CMP71001
Assignment 1 Risk assessment.
Due Date
Learning
16th Dec 2019 11.00pm (QLD Time)
Outcomes
Graduate
1, 2
Attributes 3, 4 & 5
Weight 20% of overall unit assessment
Suggestion This assignment is developmental and cumulative. You are strongly advised to
start doing this assignment from Week-4 in your study. Leaving your starting
date to the week before the due date is a very poor strategy for success in the unit.
Task Description
You are a cybersecurity consultant working for one of the big-4 consulting firms. In your client
portfolio you have the choice of working on a cybersecurity program for the following clients;
an educational institute (such as a university), a small-to-medium sized business (SME), and a
division of large business/government organisation. You are to choose one client.
As part of your work for the client, you have chosen you are required to provide a client report
that explains the importance of cybersecurity risk assessments. To successfully write this report,
you must complete the following tasks:
• Task 1: discuss why risk assessment is the most critical step in developing and managing
cyber security in the organisation and identify any limitations of the current risk assessment
methods.
• Task 2: create five questions that will identify the most critical information assets of the
organisation and justify how the five questions you have created achieve this. For example,
you could assume that an organisation website is one of the most critical information assets
of the organisation. Create a WFA template to rank the top five assets.
• Task 3: identify the top five threats to the organisation information assets. Support your
findings by referencing reputable sources of information.
• Task 4: Discuss how the top five threats identified in Task 3 could/could not impact the
asset. Rank the threats and define the risk values based on their likelihood of exposure and
levels of impact (potential consequences) on the asset. Support your discussion by quoting
reputable sources of information. You are free to make any assumption(s) you wish
regarding the organisation structure, mission, vision, business profile, etc. which will need
to be documented in the appropriate sections of your report.
CMP71001 – Cybersecurity Assignment-1, S3 2019
4
Assessment Criteria
Criteria Max Mark
Task1 6
Concept of risk assessment in the context of cybersecurity 1.5
Identification of knowledge by performing risk assessment 1.5
Application of risk assessment results for risk management 1.5
Limitations of the current risk assessment approaches 1.5
Task 2 4
Questions design to identify the most critical information assets 2
WFA worksheet to rank the assets. 2
Task 3 4
Threats to the organisation information assets 4
Task 4 4
Risk analysis (Impact analysis and risk ranking) 4
Documentation 2
Professional presentation. 1
Referencing 1
Total 20
Format, Presentation and length
There is no report template to be used in this assignment, so you can design your own template or
refer to online resources. However, the report should be well presented in a standard report
format.
Due to the system setting constraint, the report 1 length was set with 1000 words in the unit UIG.
You are advised that there is no formal word limit for the report. However, a good report is
expected to be somewhere in the vicinity of 2,000 - 3,000 words from Introduction to Conclusion.
Note that this is a very rough estimate and there will be no penalties imposed based on the number
of words (no real ceiling if the content is precise and relevant!)
Assignment-1 marking rubric
The following marking rubric will be used for the marking of your submission. It contains a detailed breakdown of the marking criteria for this assignment.
代写CMP71001作业、代做program留学生作业、Java,Python
Make sure you read CAREFULLY this to understand how your work would be graded against each of the defined criteria.
Criteria Level of Student Performance
HD (85-100%) D (75-85%) C (65-75%) P (50-65%) F (0-49%)
Task 1
Risk assessment
Concept
Correct and accurate definition of
risk assessment;
A clear description that precisely
shows the essence of the risk
assessment process and its
objectives.
Correct and accurate
definition of risk assessment;
A clear description that
shows the essence of the risk
assessment process and its
objectives.
Reasonably correct
definition of risk
assessment;
Adequate description
that shows the most essence
of the risk assessment
process and its objectives
Reasonably correct definition
of risk assessment;
A very brief description that
shows some essence of the
risk assessment process and
its objectives.
Little or no correct
description that shows
essence of the risk
assessment process and its
objectives
Knowledge
Identification
Clear and correct information that
indicates at least 4/5 different
points of usefulness in line with the
objectives of risk assessments.
Clear and correct information
that indicates at least 3
different points of usefulness
in line with the objectives of
risk assessments.
Clear and correct
information that indicates at
least 2 different points of
usefulness in line with the
objectives of risk
assessments
Adequate information that
indicates at least 2 different
points of usefulness in line with
the objectives of risk
assessments
Little or no relevant
information in line with the
objectives of risk
assessments.
Application of risk
assessment results
Comprehensive and solid
arguments of the use of risk
assessment results in developing
and managing cybersecurity;
Clearly explain how they can
affect the business decisionmaking
process.
Comprehensive arguments of
the use of risk assessment
results in developing and
managing cybersecurity;
Clearly explain how they can
affect the business decisionmaking
process
Comprehensive arguments
of the use of risk
assessment results in
developing and managing
cybersecurity;
Briefly explain how they
can affect the business
decision-making process
Adequate arguments of the use
of risk assessment results in
developing and managing
cybersecurity;
Briefly explain how they can
affect the business decisionmaking
process
Little or no valid
arguments of the use of
risk assessment results in
developing and managing
cybersecurity.
limitations of the
risk assessment
approach
Critical analysis of the limitations
inherited with both qualitative and
qualitative methods.
Detail description but not
critical analysis of the
limitations inherited with both
Detail description of the
limitations inherited with
either qualitative and
Brief description of the
limitations inherited with both
qualitative and qualitative
methods.
Little or no description of the
limitations inherited with
both qualitative and
qualitative methods.
CMP71001 – Cybersecurity Assignment-1, S3 2019
4
qualitative and qualitative
methods.
qualitative methods but not
both.
Task 2
Questions to ask
for the most critical
information assets
Define and discuss five questions
you would ask to identify most
critical assets of the given
organisation.
Clear justification why those
assets are critical to the
organisation.
Define and discuss at least
four questions you would
ask to identify most critical
assets of the given
organisation.
Clear justification why those
assets are critical to the
organisation.
Define and discuss at least
three questions you would
ask to identify most critical
assets of the given
organisation.
Reasonable justification
why those assets are critical
to the organisation.
Briefly define and discuss at
least five questions you would
ask to identify most critical
assets of the given
organisation.
No justification provided why
those assets are critical to the
organisation.
Little to no response to this
task.
WFA worksheet Clearly define at least 3 criteria
that match with the given context.
Explain the importance of those
criteria.
Define and justify their impact
factor.
Clearly define at least 3
criteria that match with the
given context.
Explain the importance of
those criteria.
Define their impact factor.
Clearly define at least 3
criteria that match with
the given context.
Explain the importance of
those criteria.
Briefly define at least 2
criteria that match with the
given context.
Briefly explain the
importance of those criteria.
Little to no discussion on
WFA worksheet
Task 3
Threats Correctly identify at least five
threats;
Discuss each threat sufficiently
detailed with threat agent, method
of delivery and working
mechanism.
Justify why do you feel these are
the critical threats to the
organization.
Correctly identify at least
five threats;
Discuss most of them
sufficiently detailed with
threat agent, method of
delivery and working
mechanism.
Briefly justify why do you
feel these are the critical
threats to the organization.
Correctly identify at least
4 threats;
Briefly discuss most of
them with threat agent,
method of delivery and
working mechanism.
Briefly justify why do you
feel these are the critical
threats to the organization
Correctly identify at least 2
threats;
Briefly discuss them with
threat agent, method of
delivery and working
mechanism.
Briefly Justify why do you
feel these are the critical
threats to the organization
Little to no threats
identification or discussion
Task 4
Impact assessment
and ranking
Comprehensive qualitative risk
assessment presented to rank and
prioritise risks for all items
identified above.
Comprehensive qualitative
risk assessment presented to
rank and prioritise risks for
most of the items identified
above.
Qualitative risk
assessment presented to
rank and prioritise risks
for most of the items
identified above.
Brief risk assessment
presented to rank and
prioritise risks for most of the
items identified above
Little or no justification of
those mapping.
Little or no assesses done
for ranking or prioritization.
CMP71001 – Cybersecurity Assignment-1, S3 2019
4
Detail justification of those
mapping using own and public
domain knowledge.
Detail justification of those
mapping using own and
public domain knowledge.
Inadequate justification of
those mapping.
Documentation
Report
Presentation
Information is presented in a logical,
interesting way, which is easy to
follow.
Information is mostly
presented in a logical manner,
which is easily followed.
Information is generally, if
not always, presented in a
logical manner, which is
easily followed.
Work is difficult to follow as
there is lack of apparent
structure or continuity or
sequencing of ideas
Issues such as sentence
structure, word choice, and
lack of transitions and/or
sequencing of ideas make
reading and understanding
difficult.
Referencing Correct and appropriate references
and in-text citation following any
standard style.
At least 80% appropriate
references and in-text citation
following any standard style.
At least 60% appropriate
references and in-text
citation following any
standard style.
Major inadequacies in
references and in-text citation
Very few or no references.
Submission Format
When you have completed the assignment, you are required to submit your assignment in
the DOC format. The file will be named using the following convention:
filename = FirstInitialYourLastName_CMP71001_A1_S3_2019.doc (i.e.
DJones_CMP71001_A1_S3_2019.doc)
Original Work
It is a University requirement that a student’s work complies with the Academic Integrity
Policy. It is a student’s responsibility to be familiar with the Policy.
Failure to comply with the Policy can have severe consequences in the form of University
sanctions. For information on this Policy please refer to Student Academic Integrity policy
at the following website:
http://policies.scu.edu.au/view.current.php?id=00141
As part of a University initiative to support the development of academic integrity,
assessments may be checked for plagiarism, including through an electronic system, either
internally or by a plagiarism checking service, and be held for future checking and
matching purposes.
A Turnitin link has been set up to provide you with an opportunity to check the
originality of your work until your due date. Please make sure you review the report
generated by the system and make changes (if necessary!) to minimise the issues of
improper citation or potential plagiarism. If you fail to follow this step, your report
may not be graded or may incur late feedback.
Retain Duplicate Copy
Before submitting the assignment, you are advised to retain electronic copies of original
work. In the event of any uncertainty regarding the submission of assessment items, you
may be requested to reproduce a final copy.
School Extension Policy
In general, I will NOT give extension unless where there are exceptional circumstances.
Students wanting an extension must make a request at least 24 hours before the assessment
item is due and the request must be received in writing by the unit assessor or designated
academic through student service (please visit https://www.scu.edu.au/currentstudents/student-administration/special-consideration/
for details). Extensions within 24
hours of submission or following the submission deadline will not be granted (unless
supported by a doctor’s certificate or where there are exceptional circumstances – this will
be at unit assessor’s discretion and will be considered on a case by case basis). Extensions
will be for a maximum of 48 hours (longer extensions supported by a doctor’s certificate
or alike to be considered on a case by case basis).
CMP71001 – Cybersecurity Assignment-1, S3 2019
4
A penalty of 5% of the total available grade will accrue for each 24-hour period that an
assessment item is submitted late. Therefore, an assessment item worth 20 marks will have
1 mark deducted for every 24-hour period and at the end of 20 days will receive 0 marks.
Students who fail to submit following the guidelines in this Unit Information Guide will
be deemed to have not submitted the assessment item and the above penalty will be
applied until the specified submission guidelines are followed.
Marks and Feedback
All assessment materials submitted during the semester will normally be marked and
returned within two weeks of the required date of submission (provided that the
assessment materials have been submitted by the due date).
Marks will be made available to each student via the MySCU Grade book.
因为专业,所以值得信赖。如有需要,请加QQ:99515681 或 微信:codehelp