ICTCYS407 - ASI - Assignment 3 - Present your findings
docx
keyboard_arrow_up
School
TAFE SA *
*We aren’t endorsed by this school
Course
CYIFT
Subject
Information Systems
Date
Apr 3, 2024
Type
docx
Pages
6
Uploaded by DrBravery13096
Assessment
Student
Instructions
Assessment Title
Present your findings
Competency Details
Unit code/s and title/s
ICTCYS407 – Gather, analyse, and interpret threat data
Qualification code/s and title/s
Diploma of Information Technology - Cyber Security
Business unit/Work group
Business and Arts/IT Studies
Instructions
Method/s of assessment Questioning (Written)
Questioning (Oral) / Observation (Interview)
Overview of assessment
This assessment will require you to:
Complete a report of your findings
Have an interview with your manager to review your findings about the incident
Task/s to be assessed
This assessment will require you to complete the following tasks:
Task 1 – Document and submit your results and findings
Task 2 – Review your findings with management
Time allowed
Refer to your schedule for submission dates. This assessment should take you approximately three hours to complete.
Location of assessment
Assessment can be completed anywhere with access to the resources required.
(See Resources Required section below)
Decision making rules
To receive a satisfactory outcome for this assessment you must complete all parts correctly.
Word counts are provided as guidance only.
Assessment conditions
This assessment must be undertaken where conditions are typical of a work environment requiring cyber secure practices, processes, and procedures.
This is an unsupervised assessment, and you may access any required resources.
Resources required
To complete this assessment, you will require the following:
Access to Learn with Internet access
Learn resources
Microsoft Windows 10
Word processing software such as Microsoft Word.
Communication software such as Microsoft Teams
Email software such as Microsoft Outlook
You will need to have access to the various ITWorks Document name: 8e86185ac22e5aec0d10e0386ae9bf18774d698f.docx
page 1
Document Set Release Version: v1.1 - 18/10/2022 © TAFE SA | RTO CODE 41026 | CRICOS 00092B
TAFE SA Template Version: Assessment Student Instructions v5.0 Document development version: v12.0
Organisational Policy and Procedures, and log files located on Learn in the Assessment Documents and Submission Links topic (refer to the Assessment Support Documents for Students - ASDS)
ICTCYS407– ASDS – Policy ID 170 - IT Works Cyber Security Incident Reporting.docx
ICTCYS407 – ASDS – syslog
ICTCYS407 – ASDS – linux_secure.log
ICTCYS407 – ASDS – publfirewall.log
You can complete on your own computers or laptops if you are able to source the above requirements.
Result notification and reassessment information
You will be provided feedback and the result for your assessment on TAFESA Learn. Submitted assessments will be marked within two weeks of the assessment due date as indicated on the study schedule on LEARN. You will be and given the chance to resubmit with required corrections only once. Any resubmits must be uploaded to LEARN within 7 days of the resubmit result on LEARN. Refer to the TAFE SA assessment policy for more information https://www.tafesa.edu.au/apply-enrol/before-starting/student-
policies/assessment
Document name: 8e86185ac22e5aec0d10e0386ae9bf18774d698f.docx
page 2
Document Set Release Version: v1.1 - 18/10/2022 © TAFE SA | RTO CODE 41026 | CRICOS 00092B
TAFE SA Template Version: Assessment Student Instructions v5.0 Document development version: v12.0
SCENARIO
BUSINESS
BACKGROUND
Jim’s Trade Supplies (JTS)
is a small supply company providing tradies with the tools, fasteners and
industrial supplies they need.
JTS
stock a number of trusted brands, like Bolle, Paslode, Powers, Bostik, Lufkin, Makita, and ProSafety, to suit tradies needs perfectly. Frequently putting our trade supplies products through onsite testing as well as controlled environment testing to make sure that we understand its capabilities.
JTS
comprise of the
Owner (Manager) – Jim Strutz
Admin Support x 2
Sales Team x 3
Delivery Driver x 2
JTS has just won a tender to supply stock to the Australia Defence Force.
SCENARIO
There has been a suspected breach of the JTS network which now urgently needs investigation. Jim is very concerned about the legal obligations for JTS and is also concerned about his customers information. Any stolen information could be very damaging to the reputation of JTS and could endanger the defence contracts. Users of the system and IT staff have noticed that the responsiveness of the Web Server has been poor since March.
As the ITWorks “IT Security Analyst”, you have confirmed with Jim the data sources that you were to investigate for suspicious activity. You have now investigated the incident and now you must complete
a report of your findings. Once your report is completed you must outline everything that you have found to management as per company policy.
Document name: 8e86185ac22e5aec0d10e0386ae9bf18774d698f.docx
page 3
Document Set Release Version: v1.1 - 18/10/2022 © TAFE SA | RTO CODE 41026 | CRICOS 00092B
TAFE SA Template Version: Assessment Student Instructions v5.0 Document development version: v12.0
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
CURRENT JTS TEST SETUP
Further information
JTS Domain Controller Server:
Windows Server 2016
Domain Controller / Active Directory
DNS
DHCP Server
Internal and remote access configured
MySQL Installed
Splunk Enterprise Installed
JTS Web Server:
External Web Server
Hosts JTS Web page
Hosts JTS Store, Store database and associated store log files
Windows PC’s:
Windows 10 installed
Users’ login through Domain Controller with Domain account
Document name: 8e86185ac22e5aec0d10e0386ae9bf18774d698f.docx
page 4
Document Set Release Version: v1.1 - 18/10/2022 © TAFE SA | RTO CODE 41026 | CRICOS 00092B
TAFE SA Template Version: Assessment Student Instructions v5.0 Document development version: v12.0
Task 1: Document and submit your results
Management has asked for a report of your findings from your investigation. You are to create a report of your findings from Assessment 2 - Add and analyse threat data with Splunk.
Create a report which includes:
A review of the threat data that was used in Assessment 2 (50 words)
Provide information about where you stored your files for the investigation according to the policy and procedure document, ICTCYS407 - ASDS - Policy
ID 170 - IT Works Cyber Security Incident Reporting, section 5.5: incident management (30 words)
The threats that you found in your investigation (50 words and Minimum 2 threats)
The risks that those threats pose to the company and assets (30 words)
The likelihood that these threats are to occur (30 words)
The impact these threats could have on the company and assets (50 words and two impacts)
Explain some lessons learnt from your investigations (50 words and Minimum two lessons learnt)
Some action steps you or the company should take on the identified threats (40 words and minimum two actions)
Provide some mitigation strategies that should be put in place for the identified threats (two mitigation strategies and 50 words)
Provide two recommendations for how the incidents outlined in this report can
be avoided in the future (50 words)
Create an email and send the files or a link to your files for the investigation and your
report to the cyber manager at cybermanager@itworks.com.au
and ICT support at ictsupport@itworks.com.au
according to the policy and procedure document, ICTCYS407 - ASDS - Policy ID 170 - IT Works Cyber Security Incident Reporting, section 5.5: incident management. Provide a screenshot of your email below:
Document name: 8e86185ac22e5aec0d10e0386ae9bf18774d698f.docx
page 5
Document Set Release Version: v1.1 - 18/10/2022 © TAFE SA | RTO CODE 41026 | CRICOS 00092B
TAFE SA Template Version: Assessment Student Instructions v5.0 Document development version: v12.0
Task 2: Review your findings with management
You are to organise an interview with the ITWorks Manager (Your Lecturer). You can do this in the classroom, or in a Virtual Classroom (Collaborate) or on Microsoft Teams. External students are to email their Lecturer to arrange a time to speak either over a Microsoft Teams meeting, or phone.
You will need to contact your Lecturer at least 24 hours in advance either verbally in class or via email to arrange a suitable time for this interview.
In the interview you will be discussing your results from assessment 2 – Add and analyse threat data with Splunk. You must have submitted this on Learn prior to organising this interview. The interview should take no longer than 10 minutes.
You must discuss with your manager:
Review the threat data that was used in Assessment 2
Explain at least two threats or vulnerabilities that you found in your investigation
The risks that those threats pose to the company and assets
The likelihood that these threats are to occur
Explain two impacts these threats could have on the company and assets
Explain at least two lessons learnt from your investigations
Provide at least two action steps you or the company should take on the identified threats
Provide at least two mitigation strategies that should be put in place for the identified threats
Provide two recommendations for how the incidents outlined in this report can
be avoided in the future
Document name: 8e86185ac22e5aec0d10e0386ae9bf18774d698f.docx
page 6
Document Set Release Version: v1.1 - 18/10/2022 © TAFE SA | RTO CODE 41026 | CRICOS 00092B
TAFE SA Template Version: Assessment Student Instructions v5.0 Document development version: v12.0
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help