Fundamental Concepts of Data Security | My Assignment Tutor

Computing @ Curtin UniversityFundamental Concepts of Data SecurityISEC5006Assignment FAQsWhen is the assignment due?Answer: Friday 14-May-2021 at 12pm. Both the report and the declaration of originality form must bereceived by this time.What format and filename should I produce for the electronic submission?Answer: Only a single file in PDF format is accepted. The filename should be your full name followedby your ID, e.g.trump_donald_12345678.pdfNote: Failure to present a satisfactory electronic submission as per the requirements may have yourassignment deducted up to 10 marks!What about the references?Answer: Researching the Internet to find ideas is part of the learning process that I expect everystudent to do. However, when it comes to writing the report, please minimize complete quotes –instead paraphrase as you said using your own words, and appropriately cite the source. Put allreferences in a separate section. Please consult the library guide on Chicago referencing style, whichshould be used I reproduce some parts of the NIST or other standards, do I need to cite?Answer: Yes. Simply copying exactly a table or any texts from the NIST or other standards andpresenting as your own is considered plagiarism. In addition, whatever that you copied will not bemarked, simply because it is not your work.How much do I need to present in risk assessment?Answer: At the very minimum, you are expected to identify at least two (2) vulnerabilities for eachof the six components of an information system: Software, Hardware, Data, Network, People, andProcedures. This means you will need to identify at least 2 × 6 = 12 vulnerabilities. For eachvulnerability, you need to identify the risk, evaluate it, and recommend control to be put in place ifthere is no existing control. Also note that to get good marks, you should cover all three security goals:Availability, Integrity, and Confidentiality.UpdatedMarch 23, 2021Fundamental Concepts of Data Security ISEC5006Assignment FAQs- Semester 1, 2021Page1/3Computing @ Curtin UniversityHow are the recommendations in the report different to those in the risk assessmentresults?Answer: Whilst you may analyse many threats in risk analysis, not every one of them is of high risk.Thus, the recommendations in the main report should focus only on the most critical findings, i.e.high-risk items that the company must treat with highest priority. What you recommend in the mainreport need to be consistent with what you analyse in 1b.How long do you expect the recommendation report to be?Answer: Just a very rough figure at the minimum I would expect: 1 page for the cover, 1 page for thetable of contents, 0.5 page for executive summary, 1 page for the recommendations, 1.5 pages forsystem characterisation, 1.5 pages for vulnerability statement + threat statement, 6 pages for the riskassessment results, 1 page for conclusion and references. That works out to be 13.5 pages in total.However, note that the length of the report does not necessarily determine the marks you receive – itall depends on the actual contents you present.What is the best way to present the risk assessment results?Answer: A common way is to present the results using a table: each row is a vulnerability and thecolumns are the description, rating, and recommendation. You may also consider using the alternativeas per the following example, which is easier to produce:• Risk assessment reference number: R2I Vulnerability: Lack of a firewall (V1)I Description: Due to the lack of a firewall (V1), hackers (T1) can penetrate into thecompany’s internal network and steal confidential data (Confidentiality) or corrupt files(Integrity) causing loss of reputation and disruption to work.I Likelihood rating: PossibleI Impact rating: SignificantI Risk rating: HighI Justification: According to [blah blah blah] attacks to organisations are happeningregularly …I Recommended control: An enterprise-grade firewall sourced from a specialised securityvendor.Are the sections for vulnerability and threat statement a list of the vulnerabilities andthreats following the risk assessment?Answer: As per the above NIST document• Threat statement: A threat statement containing a list of threat-sources that could exploit systemvulnerabilities.• Vulnerability statement: A list of the system vulnerabilities (observations) that could be exercisedby the potential threat-sources.UpdatedMarch 23, 2021Fundamental Concepts of Data Security ISEC5006Assignment FAQs- Semester 1, 2021Page2/3Computing @ Curtin UniversityPlease see Sections 3.2 and 3.2 of the NIST document for more detail and examples. They need tobe identified and explained before carrying out the risk analysis. This helps the reader understandmore what, who, and why, and can refer to these statements when reading the risk analysis results.How do I write report?Answer: There are many useful resources in the library and on the Internet. are the common mistakes that I should avoid?Answer: below is the list of common mistakes students in previous years made• The report does not follow the required structure• The executive summary does not tell the audience the main findings of the assessment• The introduction is simply a copy-and-paste of the assignment description• The recommendation section does not tell the reader the main issues and associated businessimpacts if they are not addressed immediately• References are lacking or do not follow the required style• The risk analysis part is not based on the information provided in the case study and is toogeneral• The system characterisation part lacks technical details on hardware, software, procedures,data, network, users• The conclusion lacks a summary of key findings and it does not tell/recommend the reader ofnecessary risk assessment in the future• Inconsistency between the risk model and the actual risk calculations• Poor presentation:– No page numbers– No table of contents– Lacking reference numbers making it hard to cross-reference individual risk items– Poor or no formatting of sections/subsections– Lack of tables, figures, and other visual illustrations– Either too short or too longHow can I find out information about vulnerabilities that are relevant to the assignment?Answer: The assignment expects provide reasonable level of technical information about the vulnerabilities with the organisation in the case study. Resources such as be useful for software vulnerabilities. For other vulnerabilities, Internet research is expected.END OF Assignment FAQsUpdatedMarch 23, 2021Fundamental Concepts of Data Security ISEC5006Assignment FAQs- Semester 1, 2021Page3/3


Leave a Reply

Your email address will not be published. Required fields are marked *