SBD303_Assessment_2 Page 1 of 8

ASSESSMENT 2 BRIEF

Subject Code and Title SBD303 Secure by Design

Assessment Case Study Report

Individual/Group Individual

Length 1,500 words (+/- 10%)

Learning Outcomes The Subject Learning Outcomes demonstrated by successful

completion of the task below include:

a) Apply Secure by Design fundamentals, key concepts,

boundaries and the solutions it provides to security

vulnerabilities.

b) Categorise and classify the concepts of information security

in terms of confidentiality, integrity and availability.

c) Appraise basic concepts of Security by Design principles and

their significance in software development; and the main

Secure Development Life Cycle models and their major

differences.

e) Identify useful system design tools, benefits of code review

and utility of various testing strategies.

Submission 12-week duration: Due by 11:55pm AEST/AEDT Sunday end of

Module 8 (Week 8)

6-week duration: Due by 11:55pm AEST/AEDT Sunday end of Module

8 (Week 4)

Weighting 35%

Total Marks 100 marks

Assessment Task

Prepare a 1,500-word (+/-10%) case study report that provides guidance on establishing a

comprehensive cybersecurity environment within an organisation. You should refer to the provided

case study in this assessment task to develop your case study report.

Please refer to the Instructions for details on how to complete this task.

SBD303_Assessment_2 Page 2 of 8

Context

Cybersecurity is a significant concern for companies aiming to safeguard corporate and user data,

assets and general information. Breaches in security have occurred in various forms in the past,

resulting in diverse consequences for both consumers and organisations. Your report will evaluate

your understanding and capability to establish a secure IT environment that is manageable and

minimises the burden on end-users while maintaining the highest possible security standards.

Instructions

Please read the provided case study, then conduct a thorough analysis of the fundamental

requirements and explore available technical and organisational methods in the realm of

cybersecurity, ensuring they align with optimal user experience. It is essential to adhere to relevant

industry or international standards, such as OWASP, ISO27001, NIST and GDPR. For detailed

instructions on completing this task, please refer to the provided guidelines. Then, write a case study

report for creating a secure cybersecurity environment in this enterprise. Analyse the basic

requirements and available technical and organisational methods, aligning them with user experience

and relevant industry or international standards (e.g., OWASP, ISO27001). Your task involves:

1. User Training: Identify and explain the necessary user training for better cybersecurity.

2. Risk Assessment: Perform a risk assessment to identify at least 5 major risks.

3. Risk Mitigation: Recommend at least 4 technical and 2 organisational methods to mitigate

the identified risks. Describe their deployment process and impact on user productivity.

4. Mandatory Methods: Identify any mandatory methods from the recommended list.

5. User Groups and User Rights: Discuss the implementation of user groups and user rights in

the analysis application and basic IT system (e.g., email, PC login).

6. Password Rule: Create an appropriate password rule for user accounts in the application and

general IT/administration accounts (e.g., administrator, root). Justify your choice and align it

with current standards (e.g., NIST).

7. Storage Security Measures: Define the required security measures for storage and align them

with current standards.

8. Information Security Plan: Provide a recommendation for a plan of action to create and

maintain proper information security.

9. Business Availability Plan: Recommend a plan to sustain business availabilities.

10. Security and Governance Standards: Reference relevant security and governance standards.

11. Service Quality versus Security Assurance Trade-off: Discuss the trade-off between service

quality and security assurance in less than 350 words.

You will be assessed on the justification and understanding of security methods as well as how well

your recommendations follow Secure by Design principles and how well they are rationalised. The

quality of your research will also be assessed; you may include academic resources relating to the case

as well as non-academic resources. You need to follow the relevant standards and reference them. If

you chose to not do this, a standard and detailed explanation is required.

The content in the Essential Resources and the discussions with your learning facilitator during

Modules 1 to 7 should be reviewed. Further information derived from the library and/or internet

about the relevant topic will also be required.

Structure your 1,500-word case study report according to the following sections:

Title page (Include the subject code and name, assessment number and name, your name, your stu-

dent ID and your student email address.)

SBD303_Assessment_2 Page 3 of 8

• Table of contents

• Introduction of 100 – 150 words

• Body of the report (addressing the above-mentioned 11 topics) with around 1200 to 1300

words

• Conclusion of 100 – 150 – words

• Reference list

• Appendices (if needed)

Referencing is essential for this assessment. A minimum of one reference for each topic is required,

including at least 8 peer-reviewed academic sources or relevant standards.

Your references will be evaluated for their relevance to the case study. Remember you must ensure

that your arguments and justifications are based on sound reasoning and clear relevance.

Please review the Torrens University Case Study writing guide for assistance: Case Studies - Academic

Skills - Assessment Preparation - Library at Torrens

Referencing

It is essential that you use the current APA style for citing and referencing the sources that you use.

Please see more information on citing and referencing guidelines on the Academic Skills webpage.

Submission Instructions

Submit your Assessment 2 Case Study Report via the Assessment link in the main navigation menu in

SBD303 Secure by Design. Please name your file in the following format:

• Lastname_First initial_subject code_assessment number (e.g., Smith_A_SBD303_A2)

Your learning facilitator will provide feedback via the Grade Centre in the LMS portal. Feedback can

be viewed in My Grades.

Academic Integrity

All students are responsible for ensuring that all work submitted is their own and is appropriately

referenced and academically written according to the Academic Writing Guide. Students also need to

have read and be aware of Torrens University Australia Academic Integrity Policy and Procedure and

subsequent penalties for academic misconduct. These are viewable online.

Students also must keep a copy of all submitted material and any assessment drafts.

Special Consideration

To apply for special consideration for a modification to an assessment or exam due to unexpected or

extenuating circumstances, please consult the Assessment Policy for Higher Education Coursework

and ELICOS and, if applicable to your circumstance, submit a completed Application for Assessment

Special Consideration Form to your learning facilitator.

SBD303_Assessment_2

Page 4 of 8

Assessment Rubric

Assessment Attribute

Fail

(Yet to achieve

minimum standard)

0-49%

Pass

(Functional)

50-64%

Credit

(Proficient)

65-74%

Distinction

(Advanced)

75-84%

High Distinction

(Exceptional)

85-100%

Knowledge and

understanding of risk

assessment

The student must

explain why risk

assessment is essential

and who is responsible

for that assessment.

The student must also

discuss some

cybersecurity methods

and justify them.

Total Percentage for

this Assessment

Demonstrates a limited

or no knowledge of

cybersecurity design by:

• providing only one

risk in the risk

assessment

• discussion of one or

no cybersecurity

methods.

Demonstrates a functional

knowledge of cybersecurity

design by:

• Providing only two risks

in the risk assessment

• discussion of more than

one but less than three

cybersecurity methods.

Demonstrates a proficient

knowledge of cybersecurity

design by:

• providing no more than

three risks in the risk

assessment

• discussion of more than

three but less than five

cybersecurity methods.

Demonstrates an advanced

knowledge of cybersecurity

design by:

• providing no more than

four risks in the risk

assessment

• discussion of five or more

cybersecurity methods.

Demonstrates an

exceptional knowledge of

cybersecurity design by:

• providing at least five

risks in the risk

assessment

• discussion of six or

more cybersecurity

methods.

SBD303_Assessment_2

Page 5 of 8

Attribute = 25%

Understanding the

correlation between

cybersecurity methods

and user impact

The list of methods as

chosen by the student)

must be evaluated

regarding which of

those are mandatory

and which are not. The

methods must describe

the user impact.

Total Percentage for

this Assessment

Attribute = 25%

Demonstrates a limited

analysis capability by

identifying zero to 2

methods with limited

discussion about the

user impact for each of

them.

Demonstrates a basic

analysis capability by

identifying 2 to 3 methods

with discussion about the

user impact for all of them.

Demonstrates a well-

developed analysis capability

by identifying 4 to 6 methods

with discussion about the

user impact for all of them.

Demonstrates a thorough

analysis capability by

identifying all the required

methods with detailed

discussion about the user

impact for all of them.

Demonstrates a highly

sophisticated and creative

analysis capability by

identifying more than the

required number of

methods with extensive

discussion about the user

impact.

Understanding of

overall ISMS

Total Percentage for

No discussion of a

proper ISMS application.

Discusses primary risk

assessment implementation

as an ongoing process.

Discusses risk assessment and

method testing as ongoing

processes.

Discusses ISMS methods

according to ISO but not for

implementation and/or

forgetting to discuss one of

A full ISMS cycle is

implemented.

SBD303_Assessment_2

Page 6 of 8

this Assessment

Attribute =20 %

the five stages.

Detailed knowledge

about user rights

management and

password regimes

Total Percentage for

this Assessment

Attribute = 15 %

No discussion of either

rights management or

password rules for

application and IT.

Limited or no discussion

about the reason for

choosing this specific

rule.

Discusses either rights

management or password

rules but not both aspects.

Limited discussion about the

reasons for choosing this

specific rule.

Discusses both rights

management and password

rules but the reasoning

provided is basic.

Discusses both rights

management and password

rules with thorough reasoning

provided to rationalise the

specific choice.

Discusses both rights

management and

password rules with

extensive reasoning to

rationalise the specific

choice.

SBD303_Assessment_2

Page 7 of 8

Effective

communication

(Written)

Total Percentage for

this Assessment

Attribute = 10%

Report criteria not

followed.

Specialised language

and terminology are

rarely or inaccurately

employed.

Meaning is repeatedly

obscured by errors in

the communication of

ideas, including errors in

structure, sequence,

spelling, grammar,

punctuation and/or the

acknowledgment of

sources.

Communicates in a readable

manner that largely adheres

to the given format.

Report criteria followed.

Employs some specialised

language and terminology

with accuracy.

Meaning is sometimes

difficult to follow.

Information, arguments and

evidence are structured and

sequenced in a way that is

not always clear and logical.

There are some errors in the

spelling, grammar and/or

punctuation.

Communicates in a

coherent and readable

manner that adheres to the

given format.

Report criteria followed.

Accurately employs

specialised language and

terminology.

Meaning is easy to follow.

Information, arguments and

evidence are structured and

sequenced in a way that is

clear and logical.

There are occasional minor

errors

in the spelling,

grammar and/or

punctuation.

Communicates coherently

and concisely in a manner

that adheres to the given

format.

Report criteria followed and

expanded.

Accurately employs a wide

range of specialised

language and terminology.

Engages audience interest.

Information, arguments and

evidence are structured and

sequenced in a way that is,

clear and persuasive.

The spelling, grammar and

punctuation are free from

errors.

Communicates eloquently.

Expresses meaning

coherently, concisely and

creatively within the given

format.

Report criteria followed

and expanded.

Discerningly selects and

precisely employs a wide

range of specialised

language and terminology.

Engages and sustains

audience’s interest.

Information, arguments

and evidence are

insightful,

persuasive and expertly

presented.

The spelling, grammar and

punctuation are free from

errors.

Correct citation and

referencing of key

resources, standards

Demonstrates an

inconsistent and

inadequate use of

credible academic and

Demonstrates a limited use

of credible academic and

relevant resources to

support and develop ideas,

Demonstrates an adequate

use of credible academic

resources to support and

develop ideas. Includes 4 to 5

Demonstrates a thorough use

of good quality, credible

academic and relevant

resources to support and

Demonstrates an excellent

use of high-quality,

credible academic and

relevant resources to

SBD303_Assessment_2

Page 8 of 8

and evidence

Total Percentage for

this Assessment

Attribute = 5%

relevant resources to

support and develop

ideas. Includes less

than2 academic sources.

Does not apply APA

referencing style.

Citations are incorrect

or are not present in the

report. A reference list is

absent or is included

with errors.

but these are not always

explicit or well developed.

Includes 2 to 3 academic

sources.

Applies basic APA

referencing style with

numerous errors. Some

citations are present in the

report. A reference list is

included with some errors.

academic sources.

Applies adequate APA

referencing style with only

minor errors. Citations are

present in the report. A

reference list is included with

minor errors.

develop arguments and

statements. Includes at least 6

academic sources.

Shows evidence of wide scope

within the organisation for

sourcing evidence.

Applies APA referencing style

with no errors. Citations are

present in the report. A

reference list is included with

no errors.

support and develop

arguments and position

statements. Includes 8 or

more academic sources.

Shows evidence of wide

scope within and without

the organisation for

sourcing evidence.

Applies APA referencing

style with no errors.

Citations are present in

the report. A reference list

is included with no errors.

The following Subject Learning Outcomes are addressed in this assessment

SLO a) Apply Secure by Design fundamentals, key concepts, boundaries and the solutions it provides to security vulnerabilities.

SLO b) Categorise and classify the concepts of information security in terms of confidentiality, integrity and availability.

SLO c) Appraise basic concepts of Security by Design principles and their significance in software development; and the main Secure

Development Life Cycle models and their major differences.

SLO e) Identify useful system design tools, benefits of code review and utility of various testing strategies.