You will collect information about an assigned problem and develop a case study report. Concepts taught throughout the course should be applied to the case study report.
The report will cover a case study. Each of you will be assigned a company and a specific breach event which occurred at that company.
Note that a number of students have failed in the past for missing key content explained in the seminars and readings, or not providing appropriate context for a case study. THIS IS A REPORT, NOT AN ASSIGNMENT. Repeating content, but not applying it to the case study, will result in a fail.
You will need to:
1. Conduct research and investigate the event.
2. Develop a summary of the event (this summary will be provided as a during class seminars) which will provide a background for your report.
3. Identify relevant stakeholders.
4. Assess characteristics of stakeholders, their likely behaviours before, during and after the event, and the impact of the event on these stakeholders.
5. Identify relevant threat actor TTPs of the event aligned to MITRE ATT&CK, detection and controls including those described within MITRE DEFEND.
6. Discuss issues associated with attribution of the threat actor. Ensure this is specific to the event.
7. Develop a cybersecurity awareness program. Focus on recovery from the incident and improving the cyber security posture of the organisation.
8. Consider the broader cyber security risk management program and controls. Integrate the NIST CSF Functions into your report. Ensure they are specific to the events described. Apply the Cyber Defence Matrix.
9. Discuss the interplay between the technical and human aspects of the company. Provide some observations about which controls could be more effective to reduce future risk of a similar event.
10. Provide recommendations specifically related to the company and event, focused on human factors and your cybersecurity awareness program.
11. Include a short summary of the above points (1-10), explaining how you achieved each requirement, as an appendix to your report. This summary will not contribute to the word count.
12. Include an acronym and key terms list as an appendix to your report. The acronym and key terms list will not contribute to the word count.
13. Reference using the IEEE standard.
14. Incorporate content taught throughout the course. Ensure you are flexible and apply what you have learnt.
The report will be no less than 1800 words and no more than 2000 words.
For every 100 words less than 1800 words, 15% of the total maximum grade will be lost. For example, a 1700 word submission cannot score above 85/100.
For every 100 words more than 2000 words, 15% of the total maximum grade will be lost. For example, a 2100 word submission cannot score above 85/100.
References, title pages, indexes, acronym lists, tables and appendices do not count towards the word limit. Ensure you account for this when determining your word count. Given the limit on word count, we would encourage you to be succinct. However, your report must still be readable and make sense to the reader.
You can assume the reader is a cyber security practitioner.
The report must include appropriate referencing.
We expect a minimum of 10 individual references in the report.
Any content that is a direct instance of plagiarism will result in zero marks for this assessment. Your report will be checked and reviewed for plagiarism in the strictest sense.
Recommend structure of your report:
1. Title page including student information, case study company.
2. Background: Summary of the company and event.
3. Stakeholder analysis.
4. Threat actor analysis.
5. Cybersecurity awareness program. Content for this section consists of multiple parts.
6. Cyber security risk management program and controls. Content for this section consists of multiple parts.
7. Report recommendations.
8. References.
9. Appendices: 9A. Summary of requirements. 9B. Acronym and key terms list. 9C. Others as appropriate.
Topic: Capgemini 20GB data breach
