Major Assessment: Risk Assessment
Due Week 11, Worth 25%
In this assignment, your task is to create a report on the threat scope against a specific target. There are three profiles for these threats, of which you choose one.
The three profiles are:
1) Policy Profile:You are the Chief Information Security Officer (CISO) for a large multinational enterprise with a very large collection of intellectual property that represents a major portion of your business’ holdings. What are the threats against your corporate network, where do they come from and what do you need to mitigate against them? Keep in mind that, as a CISO, you are more interested in developing Policy and Procedure than day to day threat management.
2) Response Profile: You are a threat researcher for a Computer Emergency Response Team (CERT) that is responsible for protecting Government networks. The Government will be releasing an unpopular policy in the near future and is expecting attacks from “hacktivists”. What are the sorts of cyber-attacks that can be expected? How can the agency organise itself now to help reduce the impact of those cyber-threats? Remember that Government agencies often have lots of partners and social media accounts.
3) Technical Level: You are a penetration tester providing services to a client (i.e. not the company you work for), who is a major national accounting firm. Identify the risks to your company in performing the penetration test, identify the standard framework for conducting a penetration test and the methods that you would employ to conduct the test.
Your assignment is to choose one of those profiles, and write a report that is at least 3000 words or 15 pages (whichever is longer). Your assignment should cover the above brief for your profile, and to also cover the following aspects:
· What are the countermeasures to those threats, and how do they fit within the Situational Crime Prevention framework?
· How does the current law help or hinder your countermeasures? Are there any proposals for laws that would assist?
· Is your problem of international scope and, if so, how?
See the scoring sheet for this assignment, which is on the next page, and ensure that your report fulfils the criteria listed.
|
Type |
Score |
Description |
|
Content |
||
|
Fits with a profile |
10 |
Appropriately choose a profile and stay within the parameters given. Reports that go outside the bounds will lose marks from this category. |
|
Profile completion |
30 |
Completes the problems identified within the profile. You gain marks for ensuring that all of the points mentioned in the profile are covered in your report. |
|
Situational Crime Prevention |
10 |
Places your countermeasures in the Situational Crime Prevention framework. |
|
Law |
10 |
Reports should cover the impact of the law on their profile |
|
International scope |
10 |
Your problem is placed within the international security scene and appropriately justified. |
|
Subtotal: |
70 |
Subtotal for content |
|
Presentation |
||
|
Spelling and Grammar |
10 |
The presentation’s content is appropriately written in English, with no spelling errors and grammar issues. |
|
Presentation and Style |
10 |
The report is well presented, with diagrams, headings, tables and other visual aids. |
|
References |
10 |
The report contains appropriate references and referencing style. |
|
Subtotal: |
30 |
Subtotal for presentation |
|
Total: |
90 |
-
Rating:
/5
Solution: Major Assessment: Risk Assessment