CIS8018 – Cyber Security Semester 2, 2020
Page 1 of 3
Research paper 1
Due date: 25 August 2020
Value: 25%
Objectives
The course objectives met by this assignment include:
• Course specifications are available online from the USQ website
http:
www.usq.edu.au/course/specification
. Always check the website for the latest version.
Background
This assessment item covers chapters 1-4 of your textbook. Select one organisation of your choice.
Investigate and report on the cu
ent state of this organisation (as per material covered in these
chapters) and make suggestions for improvements that the organisation could adopt to improve
their security. If you are working at this organisation, please make sure NOT to divulge any sensitive
information (you may wish to check online what information is made public by the organisation to
ensure this). While the scope is reflected by chapters 1-4, you are allowed to use journal articles to
support your statements.
Provide the URL, values, vision, and mission statement as an appendix.
Write a research paper and organise it in the following way:
Title (you are required to decide your paper’s title)
Your name and student number
Abstract (about 100 words)
Introduction
Body context (you could divide into several sub-sections if required)
Conclusion
References.
The word-count limit for the introduction, body and conclusion of this paper is set at about 3000
words. Use two (2) or more resources for your citing and referencing in Harvard style.
Submission requirements
• Submit your word document through your study desk– a link will be available on the study desk.
CIS8018 – Cyber Security Semester 2, 2020
Page 2 of 3
Marking criteria for research paper 1 – CIS8018
Student name: ___________________________ Student number: ____________________
Marks
Structured development of research paper
Logical flow leading the reader from start to finish on a clear path of addressing
the assessment requirements; clear identification of the cu
ent security state;
and description of network usage.
Excellent meets all the requires for this objective 25-30
Good work – minor issue 15-24
Requires more work 5-14
Very poor effort 0-5
Comment:
/30
Depth of research/ critical reflection
Reason to support findings: critical evaluation and analysis of the cu
ent state
of the organisation aligned with chapters 1-4; suggestions of improvements
implement the understanding of the cu
ent state and the solutions provided
in the chapters 1-4;
Excellent meets all the requires for this objective 25-30
Good work – minor issue 15-24
Requires more work 5-14
Very poor effort 0-5
Comment:
/30
Understanding of key ideas and concepts
Understood the course material; able to identify key ideas and concept within
a real life scenario of issues; able to explain an issue with the use of key ideas
and concepts; able to relate own experience to course material and issue by
introducing own perspective
Excellent meets all the requires for this objective 25-30
Good work – minor issue 15-24
Requires more work 5-14
Very poor effort 0-5
Comment:
/30
CIS8018 – Cyber Security Semester 2, 2020
Page 3 of 3
Evidence of support
Citing and referencing: Co
ect within text Harvard citing; co
ect Harvard
eferencing; used more than two (2) sources (book, journal article, report,
news article on the internet) in addition to the course text book.
Excellent meets all the requires for this objective 8-10
Good work – minor issue 5-7
Requires more work 3-4
Very poor effort 0-2
Comment:
/10
Total /100
General Comments:
Slide 1
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
1
Upon completion of this material, you should be able to:
List and discuss the key characteristics of information security
List and describe the dominant categories of threats to information security
Discuss the key characteristics of leadership and management
Describe the importance of the manager’s role in securing an organization’s information assets
Differentiate information security management from general business management
Learning Objectives
‹#›
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
2
Introduction
IT enables the storage and transportation of information—often a company’s most valuable resource—from one business unit to anothe
But what happens if the vehicle
eaks down, even for a little while?
Astute managers increasingly recognize the critical nature of information security as the vehicle by which the organization’s information assets are secured
The emergence of executive-level InfoSec managers allows for the creation of professionally managed information security teams that have a primary objective to protect information assets, wherever—or whatever—they may be
‹#›
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
3
laser (laser) - Au/PE: Global: Please note that end periods have been deleted at the end of listed sentences wherever they are given because they are not given in majority of the cases.
Introduction (Continued)
Organizations must realize that information security planning and funding decisions involve more than managers of information, the members of the information security team, or the managers of information systems
Altogether, they must involve the entire organization, as represented by three distinct groups of managers and professionals, or communities of interest:
Those in the field of information security
Those in the field of IT
Those from the rest of the organization
‹#›
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
4
Communities of Interest
These three groups should engage in a constructive effort to reach consensus on an overall plan to protect the organization’s information assets:
The information security community protects the organization’s information assets from the many threats they face
The IT community supports the business objectives of the organization by supplying and supporting IT that is appropriate to the organization’s needs
The general business community articulates and communicates organizational policy and objectives and allocates resources to the other groups
Working together, these communities of interest make recommendations to executive management about how to secure an organization’s information assets most effectively
‹#›
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
5
What Is Security?
In general, security means being free from danger. To be secure is to be protected from the risk of loss, damage, unwanted modification, or other hazards
Achieving an appropriate level of security for an organization also depends on the implementation of a multilayered system
Security is often achieved by means of several strategies undertaken simultaneously or used in combination with one anothe
It is the role of management to ensure that each strategy is properly planned, organized, staffed, directed, and controlled
‹#›
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
6
Specialized Areas of Security
Specialized areas of security include:
Physical security
Operations security
Communications security
Cyber (or computer) security
Network security
‹#›
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
7
Information Security
Information security (InfoSec) focuses on the protection of information and the characteristics that give it value, such as confidentiality, integrity, and availability, and includes the technology that houses and transfers that information through a variety of protection mechanisms such as policy, training and awareness programs, and technology
‹#›
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
8
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
9
The CIA Triad and the CNSS Model
The NSTISSI (or CNSS) Security Model (also known as the McCumber Cube) provides a more detailed perspective on security
While the NSTISSC model covers the three dimensions of information security, it omits discussion of detailed guidelines and policies that direct the implementation of controls
Another weakness of using this model with too limited an approach is to view it from a single perspective
‹#›
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website