Hello, if you have any need, please feel free to consult us, this is my wechat: wx91due
Assessment 1 Information
|
Subject Code: |
TECH2400 |
|
Subject Name: |
Cyber Security |
|
Assessment Title: |
Cyber Risk Assessment |
|
Assessment Type: |
Artefact Development |
|
Assessment Length: |
500Words(+/-10%) |
|
Weighting: |
20 % |
|
Total Marks: |
20 |
|
Submission: |
MyKBS |
|
Due Date: |
Week 4 |
Your Task
Additionally, this task requires you to leverage open-source cyber security and generative AI tools, simulating real-world practices in cyber risk assessment.
Assessment Description
Your final deliverable is a comprehensive Risk Assessment Report designed to assist the company's executives in strengthening their cyber security posture.
Case Study
- Patient Records Server: Runs an electronic medical record (EMR) system accessible via HTTP/HTTPS.
- File Sharing Server: Hosts patient scans and lab reports, shared via server message block (SMB) protocol.
- Remote Access Server: Provides virtual private network (VPN) access for remote staff.
Recently, employees of the practice have noticed several anomalies including:
- Delayed server responses
- Unauthorised login attempts on the VPN server
- Suspicious outbound connections to unrecognised IP addresses
You have been brought in to assess the network’s cyber security posture, identify risks, and present recommendations.
Assessment Instructions
a. Use a generative AI tool to help you identify potential cyber risks relevant to Kaplan Care. Include screenshots of your interaction, demonstrating how you have used the tool as a brainstorming assistant, and not as the sole source of information.b. Review the outputs and select five (5) key risks to include in your report.c. List your chosen threats and provide a brief rationale for why each one is significant to the organisation.
a. Open your xml file on nmap and your pcap file on Wireshark.b. Examine the data from both tools to identify any evidence that relates to the risks you previously identified. (e.g., look for anomalies such as unusual ports, IP addresses, or traffic patterns that align with your selected risks).c. Document your findings for each of the risks using screenshots of nmap or Wireshark,and provide a brief explanation of the data the supports your findings.
a. Use a generative AI tool to help you evaluate the likelihood and impact of each of the five (5) selected threats. Include screenshots of your interaction.b. Validate your AI-generated results manually. Identify at least two (2) results that you disagree with, provide alternative assessments, and briefly justify your perspective.c. Use the risk matrix below to determine the risk score of each threat.d. Considering Kaplan Care’s Medium risk appetite, recommend appropriate controls when necessary. Align your recommended controls with industry standards, such as the NIST Cybersecurity Framework (CSF), ISO27001, and the ACSC Essential Eight.
e. Use a table to present your findings. Your table must include the following columns:
|
Risk |
Likelihood |
Impact |
Risk Score |
Current Controls |
Recommended Controls |
KBS values academic integrity. All students must understand the meaning and consequences of cheating, plagiarism and other academic offences under the Academic Integrity and Conduct Policy.
Please read the policy to learn the answers to these questions:
- What is academic integrity and misconduct?
- What are the penalties for academic misconduct?
- How can I appeal my grade?
Length Limits for Assessments
Submission Requirements
Generative AI Traffic Lights
|
Traffic
Light
|
Amount of Generative Artificial
Intelligence (GenerativeAI) usage
|
Evidence Required |
This
assessment
(✓)
|
|
Level 1 |
Prohibited:
No GenerativeAI allowed
This assessment showcases your individual knowledge, skills and/or personal experiences in the absence of Generative AI support.
|
The use of generative AI is prohibited for this assessment and may potentially result in penalties for academic misconduct, including but not limited to a mark of zero for the assessment.
|
|
|
Level 2 |
Optional:
You may use GenerativeAI for research and content generation that is appropriately referenced.
See assessment instructions for details This assessment allows you to engage with Generative AI as a means of expanding your understanding, creativity, and idea generation in the research phase of your assessment and to produce content that enhances your assessment. I.e., images. You do not have to use it. |
The use of GenAI is optional for this assessment.
Your collaboration with GenerativeAI must be clearly referenced just as you would reference any other resource type used. Click on the link below to learn how to reference GenerativeAI.
https://library.kaplan.edu.au/referencing-other-sources/referencing-other-sources-generative-ai
In addition, you must include an appendix that documents your GenerativeAI collaboration including all prompts and responses used for the assessment. Unapproved use of generative AI as per assessment details during the content generation parts of your assessment may potentially result in penalties for academic misconduct, including but not limited to a mark of zero for the assessment. Ensure you follow the specific assessment instructions in the section above. |
|
|
Level 3 |
Compulsory: You must use GenerativeAI to complete your assessment See assessment instruction for details This assessment fully integrates Generative AI, allowing you to harness the technology's full potential in collaboration with your own expertise. Always check your assessment instructions carefully as there may still be limitations on what constitutes acceptable use, and these may be specific to each assessment. |
You will be taught how to use generative AI and assessed on its use. Your collaboration with GenerativeAI must be clearly referenced just as you would reference any other resource type used. Click on the link below to learn how to reference GenerativeAI. https://library.kaplan.edu.au/referencing-other-sources/referencing-other-sources-generative-ai In addition, you must include an appendix that documents your GenerativeAI collaboration including all prompts and responses used for the assessment.
Unapproved use of generative AI as per assessment details during the content generation parts of your assessment may potentially result in penalties for academic misconduct, including but not limited to a mark of zero for the assessment. Ensure you follow the specific assessment instructions in the section above.
|
✓ |
Assessment Marking Guide
|
Marking Criteria
_____ 20 marks
|
F (Fail) 0 – 49%
|
P (Pass) 50 – 64%
|
C (Credit) 65 – 74%
|
D (Distinction) 75 – 84%
|
HD (High Distinction) 85 – 100%
|
|
Risk identification 4 marks
|
Fails to identify risks or selects irrelevant risks. No rationale provided or rationale lacks clarity. No evidence of critical evaluation of AI outputs.
|
Identifies some relevant risks but provides limited rationale. Screenshots of AI interactions show basic usage without significant evaluation.
|
Identifies relevant risks with adequate rationale. Screenshots of AI interactions are included and show basic critical thinking. |
Identifies key risks, provides well-reasoned rationale, and demonstrates critical thinking in evaluating AI outputs.
|
Identifies highly
relevant risks with
clear, insightful
rationale. Demonstrates
advanced critical
thinking and validation
of AI outputs,
questioning
assumptions and
refining results
effectively.
|
|
Network traffic analysis 6 marks
|
Analysis is superficial,
with little or no
connection to
identified risks.
Screenshots and
explanations are
unclear or missing.
|
Analysis is basic with
partial relevance to
identified risks.
Screenshots and
explanations are
provided but lack
depth or precision.
|
Analysis is clear and
aligns with identified
threats. Screenshots
and explanations are
relevant and
sufficiently detailed.
|
Analysis is detailed
and accurate, linking
findings to risks
effectively.
Screenshots and
explanations are
comprehensive.
|
Analysis is thorough,
precise, and insightful,
showing strong linkage
to identified risks.
Screenshots and
explanations are
exemplary and
demonstrate deep
understanding.
|
|
Risk assessment
8 marks
|
Risk assessment is incomplete or lacks clarity. Likelihood and impact statements are unjustified. AI validation is absent or superficial. Recommended controls are vague or irrelevant. |
Risk assessment is basic with gaps in justification of likelihood and impact. Limited validation of AI outputs. Recommended controls are general but partially relevant. |
Risk assessment is complete with reasonable justification for likelihood and impact. AI validation shows basic critical engagement. Controls are relevant and partially aligned with industry standards. |
Risk assessment is thorough with justified likelihood and impact statements. AI validation demonstrates strong critical thinking. Controls are relevant, detailed, and align with industry standards. |
Risk assessment is exemplary, comprehensive, and fully justified. AI outputs are validated critically and thoughtfully. Controls are precise, strategic, and strongly align with industry standards. |
|
Presentation (Formatting & Language) 2 marks |
Poorly structured report with multiple formatting and language errors. Terminology is incorrect, inconsistent, or unclear. Does not follow assessment instructions. |
Adequately structured report but contains some formatting or language errors. Terminology is mostly appropriate but inconsistently used. Partially follows assessment instructions. |
Well-structured report with minor formatting or language issues. Terminology is clear and appropriate for the target audience. Follows assessment instructions. |
Professionally structured report with clear and concise language. Terminology is precise, audience-appropriate, and instructions are followed well. |
Exceptionally well structured and formatted report, polished and error -free. Language is perfectly suited for the audience. Terminology is precise, and instructions are fully followed. |