MIS607_Assessment_3_Brief_Mitigation plan for threat report_ Module 6.1 Page 1 of 4 ASSESSMENT 3 BRIEFSubject Code and TitleMIS607 CybersecurityAssessmentMitigation Plan for Threat ReportIndividual/GroupIndividualLength2500 words (+/- 10%)Learning OutcomesThe Subject Learning Outcomes demonstrated by successful completion ofthe task below include:b) Explore and articulate cyber trends, threats and staying safe incyberspace, plus protecting personal and company data.c) Analyse issues associated with organisational data networks andsecurity to recommend practical solutions towards their resolution.d) Evaluate and communicate relevant technical and ethicalconsiderations related to the design, deployment and/or the usesof secure technologies within various organisational contexts.SubmissionDue by 11.55 pm AEST Sunday end of Module 6.1/week 11For intensive class: Due by 11.55 pm AEST Sunday end of Module 6.2/week6Weighting45%Total Marks100 marks Task SummaryFor this assessment, you are required to write a 2500 words mitigation plan for threat report based onknowledge you gained about threat types and key factors in Assessment 2. You are required to use theAssessment 2 case as context to write a report to address or alleviate problems faced by the business and toprotect the customers. In doing so, you are required to demonstrate your ability to mitigate threat/risksidentified in Assessment 2 through the strategy you recommend (STRIDE).ContextCybersecurity help organizations to mitigate threats/risks, reduce financial loss and safety violations, decreaseunethical behaviour, improve customer satisfaction, and increase efficiency, as well as to maintain theseimproved results. Threats can be resolved by Risk Acceptance (doing nothing), Risk Transference (pass risk to anexternality), Risk Avoidance (removing the feature/component that causes the risk) and Risk Mitigation(decrease the risk). This assessment gives you an opportunity to demonstrate your understanding ofcybersecurity and your capability to explain Risk Mitigation strategies for such threats. Mitigations should bechosen according to the appropriate technology and resolution should be decided according to the risk level andcost of mitigation.Task Instructions1. Read the Assessment 2 Case Scenario again to understand the concepts discussed in the case.2. Review your subject notes to establish the relevant area of investigation that applies to the case. Reread any relevant readings that have been recommended in the case area in modules. Plan how youwill structure your ideas for the mitigation plan for threat report.3. The mitigation plan for threat report should address the following:• Setting priorities for risks/threatsMIS607_Assessment_3_Brief_Mitigation plan for threat report_ Module 6.1 Page 2 of 4• Analyse the case in terms of identified risk categories and scenarios• Apply standard mitigations• Discuss specific resolutions for improvement, and justify their significance• Provide recommendations for mitigating risk based on an assessment of risk appetite, risktolerance and current risk levels (Choose techniques to mitigate the threats)• Make recommendations to the CEO on how to conduct risk management, key issues involving yourprocess improvement model, including a road map, the identification of appropriate technologiesfor the identified techniques, communicating the strategy, and a suggested timeline.4. The report should consist of the following structure:A title page with subject code and name, assignment title, student’s name, student number, and lecturer’sname.The introduction that will also serve as your statement of purpose for the report. This means that you willtell the reader what you are going to cover in mitigation plan report. You will need to inform the reader of:a) Your area of research and its context (how to mitigate or manage threats)b) The key concepts you will be addressingc) What the reader can expect to find in the body of the reportThe body of the report will need to respond to the specific requirements of the case study. It is advisedthat you use the case study to assist you in structuring the report. Set priorities for identified threats fromassessment 2, analyse the case in terms of identified risk categories and discuss specific resolutions andrecommendations for improvements in the body of the report.The conclusion (will summarise any findings or recommendations that the report puts forward regardingthe concepts covered in the report.5. Format of the reportThe report should use font Arial or Calibri 11 point, be line spaced at 1.5 for ease of reading, and have pagenumbers on the bottom of each page. If diagrams or tables are used, due attention should be given topagination to avoid loss of meaning and continuity by unnecessarily splitting information over two pages.Diagrams must carry the appropriate captioning.6. ReferencingThere are requirements for referencing this report using APA referencing style for citing and referencingresearch. It is expected that you used 10 external references in the relevant subject area based onreadings and further research. Please see more information on referencing here:https://library.torrens.edu.au/academicskills/apa/tool7. You are strongly advised to read the rubric, which is an evaluation guide with criteria for grading theassignment—this will give you a clear picture of what a successful report looks like.Submission InstructionsSubmit Assessment 3 via the Assessment link in the main navigation menu in MIS607 Cybersecurity. TheLearning Facilitator will provide feedback via the Grade Centre in the LMS portal. Feedback can be viewed in MyGrades.Academic Integrity DeclarationI declare that, except where I have referenced, the work I am submitting for this assessment task is my ownwork. I have read and am aware of the Torrens University Australia Academic Integrity Policy and Procedureviewable online at http://www.torrens.edu.au/policies-and-forms.I am aware that I need to keep a copy of all submitted material and their drafts, and I will do so accordingly.MIS607_Assessment_3_Brief_Mitigation plan for threat report_ Module 6.1 Page 3 of 4Assessment Rubric Assessment AttributesFail(Yet to achieve minimumstandard)0-49%Pass(Functional)50-64%Credit(Proficient)65-74%Distinction(Advanced)75-84%High Distinction(Exceptional)85-100%Visual appeal andpresentation ofcontentTitle page included.Adheres to the font,spacing, format, wordcount requirement.Appropriate use ofparagraphs, sentenceconstruction, spelling,and grammar.20%No title page. Incorrectfont and size with poorline spacing and largegaps in pagination, tables,or diagrams.Report is written as ablock of text with nobreaks in between ideas.Separate ideas cannot beclearly discerned.Many errors in spelling orgrammar. Does notadhere to the word countrequirement.Title page is included. Missingmost information. Incorrectfont and size is used or poorline spacing and large gaps inpagination.Paragraphs are used but largeblocks of text with longsentences make it difficult tounderstand the ideas beingconveyed.Spelling or grammar haserrors but meaning remainsclear. Does not adhere to theword count requirement.Title page is included but ismissing key information.Some errors in font use andline spacing. Somepagination problems.One idea or concept perparagraph. Someparagraphs could be moresuccinctly written.Minor spelling or grammarerrors. Adheres to the wordcount requirement.Title page is included withmost required information.Minor errors in font,spacing and format.One idea or concept perparagraph with 3–4 wellconstructed sentences perparagraph.No errors in spelling orgrammar. Adheres to theword count requirement.Title page is included withall required information.Font, spacing, and formatare in accordance with therequirements of theassignment brief.Expert use of paragraphswith 3–4 well-constructedsentences per paragraphthat follow logically fromeach other.No errors in spelling orgrammar. Adheres to theword count requirement.Knowledge andunderstandingUnderstanding of thekey concepts, principlesof cybersecurity,Analyse the case interms of identified riskcategories andscenarios and applystandard mitigations.30%Lack of understanding ofthe required concepts andknowledge. Keycomponents of theassignment are notaddressed. Lack ofanalysis of the case interms of identified riskcategories and scenariosand no application ofstandard mitigations.Limited understanding ofrequired concepts andknowledge. Some of the keycomponents of theassignment are notaddressed. Limited analysis ofthe case in terms of identifiedrisk categories and scenarios.Limited application ofstandard mitigations.Adequate understanding ofthe required concepts. Areasonable capacity toexplain and apply relevantkey concepts.Supports opinion andinformation substantiatedby evidence from researchto analyse the case in termsof identified risk categoriesand scenarios.Adequate application ofstandard mitigations.Thorough understanding ofthe key concepts. Welldemonstrated capacity toapply and analyse relevantinformation to analyse thecase in terms of identifiedrisk categories andscenarios and application ofstandard mitigations.Highly developedunderstanding of the fieldor discipline/s and keyconcepts.Expert analysis of case interms of identified riskcategories and applicationof standard mitigation. MIS607_Assessment_3_Brief_Mitigation plan for threat report_ Module 6.1 Page 4 of 4 Evaluation andrecommendationsDiscuss specificresolutions forimprovement.Evaluation andjustification ofresolutions to providerecommendations formitigating risks30%Lack of discussion onspecific resolution forimprovement. Noevaluation of resolutionsfor improvement toprovide recommendationsfor mitigating risk.Limited discussion on specificresolutions for improvement.Lack of evaluation ofresolutions for improvementto provide recommendationsfor mitigating risk.Adequate discussion ofspecific resolutions forimprovement. Provideresolutions forimprovement andrecommendations formitigating risk.Well demonstrated capacityto explain and discussspecific resolutions forimprovement.A comprehensiveevaluation and justificationof resolutions to providerecommendations formitigating risk.Expert discussion of specificresolutions forimprovement.Comprehensive and highlevel of evaluation andjustification of thesignificance of resolutionsto providerecommendations formitigating risks.Use of academic anddiscipline conventionsFormal tone. No use offirst-party perspective.Meets the assignmentbrief regardingintroduction, body, andconclusion.Appropriate use ofcredible resources.Correct citation of keyresources using APAstyle of referencing.20%Does not adhere to theassignment briefrequirements. Poorlywritten with informal toneusing first personpronouns. No introductionattempted. Conclusionnot attempted.Inconsistent andinadequate use of goodquality, credibleresources. No use of intext references, or noreference list at the closeof the report. Manymistakes in using the APAstyle.Written according toacademic genre. Minor errorsin the use of first-personpronouns.Introduction attempted butvery generic. Does not clearlystate the purpose of thereport and what the readershould expect to find in thereport. Conclusion attemptedbut does not includesummation of key conceptsand/or recommendations.Consistent use of crediblesources but these are notalways explicit or welldeveloped. Little use of intext referencing. Mistakes inusing APA style.Written according toacademic genre. Sound useof the introduction butdoes not clearly state eitherthe purpose of the reportor what the reader shouldexpect to find in the bodyof the report.Sound use of the conclusionand succeeds in either thesummation of key conceptsdiscussed orrecommendations, but notboth. Consistent use ofcredible sources. Good useof in-text referencing.Minor errors in using theAPA style.Well-written and adheres tothe academic genre. Gooduse of the introduction,which clearly states thepurpose of the report andwhat the reader shouldexpect to find in the bodyof the report.Good use of the conclusionand succeeds in summationof key concepts discussedand key conclusions orrecommendations.Consistently demonstratesexpert use of good quality,credible sources. Very gooduse of in-text referencing.No mistakes in using theAPA style.Expertly written. Adheresto the academic genre.Excellent use ofintroduction. Secures theattention of the reader,clearly states the purposeof the report and what thereader should expect tofind in the report. Excellentuse of the conclusion.Succeeds in confidentsummation of key conceptsand recommendations.Expert use of credible andrelevant sources. Excellentuse of in-text referencing.No mistakes in using theAPA style.
