MIS607程序代写、代做Java、Python编程

日期：2024-03-27 09:04

MIS607_Assessment 2 Brief Threat Model Report Page 1 of 7

ASSESSMENT 2 BRIEF

Subject Code and Title MIS607 Cybersecurity

Assessment Threat Model Report

Individual/Group Individual

Length 1500 words(+/-10%)

Learning Outcomes The Subject Learning Outcomes demonstrated by successful

completion of the task below include:

b) Explore and articulate cyber trends, threats and staying safe

in cyberspace, plus protecting personal and company data.

c) Analyse issues associated with organisational data networks

and security to recommend practical solutions towardstheir

resolution.

d) Evaluate and communicate relevant technical and ethical

considerations related to the design, deployment and/or the

uses of secure technologies within various organisational

contexts.

Submission For regular class (12 Weeks Duration):

By 11:55 pm AEST/AEDT Sunday of Module 4.1 (week 7)

For intensive class(6 Weeks Duration):

By 11:55 pm AEST/AEDT Sunday of Module 4.2 (week 4)

Weighting 30%

Total Marks 100 Marks

Assessment Task and Context

The goal of this assessment is to identify the threats or vulnerabilities in the case scenario

described in the associated file, Assessment Initial Case Scenario.docx. NOT all threats or

vulnerabilities you “discover” are in the initial case scenario. “Discovery” of threats is important.

For each threat you need to indicate how it would be discovered in a business and in three cases,

expand with a viable explanation of discovery, with small relevant details of an interview or

survey, etc.

You should use this assessment brief document to guide what to include in this assessment and

use the provided case study to help demonstrate understanding of the topic.

Instructions

To successfully complete this assessment, your MIS607 Assessment 2 MUST include:

The reportshould have the following heading structure.

Title page

The title page should include subject code and name, assessment number, report title,

assessment due date, word count (actual), student name and surname, student ID,

Torrens’s email address, learning facilitator name and surname.

MIS607_Assessment 2 Brief Threat Model Report Page 1 of 7

Executive Summary

The best time to write the Executive Summary is when you have finished working on your

assessment. Top-level executives often only read the executive summary, so it is a brief

summary of what was done with a very brief overview of major results.

1. Introduction

Since you already have an executive summary, this can be quite brief. You will need to

provide a short description of the case organization. Overall, the introduction section is

about “What the assessment is going to be about?”

2. Main Discussion

IMPORTANT NOTE: The required discussions for sub-sections 2.1, 2.2 and 2.3 are

discussed earlier in this assessment brief document (see above).

2.1.Data Flow Diagrams (DFDs)

The DFDs must relate to the business described in the initial case scenario. You must

remember that the DFDs are the FIRST step in the “Risk Analysis” process, and so they

are not the main output of this assessment. The main output of MIS607 Assessment 2

is the categorized threats (see below).

For the DFD section of your report, you will need to present at least a “Context

Diagram” (level-0) and a “Level-1 Diagram” (DFD). You can include further levels of

DFD (e.g., Level-2, Level-3, etc.) if you feel they are needed to show a trust boundary,

but it’s not necessary.

The level-1 diagram (and further level diagrams, if needed) must not break the rule

for proper DFD formation/development. And the DFDs (excluding the Context

Diagram) MUST have labelled trust boundaries.

You MUST use the symbol conventions shown below:

2.2. Threat List, Threat Discovery, and STRIDE Categorisation

For the threat list you should have a table of at least 10 threats with at least the

following headings: threat brief name, brief description, brief discovery technique,

STRIDE category, trust boundary, and whatever else may be handy. Make the table

as readable as possible.

After the table, you need to expand on at least three of the threats (one of these

must be the main threat mentioned in the case). These should be related to research

material. You should also go into some explanation of how you discovered the threat

MIS607_Assessment 2 Brief Threat Model Report Page 1 of 7

(as if you found them within the organization).You need to discuss the other seven

threats in brief(2-3 lines at least)

3. Conclusion

In this section, you will wrap up your discussion in a clear and simple way. Overall, the

conclusion section reminds the reader what the report/assessment has been about. Indicate

and discuss the major findings and/or recommendation of your report.

4. References

A minimum of ten (10) references are required in this assessment. At least one (1)

reference needs to be a “peer-reviewed” journal article or a conference paper.

You are welcome to use more than ten (10) references in your MIS607

Assessment 2 based on your decision and preference; however, the minimum

number of references to be used in this assessment is ten (10) references. Make

sure to list the references alphabetically and where possible, make sure to use

the most recent references. At least three (3) references MUST be from peer

reviewed sources (e.g., conferences, journals).

You need put a “**” before such peer-reviewed references in the references section when

you want to highlight, they are peer reviewed. One mark will be deducted for not putting a

** in front of the peer reviewed article in references.

5. Appendices(Appendix 1, Appendix 2, etc.)

Overall, there is no need to have an Appendix in this assessment; however, if there is any

EXTRA information which you might think of being necessary in your assessment, you can

use this section to highlight it. IMPORTANT NOTE: ALL important and necessary information

(e.g. DFDs, Threats, STRIDE, etc.) for your report MUST be inserted and discussed within the

report and NOT in Appendices (Appendix 1, Appendix 2, etc.) section.

Important points on STRIDE and threat discovery:

▪ Threats Discovery – The main output of MIS607 Assessment 2 should be a table with a set

of minimum 10 threats or vulnerabilities that need mitigation in the case scenario

organisation. Out of these 10 threats or vulnerabilities, choose 3 and explain them in more

depth below the table. You will discover these threats or vulnerabilities with the help of the

DFDs and the trust boundaries.

Imagine yourself as a consultant called into work inside the business to discover threats.

For this assessment, business acumen and business logic in approaching threats is what is

required.

The main threat for this assessment resembles a real-world attack. You need to develop a

brief, factual overview of the real-world attack (web links can count as references here

since the attack might not yet be covered academically).

IMPORTANT NOTE: Any explanation of the real-world case is based on real

information/data, NOT speculation or simulated “discovery”.

It is important to understand that you need to “discover” additional threats or

vulnerabilities on the associated initial case scenario. The case scenario is only an initial

assessment of the organisation. The “discovery” can be simulated based on your

MIS607_Assessment 2 Brief Threat Model Report Page 1 of 7

simulated investigation. Obviously, you must cover the main threats already identified in

the case scenario, but other threats or vulnerabilities should be “discovered” by you. In

this regard, inform the reader about what discovery techniques were used.

STRIDE Methodology – Note that the DFDs are NOT the main output of this assessment.

The main result of this assessment is a “set of threats or vulnerabilities”. Important points

to consider are:

✓ Try to map these threats or vulnerabilities as best you can against trust

boundaries.

✓ And categorize the identified threats or vulnerabilities as best you can, against

STRIDE categories.

The STRIDE categories are NOT the threats. Do not be concerned if the threats you discover

do not fit all STRIDE categories. In a full real-world assessment with hundreds of threats,

this would be the case, but with around 10 threats this will probably not be possible. You can

make assumptions, but the report is written from the point of view of a consultant who has

made “discoveries” from their investigations. In the simulation you may gather needed

information from stakeholders. Assessment markers are aware that the technical

information “discovered” by you might not be 100% accurate in all details. However,

your discoveries

should be somewhat realistic.

Note:

▪ This assessment must be submitted as a WORD document (*.docx OR *.doc).Zero marks will

be given for Pdf submission.

▪ The report should use Arial or Calibri fonts, 11 point. It should be line spaced at 1.5 and

must have page numbers on the bottom of each page.

▪ The word count for this assessment is 1500 words (+/- 10%), NOT counting Tables,

Figures, Executive Summary, Cover Sheet, References, and Appendices (if any).

▪ It is highly advised that you read the “case scenario” several times. Then, read through

this assessment brief document and take notes for your assessment writing task.

Furthermore, make sure to check the Marking Rubric for more information on how

marking is completed.

▪ You must be careful NOT to use up the word count discussing any type of general

information such as cybersecurity basics etc. This is NOT an exercise in summarising class

notes etc. Discussing general information and material will not count towards marks.

▪ Make sure to use a reasonable number of Tables and Figures in your assessment.

▪ ALL inserted/used Tables and Figures within the report MUST be captioned/labelled and

numbered (e.g., Table 1, Table 2, etc.).

▪ ALL inserted/used Tables and Figures within the report require being initially introduced

and then discussed in a clear, focused, and simple way.

▪ Within the assessment document, when referring to Tables and Figures, you require to

refer to them by their captions. NOTE: Tables and Figures without a caption may be

treated as if they are not in the report.

▪ Leading into MIS607 Assessment 3, try to concentrate on threats with “corresponding

controls”. IMPORTANT NOTE: The “controls” are NOT part of MIS607 Assessment 2 but

be prepared to find the “controls” for your MIS607 Assessment 3. For instance:

✓ Weak Passwords: Password policy and/or 2 factor

✓ Fire: Fire alarms and extinguishers and/or fire insurance,

✓ Theft: CCTV system

MIS607_Assessment 2 Brief Threat Model Report Page 1 of 7

Referencing

It is essential that students use appropriate APA style for citing and referencing research. Please see

more information on referencing here in the Academic Writing Guide found via the Academic Skills

website.

Submission Instructions

Please submit ONE Microsoft Word document (.doc or.docx) via the Assessment link in the main

navigation menu in Blackboard. The Learning Facilitator will provide feedback via the Grade Centre

in the LMS portal. Feedback can be viewed in My Grades.

Academic Integrity

All students are responsible for ensuring that all work submitted is their own and is appropriately

referenced and academically written according to the Academic Writing Guide. Students also need

to have read and be aware of Torrens University Australia Academic Integrity Policy and Procedure

and subsequent penalties for academic misconduct. These are viewable online.

Students also must keep a copy of all submitted material and any assessment drafts.

Special Consideration

To apply for special consideration for a modification to an assessment or exam due to unexpected or

extenuating circumstances, please consult the Assessment Policy for Higher Education Coursework

and ELICOS and, if applicable to your circumstance, submit a completed Application for Assessment

Special Consideration Form to your Learning Facilitator

MIS607_Assessment 2 Brief Threat Model Report Page 6 of 7

Assessment Rubric

Assessment Attributes Ratings Pts

Citation Practice and Engagement with Relevant Literature

▪ Cited material and citations related to report.

▪ APA citation style

▪ At least 1 peer-reviewed article,

▪ Ten( 10) or more references overall

▪ Correct citation and referencing

▪ Peer-reviewed citation(s) used more than once.

20 Pts

High

Distinction

Exceeds

expectation

15-19 Pts

Distinction

High quality

13-14 Pts

Credit

Meets basic

expectation

11-12 Pts

Pass

Passlevel

work

0-10 Pts

NN

Failsto meet

basic

expectation 20 Pts

Pts for this criterion = 20 Pts

DFD and Trust Boundaries 20 Pts 15-19 Pts 13-14 Pts 11-12 Pts 0-10 Pts

▪ Diagrams related to case scenario using symbols from class High Distinction Credit Pass NN

▪ All data flows start or end in a process Distinction High quality Meets basic Pass level Failsto meet

▪ At least context diagram and level-1 data flow diagram Exceeds expectation work basic

▪ Properly recognised entities, data stores, data flows and processes

▪ All elements appropriately named, including data flows

expectation expectation 20 Pts

▪ Verbs used in processes (Not in Context Diagram)

▪ Trust boundaries named

▪ Trust boundaries make sense

Pts for this criterion = 20 Pts

Threat Discovery 35 Pts 26-34 Pts 22-25 Pts 19-21 Pts 0-18 Pts

▪ At least ten threats clearly identified High Distinction Credit Pass NN

▪ Real-world attack in the case scenario timeline and brief explanation Distinction High quality Meets basic Pass level Failsto meet

▪ Real-world attack covered in the threat list Exceeds expectation work basic

▪ Threats mapped against STRIDE categories expectation expectation

▪ Threats cover vulnerabilities in management, operational, and technical

processes

▪ Overall threat “discovery” techniques explained well, with a few

35 Pts

discussed in more detail

▪ Threats make sense in the case scenario (e.g., appropriate for the size of

the organisation)

▪ List ofthreats

Pts for this criterion = 35 Pts

MIS607_Assessment 2 Brief Threat Model Report Page 7 of 7

Communication and Presentation

▪ Writing is persuasive, logical and communicates meaning

clearly

▪ Uses appropriate vocabulary consistently

▪ Spelling and punctuation completely accurate.

▪ Consistently integratesresearch and ideasfrom relevant and

appropriate sources

▪ Consistently uses accurate references, appropriately

positioned

▪ Executive Summary(at least half a page) is appropriate

for a business report and is in past tense, summarises

what has been done and is not a mere covering of basic

theory from classes

▪ Demonstration of topics and principles acquired from course

material

▪ Use of relevant theories, concepts and frameworks to

support analysis, own input, insight and interpretation.

Pts for this criterion = 15 Pts

15 Pts High Distinction

Exceeds expectation

12-14 Pts

Distinction

High quality

10-11 Pts

Credit

Meets basic

expectation

8-9 Pts

Pass

Passlevel

work

0-7 Pts

NN

Failsto meet

basic

expectation

15 Pts

Basic Formatting and Submission Requirements

▪ Captioning of all figures, etc. and referred to only by caption.

▪ Correct file submission and Word format

▪ Correct student and facilitator information

▪ Academic Integrity Declaration

▪ Page numbers

▪ Table of Contents

▪ Headers and Footers

Pts for this criterion = 10 Pts

10 Pts High Distinction

Exceeds expectation

8-9 Pts

Distinction

High quality

6-7 Pts

Credit

Meets basic

expectation

4-5 Pts

Pass

Passlevel

work

0-3 Pts

NN

Failsto meet

basic

expectation

10 Pts

The following Subject Learning Outcomes are addressed in this assessment

SLO b) Explore and articulate cyber trends, threats and staying safe in cyberspace, plus protecting personal

and company data.

SLO c) Analyse issues associated with organisational data networks and security to recommend practical

solutions towards their resolution.