| ASSESSMENT 2 BRIEF | |
| Subject Code and Title | MIS607 Cybersecurity |
| Assessment | Threat Model Report |
| Individual/Group | Individual |
| Length | 1500 words (+/- 10%) |
| Learning Outcomes | The Subject Learning Outcomes demonstrated by successful completion of the task below include: Explore and articulate cyber trends, threats and staying safe in cyberspace, plus protecting personal and company data.Analyse issues associated with organisational data networks and security to recommend practical solutions towards their resolution.Evaluate and communicate relevant technical and ethical considerations related to the design, deployment and/or the uses of secure technologies within various organisational contexts. |
| Submission | Due by 11.55 pm AEST Sunday end of Module 4.1 |
| Weighting | 35% |
| Total Marks | 100 marks |
Task Summary
You are required write a 1500 words Threat modelling report in response to a case scenario by identifying the threat types and key factors involved. This assessment is intended to build your fundamental understanding of these key threats so that you will be able to respond/mitigate those factors in Assessment 3. In doing so, this assessment will formatively develop the knowledge required for you to complete Assessment 3 successfully.
Context
Security threat modelling, or threat modelling is a process of assessing and documenting a system’s security risks. Threat modelling is a repeatable process that helps you find and mitigate all of the threats to your products/services. It contributes to the risk management process because threats to software and infrastructure are risks to the user and environment deploying the software. As a professional, your role will require you to understand the most at-risk components and create awareness among the staff of such high-risk components and how to manage them. Having a working understanding of these concepts will enable you to uncover threats to the system before the system is committed to code.
Task Instructions
- Carefully read the attached the case scenario to understand the concepts being discussed in the case.
- Review your subject notes to establish the relevant area of investigation that applies to the case. Re- read any relevant readings that have been recommended in the case area in modules. Plan how you will structure your ideas for the threat model report.
- Draw a use DFDs (Data Flow Diagrams):
- Include processes, data stores, data flows
- Include trust boundaries (Add trust boundaries that intersect data flows)
- Iterate over processes, data stores, and see where they need to be broken down
- Enumerate assumptions, dependencies
- Number everything (if manual)
- Determine the threat types that might impact your system
- STRIDE/Element: Identifying threats to the system.
- Understanding the threats (threat, property, definition)
- The report should consist of the following structure:
A title page with subject code and name, assignment title, student’s name, student number, and lecturer’s name.
The introduction that will also serve as your statement of purpose for the report. This means that you will tell the reader what you are going to cover in your report. You will need to inform the reader of:
- Your area of research and its context
- The key concepts of cybersecurity you will be addressing and why you are drawing the threat model
- What the reader can expect to find in the body of the report
The body of the report) will need to respond to the specific requirements of the case study. It is advised that you use the case study to assist you in structuring the threat model report, drawing DFD and presenting the diagram by means of subheadings in the body of the report.
The conclusion will summarise any findings or recommendations that the report puts forward regarding the concepts covered in the report.
- Format of the report
The report should use font Arial or Calibri 11 point, be line spaced at 1.5 for ease of reading, and have page numbers on the bottom of each page. If diagrams or tables are used, due attention should be given to pagination to avoid loss of meaning and continuity by unnecessarily splitting information over two pages. Diagrams must carry the appropriate captioning.
- Referencing
There are requirements for referencing this report using APA style for citing and referencing research. It is expected that you used 10 external references in the relevant subject area based on readings and further research. Please see more information on referencing here: https://library.torrens.edu.au/academicskills/apa/tool
- You are strongly advised to read the rubric, which is an evaluation guide with criteria for grading the assignment. This will give you a clear picture of what a successful report looks like.
Submission Instructions
Submit Assessment 2 via the Assessment link in the main navigation menu in MIS607 Cybersecurity. The Learning Facilitator will provide feedback via the Grade Centre in the LMS portal. Feedback can be viewed in My Grades.
Academic Integrity Declaration
I declare that, except where I have referenced, the work I am submitting for this assessment task is my own work. I have read and am aware of the Torrens University Australia Academic Integrity Policy and Procedure viewable online at http://www.torrens.edu.au/policies-and-forms.
I am aware that I need to keep a copy of all submitted material and their drafts, and I will do so accordingly.
Assessment Rubric
| Assessment Attributes | Fail (Yet to achieve minimum standard) 0-49% | Pass (Functional) 50-64% | Credit (Proficient) 65-74% | Distinction (Advanced) 75-84% | High Distinction (Exceptional) 85-100% |
| Visual appeal and presentation of content Title page included. Adheres to the font, spacing, format, and word count requirement. Appropriate use of paragraphs, sentence construction, spelling, and grammar. 20% | No title page. Incorrect font and size with poor line spacing and large gaps in pagination, tables, or diagrams. Report is written as a block of text with no breaks in between ideas. Separate ideas cannot be clearly discerned. Many errors in spelling or grammar. Does not adhere to the word count requirement. | Title page is included. Missing most information. Incorrect font and size is used or poor line spacing and large gaps in pagination. Paragraphs are used but large blocks of text with long sentences make it difficult to understand the ideas being conveyed. Spelling or grammar has errors but meaning remains clear. Does not adhere to the word count requirement. | Title page is included but is missing key information. Some errors in font use and line spacing. Some pagination problems. One idea or concept per paragraph. Some paragraphs could be more succinctly written. Minor spelling or grammar errors. Adheres to the word count requirement. | Title page is included with most required information. Minor errors in font, spacing and format. One idea or concept per paragraph with 3–4 well- constructed sentences per paragraph. No errors in spelling or grammar. Adheres to the word count requirement. | Title page is included with all required information. Font, spacing, and format are in accordance with the requirements of the assignment brief. Expert use of paragraphs with 3–4 well-constructed sentences per paragraph that follow logically from each other. No errors in spelling or grammar. Adheres to the word count requirement. |
| Knowledge and understanding Understanding of the key concepts. Core components of Data flow diagram (DFD) addressed. Analysis and evaluation of the threat modelling. 50% | Lack of understanding of the required concepts and knowledge. Core components of the DFD not addressed. Lack of analysis and evaluation threat types and its applicability to threat modelling. | Limited understanding of required concepts and knowledge. Some of the key components of the DFD are not addressed. Limited analysis and evaluation of threat types and its applicability to threat modelling. | Adequate knowledge or understanding of the required concepts. Key components of the DFD are addressed. Understand the context and impact the threat modelling concept represents for data. Identifies logical flows, threats, risks and questions the viewpoints of the attacker. | Thorough understanding of the key concepts. All core components of the DFD addressed. Well-demonstrated capacity to analyse and evaluate the threat modelling concept. Identifies logical flows and threats and presents suggestions the attacker can use to develop their technique. | Highly developed understanding of the key concepts. Addresses all core components of the DFD. Comprehensive insight demonstrated in the analysis of various elements and processes of the DFD. Expertly evaluates the thread model. Provides a thoughtful critique in the context of the scenario. |
| Use of academic and discipline conventions Formal tone. No use of first-party perspective. Meets the assignment brief regarding introduction, body, and conclusion. Appropriate use of credible resources. Correct citation of key resources using APA style of referencing. 30% | Does not adhere to the assignment brief requirements. Poorly written with informal tone using first person pronouns. No introduction attempted. Conclusion not attempted. Inconsistent and inadequate use of good- quality, credible, and relevant resources to support and develop ideas. No use of in-text references, or no reference list at the close of the report. Many mistakes in using the APA style. | Written according to academic genre. Minor errors in the use of first-person pronouns. Introduction attempted but very generic, and does not clearly state the purpose of the report and what the reader should expect to find in the body of the report. Conclusion attempted but does not include summation of key concepts discussed in the report and/or key conclusions or recommendations. Consistent use of credible and relevant sources. Little use of in-text referencing. Some mistakes in using APA style. | Written according to academic genre. Sound use of the introduction but does not clearly state either the purpose of the report or what the reader should expect to find in the body of the report. Sound use of the conclusion and succeeds in either the summation of key concepts discussed, or key conclusions. Consistent use of credible and relevant. Good use of in-text referencing. Minor errors in using the APA style. | Well-written and adheres to the academic genre. Good use of the introduction, which clearly states the purpose of the report and what the reader should expect to find in the body of the report. Good use of the conclusion and succeeds in summation of key concepts discussed and key conclusions. Expert use of good quality, credible, and relevant sources. Very good use of in-text referencing. No mistakes in using the APA style. | Expertly written and adheres to the academic genre. Excellent use of the introduction, which secures the attention of the reader, clearly states the purpose of the report and what the reader should expect to find in the body of the report. Excellent use of the conclusion, which succeeds in confident summation of key concepts and conclusions. Expert use of high-quality credible and relevant sources. Excellent and meticulous use of in-text referencing. No mistakes in using the APA style. |
