Get CYB600 Enterprise Security Management Assignment
Assessment Information and Rubric
| Subject Code | CYB600 |
| Subject Name | Enterprise Security Management |
| Assessment Number and Title | Assessment 3 – Enterprise Risk Analysis and Treatment |
| Assessment Type | Case Study |
| Length / Duration | 1500 words |
| Weighting % | 40% |
| Total Marks | 40 |
| Submission | Turnitin |
| Due Date | Week 12, Sunday 11:59 pm |
| Mode | Individual |
| Format | Report |
There are lots of other guidelines which you have to know for your knowledge and one of them is STT500 Statistics for Decision Making Assignment Help.
Assessment Description and Instructions
In this assessment, students will work on a security management project individually. The objective is to gain experience working on a security management project as an expert and be able to analyse the performance of solutions.
Description of the Case
SportX company is specialized on selling sports products. The company’s main sales are through their e-commerce website, where customers can issue orders and pay online. SportX company can receive orders through the following lines of sales
- Online e-commerce website
- Phone calls
- Email orders
Then the sales team are responsible on checking those emails and orders, prepare them and the deliver them to customer.
Technical Specification.
- Currently SportX have two branches – one headquarter and one site branches
- HQ contains the following –
- Email server
- Web Server that hosts the e-commerce site.
- Databases Server that include the following databases
- Employee Database
- Customer Database
- Product Database
- Orders Database
- Figure 1 shows the entire topology.
SportX’s business got an exponential growth from the beginning of 2018. This steady growth also brought challenges for SportX They have to secure the sensitive information of their employee, customer and the most important assets are the orders Database. Moreover, their employees receive many emails and they have to filter the orders emails from other emails.
SportX had no dedicated security team and therefore till now no security policy is in place. Recently, the governing body of SportX forms a security team and makes following two goals that they would like to achieve in six months –
- Assessing the current risk of the entire organization
- Treat the Risk as much as possible
In achieving the above two goals, in this assignment you should do the followings –
1. Find at least five assets
List five most valuable assets of SportX
Create a weighted factor analysis worksheet (WFAW). In WFAW, use at least four criteria.
2. Find at least two threats against each asset
Identify and list two threats for each asset.
3. Idenitfiy vulnerabilities for the assets
Identify and list the vulnerability of each asset. One vulnerability against each asset.
4. Calculate Risk
At the end of the risk identification process, you should have i) a prioritized list of assets and ii) a prioritized list of threats facing those assets and iii) Vulnerabilities of assets. At this point, create Threats-Vulnerabilities-Assets (TVA) worksheet.
Each TVA triplet represents risk. Choose any five triplets and identify the impact and likelihood of each risk.
Calculate the risk rating of each of the five triplets out of 25. Consider that your assumptions and data are 95% accurate.
5. Provide treatment strategy for each risk
For each of the five identified risk, state what basic strategy you will take. Justify for each decision.
6. Make the HQ’s network secure by design
7. Finally, provide plausible protection mechanism
Advise all possible protection mechanism and corresponding place of application.
We have also others websites which provide assignment writing service and one of them is Diploma Assignment Help.
CYB600 Enterprise Security Management, Assessment 3 – Enterprise Security Analysis and Plan, 40%
| Marking Criteria | F (Fail) 0-49% | P (Pass) 50-64% | C (Credit) 65-74% | D (Distinction) 75-84% | HD (High Distinction) 85-100% |
| Asset Identification 10% | Failed to identify any assets | Identified <3 assets with limited criteria | Identified at least 3 assets with clear criteria | Identified 5 assets with clear criteria | Identified 5+ assets with well- defined criteria |
| Weighted Factor Analysis 10% | Failed to create WFAW | Created WFAW with <3 criteria | Created WFAW with 3 criteria | Created WFAW with 4 well-defined criteria | Thoroughly created WFAW with 4+ well- defined criteria |
| Threat Identification 10% | Failed to identify significant threats | Identified 1 significant threat for some assets with limited explanation | Identified 1 significant threat for each asset with clear explanation | Identified 2 significant threats for each asset with some supporting evidence | Identified 2 significant threats for each asset with supporting evidence |
| Vulnerability Identification 20% | Failed to identify vulnerabilities | Identified some vulnerabilities with limited explanation | Identified 1 vulnerability for each asset with clear explanation | Identified 1 vulnerability for each asset with some supporting evidence | Identified 1 significant vulnerability for each asset with supporting evidence |
| Risk Calculation 20% | Identified and analyzed <3 relevant risk triplets with inaccurate ratings based on less than 70% accurate assumptions and data | Identified and analyzed 3 relevant risk triplets with somewhat accurate ratings based on 70% accurate assumptions and data | Identified and analyzed 4 relevant risk triplets with accurate ratings based on 80% accurate assumptions and data | Identified and analyzed 5 relevant risk triplets with accurate ratings based on 90% accurate assumptions and data | Identified and analyzed 5 relevant risk triplets with accurate ratings based on 95% accurate assumptions and data |
| Treatment Strategy 10% | Failed to provide any strategies | Provided strategies for only a few identified risks | Provided strategies for some identified risks based on | Provided clear strategies for each of the 5 identified risks | Provided clear and justified strategies for each of the 5 |
| Marking Criteria | F (Fail) 0-49% | P (Pass) 50-64% | C (Credit) 65-74% | D (Distinction) 75-84% | HD (High Distinction) 85-100% |
| based on weak best practices and supporting evidence | some best practices and limited supporting evidence | based on some best practices and supporting evidence | identified risks based on best practices and supporting evidence | ||
| Network Security 10% | Failed to create a secure design for HQ’s network | Created a basic design for HQ’s network with limited security measures | Created a design for HQ’s network with some security measures | Created a clear and effective secure design for HQ’s network | Created a comprehensive and effective secure design for HQ’s network |
| Protection Mechanism 10% | Failed to provide any protection mechanisms | Provided protection mechanisms with weak corresponding application | Provided protection mechanisms with limited corresponding application | Provided protection mechanisms with some corresponding application | Provided plausible protection mechanisms with corresponding application |