SBD303_Assessment_2 Page 1 of 8
ASSESSMENT 2 BRIEF
Subject Code and Title SBD303 Secure by Design
Assessment Case Study Report
Individual/Group Individual
Length 1,500 words (+/- 10%)
Learning Outcomes The Subject Learning Outcomes demonstrated by successful
completion of the task below include:
a) Apply Secure by Design fundamentals, key concepts,
boundaries and the solutions it provides to security
vulnerabilities.
b) Categorise and classify the concepts of information security
in terms of confidentiality, integrity and availability.
c) Appraise basic concepts of Security by Design principles and
their significance in software development; and the main
Secure Development Life Cycle models and their major
differences.
e) Identify useful system design tools, benefits of code review
and utility of various testing strategies.
Submission 12-week duration: Due by 11:55pm AEST/AEDT Sunday end of
Module 8 (Week 8)
6-week duration: Due by 11:55pm AEST/AEDT Sunday end of Module
8 (Week 4)
Weighting 35%
Total Marks 100 marks
Assessment Task
Prepare a 1,500-word (+/-10%) case study report that provides guidance on establishing a
comprehensive cybersecurity environment within an organisation. You should refer to the provided
case study in this assessment task to develop your case study report.
Please refer to the Instructions for details on how to complete this task.
SBD303_Assessment_2 Page 2 of 8
Context
Cybersecurity is a significant concern for companies aiming to safeguard corporate and user data,
assets and general information. Breaches in security have occurred in various forms in the past,
resulting in diverse consequences for both consumers and organisations. Your report will evaluate
your understanding and capability to establish a secure IT environment that is manageable and
minimises the burden on end-users while maintaining the highest possible security standards.
Instructions
Please read the provided case study, then conduct a thorough analysis of the fundamental
requirements and explore available technical and organisational methods in the realm of
cybersecurity, ensuring they align with optimal user experience. It is essential to adhere to relevant
industry or international standards, such as OWASP, ISO27001, NIST and GDPR. For detailed
instructions on completing this task, please refer to the provided guidelines. Then, write a case study
report for creating a secure cybersecurity environment in this enterprise. Analyse the basic
requirements and available technical and organisational methods, aligning them with user experience
and relevant industry or international standards (e.g., OWASP, ISO27001). Your task involves:
1. User Training: Identify and explain the necessary user training for better cybersecurity.
2. Risk Assessment: Perform a risk assessment to identify at least 5 major risks.
3. Risk Mitigation: Recommend at least 4 technical and 2 organisational methods to mitigate
the identified risks. Describe their deployment process and impact on user productivity.
4. Mandatory Methods: Identify any mandatory methods from the recommended list.
5. User Groups and User Rights: Discuss the implementation of user groups and user rights in
the analysis application and basic IT system (e.g., email, PC login).
6. Password Rule: Create an appropriate password rule for user accounts in the application and
general IT/administration accounts (e.g., administrator, root). Justify your choice and align it
with current standards (e.g., NIST).
7. Storage Security Measures: Define the required security measures for storage and align them
with current standards.
8. Information Security Plan: Provide a recommendation for a plan of action to create and
maintain proper information security.
9. Business Availability Plan: Recommend a plan to sustain business availabilities.
10. Security and Governance Standards: Reference relevant security and governance standards.
11. Service Quality versus Security Assurance Trade-off: Discuss the trade-off between service
quality and security assurance in less than 350 words.
You will be assessed on the justification and understanding of security methods as well as how well
your recommendations follow Secure by Design principles and how well they are rationalised. The
quality of your research will also be assessed; you may include academic resources relating to the case
as well as non-academic resources. You need to follow the relevant standards and reference them. If
you chose to not do this, a standard and detailed explanation is required.
The content in the Essential Resources and the discussions with your learning facilitator during
Modules 1 to 7 should be reviewed. Further information derived from the library and/or internet
about the relevant topic will also be required.
Structure your 1,500-word case study report according to the following sections:
Title page (Include the subject code and name, assessment number and name, your name, your stu-
dent ID and your student email address.)
SBD303_Assessment_2 Page 3 of 8
• Table of contents
• Introduction of 100 – 150 words
• Body of the report (addressing the above-mentioned 11 topics) with around 1200 to 1300
words
• Conclusion of 100 – 150 – words
• Reference list
• Appendices (if needed)
Referencing is essential for this assessment. A minimum of one reference for each topic is required,
including at least 8 peer-reviewed academic sources or relevant standards.
Your references will be evaluated for their relevance to the case study. Remember you must ensure
that your arguments and justifications are based on sound reasoning and clear relevance.
Please review the Torrens University Case Study writing guide for assistance: Case Studies - Academic
Skills - Assessment Preparation - Library at Torrens
Referencing
It is essential that you use the current APA style for citing and referencing the sources that you use.
Please see more information on citing and referencing guidelines on the Academic Skills webpage.
Submission Instructions
Submit your Assessment 2 Case Study Report via the Assessment link in the main navigation menu in
SBD303 Secure by Design. Please name your file in the following format:
• Lastname_First initial_subject code_assessment number (e.g., Smith_A_SBD303_A2)
Your learning facilitator will provide feedback via the Grade Centre in the LMS portal. Feedback can
be viewed in My Grades.
Academic Integrity
All students are responsible for ensuring that all work submitted is their own and is appropriately
referenced and academically written according to the Academic Writing Guide. Students also need to
have read and be aware of Torrens University Australia Academic Integrity Policy and Procedure and
subsequent penalties for academic misconduct. These are viewable online.
Students also must keep a copy of all submitted material and any assessment drafts.
Special Consideration
To apply for special consideration for a modification to an assessment or exam due to unexpected or
extenuating circumstances, please consult the Assessment Policy for Higher Education Coursework
and ELICOS and, if applicable to your circumstance, submit a completed Application for Assessment
Special Consideration Form to your learning facilitator.
SBD303_Assessment_2
Page 4 of 8
Assessment Rubric
Assessment Attribute
Fail
(Yet to achieve
minimum standard)
0-49%
Pass
(Functional)
50-64%
Credit
(Proficient)
65-74%
Distinction
(Advanced)
75-84%
High Distinction
(Exceptional)
85-100%
Knowledge and
understanding of risk
assessment
The student must
explain why risk
assessment is essential
and who is responsible
for that assessment.
The student must also
discuss some
cybersecurity methods
and justify them.
Total Percentage for
this Assessment
Demonstrates a limited
or no knowledge of
cybersecurity design by:
• providing only one
risk in the risk
assessment
• discussion of one or
no cybersecurity
methods.
Demonstrates a functional
knowledge of cybersecurity
design by:
• Providing only two risks
in the risk assessment
• discussion of more than
one but less than three
cybersecurity methods.
Demonstrates a proficient
knowledge of cybersecurity
design by:
• providing no more than
three risks in the risk
assessment
• discussion of more than
three but less than five
cybersecurity methods.
Demonstrates an advanced
knowledge of cybersecurity
design by:
• providing no more than
four risks in the risk
assessment
• discussion of five or more
cybersecurity methods.
Demonstrates an
exceptional knowledge of
cybersecurity design by:
• providing at least five
risks in the risk
assessment
• discussion of six or
more cybersecurity
methods.
SBD303_Assessment_2
Page 5 of 8
Attribute = 25%
Understanding the
correlation between
cybersecurity methods
and user impact
The list of methods as
chosen by the student)
must be evaluated
regarding which of
those are mandatory
and which are not. The
methods must describe
the user impact.
Total Percentage for
this Assessment
Attribute = 25%
Demonstrates a limited
analysis capability by
identifying zero to 2
methods with limited
discussion about the
user impact for each of
them.
Demonstrates a basic
analysis capability by
identifying 2 to 3 methods
with discussion about the
user impact for all of them.
Demonstrates a well-
developed analysis capability
by identifying 4 to 6 methods
with discussion about the
user impact for all of them.
Demonstrates a thorough
analysis capability by
identifying all the required
methods with detailed
discussion about the user
impact for all of them.
Demonstrates a highly
sophisticated and creative
analysis capability by
identifying more than the
required number of
methods with extensive
discussion about the user
impact.
Understanding of
overall ISMS
Total Percentage for
No discussion of a
proper ISMS application.
Discusses primary risk
assessment implementation
as an ongoing process.
Discusses risk assessment and
method testing as ongoing
processes.
Discusses ISMS methods
according to ISO but not for
implementation and/or
forgetting to discuss one of
A full ISMS cycle is
implemented.
SBD303_Assessment_2
Page 6 of 8
this Assessment
Attribute =20 %
the five stages.
Detailed knowledge
about user rights
management and
password regimes
Total Percentage for
this Assessment
Attribute = 15 %
No discussion of either
rights management or
password rules for
application and IT.
Limited or no discussion
about the reason for
choosing this specific
rule.
Discusses either rights
management or password
rules but not both aspects.
Limited discussion about the
reasons for choosing this
specific rule.
Discusses both rights
management and password
rules but the reasoning
provided is basic.
Discusses both rights
management and password
rules with thorough reasoning
provided to rationalise the
specific choice.
Discusses both rights
management and
password rules with
extensive reasoning to
rationalise the specific
choice.
SBD303_Assessment_2
Page 7 of 8
Effective
communication
(Written)
Total Percentage for
this Assessment
Attribute = 10%
Report criteria not
followed.
Specialised language
and terminology are
rarely or inaccurately
employed.
Meaning is repeatedly
obscured by errors in
the communication of
ideas, including errors in
structure, sequence,
spelling, grammar,
punctuation and/or the
acknowledgment of
sources.
Communicates in a readable
manner that largely adheres
to the given format.
Report criteria followed.
Employs some specialised
language and terminology
with accuracy.
Meaning is sometimes
difficult to follow.
Information, arguments and
evidence are structured and
sequenced in a way that is
not always clear and logical.
There are some errors in the
spelling, grammar and/or
punctuation.
Communicates in a
coherent and readable
manner that adheres to the
given format.
Report criteria followed.
Accurately employs
specialised language and
terminology.
Meaning is easy to follow.
Information, arguments and
evidence are structured and
sequenced in a way that is
clear and logical.
There are occasional minor
errors
in the spelling,
grammar and/or
punctuation.
Communicates coherently
and concisely in a manner
that adheres to the given
format.
Report criteria followed and
expanded.
Accurately employs a wide
range of specialised
language and terminology.
Engages audience interest.
Information, arguments and
evidence are structured and
sequenced in a way that is,
clear and persuasive.
The spelling, grammar and
punctuation are free from
errors.
Communicates eloquently.
Expresses meaning
coherently, concisely and
creatively within the given
format.
Report criteria followed
and expanded.
Discerningly selects and
precisely employs a wide
range of specialised
language and terminology.
Engages and sustains
audience’s interest.
Information, arguments
and evidence are
insightful,
persuasive and expertly
presented.
The spelling, grammar and
punctuation are free from
errors.
Correct citation and
referencing of key
resources, standards
Demonstrates an
inconsistent and
inadequate use of
credible academic and
Demonstrates a limited use
of credible academic and
relevant resources to
support and develop ideas,
Demonstrates an adequate
use of credible academic
resources to support and
develop ideas. Includes 4 to 5
Demonstrates a thorough use
of good quality, credible
academic and relevant
resources to support and
Demonstrates an excellent
use of high-quality,
credible academic and
relevant resources to
SBD303_Assessment_2
Page 8 of 8
and evidence
Total Percentage for
this Assessment
Attribute = 5%
relevant resources to
support and develop
ideas. Includes less
than2 academic sources.
Does not apply APA
referencing style.
Citations are incorrect
or are not present in the
report. A reference list is
absent or is included
with errors.
but these are not always
explicit or well developed.
Includes 2 to 3 academic
sources.
Applies basic APA
referencing style with
numerous errors. Some
citations are present in the
report. A reference list is
included with some errors.
academic sources.
Applies adequate APA
referencing style with only
minor errors. Citations are
present in the report. A
reference list is included with
minor errors.
develop arguments and
statements. Includes at least 6
academic sources.
Shows evidence of wide scope
within the organisation for
sourcing evidence.
Applies APA referencing style
with no errors. Citations are
present in the report. A
reference list is included with
no errors.
support and develop
arguments and position
statements. Includes 8 or
more academic sources.
Shows evidence of wide
scope within and without
the organisation for
sourcing evidence.
Applies APA referencing
style with no errors.
Citations are present in
the report. A reference list
is included with no errors.
The following Subject Learning Outcomes are addressed in this assessment
SLO a) Apply Secure by Design fundamentals, key concepts, boundaries and the solutions it provides to security vulnerabilities.
SLO b) Categorise and classify the concepts of information security in terms of confidentiality, integrity and availability.
SLO c) Appraise basic concepts of Security by Design principles and their significance in software development; and the main Secure
Development Life Cycle models and their major differences.
SLO e) Identify useful system design tools, benefits of code review and utility of various testing strategies.