cyber security
art08
ICT205CYBERSECURITYT220192.pdf
KING’S OWN INSTITUTE* Success in Higher Education
ICT 205 CYBER SECURITY T219 All information contained within this Subject Outline applies to all students enrolled in the trimester as indicated.
1. General Information 1.1 Administrative Details
Associated HE Award(s) Duration Level Subject Coordinator
Bachelor of Information Technology (BIT) 1 trimester Level 2 Dr Smitha Shivhankar [email protected] Consultation: via Moodle or by appointment.
1.2 Core / Elective
Core subject for BIT 1.3 Subject Weighting
Indicated below is the weighting of this subject and the total course points.
Subject Credit Points Total Course Credit Points
4 BIT (96 Credit Points)
1.4 Student Workload
Indicated below is the expected student workload per week for this subject
No. Timetabled Hours/Week* No. Personal Study Hours/Week**
Total Workload Hours/Week***
4 hours/week (2 hour Lecture + 2 hour Tutorial)
6 hours/week 10 hours/week
* Total time spent per week at lectures and tutorials ** Total time students are expected to spend per week in studying, completing assignments, etc. *** Combination of timetable hours and personal study. 1.5 Mode of Delivery On-campus 1.6 Pre-requisites ICT 106 Data Communications and Networks 1.7 General Study and Resource Requirements
o Dedicated computer laboratories are available for student use. Normally, tutorial classes are conducted in the computer laboratories.
o Students are expected to attend classes with the requisite textbook and must read specific chapters prior to each tutorial. This will allow them to actively take part in discussions. Students should have elementary skills in both word processing and electronic spreadsheet software, such as Office 365 or MS Word and MS Excel.
o Computers and WIFI facilities are extensively available for student use throughout KOI. Students are encouraged to make use of the campus Library for reference materials.
o Students will require access to the internet and email. Where students use their own computers, they should have internet access. KOI will provide access to required software.
Resource requirements specific to this subject: MS Imagine, Office 365. ICT 205 CYBER SECURITY T219 21/06/2019 13:29 PAGE 1 OF 16 *AUSTRALIAN INSTITUTE OF BUSINESS AND MANAGEMENT PTY LTD © ABN: 72 132 629 979 CRICOS 03171A
Approved by KOI Academic Board for T2 2019
ICT205
2 Academic Details 2.1 Overview of the Subject As the Internet becomes more pervasive, so do security threats to our computer systems and communications. Cybersecurity affects the social and economic health of the world. This subject provides students with a grounding in security technology and the fundamentals of encryption systems. Students will learn about types of attacks, access control and authentication, firewalls, wireless network security, intrusion detection systems, and cryptographic techniques and their applications. 2.2 Graduate Attributes for Undergraduate Courses Graduates of Bachelor courses from King’s Own Institute (KOI) will be able to demonstrate the attributes of a successful Bachelor degree graduate as outlined in the Australian Qualifications Framework (2nd edition, January 2013). Graduates at this level will be able to apply an advanced body of knowledge across a range of contexts for the purposes of professional practice or academic scholarship, and as a pathway for further learning. King’s Own Institute’s key generic graduate attributes for a bachelor’s level degree are summarised below:
Across the course, these skills are developed progressively at three levels:
o Level 1 Foundation – Students learn the basic skills, theories and techniques of the subject and apply them in basic, standalone contexts
o Level 2 Intermediate – Students further develop the skills, theories and techniques of the subject and apply them in more complex contexts, and begin to integrate this application with other subjects.
o Level 3 Advanced – Students demonstrate an ability to plan, research and apply the skills, theories and techniques of the subject in complex situations, integrating the subject content with a range of other subject disciplines within the context of the course.
KOI Bachelor Degree Graduate Attributes Detailed Description
Knowledge Current, comprehensive, and coherent and connected knowledge
Critical Thinking Critical thinking and creative skills to analyse and synthesise information and evaluate new problems
Communication
Communication skills for effective reading, writing, listening and presenting in varied modes and contexts and for the transferring of knowledge and skills to others
Information Literacy Information and technological skills for accessing, evaluating, managing and using information professionally
Problem Solving Skills Skills to apply logical and creative thinking to solve problems and evaluate solutions
Ethical and Cultural Sensitivity
Appreciation of ethical principles, cultural sensitivity and social responsibility, both personally and professionally
Teamwork Leadership and teamwork skills to collaborate, inspire colleagues and manage responsibly with positive results
Professional Skills Professional skills to exercise judgement in planning, problem solving and decision making
ICT 205 CYBER SECURITY T219 21/06/2019 13:29 PAGE 2 OF 16 *AUSTRALIAN INSTITUTE OF BUSINESS AND MANAGEMENT PTY LTD © ABN: 72 132 629 979 CRICOS 03171A
Approved by KOI Academic Board for T2 2019
ICT205
2.3 Subject Learning Outcomes
This is a Level 2 subject. On successful completion of this subject, students should be able to:
Subject Learning Outcomes Contribution to Course Graduate Attributes
a) Analyse and evaluate the organisational adoption of security controls
b) Design solutions for concrete security problems for distributed applications
c) Formulate and evaluate security countermeasures to reduce potential security risks
d) Analyse emerging security threats and controls.
2.4 Subject Content and Structure Below are details of the subject content and how it is structured, including specific topics covered in lectures and tutorials. Reading refers to the text unless otherwise indicated. Weekly Planner:
Week (beginning)
Topic covered in each week’s lecture Reading(s)
Expected work as listed in Moodle
1 08 Jul
Introduction to network security Ch. 1
Complete exercises in Tutorials on challenges of securing information, information security and types of attackers. Formative not graded
2 15 Jul
Malware and social engineering attacks Ch. 2
Complete exercises in Tutorials on basic steps of an attack and principles of defence and different types of malware and payloads of malware. Formative not graded.
3 22 Jul
Applications network attacks and risk mitigation Ch. 15
Complete exercises in Tutorials on client-side attacks, overflow attacks and different types of networking- based attacks. Formative not graded.
4 29 Jul
Vulnerability assessment and data security Ch. 13
Complete exercises in Tutorials. Formative not graded.
5 05 Aug
Networking-based and webserver attacks Ch. 5
Complete exercises in Tutorials on securing a host computer and application security. How to secure data. Formative not graded.
6 12 Aug
Network security devices, technologies, and design Ch. 6
Complete exercises in Tutorials on network security devices and their uses, network technologies and security. Formative not graded. Assignment 1: Practical and Written Assessment Summative worth 20%
18 Aug 2019 –
25 Aug 2019 Mid trimester break
ICT 205 CYBER SECURITY T219 21/06/2019 13:29 PAGE 3 OF 16 *AUSTRALIAN INSTITUTE OF BUSINESS AND MANAGEMENT PTY LTD © ABN: 72 132 629 979 CRICOS 03171A
Approved by KOI Academic Board for T2 2019
ICT205
7 26 Aug
Administering a secure network and systems and application security
Chs. 7, 9
Complete exercises in Tutorials on network design elements, functions of common network protocols, principles of network administration and how they can be secured. Formative not graded.
8 02 Sep
Wireless network security and mobile and embedded devices Chs. 8, 10
Complete exercises in Tutorials on different types of wireless network attacks and the vulnerabilities in IEEE 802.11 security. Solutions for securing a wireless network. Formative not graded.
9 09 Sep
Access management fundamentals Ch. 11
Complete exercises in Tutorials on four access control models, how to implement access control and the different types of authentication services. Formative not graded.
10 16 Sep
Authentication and account management Ch. 12
Complete exercises in Tutorials on authentication credentials and account management procedures for securing passwords. Formative not graded.
11 23 Sep
Cryptography: hash; symmetric; and asymmetric algorithm
Chs. 3, 4
Assignment 2: Written Assessment Summative worth 30%. Complete exercises in Tutorials on cryptography, hash, symmetric, and asymmetric cryptographic algorithms. Formative not graded.
12 30 Sep Business continuity Ch. 14
Complete exercises in Tutorials on how to control risk, ways in which security policies can reduce risk Formative not graded.
13 06 Oct
Study review week
14 14 Oct
Examination Please see exam timetable for exam date, time and location
15 20 Oct
Student Vacation begins Enrolments for T319 open
16 28 Oct
Results Released 29 Oct 2019 Certification of Grades 01 Nov 2019
T319 begins 04 Nov 2019
1 04 Nov
Week 1 of classes for T319 Friday 01 Nov 2019 – Review of Grade Day for T219 – see Sections 2.6 and 3.6 below for more information.
2.5 Public Holiday Amendments Please note: KOI is closed on all scheduled NSW Public Holidays. T219 has one (1) public holiday (Labour Day) that occurs during this trimester. Classes scheduled for this public holiday (Calendar Class Dates) will be rescheduled as per the table below. This applies to ALL subjects taught in T219. Please see the table below and adjust your class timing as required. Please make sure you have arrangements in place to attend the rescheduled classes if applicable to your T219 enrolment. Classes will be conducted at the same time and in the same location as your normally scheduled class except these classes will be held on the date shown below.
ICT 205 CYBER SECURITY T219 21/06/2019 13:29 PAGE 4 OF 16 *AUSTRALIAN INSTITUTE OF BUSINESS AND MANAGEMENT PTY LTD © ABN: 72 132 629 979 CRICOS 03171A
Approved by KOI Academic Board for T2 2019
ICT205
Calendar Class Date Rescheduled Class Date
Monday 07 October 2019 (Week 13) Study Review Week
Not required
2.6 Review of Grade, Deferred Exams & Supplementary Exams/Assessments Review of Grade: There may be instances when you believe that your final grade in a subject does not accurately reflect your performance against the subject criteria. Section 8 of the Assessment and Assessment Appeals Policy (www.koi.edu.au) describes the grounds on which you may apply for a Review of Grade. If this happens and you are unable to resolve it with the Academic staff concerned then you can apply for a formal Review of Grade within the timeframes indicated in the following sections of this subject outline - Supplementary Assessments, 3.6 Appeals Process as well as the Assessment and Assessment Appeals Policy. Please ensure you read the Review of Grade information before submitting an application. Review of Grade Day: KOI will hold the Review of Grade Day for all subjects studied in T219 on
Friday 01 November 2019
Only final exams will be discussed as all other assessments should have been reviewed during the trimester. If you fail one or more subjects and you wish to consider applying for a Review of Grade you MUST attend the Review of Grade Day. You will have the chance to discuss your final exam with your lecturer, and will be advised if you have valid reasons for applying for a Review of Grade (see Section 3.6 below and Assessment and Assessment Appeals Policy). If you do not attend the Review of Grade Day you are considered to have accepted your results for T219. Deferred Exams: If you wish to apply for a deferred exam, you should submit an Application for Assignment Extension or Deferred Exam Form before the prescribed deadline. If you miss your mid-trimester or final exam there is no guarantee you will be offered a deferred exam. You must apply within the stated timeframe and satisfy the conditions for approval to be offered a deferred exam (see Section 8.1 of the Assessment and Assessment Appeals Policy and the Application for Assignment Extension or Deferred Exam Forms). In assessing your request for a deferred exam, KOI will take into account the information you provide, the severity of the event or circumstance, your performance on other items of assessment in the subject, class attendance and your history of previous applications for special consideration. Deferred mid-trimester exams will be held before the end of week 9. Deferred final exams will be held on two days during week 1 or 2 in the next trimester. You will not normally be granted a deferred exam on the grounds that you mistook the time, date or place of an examination, or that you have made arrangements to be elsewhere at that time; for example, have booked plane tickets. If you are offered a deferred exam, but do not attend you will be awarded 0 marks for the exam. This may mean it becomes difficult for you to pass the subject. If you apply for a deferred exam within the required time frame and satisfy the conditions you will be advised by email (to your KOI student email address) of the time and date for the deferred exam. Please ensure that you are available to take the exam at this time. Marks awarded for the deferred exam will be the marks awarded for that item of assessment towards your final mark in the subject.
ICT 205 CYBER SECURITY T219 21/06/2019 13:29 PAGE 5 OF 16 *AUSTRALIAN INSTITUTE OF BUSINESS AND MANAGEMENT PTY LTD © ABN: 72 132 629 979 CRICOS 03171A
Approved by KOI Academic Board for T2 2019
ICT205
Supplementary Assessments (Exams and Assessments): A supplementary assessment may be offered to students to provide a final opportunity to demonstrate successful achievement of the learning outcomes of a subject. Supplementary assessments are only offered at the discretion of the Board of Examiners. In considering whether or not to offer a supplementary assessment, KOI will take into account your performance on all the major assessment items in the subject, your attendance, participation and your history of any previous special considerations. Students are eligible for a supplementary assessment for their final subject in a course where they fail the subject but have successfully completed all other subjects in the course. You must have completed all major assessment tasks for the subject and obtained a passing mark on at least one of the major assessment tasks to be eligible for a supplementary assessment. If you believe you meet the criteria for a supplementary assessment for the final subject in your course, but have not received an offer, complete the “Complaint, Grievance, Appeal Form” and send your form to [email protected]. The deadline for applying for supplementary assessment is the Friday of the first week of classes in the next trimester. If you are offered a supplementary assessment, you will be advised by email to your KOI student email address of the time and due date for the supplementary assessment – supplementary exams will normally be held at the same time as deferred final exams during week 1 or week 2 of the next trimester. You must pass the supplementary assessment to pass the subject. The maximum grade you can achieve in a subject based on a supplementary assessment is a PASS grade. If you: o are offered a supplementary assessment, but fail it; o are offered a supplementary exam, but do not attend; or o are offered a supplementary assessment but do not submit by the due date; you will receive a FAIL grade for the subject.
ICT 205 CYBER SECURITY T219 21/06/2019 13:29 PAGE 6 OF 16 *AUSTRALIAN INSTITUTE OF BUSINESS AND MANAGEMENT PTY LTD © ABN: 72 132 629 979 CRICOS 03171A
Approved by KOI Academic Board for T2 2019
ICT205
2.7 Teaching Methods/Strategies Briefly described below are the teaching methods/strategies used in this subject:
o On-campus lectures (2 hours/week) are conducted in seminar style and address the subject content, provide motivation and context and draw on the students’ experience and preparatory reading.
o Tutorials (2 hours/week) include class discussion of case studies and research papers, practice sets and problem-solving and syndicate work on group projects. Tutorial participation is an essential component of the subject and contributes to the development of graduate attributes (see section 2.2 above). It is intended that specific tutorial material such as case studies, recommended readings, review questions etc. will be made available each week in Moodle.
o Online teaching resources include class materials, readings, model answers to assignments and exercises and discussion boards. All online materials for this subject as provided by KOI will be found in the Moodle page for this subject. Students should access Moodle regularly as material may be updated at any time during the trimester
o Other contact - academic staff may also contact students either via Moodle messaging, or via email to the email address provided to KOI on enrolment.
2.8 Student Assessment
Provided below is a schedule of formal assessment tasks and major examinations for the subject.
Assessment Type When assessed Weighting Learning Outcomes Assessed
Assignment 1: practical and written assessment , individual assignment (1,000 words)
Weeks 6 20 % a, b
Assignment 2: written assignment, individual assignment (2,000 words) Week 11 30 % c, d
Assessment 3: final exam (3 hours)
Final exam period 50% a, b, c, d
Assessment is designed to encourage effective student learning and enable students to develop and demonstrate the skills and knowledge identified in the subject learning outcomes. Assessment tasks during the first half of the study period are usually intended to maximise the developmental function of assessment (formative assessment). These assessment tasks include weekly tutorial exercises (as indicated in the weekly planner) and low stakes graded assessment (as shown in the graded assessment table). The major assessment tasks where students demonstrate their knowledge and skills (summative assessment) generally occur later in the study period. These are the major graded assessment items shown in the graded assessment table.
Final grades are awarded by the Board of Examiners in accordance with KOI's Assessment and Assessment Appeals Policy. The definitions and guidelines for the awarding of final grades within the BIT degree are:
• HD High distinction (85-100%) an outstanding level of achievement in relation to the assessment process.
• DI Distinction (75-84%) a high level of achievement in relation to the assessment process.
• CR Credit (65-74%) a better than satisfactory level of achievement in relation to the assessment process.
• P Pass (50-64%) a satisfactory level of achievement in relation to the assessment process.
• F Fail (0-49%) an unsatisfactory level of achievement in relation to the assessment process.
ICT 205 CYBER SECURITY T219 21/06/2019 13:29 PAGE 7 OF 16 *AUSTRALIAN INSTITUTE OF BUSINESS AND MANAGEMENT PTY LTD © ABN: 72 132 629 979 CRICOS 03171A
Approved by KOI Academic Board for T2 2019
ICT205
Requirements to Pass the Subject: To gain a pass or better in this subject, students must gain a minimum of 50% of the total available subject marks. 2.9 Prescribed and Recommended Readings Provided below, in formal reference format, is a list of the prescribed and recommended readings.
Prescribed Texts: Ciampa, M., 2017, Security + Guide to Network Security Fundamentals, 6th ed., Cengage Learning: Boston, USA. Recommended Readings: Johnson, M., 2016, Cyber Crime, Security and Digital Intelligence, Taylor and Francis. Graham, J., Olson, R., and Howard, R., 2015 ed., Cyber Security Essentials , CRC press Journals: o Journal of Information System Security o ACM Transactions on Information and System Security o Computers and Security o IEEE Transactions on Information Forensics and Security Conference/ Journal Articles: Students are encouraged to read peer reviewed journal articles and conference papers. Google Scholar provides a simple way to broadly search for scholarly literature. From one place, you can search across many disciplines and sources: articles, theses, books, abstracts and court opinions, from academic publishers, professional societies, online repositories, universities and other web sites.
3. Assessment Details 3.1 Details of Each Assessment Item The assessments for this subject are described below. The description includes the type of assessment, its purpose, weighting, due date and submission requirements, the topic of the assessment, details of the task and detailed marking criteria, including a marking rubric for essays, reports and presentations. Supplementary assessment information and assistance can be found in Moodle. KOI expects students to submit their own original work in both assignments and exams, or the original work of their group in the case of group assignments. Marking guides for assessments follow the assessment descriptions. Students should compare final drafts of their assessment against the marking guide before submission. Assessment 1 Assessment type: Practical and Written Assessment, Individual assignment (1,000 words). Purpose: The purpose of this assignment is to assess student understanding on firewall design and configuration and students ability to exercise the operational, analytical and critical skills needed to reduce the potential security risks. This assessment contributes to learning outcomes a, b. Value: 20% Due Date: Week 6
ICT 205 CYBER SECURITY T219 21/06/2019 13:29 PAGE 8 OF 16 *AUSTRALIAN INSTITUTE OF BUSINESS AND MANAGEMENT PTY LTD © ABN: 72 132 629 979 CRICOS 03171A
Approved by KOI Academic Board for T2 2019
ICT205
Submission requirements details: All work must be submitted on Moodle by the due date. Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using Harvard Anglia referencing style. Assessment topic: Firewall Setup and Configuration Task Details: This Assignment requires you to perform a security testing on the network to identify the threats, prepare a Risk Mitigation report and configure some of the firewall settings using Kali Linux to secure the network and the distributed applications. The assignment consists of two parts. Part A:
Use Nmap – a security testing in Kali Linux to perform penetration testing on the network (features of Nmap listed below). Prepare a short Risk Mitigation plan to identify the threats for the assets. This plan will guide you to proceed with the firewall settings required for the organization as you focus on the second part of the assignment.
Features of Nmap:
o Host discovery: useful for identifying hosts in any network
o Port scanning: lets you enumerate open ports on the local or remote host
o OS detection: useful for fetching operating system and hardware information about any connected device
o App version detection: allows you to determine application name and version number
o Scriptable interaction: extends Nmap default capabilities by using Nmap Scripting Engine (NSE)
Part B:
Configure a few settings on the firewall for the network using Kali Linux commands to achieve a required level of security. The initial set of commands are given to you to start with. You may need to perform online search to complete the rest of the requirements for the firewall settings.
Case Study for the Assignment:
CMC is a small business enterprise comprising a network to reach their business requirements. A network need to be secured to achieve their business goals. The System and Network administrator of CMC realizes that it is necessary to impose certain level of filtering for the network to be secure and that is when it can sustain from attacks, which may damage the whole network. To develop a secure network, network administrators must have a good understanding of all the attacks that are caused by an intruder and their mitigation techniques. Choosing a particular mitigation technique for an attack has an impact on the overall performance of the network, because each attack has different ways for mitigation. The network administrators identify the assets that need to be protected by performing a risk analysis, threats and vulnerabilities that the network may pose. The risk analysis provides sufficient information about all risks and helps to build a network with high security. After risk analysis, designing a set of security policies is very important to provide high level of security.
Security policies provide information for network users for using and auditing the network. Firewall is considered to be a part of the security policy providing necessary protection to the network and the applications.
You are the System and Network Administrator of CMC and the top management of CMC urges you to design the required firewall for the organization’s network. Looking into the requirements of the security and adhering to information security policy you are required to provide firewall settings to secure the network from different types of possible attacks that can harm the business network.
Part A
Perform the following task:
1. Use Nmap from Kali on your Virtual Box
2. Write an introduction to include the description of the tool ICT 205 CYBER SECURITY T219 21/06/2019 13:29 PAGE 9 OF 16 *AUSTRALIAN INSTITUTE OF BUSINESS AND MANAGEMENT PTY LTD © ABN: 72 132 629 979 CRICOS 03171A
Approved by KOI Academic Board for T2 2019
ICT205
3. Demonstrate four tasks Nmap can perform. Discuss on how this tool can be used for mitigating differ types of threats. The discussion should include the name and brief description of the threat and must be supported by screenshots.
4. Discuss the performance of the tools based on the following:
a. Security features and
b. Time taken to detect any threat
5. Perform the firewall testing using Nmap
6. From the report generated from the above tasks write a short Risk Mitigation Plan to identity the type of threats on the organisation’s assets.
Part B
Configure the following setting on the firewall using the appropriate commands in Kali Linux. The list of commands is provided below:
Command Description Ufw status To check firewall status Ufw enable Enable firewall Ufw allow Allow services, port range and network Ufw deny Blocking a service
1. Check the firewall status 2. Enable or disable the firewall accordingly 3. Allow services such as TCP, SSH and samba using their port number or name 4. Verify the firewall rules after adding the above services 5. Secure a web server by blocking HTTP(80) service and allowing HTTPS(443) service only 6. Allow a range of ports from 20 to 80 and deny a range of ports from 100 to 500 7. Verify the firewall rules 8. Allow HTTP from a specific subnet to access your web services 9. Block connections to a network interface Submission Guidelines:
The assignment should be submitted on Moodle on or before the deadline as a word document that includes all the details of the task completed in Part A and Part B. The report should address the requirements mentioned in the Marking Criteria section of the assignment.
Marking Criteria:
Sections Description of the section Marks Executive Summary
Summary on what the report is addressing 5
Outline Outline of the whole report including tool description 5 Risk Mitigation Plan
Details of the threats in the mitigation report 5
Analysis Critical analysis of the scenario 5 Firewall setup Details of the firewall settings with screenshots 15 Conclusion Information on what has been addressed in the report –
discussion of the findings is important 5
Demonstration Details of the tests performed with screenshots 10 Total 50
ICT 205 CYBER SECURITY T219 21/06/2019 13:29 PAGE 10 OF 16 *AUSTRALIAN INSTITUTE OF BUSINESS AND MANAGEMENT PTY LTD © ABN: 72 132 629 979 CRICOS 03171A
Approved by KOI Academic Board for T2 2019
ICT205
Marking Rubric for Assessment 1: Firewall Setup and Configuration Value 20%
Criteria Fail (0 – 49%) Pass
(50 – 64%) Credit
(65 – 74%) Distinction (75 – 84%)
High Distinction (85 – 100%)
Research –extent and application Value 5% Mark awarded
Very difficult to read the structure
Some difficulty in reading structure and lacking information
Well written structure but not very clear
Well written and structured
Very clearly written and structured
Analysis of the topic Value 5% Mark awarded
Does not directly answer questions
Directly answered most of the questions
Directly answers the questions
Directly answers the question giving additional insights
Directly answers the question, gives additional insights and theoretical perspectives
Recommendations/ conclusions Value 3% Mark awarded
No support for the position taken in the answer and no conclusion provided
Provides some support for the position taken and provided conclusion based on the argument
Provides good level of support for position taken and provided conclusion based on a sound argument
Provides excellent level of support for position taken
Provides exceptional level of support for position taken and conclusion based on extensive and compelling argument
Demonstration Value 7% Mark awarded
No demonstration provided
Demonstrated with insufficient details
Demonstration with sufficient level of details
Demonstration completed with sound knowledge of theory
Demonstration provided with sound knowledge a and additional understanding
Total Mark: / 20%
COMMENTS: The assessment rubric has a demonstration. The requirements of the completion of this assessment looks for a demonstration to be completed by the students
Assessment 2 Assessment type: Written assessment, Individual assignment (2,000 words). Purpose: The purpose of this assessment is to demonstrate student awareness of current industry and research trends in the field of information security. This assessment contributes to learning outcomes c, d. Value: 30% Due Date: Week 11 Submission requirements details: All work must be submitted on Moodle by the due date. Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using Harvard Anglia referencing style. Assessment topic: Security Plan and Training Program Task Details: This assignment requires you to design a security plan based on a given case study. The learning outcomes of this assignment are to recognize the threats that exist in your current or future work place. Through your research, identify the threats, outline security guidelines and develop a robust and pragmatic training programme. You should develop a plan that you would regard as helpful to you, the information user, as well as protecting your organization’s information environment. Use your imagination in combination with a wide-range of material. You are required to complete and submit a security plan based on the following scenario:
ICT 205 CYBER SECURITY T219 21/06/2019 13:29 PAGE 11 OF 16 *AUSTRALIAN INSTITUTE OF BUSINESS AND MANAGEMENT PTY LTD © ABN: 72 132 629 979 CRICOS 03171A
Approved by KOI Academic Board for T2 2019
ICT205
Case Study Scenario:
You are the recently appointed head of a security team responsible for protecting the information holdings of a business organization of around 1000 staffs. The organization is placed in a separate multistoried building located in the central business district of the city. The security team is responsible for administering the security of information from deliberate and accidental threats. The recent information security management found it to be deficient in some key areas such as incident response, disaster recovery and business continuity, social engineering attacks and lack of personnel awareness of the various threats to information, and poor password security. The above issues identified needed urgent remedy. Technical systems were found to be reasonably effective in maintaining database and document management security, and were well serviced by the IT team. The management of the organization has directed you to undertake some security analysis and planning to improve the organization’s security of information. You tasks are to: a) Identify and describe the organizational holdings at risk b) Identify and describe the potential security threats to the organization c) Design a security plan with the details of necessary counter-measures to manage and address the threats d) Develop a comprehensive information security training and awareness program for the staff personnel of the organization
Marking Criteria:
Sections Description of the section Marks
Executive Summary Summary on what the report is addressing 5 Introduction Give an introduction on what is security from the
organization’s perspective and what is the need for a security plan
10
Security Plan Detail on how the organization wants to attain security (identify risks, threats, attacks)
15
Security Countermeasures
Identify solutions to safeguard the organization (physical, human, electronic countermeasures)
15
Training Identify level of awareness provided for the users 10 Security Policy Develop an appropriate security plan 10 Conclusion Conclusion based on the findings in the report 5 Total 70
ICT 205 CYBER SECURITY T219 21/06/2019 13:29 PAGE 12 OF 16 *AUSTRALIAN INSTITUTE OF BUSINESS AND MANAGEMENT PTY LTD © ABN: 72 132 629 979 CRICOS 03171A
Approved by KOI Academic Board for T2 2019
ICT205
Marking Rubric Assessment 2: Security Plan and Training Program Value 30%
Criteria Fail (0 – 49%) Pass
(50 – 64%) Credit
(65 – 74%) Distinction (75 – 84%)
High Distinction (85 – 100%)
Research –extent and application Value 15% Mark awarded
Very difficult to read the structure
Some difficulty in reading structure and lacking information
Well written structure but not very clear
Well written and structured
Very clearly written and structured
Analysis of the topic Value 5% Mark awarded
Does not directly answer question
Directly answered most of the question
Directly answers the question
Directly answers the question giving additional insights
Directly answers the question, gives additional insights and theoretical perspectives
Recommendations/ conclusions Value 10% Mark awarded
No support for the position taken in the answer and conclusion presented
Provides some support for the position taken and conclusion based on some argument
Provides good level of support for position taken and conclusion based on sound argument
Provides excellent level of support for position taken and conclusion based on extensive argument
Provides exceptional level of support for position taken and conclusion based on extensive and compelling argument
Presentation Value xx% Mark awarded
NA
NA
NA
NA
NA
Total Mark: / 30%
COMMENTS: This assignment does not require a demonstration to be provided by the students.
Assessment 3 Assessment type: Final Exam: individual– closed book exam. Purpose: The purpose of the final examination is to test student understanding of all topics covered in this subject. This assessment contributes specifically to learning outcomes a, b, c, and d. Value: 50% Due Date: The final exam will be held in the official KOI exam period in Week 14
of the trimester. The specific date and time of the exam will be posted towards the end of the trimester.
Topic: The examination may cover content from any part of the subject. Task Details: Students will be expected to answer written response questions 3.2 Late Penalties and Extensions An important part of business life and key to achieving KOI’s graduate outcome of Professional Skills is the ability to manage workloads and meet deadlines. Consequently, any assessment items such as in-class quizzes and assignments missed or submitted after the due date/time will attract a penalty (see below). Students who miss mid-trimester tests and final exams without a valid and accepted reason (see below) may not be granted a deferred exam and will be awarded 0 marks for assessment item. These penalties are designed to encourage students to develop good time management practices, and create equity for all students. Any penalties applied will only be up to the maximum marks available for the specific piece of assessment attracting the penalty. Late penalties, granting of extensions and deferred exams are based on the following: ICT 205 CYBER SECURITY T219 21/06/2019 13:29 PAGE 13 OF 16 *AUSTRALIAN INSTITUTE OF BUSINESS AND MANAGEMENT PTY LTD © ABN: 72 132 629 979 CRICOS 03171A
Approved by KOI Academic Board for T2 2019
ICT205
In Class Tests (excluding Mid-Trimester Tests) o No extensions permitted or granted – a make-up test may only be permitted under very special
circumstances where acceptable supporting evidence is provided. The procedures and timing to apply for a make-up test (only if available) are as shown in Section 3.3 Applying for an Extension (below).
o Missing a class test will result in 0 marks for that assessment element unless the above applies. Written Assessments o 5% of the total available marks per calendar day unless an extension is approved (see Section 3.3
below) Presentations o No extensions permitted or granted – no presentation = 0 marks. The rules for make-up presentations
are the same as for missing in-class tests (described above). Mid-Trimester Tests and Final Exams o If students are unable to attend mid-trimester tests or final exams due to illness or some other event
(acceptable to KOI), they must: − Advise KOI in writing (email: [email protected]) as soon as possible, but no later than three
(3) working days after the exam date, that they will be / were absent and the reasons. They will be advised in writing (return email) as to whether the circumstances are acceptable.
− Complete the appropriate Application for Extension or Deferred Exam Form available from the Student Information Centre in Moodle, on the KOI Website (Policies and Forms) and the Reception Desk (Market St and Kent St), as soon as possible and email with attachments to [email protected].
− Provide acceptable documentary evidence in the form of a satisfactorily detailed medical certificate, police report or some other evidence that will be accepted by KOI.
− Agree to attend the deferred exam as set by KOI. Deferred exam o There will only be one deferred exam offered. o Marks awarded for the deferred exam will be the marks awarded for that assessment. o If you miss the deferred exam you will be awarded 0 marks for the assessment. This may mean you
are unable to complete (pass) the subject. 3.3 Applying for an Extension If students are unable to submit or attend an assessment when due, and extensions are possible, they must apply by completing the appropriate Application for Extension form available from the Student Information Centre in Moodle, the KOI Website (Policies and Forms) and the Reception Desk (Market St and Kent St), as soon as possible but no later than three (3) working days of the assessment due date. The completed form must be emailed with supporting documentation to [email protected]. Students and lecturers / tutors will be advised of the outcome of the extension request as soon as practicable.
Appropriate documentary evidence to support the request for an extension must be supplied. Please remember there is no guarantee of an extension being granted, and poor organisation is not a satisfactory reason to be granted an extension. 3.4 Referencing and Plagiarism Please remember that all sources used in assessment tasks must be suitably referenced. Failure to acknowledge sources is plagiarism, and as such is a very serious academic issue. Students plagiarising run the risk of severe penalties ranging from a reduction through to 0 marks for a first offence
ICT 205 CYBER SECURITY T219 21/06/2019 13:29 PAGE 14 OF 16 *AUSTRALIAN INSTITUTE OF BUSINESS AND MANAGEMENT PTY LTD © ABN: 72 132 629 979 CRICOS 03171A
Approved by KOI Academic Board for T2 2019
ICT205
for a single assessment task, to exclusion from KOI in the most serious repeat cases. Exclusion has serious visa implications. The easiest way to avoid plagiarising is to reference all sources. Harvard referencing is the required method – in-text referencing using Author’s Surname (family name) and year of publication. A Referencing Guide, “Harvard Referencing”, and a Referencing Tutorial can be found on the right hand menu strip in Moodle on all subject pages. An effective way to reference correctly is to use Microsoft Word’s referencing function (please note that other versions and programs are likely to be different). To use the referencing function, click on the References Tab in the menu ribbon – students should choose Harvard. Authorship is also an issue under plagiarism – KOI expects students to submit their own original work in both assessment and exams, or the original work of their group in the case of a group project. All students agree to a statement of authorship when submitting assessments online via Moodle, stating that the work submitted is their own original work. The following are examples of academic misconduct and can attract severe penalties: o Handing in work created by someone else (without acknowledgement), whether copied from another
student, written by someone else, or from any published or electronic source, is fraud, and falls under the general Plagiarism guidelines.
o Copying / cheating in tests and exams is academic misconduct. Such incidents will be treated just as seriously as other forms of plagiarism.
o Students who willingly allow another student to copy their work in any assessment may be considered to assisting in copying/cheating, and similar penalties may be applied.
Where a subject coordinator considers that a student might have engaged in academic misconduct, KOI may require the student to undertake an additional oral exam as a part of the assessment for the subject, as a way of testing the student’s understanding of their work. Further information can be found on the KOI website. 3.5 Reasonable Adjustment The Commonwealth Disability Discrimination Act (1992) makes it unlawful to treat people with a disability less fairly than people without a disability. In the context of this subject, the principle of Reasonable Adjustment is applied to ensure that participants with a disability have equitable access to all aspects of the learning situation. For assessment, this means that artificial barriers to their demonstrating competence are removed. Examples of reasonable adjustment in assessment may include: o provision of an oral assessment, rather than a written assessment o provision of extra time o use of adaptive technology. The focus of the adjusted assessment should be on enabling the participants to demonstrate that they have achieved the subject purpose, rather than on the method used. 3.6 Appeals Process Full details of the KOI Assessment and Assessment Appeals Policy may be obtained in hard copy from the Library, and on the KOI website www.koi.edu.au under Policies and Forms. Assessments and Mid-Trimester Exams: Where students are not satisfied with the results of an assessment, including mid-trimester exams, they have the right to appeal. The process is as follows: o Discuss the assessment with their tutor or lecturer – students should identify where they feel more
marks should have been awarded – students should provide valid reasons based on the marking guide provided for the assessment. Reasons such as “I worked really hard” are not considered valid.
o If still not satisfied, students should complete an Application for Review of Assessment Marks form, detailing the reason for review. This form can be found on the KOI website and is also available at KOI Reception (Market St and Kent St).
ICT 205 CYBER SECURITY T219 21/06/2019 13:29 PAGE 15 OF 16 *AUSTRALIAN INSTITUTE OF BUSINESS AND MANAGEMENT PTY LTD © ABN: 72 132 629 979 CRICOS 03171A
Approved by KOI Academic Board for T2 2019
ICT205
o Application for Review of Assessment Marks forms must be submitted as explained on the form within ten (10) working days of the return of the marked assessment, or within five (5) working days after the return of the assessment if the assessment is returned after the end of the trimester.
Review of Grade – whole of subject and final exams: Where students are not satisfied with the results of the whole subject or with their final exam results, they have the right to request a Review of Grade – see the Assessment and Assessment Appeals Policy for more information. An Application for Review of Grade/Assessment Form (available from the KOI Website under Policies and Forms and from KOI Reception, Market St and Kent St) should be completed clearly explaining the grounds for the application. The completed application should be submitted as explained on the form, with supporting evidence attached, to the Academic Manager.
ICT 205 CYBER SECURITY T219 21/06/2019 13:29 PAGE 16 OF 16 *AUSTRALIAN INSTITUTE OF BUSINESS AND MANAGEMENT PTY LTD © ABN: 72 132 629 979 CRICOS 03171A
Approved by KOI Academic Board for T2 2019
- ICT 205 CYBER SECURITY T219
- 2.2 Graduate Attributes for Undergraduate Courses
- 2.3 Subject Learning Outcomes
- This is a Level 2 subject.
