Ethical Hacking and Defence (CSI6204)
Portfolio Assessment 1: Analysis Plan/Propose Methodology for Pen-Testing Engagement
Before you read the assignment instructions, please complete the following activities available on Blackboard under Assessment:
- Watch the academic integrity video from the Associate Dean Teaching and Learning (ADTL), School of Science.
- Read the academic integrity requirement for commencing students.
- Carefully read the ‘Academic Integrity Tick-Before-Submit Checklist’ to ensure you are fully aware of your responsibilities. Remember to complete this before you submit your final attempt. This checklist is also available towards the end of this document.
- Read the academic integrity document related to this unit.
- Review the ‘Exemplar Assignment’. This exemplar should enable you to better understand how a report could be structured. Note: you cannot use any of the written content from the exemplar. Your final submission/work should be your own incorporating your own perspective and creative aspect. Copying content and ideas from the exemplar would be considered academic misconduct and would lead to a serious penalty. This is further elaborated on Blackboard under the Assignment Exemplar link.
- Read and ensure you understand the rubrics available under ‘My Grades’ on Blackboard (also available at the end of this document). In particular, note the first criterion related to ‘Originality and Student Voice (Academic Integrity)’. Please be aware that scoring low in this criterion may also affect your marks in other criteria of the rubrics and possibly result in a report for Academic Misconduct.
This portfolio assessment is designed to get you thinking about how you will approach the given pen- testing scenario (major assignment) in this unit. The aim is to make students understand the importance and requirements of the pre-engagement phase inclusive of the methodology to be used in the ethical hacking process. You will be rewarded if your plan shows evidence of creative problem- solving and critical thinking.
The assessment will enable you to achieve Unit Learning Outcome (ULO) 2 and the Course Learning Outcomes (CLO) 1 and 3.
Task: Using the major case study outline, your task is to prepare an ‘Analysis Plan/Propose Methodology for Pen-testing Engagement’ that summarises your intentions for the investigation. Remember, at this point your (hypothetical) line manager has not yet approved the requirement to undertake the pen-testing engagement. The broad structure/sections and what to include in each of them are as follows:
|Component||Broad Description and Guidelines|
|Title Page||Unit code and title, assignment title, your name, student number, campus and|
A good introduction provides an overview of the topic and its significance as well as the purpose and structure of the report. A few guidelines to consider for your introduction are:
- An overview/purpose of the activity/plan
- Objectives covering the broad contours of the given scenario in the Pen- Testing scenario, not this portfolio assessment.
- What approach did you use to undertake your research (databases, security forums, etc.) into the subject matter?
- An outline of the structure - what are you covering within your report?
|Proposed Analytical Process/Methodological Approach||The broad ideas to include in this section are as follows:|
prior to actual engagement?
- How would you analyse the given case?
- What process would you adopt?
- Discuss phases, scope and extent of the examination
- Type of test based on the provided information – white box, grey box, or black box
- Draw and include your proposed ethical hacking process covering all activities that you would undertake.
- Are there any essential or mandatory approval(s) that you would need
|Ethical considerations to undertake the pen|
|Discuss disclosure/non-disclosure agreement, preservation of the company’s confidentiality, prevention of sensitive data from being redistributed, deleted,|
|Resources Required||What hardware and software resources will be required for the pen-testing|
Your plan of action in stages once you have been given the go-ahead by your (hypothetical) line manager. Discuss the dates you will be working on a particular phase, and activities envisaged. Align the timeframe (start date of your engagement) with the submission date of this assessment and the due date (end
date) for the Pen-Testing Investigation case study.
|Component||Broad Description and Guidelines|
- All evidence and ideas from sources must be written in your own words and must be acknowledged using in-text references in the body of the report and end-text references (reference list) at the end of the report.
- APA 7th edition style referencing conventions both for in-text and end-text references should be used.
- Aim for minimum 8-10 references that include books, scholarly journal articles, and conference papers. You may also use internet sites, but they should be reputable.
- DO NOT USE WIKIPEDIA.
Suggested approaches to complete the Task:
- The report should make use of well-thought-out diagram(s) to demonstrate your proposed procedure for the investigation.
- Communicate your analytical process in a simplistic manner. Using complex descriptions or terminology will result in a loss of marks. Use acronyms correctly. You can make use of analogies if it enables you to communicate the identified issue in a simplistic way.
- You must make use of adequate in-text references to support your ideas and discussion throughout your entire report. It is recommended that you use EndNote to manage your sources and for your referencing.
- Be creative in how you choose to communicate your findings. Diagrams can be a much more effective way of communicating an idea or a concept. Tables and charts are also an effective way to draw comparisons or contrast different ideas. However, make sure diagrams, tables and charts are correctly referenced/labelled and referred/discussed to in your text.
- Start early and plan ahead.
- Carefully read the marking rubric. You should consider the descriptors as you will be evaluated against them. If in doubt about any of these, you should ask your lecturer or tutor before the submission.
- The report must use an appropriate structure with clear, concise headings, and ideas must flow logically.
- The style of writing should be appropriate for the purpose and the audience, including third- person objective voice i.e. avoid the use of first-person (‘I’, ‘my’, ‘we’) and second (‘you’) person.
- Appropriate discipline-specific terminology and vocabulary must be used in the plan.
- Sentence structure, spelling, punctuation and grammar should be correct for the report.
Common Observations in the submissions from previous semester:
The following pointers are presented to make you aware of the common mistakes that students have made in the previous semesters. You should read and understand all of them to avoid them in your submissions:
- Some students did not follow the instructions given for the information to include in the introduction. Most of the students discussed the portfolio assessment whereas they were required to propose methodology for the given Pen-Testing scenario.
- Scope, resources, and time frame sections of the plan were poorly written. Many students did not understand what the scope related to.
- The assignment brief indicated what sections or questions to answer in the main body of the report. Not all requirements were addressed by some students.
- The ethical considerations section lacked critical thinking. Many students struggled with this section and did not use any references to demonstrate their understanding.
- Some of the links to the references appeared to be broken or not accessible.
- The submissions lacked correct APA 7th edition in-text and end-text formatting. It was evident that students have not used EndNote or any other referencing software. While this was not the mandatory requirement, using a referencing software saves ample amounts of time and allows you to focus on your core work.