Assessment 1 information - 2020
SIT284: Cybersecurity Management
Group Planning Report
This assessment is for students to demonstrate their ability to plan an investigation of security management issues in corporate organisations. Students are required to work as a team (at most 4 students in a team) to evaluate the risk levels, potential impact of threats and vulnerabilities, and cost-benefit analysis of control methods.
· Online resources such as those that maintain the list of known vulnerabilities.
This assessment assesses the following Unit Learning Outcomes (ULO) and related Graduate Learning Outcomes (GLO):
|Unit Learning Outcome (ULO)||Graduate Learning Outcome (GLO)|
|GLO 1: Discipline-specific knowledge and capabilities|
GLO 4: Critical thinking
GLO 5: Problem Solving
GLO7: Through the assessment of students’ teamwork skills in planning an investigation
Case Study: Patterson Sports Performance (Company)
Patterson Sports Performance (PSP) is one of the top sports performance companies in Australia headquartered in Melbourne with branches throughout the country and revenues reaching about $1 billion per annum. Its client base is estimated to be more than 10,000, which includes multinational businesses, prominent athletes and celebrities and high-profile corporate executives. The PSP company has five major business units: the finance department, the marketing department, the e- Solution department, the business development (BD) department and the legal department. The legal department, staffed with attorneys, solicitors, barristers, paralegals, and support staffs. The BD department, headed by a BD director, is tasked with initiating, facilitating, and supporting strategic business development plan as well as managing and retaining relationships with existing clients while increasing the client base. The marketing department, led by a marketing director, focuses on marketing functions such as branding, positioning, and segmentation. The finance department, headed by chief financial officer, is responsible for all aspects of the PSP company’s financial health. The finance team is responsible for planning, coordinating and administering the overall financial activities of the sports company. The e-Solution department is responsible for the management of the IT infrastructure such as the hardware, software, and network. A chief information security officer (CISO) and several cybersecurity professionals within the e-Solution department are responsible for cybersecurity management of PSP.
The PSP company collects and maintains substantial amount of privileged and very sensitive information, intellectual property, and commercially sensitive material that relates to the sporting teams and athletes, as third-party sports companies. The legal team uses information technology (IT) extensively for various purposes including communication with clients and associates and discovery of relevant athletes’ contracts. The BD team uses IT such as customer relationship management software and the database extensively for activities such as new business opportunities research and worthwhile income sources. The marketing team harvests PSP’s IT capabilities and other channels such as social media platforms for the many marketing related activities including research and development of marketing strategies and marketing analysis. The finance team uses IT capabilities in various finance-related activities including analyzing market trends and competitors.
The PSP datacenter is located in Melbourne and hosts a complex networked systems that seamlessly integrates the enterprise network and the Internet. All workstations (desktops) run Microsoft Windows 10 for 32-bit and 64-bit and Microsoft Internet Explorer (IE 11). Database server (Oracle), Apache server (for webserver) and Microsoft Exchange Server (for email) are used. Information systems for document management service (DMS), e-Discovery tools, and software tools for case management, calendar and scheduling, and CRM systems, among others, are used. Oracle E- Business Suite (Oracle Human Resources, Oracle General Ledger, etc.) is used for maintaining and processing all information (e.g., athlete client contact details, administrative records, and personnel records). Last patch update was done in 1st January 2020. Approximately, there are about two million sports data documents, four million administrative records, 200K personnel records and 500K athlete client contact details in the database. The cybersecurity management team deploys state-of- art cybersecurity controls (firewalls, antivirus products, intrusion detection systems, and multi-factor authentication) to safeguard the business-critical and privacy-sensitive information.
The following is a partial risk appetite statement of Patterson Sports Performance:
1 Assets identification
In this section, you will identify the assets, determine their values (worth) and prioritise them. Use the following asset inventory table as a template to record the collected information.
|Asset Name||Asset Type||Department||Value||Priority|
Asset inventory: Identify an asset from each department (e.g., one information assets from the marketing department, one knowledge assets from the legal department, etc.), add it to the above table and provide a brief rationale for selecting the asset.
Asset valuation: Use the cost-based approach or the market value-based approach to calculate the relative value of the selected assets. You must justify any assumptions you make.
Asset prioritisation: Use the weighted factor analysis (WFA) worksheet to priorities the four assets. Here you must choose three or four impact factors that are different than the one we discussed in class. Provide a rationale for selecting the impact factors. You must include the weighted factor analysis worksheet table here as well.
2 Threat and Vulnerability Analysis
|Asset 1||Asset 2||Asset 3||Asset 4|
|Threat||Threat Agent||Threat Agent|
|Asset||Vulnerability Name||Vulnerability factors|
|Ease of discovery||Ease of exploit||Awareness||Intrusion detection|
3 Estimating risk
In this section, you will estimate the risks for the assets and rate them. Use the following as a template to record the results.
|Asset Name||Vulnerability||Threat||Risk Likelihood||Risk Impact||Risk Rating||Priority|
|Laptop||Loss||Theft||2.4 (Low)||2.9 (Low)||2.2 (Low)||2.8 (Low)||Low|
Compute the risk likelihood, the risk impact, and the risk level. You must justify and show step by step your work and include all the formulas required to arrive at your answer.
4 Risk Treatment Strategy
This section involves the identification and selection of appropriate risk treatment strategies for managing the risks identified in the previous section. Note that selecting the most appropriate risk treatment option involves organization’s risk appetite and residual risk as well as balancing the costs and efforts of implementation against the benefits derived. Use the following template to record the results.
|Risk||Treatment||Residual risk||Cost-Benefit Analysis (CBA)|
5 What do I do now?
Any work that you submit for assessment must be your own work (and in this case your teams work). Please note that this unit has systems in place to detect plagiarism and all submissions are submitted to this system. Submitting work, in whole or in part, that is copied or paraphrased from other authors (including students), without correct acknowledgement, is considered one of the most serious academic offences. This practice is equivalent to cheating in examinations and it may lead to expulsion from the University. For further information, you should refer to Regulation 4.1(1), Part 2—Academic Misconduct, via (Current university legislation). Please note that these regulations are not intended to discourage group work and exchange of views and information with other students and staff. Such interaction is most desirable, provided that you ultimately write your own answers and acknowledge any quoted sources. We see responsible attitudes to plagiarism as part of general good ethical practice. Ensure you have familiarised yourself with the rules and regulations on plagiarism and collusion.
Referencing: at least 3 references (extra to the page limit). Use Harvard style referencing in your report.
For solution, connect with our online professionals.