Cybersecurity

MIS607_Assessment 3 Brief_Mitigation Plan for Threat Report Page 1 of 6

ASSESSMENT 3 BRIEF
Subject Code and Title MIS607 Cybersecurity
Assessment Mitigation Plan for Threat Report
Individual/Group Individual
Length 2500 Words (+/- 10%)
Learning Outcomes The Subject Learning Outcomes demonstrated by successful
completion of the task below include:
b) Explore and articulate cyber trends, threats and staying
safe in cyberspace, plus protecting personal and
company data.
c) Analyse issues associated with organisational data
networks and security to recommend practical solutions
towards their resolution.
d) Evaluate and communicate relevant technical and
ethicalconsiderations related to the design, deployment
and/orthe uses of secure technologies within various
organisational contexts.
Submission For regular class (12 Weeks Duration):
By 11:55 pm AEST/AEDT Sunday of Module 6.1 (week 11)
For intensive class (6 Weeks Duration):
By 11:55 pm AEST/AEDT Sunday of Module 6.2 (week 6)
Weighting 50%
Total Marks 100 Marks

Assessment Task and Context
Reflecting on your MIS607 Assessment 2, the organisation has decided to continue to employ you
as a consultant for the next phase:
Risk Analysis and Development of the Mitigation Plan.
The organisation has become aware that the Australia Government (AG) has developed strict
privacy requirements for businesses. The company wishes you to produce a brief summary of these
based on real-world Australian government requirements (similar to how you used real-world
information in MIS607 Assessment 2 for real-world attack). These include the Australian Privacy
Policies (APPs) especially the requirements on notifiable data breaches. The company wants you to
examine these requirements and advise them on their legal requirements. Also ensure that your
threat list includes attacks on customer data breaches. The company wishes to know if the GDPR
applies to them.
Instructions
MIS607 Assessment 3 is in many ways a continuation of MIS607 Assessment 2. You will start with
the threat list from your MIS607 Assessment 2, although feel free to make changes to the threat
list if it is not suitable for MIS607 Assessment 3. You may need to include threats related to
privacy concerns. Beginning with the threat list:




You need to align threats or vulnerabilities, as much as possible, with controls.
Perform a risk analysis and determine controls to be employed.
Combine the controls into a project of mitigation.
Give advice on the need for ongoing cybersecurity, after your main mitigation steps.

MIS607_Assessment 3 Brief_Mitigation Plan for Threat Report Page 2 of 6
To successfully complete this assessment:

You must use the risk matrix approach covered in classes (Risk = likelihood x
consequence)
You should show evidence of gathering data on “likelihood” and “consequence” for each of
the threat you have identified. You should briefly explain how this was done.
At least ONE (1) of the risks must be so trivial and/or expensive to control that you decide
not to use it (In other words, in this case, you are accepting the risk). At least ONE (1) of the
risks, but obviously not all.
Provide cost estimates for the controls including policy or training controls. You can

make up these values but try to justify at least ONE (1) of the costs (if possible, use links
to justify costs).
Report Structure and Format:
The report should have the following heading structure.
Title page
The title page should include subject code and name, assessment number, report title,
assessment due date, word count (actual), student name and surname, student ID, Torrens’s
email address, learning facilitator name and surname.
Executive Summary
Mainly this section is where you “Summarize” your report. The best time to write the
Executive Summary is when you have finished working on your assessment. By then you will
be able to “Summarise” your work. It should be written in a simple and easy to read language.
IMPORTANT NOTE: Make sure to ONLY provide the summarised version of the report.
1. Introduction
In this section introduce your assessment/report to the reader. Think of the purpose and
objectives ofyour assessment and ask this question from yourself that why this assessment
is valuable and important? You will need to provide a short description of the case scenario.
Overall, the introduction section is about “What the assessment is going to be about?”.
2. Main Discussion
IMPORTANT NOTE: The required discussions for sub-sections 2.1, 2.2, 2.3 and 2.4 are
discussed earlierin this assessment brief document (see above).
2.1. Threats List and STRIDE Categorisation Summary
2.2. Threats Analysis (Using Risk Matrix)
2.3. Threats and Controls
2.4. Mitigation Scheme
3. Conclusion
In this section, you will wrap up your discussion in a clear and simple way. Overall, the
conclusion section reminds the reader what the report/assessment has been about. Indicate
and discuss the majorfindings and/or recommendation of your report.
4. References
A minimum of Five (5) references are required in this assessment. Please be advised that you
can use as many references you require in your assessment; however, the minimum number
of references is 5references). At least three (3) references MUST be from peer-reviewed
sources (e.g. conferences, journals).

MIS607_Assessment 3 Brief_Mitigation Plan for Threat Report Page 3 of 6
You can put a “*” after such peer-reviewed references in the references section when you
want to highlight they are peer reviewed. One (1) of the peer-reviewed articles MUST be
uploaded in PDF format along with your MIS607 Assessment 3 report on Blackboard. This
PDF file will be referred as the “nominated article”.
IMPORTANT NOTE: Zero marks for referencing if the nominated article is not itself peerreviewed or if there is no peer-reviewed article submitted with your MIS607 Assessment 3.
Of course, the nominated article should be properly referenced and cited; however, you also
need to cite an important direct quote from within the article (with page number), not just a
brief sentence from the abstract. The quote should also relate to the main topic of the
article, not just a side issue.
5. Appendices (Appendix 1, Appendix 2, etc.)
An Appendix is NOT necessary for your assessment UNLESS for any of the following two
reasons:
Your MIS607 Assessment 2 has been marked 60 and below and you had to work on
your assessment 2 and make relevant changes and once improved attach it within
the Appendicessection as Appendix 1.
There is EXTRA general information which you think is helpful for your assessment.
IMPORTANT NOTE: ALL important and necessary information for your report (e.g.
Risk Matrix,etc.) must be inserted and discussed within the body of your assessment
and NOT in Appendices section.
IMPORTANT NOTES FOR MIS607 ASSESSMENT 3 SUBMISSION:


This assessment must be submitted as a WORD document (*.doc OR *.docx).
You are highly advised to read the “case scenario”, several times. Then, it is advised to read
through this Assessment Brief document and note requirements. It is highly advised to also
check the Marking Rubric for more information how the assessment will be marked.
Any used information/discussion from your MIS607 Assessment 2 requires to be accurately
and completely referenced to avoid Academic misconduct such as “self-plagiarism”.
The report should use Arial or Calibri fonts, 11 point. It should be line spaced at 1.5 and must
have page numbers on the bottom of each page.
The word count for this assessment is 2500 words (+/- 10%), NOT counting tables, figures,
executive summary, cover sheet, references, and appendices (if any).
You must be careful NOT to use up the word count discussing cybersecurity basics. This is
not an exercise in summarising class notes and etc. Discussing general information and
material will not count towards marks.
Make sure to use a reasonable number of Tables and Figures in your assessment.
ALL inserted/used Tables and Figures within the report MUST be captioned/labelled and
numbered (e.g. Table 1, Table 2, etc.).
ALL inserted/used Tables and Figures within the report require being initially introduced and
then discussed in a clear, focused and simple way.
Within the assessment document, when referring to Tables and Figures, you require to refer

to them by their captions (note that publishers do not guarantee Tables and Figures to be
placed the same order or location as in your article). NOTE: Tables and Figures without a
caption may be treated as if they are not in the report.
If you have not performed so well with MIS607 Assessment 2 (Your mark was less than 60%),
you will need to fix the issues noted in your MIS607 Assessment 2 based on the provided
feedback and then include your MIS607 Assessment 2 in your MIS607 Assessment 3
“Appendix 1” section. IMPORTANT NOTE: There will be NO MARKS for the remediation of
MIS607 Assessment 2.

MIS607_Assessment 2 Brief_Threat Model Report Page 4 of 6
Referencing
It is essential that students use appropriate APA style for citing and referencing research. Please see
more information on referencing here in the
Academic Writing Guide found via the Academic Skills
website
.
Submission Instructions
Please submit ONE Microsoft Word document (.doc or.docx) via the Assessment link in the main
navigation menu in Blackboard. The Learning Facilitator will provide feedback via the Grade Centre in
the LMS portal. Feedback can be viewed in My Grades.
Academic Integrity
All students are responsible for ensuring that all work submitted is their own and is appropriately
referenced and academically written according to the
Academic Writing Guide. Students also need to
have read and be aware of Torrens University Australia Academic Integrity Policy and Procedure and
subsequent penalties for academic misconduct. These are
viewable online.
Students also must keep a copy of all submitted material and any assessment drafts.
Special Consideration
To apply for special consideration for a modification to an assessment or exam due to unexpected or
extenuating circumstances, please consult the
Assessment Policy for Higher Education Coursework and
ELICOS
and, if applicable to your circumstance, submit a completed Application for Assessment Special
Consideration Form
to your Learning Facilitator
MIS607_Assessment 3 Brief_Mitigation Plan for Threat Report Page 5 of 6
Assessment Rubric

Assessment Attributes Ratings Pts
Citation practice and engagement with relevant literature
Cited material and citations related to report
APA citation Style
At least 3 peer-reviewed articles
Nominated PDF of peer-reviewed article
Five or more references
Correct citation and referencing
Most peer-reviewed citations used more than once
20 Pts
High
Distinction
Exceeds
expectation
15-19 Pts
Distinction
High quality
13-14 Pts
Credit
Meets basic
expectation
11-12 Pts
Pass
Pass level
work
0-10 Pts
NN
Fails to
meet basic
expectation
20 Pts
Pts for this criterion = 20 Pts
Threat Analysis
Assessment 2 remediation, if needed
Clear threat list, related to STRIDE categories and threat boundaries (mostly
30 Pts
High
Distinction
22-29 Pts
Distinction
High quality
20-21 Pts
Credit
Meets basic
16-19 Pts
Pass
Pass level
0-15 Pts
NN
Fails to
30 Pts
coming from Assessment 2, but changes can be made)
Brief explanation of government privacy requirements
At least one threat related to government privacy requirement
Discovery of likelihood and consequences for each identified threat, with
Exceeds
expectation
expectation work meet basic
expectation
explanation of technique and a few details
Clear results from likelihood and consequence discovery
Risk Matrix explained and applied correctly to threats
Risks tabled and ranked correctly from highest to lowest
Table contains risk decision, controls and implementation cost estimation
At least one risk accepted
Table is clear to all stakeholders.
Pts for this criterion = 30 Pts
Mitigation Scheme
Mitigation scheme covers the list of identified threats
Controls are mapped against threats
Mitigation derives clearly from threat analysis
Mitigation scheme costed
Project for mitigation clearly conveyed
20 Pts
High
Distinction
Exceeds
expectation
15-19 Pts
Distinction
High quality
13-14 Pts
Credit
Meets basic
expectation
11-12 Pts
Pass
Pass level
work
0-10 Pts
NN
Fails to
meet basic
expectation
20 Pts
Pts for this criterion = 20 Pts

MIS607_Assessment 3 Brief_Mitigation Plan for Threat Report Page 6 of 6

Communication and Presentation
Writing is persuasive, logical and communication is clear
Uses appropriate vocabulary consistently. Spelling and punctuation is
completely accurate.
Consistently integrates research and ideas from relevant and appropriate
sources/references.
Consistently uses accurate references, appropriately positioned.
Executive Summary is appropriate for a business report and is written in
past tense. It summarises what has been done and is not a mere covering
of basic theory from classes.
Demonstration of topics and principles acquired from course material; use
of relevant theories, concepts and frameworks to support analysis; own
input, insight and interpretation.
Pts for this criterion =
20 Pts
20 Pts
High
Distinction
Exceeds
expectation
15-19 Pts
Distinction
High quality
13-14 Pts
Credit
Meets basic
expectation
11-12 Pts
Pass
Pass level
work
0-10 Pts
NN
Fails to
meet basic
expectation
20 Pts
Basic Formatting and Submission Requirements
Captioning of all figures, etc. and referred to only by caption
Correct assessment submission and Word format
Page numbers
Correct student and facilitator information
Academic Integrity Declaration
Correct heading structure
Pts for this criterion =
10 Pts
10 Pts
High
Distinction
Exceeds
expectation
8-9 Pts
Distinction
High quality
6-7 Pts
Credit
Meets basic
expectation
4-5 Pts
Pass
Pass level
work
0-3 Pts
NN
Fails to
meet basic
expectation
10 Pts
The following Subject Learning Outcomes are addressed in this assessment
SLO b) Explore and articulate cyber trends, threats and staying safe in cyberspace, plus
protecting personal and company data.
SLO c) Analyse issues associated with organisational data networks and security to
recommend practical solutions towards their resolution.
SLO d) Evaluate and communicate relevant technical and ethical considerations related to
the design, deployment and/or the uses of secure technologies within various
organisational contexts.