论文代写案例-S2
1

Part A and B Requirements
Dr Ian Storey, Dr Shaahin Madani, 2020 S2
The assignment has two parts, Part A and Part B. Note the assignment due dates on the
homepage.
You should base the assignment around the business described in the Word file, 2020 S2
TruTrust.pdf.
After the groups are finalised, the teaching team will create separate Microsoft Teams work-
ing groups for all groups. The MS Teams platform and the assigned group provides all teams
with every communication method they require for working on the assignment (e.g. chats,
video/voice calls, storing files etc). All working files must be uploaded to your team’s channels
(i.e. a Files tab in one of the channels) and worked on from there. Further details about this
will be communicated with your when the teams are finalised. Final assignments for marking
need to be submitted to TurnItIn via the link on Canvas (only one submission per team please,
otherwise you will have 100% plagiarism).

Part A
For this part of the assignment your team must submit three files, an ALE risk analysis in an
Excel spreadsheet, a short Word file as described below, and a responsibility matrix. The files
should contain your team name in the title, as below,
Part A ALE.xlsx
Part A Documentation.docx
Part A Responsibility.docx or .pdf
These must be uploaded to TurnItIn via Canvas before the due date/time. The allowed upload
file types are: .doc, .docx, .xls, .xlsx.
ALE Risk Analysis
For Part A of the assignment your team needs to present an ALE risk analysis. You will supply
an Excel spreadsheet with at least 12 risks.
Ensure the spreadsheet is named appropriately, and separate worksheets should also be
named appropriately.
You must use Excel calculations in the cells (i.e. use Excel formula). Do not enter calculated
values by hand (except those that are not calculated), but make sure that the calculated fields
are calculated in the spreadsheet you send to your tutor. This includes data taken from one
sheet to another. (Only a maximum of 50% marks will be rewarded if values are inappropri-
ately.)
Not all risks decisions should be “transfer” or “mitigate”. At least one must be “accept”. Marks
will be deleted for an “avoid” decision unless you have discussed it with your tutor. In one of
the risks, the control should be some form of policy.
2

Any depreciation of ongoing control costs should be depreciated linearly over five years, as in
lectures and tutorials. (This is just for consistency within this course.)
Each control in the quantitative analysis should be clearly mapped against a control in Table
A.1 in ISO/IEC 27001:2013. Give the code for the control and the brief name of the control.
For example, with A.5.1.1, give A.5.1.1, Policies for information security in the sheet.
In a separate worksheet from the ALE analysis, include a calculated field for the total cost of
your mitigation plan. This should be transferred from the first table, not entered by hand. You
can include your consultancy fee in this as well.
No more than two worksheets.
Accompanying Documentation
As well as the Excel file, include a Word file with the following information in dot form. Give
your information/answers under the dot points.
• Names of the members of your team.
• The name of your Excel file.
• A cut-down presentable table of your ALE results, including decisions. This should not
be your entire spreadsheet, but it should have relevant information that matches your
spreadsheet. It should be presentable, as in a readable report to top management.
Marks off if this is too busy or simply a copy of your spreadsheet.
• The most important risk to consider from your analysis.
• The total cost of the mitigation scheme, and how you calculated it.
• A brief outline of how you “discovered” the top risk in your analysis. (You can make
up a believable “story” of how you discovered the risk.) Just one or two sentences.
• Explain why you chose the accept decision for the risk involving this decision. No more
than one paragraph.
• Nominate a real-world attack (or vulnerability). You do not need to describe the attack
for Part A (that comes in Part B). Just give the name of the attack and a web link to the
attack: provide a link to a simple, easy-to-understand explanation of the attack. You
could also supply a link to a CERT page on the attack. Your tutor might ask you to
choose a different attack for Part B, but please have some links to information on the
attack.
This document should be quite short. It should just cover the above points in outline.
Elements of Part A could be reused for Part B. If so, you need to make any changes suggested
by your tutor.

Part B
For Part B, you will submit three files, an Excel spreadsheet, a Word file for the report and a
nominated academic article in pdf format. The assignment will not be marked until all these
are sent. The files should contain your team name in the title, as below,
Part B ALE.xlsx
Part B Report.docx
3

Part B Nominated Article.docx or .pdf
These should be submitted to TurnItIn on Canvas.

ALE Excel Workbook
You can submit some of the same risks as presented in the worksheet for Part A if they were
satisfactory, but you must resubmit.
Report Word File
The Word file will be in the form of a business report, but referencing must be done with
academic rigor.
“Discovery” for 3 Risks
You need to select a discovery technique and give a report (make up a “discovery story”) of
how you discovered three of the risks in your ALE analysis. The goal here is to visualise the
report as being the result of discovery. Only a short paragraph is required. You can include,
or slightly expand on, risks from Part A if they were satisfactory.
One of the three risks must be discovered using a questionnaire and you need to include an
example of one Likert scale question (question only). In the explanation of the response “dis-
covery”, you can suppose a particular median response, or mean and standard deviations if
numbers were used. Of course, explain what threat this revealed.
Qualitative Analysis
You need to convert the ALE analysis into a risk matrix as discussed in class. (You can have
three separate matrices or include all three in one matrix clearly labelled.) You need to,
• convert only the three “discovered” risks,
• derive the matrix rigorously from the quantitative analysis,
• show unambiguously stated cell (bin) boundaries. You can use your own levels, but
they must correctly translate the same threats from quantitative analysis.
It is up to you how you divide up the cells, but they need to be clearly stated and properly
transformed.
Word Count
The report should be between 2,500 to 4,000 words (excluding appended material and ta-
bles).
Nominated Article
You need to submit a nominated article in PDF form. The following are required for the nom-
inated article,
• the article must come from refereed academic source, either a journal or a confer-
ence. Provide evidence of the academic quality of the article either using screen-
shots from the library site or use Ulrichs to show that the article is both scholarly
and peer reviewed. This can be submitted as an appendix to your report.
• supply the article in pdf format,
4

• provide a link where the tutor can download the article (if you can access it from the
library, the tutor should be able to as well),
• the nominated article needs to be read by you and included sensibly inside the report
no less than 3 times (and not just a basic citation of the article’s abstract),
• page numbers must be included in the citations to the nominated article, even with
paraphrased text (to help the tutor),
• the relevant sections of the nominated article used in the report need to be high-
lighted in the PDF file.

References and Nominated Reference Article(s)
Your report will need to be properly referenced. You need to reference,
• the nominated article
• at least 2 other academic references (not web page links)
• at least 6 references overall including the reference to the nominated article, any ac-
ademic references, white papers, lecture notes, or 2 web page links.
You can include as many web references as you like, and please include all links you used.
However, no more than 2 web links will be included in your reference count. Be careful to
keep track of any reference, including web pages, as you access them. It is easy to surf and
lose track of pages.
RMIT Harvard style should be used with all references and citations. Incorrect referencing
attracts negative marks, possibly zero for the entire assignment. Note that an uncited refer-
ence or and unreferenced citation will be heavily penalised.
Tutors can ask you to supply evidence of any quoted material: PDFs, screen shots, web links,
etc. If you supply more than one article in pdf format, please indicate the name of the nomi-
nated article.
Report Format
You must use the following headings, as Word heading styles, in your document.
• Executive Summary
Needs to be written very carefully and effectively. If you have not written an
executive summary before, you will need to do research to learn how a good
executive summary is written.
• Fact Finding/Discovery
Be sure to clearly explain techniques and give short examples.
• Real-World attack
• Quantitative Analysis
Show a presentable chart, but reference the Excel file.
• Qualitative Analysis
Accurate conversion of quantitative for 3 threat/control pairs
• Conclusions
• References
5

Responsibility Matrix for Part B, submitted with Part A
Students will need to complete a responsibility matrix (see Word file Responsibility Matrix
2020 S2.docx). Contribution weightings can only be between 100 and 150. The marks for Part
B are normalised so the average mark is the mark given in proportion to the weightings. Part
A’s mark is the same for each member. Failure to submit the responsibility matrix with Part A
will result in that everyone will receive the same mark for Part A and the same mark for Part
B.
The responsibility matrix must be submitted before the due date for Part A and cannot be
submitted after this.
Note: any issues with team member contribution should be diagnosed early. If you wish to
meet with a tutor before the submission of Part A, a time will be made, and the decision of
that meeting will be final. After the submission of Part A, the mark is as per the responsibility
matrix, or it is equal for all.


欢迎咨询51作业君
51作业君 51作业君

Email:51zuoyejun

@gmail.com

添加客服微信: IT_51zuoyejun