCT ASSESSMENT TASK TEMPLATE – June 2019_Version 2.0 Page 12 of 12

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version