BSBXCS302 Assessment 2

docx

School

Canberra Institute of Technology *

*We aren’t endorsed by this school

Course

302

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

10

Uploaded by CoachWolverine3943

Report
Assessment Written Student Name: CIT Number: Competency Title, Code and Banner Code CRN BSBXCS302 Identify and report online security threats Assessment Type Written Case Study Project Assignment Other Assessment Name Assessment 2: Written and verbal Assessment Date Student Statement: This assessment is my own work. Any ideas and comments made by other people have been acknowledged. I understand that by emailing or submitting this assessment electronically, I agree to this statement. Student Signature: Date: PRIVACY DISCLAIMER: CIT is collecting your personal information for assessment purposes. The information will only be used in accordance with the CIT Privacy Policy. Assessor Feedback Student provided with feedback Attempt 1 Satisfactory Not Yet Satisfactory Date: / / Attempt 2 Satisfactory Not Yet Satisfactory Date: / / Assessor Name: Adnan Syed Assessor Signature: Adnan Note from Assessor: Please record any reasonable adjustment that has occurred for this assessment. © Canberra Institute of Technology Page 1 of 10 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023
Assessment Task Instructions for Students This assessment consists of several questions including multiple-choice and scenario-based questions. In order to be successful in this assessment, you are required to have clear understanding on the concepts below: Internal policies, procedures and plans relating potential online security breaches Blocking and reporting potential security breaches on computer and mobile device according to organizational policies and procedures Responding to actual security breach or cyber security incident according to organizational response plan Reporting security breach or cyber security incident according to legislative requirements and organizational policies and procedures Providing information to required personnel to assist in documenting potential and actual breaches Supporting post-incident review and identifying lessons learnt Contributing updates to cyber security incident response plan as required and within scope of own role Time allowed : see subject guide Assessment range and conditions : Students need to have access to all resources. If resources are used, then appropriate referencing must be adhered to. Students are to submit this assessment in a timely manner and if an extension is required, to contact the teacher within an appropriate timeframe. Materials provided and Material you will need: Assessment paper and instructions Access to eLearn Access to CIT computers, internet access to research material Access to MS Office applications including MS Publisher Information for students: You may have two (2) attempts for this assessment. If your first attempt is not successful, your teacher will discuss your results with you and will arrange a second attempt. If your second attempt is not successful, you will be required to re-enrol in this unit. Only one re-assessment attempt will be granted for each assessment item. © Canberra Institute of Technology Page 2 of 10 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023
Question 1: Scenario: Imagine a situation where you work as a cyber analyst in an organisation (ABN-12345678), named Teach Virtual , whose combine turn over greater than 250 million. It is located at XYZ Street, ACT 2611, Canberra. Your organisation recently bought a new office and had some renovations done to it by a builder, XYZ123. After a while, your organisation decided that they want more work done to the office and called the same building company, XYZ123, back to do it. After completing the work, the builder sent Teach Virtual an invoice. The invoice came from the builder's email address and as Teach Virtual paid it previously and noted the bank account details were different to last time. However, the company did not pay enough attention and did not investigate further for the verification of this bank account change. So, consequently, Teach Virtual has paid all the dues to the new account. A few days later, Teach Virtual got a call from the builder who was angry as they hadn't been paid yet. They checked their accounts to prove to the builder they had paid the invoice. After checking the account details, the builder suspected that they were a victim of a Business Email Compromise (BEC). Teach Virtual's email address is contact@teachvirtual.com and phone number is 04317947317 a) Please choose the correct option(s) and highlight with green color based on the scenario above: Question 1 of 4: What could have happened here? a) Teach Virtual paid the right account it’s just taking a little while to get there b) A scammer had hacked the builder’s email and changed the details of his invoice before it was sent to you c) The builder is scamming you by pretending they were never paid Question 2 of 4: After establishing a scammer had hacked the building company's email and changed the bank account on the invoice, the builder is still angry he hasn't been paid. What are Teach Virtual’s options? a) Contact its internet provider as they are responsible and will cover the lost money b) Contact the criminals to get her money back c) No options, the money has already been spent d) Immediately call the bank and let them know the transaction was fraudulent, then report the incident to us at ReportCyber Question 3 of 4: What could Teach Virtual have done to prevent this incident? a) Call the bank and ask them to validate the bank details b) Flag the invoice as spam because the details didn’t match the details on the previous invoice c) Call the builder when you got the invoice to confirm the change in detail d) Nothing, it was unavoidable unfortunately Question 4 of 4: From the builder’s side, what should the company do to secure their accounts? Check all that apply a) Close the business’ bank accounts and open new ones with a new bank b) Report the incident to us at ReportCyber and then change the passwords on all company email addresses and ensure MFA is turned on c) Check if further systems were compromised by running a malware scan and hiring an IT professional d) Close the business’ email addresses and create new ones © Canberra Institute of Technology Page 3 of 10 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
b) Please report the incident ReportCyber by answering the following questions: 1. Who are you reporting on behalf of? a) An individual: Select this option to report a cybercrime that has affected you personally or someone that you know b) A business or an organisation: Select this option to report an event that has affected an ABN registered business or if you wish to report a cyber security vulnerability. c) A government department or agency: Select this option to report an event that has affected a government entity (Local, State or Federal) or if you wish to report a cyber security vulnerability. 2. Is this affecting a Large Organisation or a Critical Infrastructure entity? Large organisations are entities that are part of an economic group with combined turnover greater than $250 million. This includes public, private and foreign-owned companies, partnerships, trusts and super funds. Critical infrastructure entities are generally defined as being essential in delivering services which support everyday life activities. These include entities which are vital for health, transport, financial, energy, education, defence, food and agriculture, communication, and other sectors. Critical infrastructure entities are legally required to report cyber security incidents to the ACSC within: 12 hours, if the incident is having a significant impact on the availability of the asset, or 72 hours, if the incident is having an impact on the availability, integrity, or reliability of the asset, or on the confidentiality of information about, or held by, the asset. 3. Provide contact details: First Name: Bhargava Second name: Veppala Email address: contact@teachvirtual.com Verify email address: contact@teachvirtual.com Contact number: 04317947317 4. Organisation Details: Name: Teach Virtual ABN: 12345678 State: ACT Post code: 2611 5. Incident details: Select one of the options from below: Denial of service (DOS): Where systems are rendered unavailable due to an actor overloading or flooding the service with requests. © Canberra Institute of Technology Page 4 of 10 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023
Scanning and reconnaissance: Where networks have been queried, usually to identify potential vulnerabilities, or unsecured access vectors, for unauthorised access. Unauthorised access to network or device: Data exposure, theft, or leak: Malicious code/malware: Involving software or scripts that are designed to damage files or systems, disrupt or deny access to files or systems, or to gain unauthorised access to files or systems. Ransomware: A type of malicious software, designed to deny access to files or systems until demands by an actor are met. Phishing/spear-phishing: Where fraudulent emails (purporting to be from a reputable source) are sent or received to gain unauthorised access to information. BEC: Business email compromise (BEC) is a form of targeted phishing, or spear phishing. Criminals target organisations and try to scam them out of money or goods. They also target employees and try and trick them into revealing important business information. 6. Please describe the incident including how it may have occurred. (such as the extent of the incident, any data loss/modifications, and the impact to your business operations) It can be the man in the middle attack where the third party has got access to the email and it can alter the information in the email and so they could receive the funds. This incident is financial loss for the company. It might have occurred due to phishing emails and compromising the business email. Question 2: 1. You recently joined a company as a cyber security analyst. The name of the company is Tech Horizons. Your primary job is to go through and review internal policies, procedures and plans relating potential security breaches. Tech Horizon is a leading organisation in Canberra providing technological solutions to educational institutions. It creates communication platform for many schools and colleges in Canberra. It has got more than 100 employees in 5 different branches around Canberra. Each employee has username and password to log-in to the system. Tech Horizons has got more than 1000 computers connected to multiple networks. These networks are protected by firewalls. However, the files are not encrypted with the latest technology. There are multiple filters installed and activated to detect spam emails. Tech Horizons collect and store students’ name, email addresses, name of educational institution, student ID to provide services to various educational institutions. The company has expanded their business in other countries: England, China, and Philippines. It delivers the similar services to various schools and colleges in those countries. © Canberra Institute of Technology Page 5 of 10 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023
Tech Horizons has a central data base; it collects students’ data from 4 different countries and save it in the data base located in Canberra. As cyber analyst, you are required to identify cyber security measures according to organisational policies and procedures to protect data and networks. You are required write a report describing various cyber security policies and procedures outlining: a) Technology and information assets that you need to protect b) Threats to those assets and networks c) Rules and controls for protecting assets and networks according to organisational practices and procedures in securing work and customer data d) International cyber/data security policies as Tech horizons collects data from various countries and store it one place. e) Business impact of losing students’ data because of potential cyber attack Report: a) Technology and information assets that you need to protect Data base should be protected b) Threats to those assets and networks Malware, Phishing, password attacks, DOS, SQL injection are the threats and use of VPN is a must for networks. Protecting the network with firewalls and increase the security. Never connect to public networks. c) Rules and controls for protecting assets and networks according to organisational practices and procedures in securing work and customer data All the files should be encrypted with latest technology, follow the compliance and regulatory standards for the policies. d) International cyber/data security policies as Tech horizons collects data from various countries and store it one place. Stores in the dadtabase located in Canberra e) Business impact of losing students’ data because of potential cyber attack It could be a great financial loss and name of the company as well as it is a multinational recognised one and it has huge impacts on the student lives as it is their private data. Question 3: © Canberra Institute of Technology Page 6 of 10 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
(Continued from the previous question) As Tech Horizons does not encrypt its data, it hit a Ransomware attack and lost all its data. It includes students’ names, email addresses, date of births, homes addresses and grades. Being a cyber analyst in your organisation, you are required to prepare a data breach response plan for this incident. Now, prepare your response plan by answering the following questions: a) What is a data breach response plan? should prepare an incident response, they must know about the incident and use play books and run books to educate the employees. It should Check and detect the unusual activities such as accounts, networks, passwords not working, lack of harddrive storage, computer crashing, spams to customers accounts . Find the initial cause of the incident and assess it. Respond to the incident to limit further damage to the business by isolating the affected systems, disconnecting them from the network and turning them off. Remove the threat and recover and restore the systems for business use. Review again and identify if any system need changes and process them. Evaluate the incident and learn lessons from it. Update the cybersecurity response plan as per the lessons learnt to improve the business response, check and detect an attack even before it occurs in future. b) Elaborate each of the points/items below that will create your incident response plan A clear explanation of what constitutes a data breach (define data breach in 50 words examples cab also be added)- A data breach happens when data is shared with someone who isn't supposed to have it or when data is hacked by someone who isn't supposed to have it. This can happen by mistake or when security is broken. According to the Privacy Act 1988 and under the Notifiable Data Breaches (NDB) scheme any organisation or agency must report the data breach and notify the affected individuals. Examples include when a personal device that has personal information is lost or stolen or is given to any strangers. Database with personal information of an organisation is hacked. A strategy for containing, assessing, and managing data breaches: Elaborate the idea "Contain" "Assess" and "Notify" (at least 50 words) - OAIC suggests a process with three steps: • Plan the assessment and assign a team or person to do it. • Investigate the incident to figure out what happened. • Evaluate the situation to decide if major harm is likely based on the evidence. The OAIC suggests that this be written down. Try to tell your customers and employees as much as you can about what happened and how bad it is. Use multiple ways to tell people about the breach to make sure that everyone who needs to know does. The roles and responsibilities of staff: Typical data breach response team needs a diverse expertise. List 7 different roles with probable responsibilities (at least 50 words)- Manager of incidents © Canberra Institute of Technology Page 7 of 10 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023
An incident manager has full control. By leading and organising all team actions, they keep the incident response team focused on minimising damage and recovering swiftly. Leader of information security Tech leads are usually senior technical responders. They analyse all the information, assess the problem's cause, lead the technical team throughout the incident, and quickly restore system and service. The information security team leader will collaborate with the incident management to determine what damage occurred and why. Communications manager The company's reputation and stakeholder trust can suffer from a severe data breach. Help with public relations and data breach response is crucial. This person oversees the company's internal and external message and communications. They will collaborate with team members to determine company communications, including social media, company websites, and media. Chief documentarian An efficient incident response process includes extensive documentation and adequate evidence gathering to ensure a timely and successful response, guide future incident response strategies, and fulfil regulatory reporting. The documentation lead will document all team operations, including investigation, discovery, and recovery, and produce a reliable chronology for each step of the incident. By being exact, this strategy speeds up breach recovery. Law firm Internal and external lawyers may make up the legal team. The legal team should advise on data security issues and legal requirements, including who must be notified of a breach. Legally, this is complicated. The legal team will advise on who should be told, what to say, etc. if obligatory notice is required. The HR department A company's personnel must be aware and equipped to address cyber incidents. The incident and employees' roles should be communicated. To inform and allow employees to respond, the communication should include pertinent details. Response to data leak Data breached companies' incident response teams are more likely to suggest investing in stronger prevention measures. The ThreatAdvice Breach Prevention Platform is a complete cyber security platform that gives you supervision over all your organization's security needs and guarantees the correct solutions are in place to lessen the risk of a data breach. ThreatAdvice can help you secure your company's future. Documentation: Describe what you need to document in this whole process of preparing a response plan (at least 50 words) Communication paths between the incident response team and the rest of the organisation Metrics to measure how well its IR skills work Incident respond continues to provide support for successful litigation, documentation to show auditors, and historical knowledge to feed into the risk assessment process and improve the incident response process itself. Review: How did this incident happen? (at least 50 words)- © Canberra Institute of Technology Page 8 of 10 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023
Post-incident review and lessons learnt: What could have done differently to avoid this incident and what can be done to mitigate future risks. (at least 50 words) We will review and identify if any system need changes and process them.Evaluate the incident and learn lessons from it. In this case use of encryption for files sahred and potecting the firewalls and upadating the system. Update the cybersecurity response plan as per the lessons learnt to improve the business response, check and detect an attack even before it occurs in future. Question 4: Mandatory workshop participation: Scenario In 2022 Medibank data hack, many of you lost your identifiers, such as, name with date of birth, addresses and phone numbers. In this critical situation, you are afraid of being hacked with your stolen credentials. This data hack affects all your classmates. Let’s assume you have decided to set up meeting with the manager of your financial institution you do banking with. Before setting up a meeting with your bank manager you will discuss this issue with your classmates to better understand Medibank data hack and its implications to your online banking security. This is a group task. However, every member of your group needs to patriciate in this group discussion. You will be observed undertaking the discussion with your classmates and the observation checklist will be used to assess your skills during the task. You are required to ask open and closed probing question to each other about your cyber security concerns and new (possible) identifiers and answering these questions to be successful in this activity. The questions below are examples that could be used to start and assist your discussion. a) Was Medibank data hack a notifiable data breach? Yes it is as per NDB scheme, if there is disclosure of personal information held by an entity , it is likely to result in serious harm to any of the individuals to whom the information relates. As per the Medibank’s data breach it includes people’s names, date of birth, address and phone numbers and so it is a notifiable data breach. b) Where should Medibank report about this data breach? Under the privacy act 1988, Medibank should report data breach usually within 24-48 hrs to Office of Australian Information Commissioners using an online Notifiable Data Breach Form https://forms.business.gov.au/smartforms/servlet/SmartForm.html?formCode=OAIC-NDB&tmFormVersion c) What are the industry-standard practices and procedures Medibank needs to follow in response to this data hack? Medibank should prepare an incident response, they must know about the incident and use play books and run books to educate the employees. © Canberra Institute of Technology Page 9 of 10 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Check and detect the unusual activities such as accounts, networks, passwords not working, lack of harddrive storage, computer crashing, spams to customers accounts . Find the initial cause of the incident and assess it. Repond to the incident to limit further damage to the business by isolating the affected systems, disconnecting them from the network and turning them off. Remove the threat and recover and restore the systems for business use. Review again and identify if any system need changes and process them. Evaluate the incident and learn lessons from it. Update the cybersecurity response plan as per the lessons learnt to improve the business response, check and detect an attack even before it occurs in future. d) What kind of new identifier the bank can propose? The bank can propose to use other identifications of a person such as their voice identity or something that is apart from those that were included in the data breach. e) Can my voice be treated as my new identifier to avoid identity theft in the future? Definitely as it is more secure compared to other authentication methods. f) Can you discuss how does the bank store and record my voice in this regard? In this regard, the bank store and record my voice. It is a process in which software records your voice and makes a computer version of it that can help you interact if you lose the ability to speak. It doesn't exactly copy your voice and the way you talk, but it does make something that sounds like you. © Canberra Institute of Technology Page 10 of 10 Date created: 23/08/2021 CRICOS No. 00001K | RTO Code 0101 Date updated: 4/12/2023

Related Documents

drp.docx
Network risk.docx
Tech-Challenge-1.2-Create-a-Linux-Virtual-Machine-VMware (1) (1).docx
Quiz_ Exploration Materials_ HIWD370_ Comparative Civilization (D02).pdf
BSBXCS303 Assessment 2.docx
Discussion case 5.docx
Define technological competency.docx
environmental-sustainability-plan-template (1).docx
BSBXCS302 Assessment 1.docx
EVPC 100 MOD 5 FINAL PROJECT ANTHONY.docx
CH 07-01.pdf
M02 - Part 2 Hands-On Project 4-4 Configuring Microsoft Windows Security - Part 2.docx