微信客服:xiaoxionga100
微信客服:ITCS521
report代写-ISEC5006
时间:2022-05-06
Computing @ Curtin University
Fundamental Concepts of Data Security
ISEC5006
Assignment FAQs
When is the assignment due?
Answer: Friday 13-May-2022 at 12pm. Both the report and the declaration of originality form must be
received by this time.
What format and filename should I produce for the electronic submission?
Answer: Only a single file in PDF format is accepted. The filename should be your full name followed
by your ID, e.g.
trump_donald_12345678.pdf
Note: Failure to present a satisfactory electronic submission as per the requirements may have your
assignment deducted up to 10 marks!
What about the references?
Answer: Researching the Internet to find ideas is part of the learning process that I expect every
student to do. However, when it comes to writing the report, please minimize complete quotes -
instead paraphrase as you said using your own words, and appropriately cite the source. Put all
references in a separate section. Please consult the library guide on Chicago referencing style, which
should be used
http://libguides.library.curtin.edu.au/referencing/chicago
If I reproduce some parts of the NIST or other standards, do I need to cite?
Answer: Yes. Simply copying exactly a table or any texts from the NIST or other standards and
presenting as your own is considered plagiarism. In addition, whatever that you copied will not be
marked, simply because it is not your work.
How much do I need to present in risk assessment?
Answer: At the very minimum, you are expected to identify at least two (2) vulnerabilities for each
of the six components of an information system: Software, Hardware, Data, Network, People, and
Procedures. This means you will need to identify at least 2 × 6 = 12 vulnerabilities. For each
vulnerability, you need to identify the risk, evaluate it, and recommend control to be put in place if
there is no existing control. Also note that to get good marks, you should cover all three security goals:
Availability, Integrity, and Confidentiality.
Updated
March 22, 2022
Fundamental Concepts of Data Security ISEC5006
Assignment FAQs- Semester 1, 2022
Page
1/3
Computing @ Curtin University
How are the recommendations in the report different to those in the risk assessment
results?
Answer: Whilst you may analyse many threats in risk analysis, not every one of them is of high risk.
Thus, the recommendations in the main report should focus only on the most critical findings, i.e.
high-risk items that the company must treat with highest priority. What you recommend in the main
report need to be consistent with what you analyse in 1b.
How long do you expect the recommendation report to be?
Answer: Just a very rough figure at the minimum I would expect: 1 page for the cover, 1 page for the
table of contents, 0.5 page for executive summary, 1 page for the recommendations, 1.5 pages for
system characterisation, 1.5 pages for vulnerability statement + threat statement, 6 pages for the risk
assessment results, 1 page for conclusion and references. That works out to be 13.5 pages in total.
However, note that the length of the report does not necessarily determine the marks you receive - it
all depends on the actual contents you present.
What is the best way to present the risk assessment results?
Answer: A common way is to present the results using a table: each row is a vulnerability and the
columns are the description, rating, and recommendation. You may also consider using the alternative
as per the following example, which is easier to produce:
• Risk assessment reference number: R2
I Vulnerability: Lack of a firewall (V1)
I Description: Due to the lack of a firewall (V1), hackers (T1) can penetrate into the
company’s internal network and steal confidential data (Confidentiality) or corrupt files
(Integrity) causing loss of reputation and disruption to work.
I Likelihood rating: Possible
I Impact rating: Significant
I Risk rating: High
I Justification: According to [blah blah blah] attacks to organisations are happening
regularly ...
I Recommended control: An enterprise-grade firewall sourced from a specialised security
vendor.
Are the sections for vulnerability and threat statement a list of the vulnerabilities and
threats following the risk assessment?
Answer: As per the above NIST document
• Threat statement: A threat statement containing a list of threat-sources that could exploit system
vulnerabilities.
• Vulnerability statement: A list of the system vulnerabilities (observations) that could be exercised
by the potential threat-sources.
Updated
March 22, 2022
Fundamental Concepts of Data Security ISEC5006
Assignment FAQs- Semester 1, 2022
Page
2/3
Computing @ Curtin University
Please see Sections 3.2 and 3.2 of the NIST document for more detail and examples. They need to
be identified and explained before carrying out the risk analysis. This helps the reader understand
more what, who, and why, and can refer to these statements when reading the risk analysis results.
How do I write report?
Answer: There are many useful resources in the library and on the Internet.
http://studyskills.curtin.edu.au/wp-content/uploads/2018/08/Writing-Reports.pdf
https://www.monash.edu/rlo/assignment-samples/engineering/eng-writing-technical-reports
https://unilearning.uow.edu.au/report/3bii1.html
What are the common mistakes that I should avoid?
Answer: below is the list of common mistakes students in previous years made
• The report does not follow the required structure
• The executive summary does not tell the audience the main findings of the assessment
• The introduction is simply a copy-and-paste of the assignment description
• The recommendation section does not tell the reader the main issues and associated business
impacts if they are not addressed immediately
• References are lacking or do not follow the required style
• The risk analysis part is not based on the information provided in the case study and is too
general
• The system characterisation part lacks technical details on hardware, software, procedures,
data, network, users
• The conclusion lacks a summary of key findings and it does not tell/recommend the reader of
necessary risk assessment in the future
• Inconsistency between the risk model and the actual risk calculations
• Poor presentation:
– No page numbers
– No table of contents
– Lacking reference numbers making it hard to cross-reference individual risk items
– Poor or no formatting of sections/subsections
– Lack of tables, figures, and other visual illustrations
– Either too short or too long
How can I find out information about vulnerabilities that are relevant to the assignment?
Answer: The assignment expects provide reasonable level of technical information about the vulnera-
bilities with the organisation in the case study. Resources such as https://www.cvedetails.com/
can be useful for software vulnerabilities. For other vulnerabilities, Internet research is expected.
END OF Assignment FAQs
Updated
March 22, 2022
Fundamental Concepts of Data Security ISEC5006
Assignment FAQs- Semester 1, 2022
Page
3/3
Fundamental Concepts of Data Security
ISEC5006
Assignment FAQs
When is the assignment due?
Answer: Friday 13-May-2022 at 12pm. Both the report and the declaration of originality form must be
received by this time.
What format and filename should I produce for the electronic submission?
Answer: Only a single file in PDF format is accepted. The filename should be your full name followed
by your ID, e.g.
trump_donald_12345678.pdf
Note: Failure to present a satisfactory electronic submission as per the requirements may have your
assignment deducted up to 10 marks!
What about the references?
Answer: Researching the Internet to find ideas is part of the learning process that I expect every
student to do. However, when it comes to writing the report, please minimize complete quotes -
instead paraphrase as you said using your own words, and appropriately cite the source. Put all
references in a separate section. Please consult the library guide on Chicago referencing style, which
should be used
http://libguides.library.curtin.edu.au/referencing/chicago
If I reproduce some parts of the NIST or other standards, do I need to cite?
Answer: Yes. Simply copying exactly a table or any texts from the NIST or other standards and
presenting as your own is considered plagiarism. In addition, whatever that you copied will not be
marked, simply because it is not your work.
How much do I need to present in risk assessment?
Answer: At the very minimum, you are expected to identify at least two (2) vulnerabilities for each
of the six components of an information system: Software, Hardware, Data, Network, People, and
Procedures. This means you will need to identify at least 2 × 6 = 12 vulnerabilities. For each
vulnerability, you need to identify the risk, evaluate it, and recommend control to be put in place if
there is no existing control. Also note that to get good marks, you should cover all three security goals:
Availability, Integrity, and Confidentiality.
Updated
March 22, 2022
Fundamental Concepts of Data Security ISEC5006
Assignment FAQs- Semester 1, 2022
Page
1/3
Computing @ Curtin University
How are the recommendations in the report different to those in the risk assessment
results?
Answer: Whilst you may analyse many threats in risk analysis, not every one of them is of high risk.
Thus, the recommendations in the main report should focus only on the most critical findings, i.e.
high-risk items that the company must treat with highest priority. What you recommend in the main
report need to be consistent with what you analyse in 1b.
How long do you expect the recommendation report to be?
Answer: Just a very rough figure at the minimum I would expect: 1 page for the cover, 1 page for the
table of contents, 0.5 page for executive summary, 1 page for the recommendations, 1.5 pages for
system characterisation, 1.5 pages for vulnerability statement + threat statement, 6 pages for the risk
assessment results, 1 page for conclusion and references. That works out to be 13.5 pages in total.
However, note that the length of the report does not necessarily determine the marks you receive - it
all depends on the actual contents you present.
What is the best way to present the risk assessment results?
Answer: A common way is to present the results using a table: each row is a vulnerability and the
columns are the description, rating, and recommendation. You may also consider using the alternative
as per the following example, which is easier to produce:
• Risk assessment reference number: R2
I Vulnerability: Lack of a firewall (V1)
I Description: Due to the lack of a firewall (V1), hackers (T1) can penetrate into the
company’s internal network and steal confidential data (Confidentiality) or corrupt files
(Integrity) causing loss of reputation and disruption to work.
I Likelihood rating: Possible
I Impact rating: Significant
I Risk rating: High
I Justification: According to [blah blah blah] attacks to organisations are happening
regularly ...
I Recommended control: An enterprise-grade firewall sourced from a specialised security
vendor.
Are the sections for vulnerability and threat statement a list of the vulnerabilities and
threats following the risk assessment?
Answer: As per the above NIST document
• Threat statement: A threat statement containing a list of threat-sources that could exploit system
vulnerabilities.
• Vulnerability statement: A list of the system vulnerabilities (observations) that could be exercised
by the potential threat-sources.
Updated
March 22, 2022
Fundamental Concepts of Data Security ISEC5006
Assignment FAQs- Semester 1, 2022
Page
2/3
Computing @ Curtin University
Please see Sections 3.2 and 3.2 of the NIST document for more detail and examples. They need to
be identified and explained before carrying out the risk analysis. This helps the reader understand
more what, who, and why, and can refer to these statements when reading the risk analysis results.
How do I write report?
Answer: There are many useful resources in the library and on the Internet.
http://studyskills.curtin.edu.au/wp-content/uploads/2018/08/Writing-Reports.pdf
https://www.monash.edu/rlo/assignment-samples/engineering/eng-writing-technical-reports
https://unilearning.uow.edu.au/report/3bii1.html
What are the common mistakes that I should avoid?
Answer: below is the list of common mistakes students in previous years made
• The report does not follow the required structure
• The executive summary does not tell the audience the main findings of the assessment
• The introduction is simply a copy-and-paste of the assignment description
• The recommendation section does not tell the reader the main issues and associated business
impacts if they are not addressed immediately
• References are lacking or do not follow the required style
• The risk analysis part is not based on the information provided in the case study and is too
general
• The system characterisation part lacks technical details on hardware, software, procedures,
data, network, users
• The conclusion lacks a summary of key findings and it does not tell/recommend the reader of
necessary risk assessment in the future
• Inconsistency between the risk model and the actual risk calculations
• Poor presentation:
– No page numbers
– No table of contents
– Lacking reference numbers making it hard to cross-reference individual risk items
– Poor or no formatting of sections/subsections
– Lack of tables, figures, and other visual illustrations
– Either too short or too long
How can I find out information about vulnerabilities that are relevant to the assignment?
Answer: The assignment expects provide reasonable level of technical information about the vulnera-
bilities with the organisation in the case study. Resources such as https://www.cvedetails.com/
can be useful for software vulnerabilities. For other vulnerabilities, Internet research is expected.
END OF Assignment FAQs
Updated
March 22, 2022
Fundamental Concepts of Data Security ISEC5006
Assignment FAQs- Semester 1, 2022
Page
3/3
