T1 2020: ICT205 Cyber Security

ICT205 Cybersecurity Final Exam Assessment T1 2020
T1 2020: ICT205 Cyber Security
Final Exam Assessment
Assessment Type: Individual Report
Value: 50%
Word Length: 2500 words
Due Date: Week 14 (June 18
th 11:55pm)
Submission: Moodle Turnitin Submission
Case Study Description:
Imagine at one end when you are discussing with the security services to add up the
layers of security defences, you find that your company has been compromised. But
the intruder, rather than attacking your company’s network, instead uses your servers
as a launching pad for attacks on other companies, making your firm an
unintentional ally.
This is the scenario that IT managers faced at ITBase. ITBase is a publicly traded
company that is considered a market leader in the highly competitive, multi-billiondollar IT infrastructure market. At the time of the attack, the IT managers were in
discussions with SeekSecNet, a network security company to plan an external
penetration test. The goal of the penetration test was to reveal IT infrastructure
weaknesses to ITBase management. Armed with this information, management was
to consider the benefits of further investment in security improvements versus the
risk of inaction.
ITBase had used a firewall to protect its corporate network, but the logs generated
by the firewall were not rarely reviewed by the system administrator. Moreover,
ITBase did not implement any intrusion detection capabilities. The organization
learned of the incident when an unrelated firm contacted the corporate
ICT205 Cybersecurity Final Exam Assessment T1 2020
administrators in response to a network attack that originated from a server located
at ITBase headquarters and demanded that ITBase should take all necessary steps to
terminate the attack.
In the ITBase case, while the intruder launched his attack from a server within the
ITBase network, he happened to attack an outside system that was being monitored
for such activity. When the system administrator of the attacked network detected
the hostile activity, he quickly notified ITBase system administrators.
Assessment Requirement Specification
As discussed in the case study assume that ITBase has approached SeekSecNet to
add up the layers of the security. Now, ITBase wanted SeekSecNet to run further
investigation about the incident. Assume that you are part of SeekSecNet and your
team is taking the responsibility of running further investigation on the security
incident. It is important to note that only one company contacted ITBase to
complain; therefore, it is probably safe to assume that several compromised
organizations were unaware of the attacks. Also, if ITBase had not been notified by
the compromised organization, ITBase system may have remained compromised for
months without notice.
The IT professionals and the other business unit professionals of ITBase needs to
place all possible measures for SeekSecNet to work on the incident. As a step
towards this, ITBase should prepare a disaster recovery plan.
Furthermore, as a team from SeekSecNet responsible for further investigation the
team is expected to prepare a response based on the investigation and a Security
Incident Checklist.
Your report needs to include the following:
1. Prepare a disaster recovery plan for the incident experienced by the
organization. The plan needs to include detailed discussion on how the steps
of the plan are executed
ICT205 Cybersecurity Final Exam Assessment T1 2020
2. Prepare a response summary in relation to the incident based on the
investigation
3. Prepare a security incident checklist to be used by the organization when they
have been compromised
Marking Criteria:
Sections Description Marks
Executive Summary A short description of what is being addressed in
the report
2
Introduction Discuss about the case study and the
requirements in terms of developing a disaster
recovery plan and security incident checklist
5
Disaster Recovery
Plan (DRP)
Discuss the steps involved in DRP. You need to
discuss in detail as to how the steps are being
implemented by the organization discussed in the
case study
15
Investigation
Response
Prepare a short summary of the findings of the
investigation of the incident. The findings should
include what could be possible sources how the
system has been attacked
10
Security Incident
Checklist
Steps to be taken by the organization when they
have been compromised
10
Conclusion Present your findings in the report 3
Referencing List of references 5
ICT205 Cybersecurity Final Exam Assessment T1 2020
Submission Details:
The report should be limited to 2500 words and should be structured according to
the sections mentioned in the marking criteria. The report should be submitted on
Moodle on the date of the deadline.
Marking Rubric
Criteria Fail
(0 – 49%)
Pass
(50 – 64%)
Credit
(65 – 74%)
Distinctio
n (75 –
84%)
High
Distinction
(85 – 100%)
Executive
Summary
2%
Did not
provide
executive
summary in the
report
Not a well
written summary
Presented the
summary but not
enough details
provided
Includes the
complete details
in the summary
Very clearly
written and
structured
Introduction 5% Did not
provided the
introduction
Introduction
provided but no
complete details
presented about
the organization
in the case study
Introduction
presented with a
report on the case
study
Well-presented
introduction with
a report on the
case study but not
a clear structure
Very clearly
written and
structured
DRP Plan 15% No details on the
DRP plan or
very minimum
amount of
information
Minimum details
of security
information
provided for the
plan
A DRP plan has
been provided for
the organization
discussed in the
case study
A well written
DRP plan with
necessary details
for the
organization
discussed in the
report
Very clearly written
and structured
plan for the
organization
discussed in the
report
Investigation
Response 10%
The section not
presented in the
report or the
investigation
report not
appropriately
discussed
A few results has
been presented in
the report
Response
developed for
most of the
investigation
performed
A well discussed
set of response
for the
investigation
carried out
Very clearly
written and
structured with all
response included
in the report
Security Incident
Checklist 10%
This section not
provided in the
report or not
discussed
appropriately
No appropriate
amount of details
provided for the
checklist
Minimum amount
of details provided
in the checklist
Complete details
provided for the
organization so as
to follow the
checklist
Very clearly
written and
structured with
necessary details
Conclusion 3% No
conclusion
provided
Conclusion not
provided with
complete findings
in the report
Conclusion not
provided with
necessary details
Conclusion
provided
Very clearly
written and
structured
Referencing 5%
Total 50%