Unit code

CMP71001
Assignment 2 Cybersecurity report for an SME
Due Date
Learning
February 05, 2020
Outcomes
Graduate
3, 4, 6
Attributes 3, 4 & 5

Weight 30% of overall unit assessment
Suggestion
Contents
Details: ......................................................................................................................................................... 1
Task .............................................................................................................................................................. 1
Task Information ......................................................................................................................................... 3
Report Requirements .................................................................................................................................. 3
Assignment Submission ............................................................................................................................... 4
Late submission ........................................................................................................................................... 4
Marking key ................................................................................................................................................. 4

Details:
Value: 30% of the final mark for the unit
Length: Maximum of 4000 words excluding title, contents and reference pages
Background (read carefully!)
Kala Design (KD) is a small to medium enterprise (SME) printing and graphics design company operating
in Brisbane, Gold Coast and Sydney. They also have a web presence for e-commerce (e.g. online orders
and payment), a customer relationship management (CRM) system, with information about products and
services purchased (e.g. customer details, customer purchase history and payment details, problem
reports, work details, etc). They also have a marketing system that allows for digital marketing using e-
mail, social media, and any other modern marketing techniques.
KD currently employs 30 people – none of whom have any cybersecurity expertise. There are plans to
expand the number of employees to at least 80. The boss’s 19-year-old niece and nephew were





responsible for all computer and network administration related matters for the past two years. An asset
register exists but, unfortunately, is far from adequate.
KD has recently won a financially rewarding two-year contract, making them responsible for printing
government documents. They are progressively scaling up their online presence as a result and have just
published a new prototype catalogue online using Weebly. In recent months, employees have noticed;
computers progressively operating slower, and random malware inspired popups are being displayed.
In addition to the asset registry, the following is an overview of notes you have from a meeting, with the
owner, of the current situation within KD:
• The Operating System (OS) software environment consists of a mix of Windows 7/10 laptops,
some smart-devices and three design-specific machines running macOS High Sierra 10.13.0, and
two machines are Linux OS (Debian). Some laptops have been purchased specifically for KD and
others are brought in/taken home each day by the employees (BYOD).
• None of the PCs or laptops contain any additional security software outside the default Windows
and Mac offering.
• Patch/update levels across laptops is unknown with each workstation encompassing varying
desktop configurations. The last time any known updates were applied was May, 2019.
• Internet access is via ADSL using D-Link DSL-2740B wireless routers.
• A QNap TS-412 NAS is used to backup workstation data (at each employee’s discretion) using
WinSCP. The username/password for the NAS admin account is kala/kala123.
• A Windows 2000 Server was previously operational in the organisation but a power surge, caused
during a severe weather event, resulted in hardware no longer functioning.
• Each employee receives on average 40-80 spam messages each day.
• In January 2020 – two workstations succumbed to a ransomware attack and KD paid the ransom.
• There are currently no policies or rules guiding employees on how to best utilise resources and
conform to ideal cybersecurity conscious behaviours.
• Employees can access each other’s computers and email accounts.
• Data is emailed/stored without using any cryptographic techniques.
• Last week an employee found a USB flash drive in the car park and plugged it into their computer.
Since then, the employee has claimed that the computer appears to have “a mind of its own”.
Task (read carefully!)
You have been hired to advise on the cybersecurity issues and develop a range of recommendations to
ensure KD can fulfil current and future contractual obligations. The employees are comfortable, and
reluctant to change their current cybersecurity behaviour. Many of the employees believe that the
company is functioning correctly and does not need a new cybersecurity operational model. KD’s
manager is committed to addressing the cybersecurity issues and culture of the workplace and has
allocated a sum of $250,000 to achieve the goal.

The manager has requested that you compile a succinct report addressing the top eight (8) cybersecurity
related issues only. In producing your solution, and using what you have learned to date, you must
address the following requirements:
• Why the chosen cybersecurity issue is being included within the “top 8”?
• An explanation/demonstration of the potential consequences of the identified issue (think
cybersecurity risk identification and assessment here!) At a minimum, you must address the
inadequate asset register.
• A detailed explanation/demonstration of how you propose to address the issues (think
cybersecurity risk controls here!)
• Why is your chosen control/solution better than alternative approaches?
• A detailed breakdown of the cost/benefit in addressing the selected issue.
• Develop a preliminary Cybersecurity Contingency Plan (CP) for KD that addresses the four key
elements of a CP.
Task Information (read carefully!)

• The report should be communicated in a manner that would be applicable for someone with little
or minimal computer technical literacy. For example, if you were discussing the remedy of a
‘network security’ issue, a simple network diagram (using Microsoft Visio for example) can be
very useful. Diagrams/graphics are not counted as part of the word count.
• You must address the inadequate asset register as part of your report. You may make
assumptions where required but be sure to state what assumptions you are making. You can
include your updated asset registry in an appendix (it will not be counted as part of the word
limit).
• Not all solutions/controls need to be of a technical nature. Think outside the box about what
needs to be rectified within this growing organisation. You must discuss, compare and reference
appropriate models and frameworks in coming to your decisions.
• Marks are not awarded for selecting the correct “top 8”. Rather, marks are awarded for
adequately justifying why the “top 8” were selected.
• You must make use of adequate in-text references throughout your entire report.
• Be creative in how you chose to communicate your findings. The report does not have to be a
large collection of paraphrased text. Diagrams are a much more effective way of communicating
an idea or concept. Tables and charts are an effective way to draw comparisons or contrast
different ideas. However, all supporting material must be adequately referenced and
acknowledged.
Report Requirements
Title page
Unit code and title, assignment title, your name and student number, campus, and your tutor’s name.
Table of contents
This must accurately reflect the content of your report and should be generated automatically in
Microsoft Word with page numbers.
Introduction
A succinct overview of the report. How did you formulate your solutions? What approach did you use
to undertake your research into the subject matter? What issues are being addressed in the report?
Main content
This section should be divided into components that address each issue independently. Each
component should clearly address the report requirements as depicted in the task outline.
Summary
The section should briefly draw together the main points raised in the report.
You should not introduce or discuss any new information.
Reference list
A list references formatted according to the SCU requirements using the APA format. Using the
Endnote software will make this process very easy.
Appendix
Include an updated asset registry as part of cyber risk management processes and any other items you
consider necessary
Assignment Submission
The submission must be a single document (e.g. Word, PDF), submitted through Blackboard via the
submission portals, including the Turnitin portal.
Late submission
If you submit your assignment after the due date, then you will be penalised in accordance with the
standard SCU regulations of 5% of the maximum mark, for every work-day that your assignment is late.
If your assignment is submitted more than 6 days late, then you will be awarded a mark of 0 for the
assignment.
Marking key
Criteria
Level of Achievement
Not met
Attempt
made
Good
attempt
Almost
perfect
Perfect
Title page, contents page, introduction and
conclusion meet the report requirements?
0 0.25 0.5 0.75 1
Selected ‘issues’ are adequately justified to
demonstrate their inclusion in the “top 8”?
0 1.5 3 4.5 6
Solutions/strategies to address selected issues
are technically correct/appropriate.
0 2 4 6 8
Proposed solutions/strategies have been
compared/contrasted to alternatives.
0 1 2 3 4
Financial costs of addressing issue have been
assessed and correctly documented?
0 1 2 3 4
A CP has been sufficiently researched and
developed.
0 1 2 3 4
In-text references have been used correctly
and align to an appropriately formatted
reference list.
0 0.75 1.5 2.25 3


欢迎咨询51作业君