Microsoft Word - CMP71001_Assignment_1_2019 S31-Final
Unit code CMP71001
Assignment 1 Risk assessment.
Due Date
Learning
Outcomes
Graduate
7th Dec XXXXXXXXXX00pm (QLD Time)
1, 2
Attributes 3, 4 & 5
Weight 20% of overall unit assessment
Suggestion This assignment is developmental and cumulative. You are strongly advised to
start doing this assignment from Week-4 in your study. Leaving your starting
date to the week before the due date is a very poor strategy for success in the unit.
Task Description
You are a cybersecurity consultant working for one of the big-4 consulting firms. In your client
portfolio you have the choice of working on a cybersecurity program for the following clients;
an educational institute (such as a university), a small-to-medium sized business (SME), and a
division of large business/government organisation. You are to choose one client.
As part of your work for the client, you have chosen you are required to provide a client report
that explains the importance of cybersecurity risk assessments. To successfully write this report,
you must complete the following tasks:
• Task 1: discuss why risk assessment is the most critical step in developing and managing
cyber security in the organisation and identify any limitations of the cu
ent risk assessment
methods.
• Task 2: create five questions that will identify the most critical information assets of the
organisation and justify how the five questions you have created achieve this. For example,
you could assume that an organisation website is one of the most critical information assets
of the organisation. Create a WFA template to rank the top five assets.
• Task 3: identify the top five threats to the organisation information assets. Support your
findings by referencing reputable sources of information.
• Task 4: Discuss how the top five threats identified in Task 3 could/could not impact the
asset. Rank the threats and define the risk values based on their likelihood of exposure and
levels of impact (potential consequences) on the asset. Support your discussion by quoting
eputable sources of information. You are free to make any assumption(s) you wish
egarding the organisation structure, mission, vision, business profile, etc. which will need
to be documented in the appropriate sections of your report.
CMP71001 – Cybersecurity Assignment-1, S3 2019
Assessment Criteria
Criteria Max Mark
Task1 6
Concept of risk assessment in the context of cybersecurity 1.5
Identification of knowledge by performing risk assessment 1.5
Application of risk assessment results for risk management 1.5
Limitations of the cu
ent risk assessment approaches 1.5
Task 2 4
Questions design to identify the most critical information assets 2
WFA worksheet to rank the assets. 2
Task 3 4
Threats to the organisation information assets 4
Task 4 4
Risk analysis (Impact analysis and risk ranking) 4
Documentation 2
Professional presentation. 1
Referencing 1
Total 20
Format, Presentation and length
There is no report template to be used in this assignment, so you can design your own template or
efer to online resources. However, the report should be well presented in a standard report
format.
Due to the system setting constraint, the report 1 length was set with 1000 words in the unit UIG.
You are advised that there is no formal word limit for the report. However, a good report is
expected to be somewhere in the vicinity of 2,000 - 3,000 words from Introduction to Conclusion.
Note that this is a very rough estimate and there will be no penalties imposed based on the number
of words (no real ceiling if the content is precise and relevant!)
4
Assignment-1 marking ru
ic
The following marking ru
ic will be used for the marking of your submission. It contains a detailed
eakdown of the marking criteria for this assignment.
Make sure you read CAREFULLY this to understand how your work would be graded against each of the defined criteria.
Criteria
Task 1
Level of Student Performance
HD XXXXXXXXXX%) D (75-85%) C (65-75%) P (50-65%) F (0-49%)
Risk assessment
Concept
Knowledge
Identification
ï‚· Co
ect and accurate definition of
isk assessment;
ï‚· A clear description that precisely
shows the essence of the risk
assessment process and its
objectives.
Clear and co
ect information that
indicates at least 4/5 different
points of usefulness in line with the
objectives of risk assessments.
ï‚· Co
ect and accurate
definition of risk assessment;
ï‚· A clear description that
shows the essence of the risk
assessment process and its
objectives.
Clear and co
ect information
that indicates at least 3
different points of usefulness
in line with the objectives of
isk assessments.
ï‚· Reasonably co
ect
definition of risk
assessment;
ï‚· Adequate description
that shows the most essence
of the risk assessment
process and its objectives
Clear and co
ect
information that indicates at
least 2 different points of
usefulness in line with the
objectives of risk
assessments
ï‚· Reasonably co
ect definition
of risk assessment;
ï‚· A very
ief description that
shows some essence of the
isk assessment process and
its objectives.
Adequate information that
indicates at least 2 different
points of usefulness in line with
the objectives of risk
assessments
Little or no co
ect
description that shows
essence of the risk
assessment process and its
objectives
Little or no relevant
information in line with the
objectives of risk
assessments.
Application of risk ï‚· Comprehensive and solid ï‚· Comprehensive arguments of ï‚· Comprehensive arguments ï‚· Adequate arguments of the use ï‚· Little or no valid
assessment results arguments of the use of risk the use of risk assessment of the use of risk of risk assessment results in arguments of the use of
assessment results in developing results in developing and assessment results in developing and managing risk assessment results in
and managing cybersecurity; managing cybersecurity; developing and managing cybersecurity; developing and managing
ï‚· Clearly explain how they can
affect the business decision-
ï‚· Clearly explain how they can
affect the business decision-
cybersecurity;
ï‚· Briefly explain how they
ï‚· Briefly explain how they can
affect the business decision-
cybersecurity.
making process. making process can affect the business making process
decision-making process
limitations of the Critical analysis of the limitations Detail description but not Detail description of the Brief description of the Little or no description of the
isk assessment inherited with both qualitative and critical analysis of the limitations inherited with limitations inherited with both limitations inherited with
approach qualitative methods. limitations inherited with both either qualitative and qualitative and qualitative both qualitative and
methods. qualitative methods.
CMP71001 – Cybersecurity Assignment-1, S3 2019
4
qualitative and qualitative
methods.
qualitative methods but not
oth.
Task 2
Questions to ask
for the most critical
information assets
ï‚· Define and discuss five questions
you would ask to identify most
critical assets of the given
organisation.
ï‚· Clear justification why those
assets are critical to the
organisation.
ï‚· Define and discuss at least
four questions you would
ask to identify most critical
assets of the given
organisation.
ï‚· Clear justification why those
assets are critical to the
organisation.
ï‚· Define and discuss at least
three questions you would
ask to identify most critical
assets of the given
organisation.
ï‚· Reasonable justification
why those assets are critical
to the organisation.
ï‚· Briefly define and discuss at
least five questions you would
ask to identify most critical
assets of the given
organisation.
ï‚· No justification provided why
those assets are critical to the
organisation.
Little to no response to this
task.
WFA worksheet ï‚· Clearly define at least 3 criteria
that match with the given context.
ï‚· Explain the importance of those
criteria.
ï‚· Define and justify their impact
factor.
ï‚· Clearly define at least 3
criteria that match with the
given context.
ï‚· Explain the importance of
those criteria.
ï‚· Define their impact factor.
ï‚· Clearly define at least 3
criteria that match with
the given context.
ï‚· Explain the importance of
those criteria.
ï‚· Briefly define at least 2
criteria that match with the
given context.
ï‚· Briefly explain the
importance of those criteria.
Little to no discussion on
WFA worksheet
Task 3
Threats ï‚· Co
ectly identify at least five
threats;
ï‚· Discuss each threat sufficiently
detailed with threat agent, method
of delivery and working
mechanism.
ï‚· Justify why do you feel these are
the critical threats to the
organization.
ï‚· Co
ectly identify at least
five threats;
ï‚· Discuss most of them
sufficiently detailed with
threat agent, method of
delivery and working
mechanism.
ï‚· Briefly justify why do you
feel these are the critical
threats to the organization.
ï‚· Co
ectly identify at least
4 threats;
ï‚· Briefly discuss most of
them with threat agent,
method of delivery and
working mechanism.
ï‚· Briefly justify why do you
feel these are the critical
threats to the organization
ï‚· Co
ectly identify at least 2
threats;
ï‚· Briefly discuss them with
threat agent, method of
delivery and working
mechanism.
ï‚· Briefly Justify why do you
feel these are the critical
threats to the organization
Little to no threats
identification or discussion
Task 4
Impact assessment
and ranking
ï‚· Comprehensive qualitative risk
assessment presented to rank and
prioritise risks for all items
identified above.
ï‚· Comprehensive qualitative
isk assessment presented to
ank and prioritise risks for
most of the items identified
above.
ï‚· Qualitative risk
assessment presented to
ank and prioritise risks
for most of the items
identified above.
ï‚· Brief risk assessment
presented to rank and
prioritise risks for most of the
items identified above
ï‚· Little or