KING’S OWN INSTITUTE* Success in Higher Education ICT205 CYBER SECURITY T122 16/10/2021 11:37 PAGE 1 OF 16 ICT205 CYBER SECURITY T122 All information in the Subject Outline is correct at the time of approval. KOI reserves the right to make changes to the Subject Outline if they become necessary. Any changes require the approval of the KOI Academic Board and will be formally advised to those students who may be affected by email and via Moodle. Information contained within this Subject Outline applies to students enrolled in the trimester as indicated 1. General Information 1.1 Administrative Details Associated HE Award(s) Duration Level Subject Coordinator Bachelor of Information Technology (BIT) 1 trimester Level 2 Dr Saeid Iranmanesh [email protected] u P: +61 (2) 9283 3583 L: Level 1-2, 17 O’Connell St. Consultation: via Moodle or by appointment. 1.2 Core / Elective Core subject for BIT 1.3 Subject Weighting Indicated below is the weighting of this subject and the total course points. Subject Credit Points Total Course Credit Points 4 BIT (96 Credit Points) 1.4 Student Workload Indicated below is the expected student workload per week for this subject No. Timetabled Hours/Week* No. Personal Study Hours/Week** Total Workload Hours/Week*** 4 hours/week (2 hour Lecture + 2 hour Tutorial) 6 hours/week 10 hours/week * Total time spent per week at lectures and tutorials ** Total time students are expected to spend per week in studying, completing assignments, etc. *** Combination of timetable hours and personal study. 1.5 Mode of Delivery Online (face-to-face teaching temporarily suspended due to COVID-19) 1.6 Pre-requisites ICT106 Data Communications and Networks 1.7 General Study and Resource Requirements o Dedicated computer laboratories are available for student use. Normally, tutorial classes are conducted in the computer laboratories. o Students are expected to attend classes with the requisite textbook and must read specific chapters prior to each tutorial. This will allow them to actively take part in discussions. Students should have elementary skills in both word processing and electronic spreadsheet software, such as Office 365 or MS Word and MS Excel. ICT205 ICT205 CYBER SECURITY T122 16/10/2021 11:37 PAGE 2 OF 16 o Computers and WIFI facilities are extensively available for student use throughout KOI. Students are encouraged to make use of the campus Library for reference materials. o Students will require access to the internet and email. Where students use their own computers, they should have internet access. KOI will provide access to required software. Resource requirements specific to this subject: MS Imagine, Office 365. 2 Academic Details 2.1 Overview of the Subject As the Internet becomes more pervasive, so do security threats to our computer systems and communications. Cybersecurity affects the social and economic health of the world. This subject provides students with a grounding in security technology and the fundamentals of encryption systems. Students will learn about types of attacks, access control and authentication, firewalls, wireless network security, intrusion detection systems, and cryptographic techniques and their applications. 2.2 Graduate Attributes for Undergraduate Courses Graduates of Bachelor courses from King’s Own Institute (KOI) will achieve the graduate attributes expected under the Australian Qualifications Framework (2nd edition, January 2013). Graduates at this level will be able to apply a broad and coherent body of knowledge from their major area of study in a range of contexts for professional practice or scholarship and as a pathway for further learning. King’s Own Institute’s generic graduate attributes for a bachelor’s level degree are summarised below: KOI Bachelor Degree Graduate Attributes Detailed Description Knowledge Current, comprehensive, and coherent and connected knowledge Critical Thinking Critical thinking and creative skills to analyse and synthesise information and evaluate new problems Communication Communication skills for effective reading, writing, listening and presenting in varied modes and contexts and for transferring knowledge and skills to a variety of audiences Information Literacy Information and technological skills for accessing, evaluating, managing and using information professionally Problem Solving Skills Skills to apply logical and creative thinking to solve problems and evaluate solutions Ethical and Cultural Sensitivity Appreciation of ethical principles, cultural sensitivity and social responsibility, both personally and professionally Teamwork Leadership and teamwork skills to collaborate, inspire colleagues and manage responsibly with positive results Professional Skills Professional skills to exercise judgement in planning, problem solving and decision making Across the course, these skills are developed progressively at three levels: o Level 1 Foundation – Students learn the basic skills, theories and techniques of the subject and apply them in basic, standalone contexts o Level 2 Intermediate – Students further develop the skills, theories and techniques of the subject and apply them in more complex contexts, and begin to integrate this application with other subjects. ICT205 ICT205 CYBER SECURITY T122 16/10/2021 11:37 PAGE 3 OF 16 o Level 3 Advanced – Students demonstrate an ability to plan, research and apply the skills, theories and techniques of the subject in complex situations, integrating the subject content with a range of other subject disciplines within the context of the course. 2.3 Subject Learning Outcomes This is a Level 2 subject. On successful completion of this subject, students should be able to: Subject Learning Outcomes Contribution to Graduate Attributes a) Analyse and evaluate the organisational adoption of security controls b) Design solutions for concrete security problems for distributed applications c) Formulate and evaluate security countermeasures to reduce potential security risks d) Analyse emerging security threats and controls. 2.4 Subject Content and Structure Below are details of the subject content and how it is structured, including specific topics covered in lectures and tutorials. Reading refers to the text unless otherwise indicated. Weekly Planner: Week (beginning) Topic covered in each week’s lecture Reading(s) Expected work as listed in Moodle 1 07 Mar Introduction to network security Ch. 1 2 14 Mar Malware and social engineering attacks Ch. 2 Complete exercises in Tutorials on challenges of securing information, information security and types of attackers. Tutorial not graded 3 21 Mar Applications network attacks and risk mitigation Ch. 15 Complete exercises in Tutorials on basic steps of an attack and principles of defence and different types of malware and payloads of malware. Tutorial Graded 1% 4 28 Mar Vulnerability assessment and data security Ch. 13 Complete exercises in Tutorials on clientside attacks, overflow attacks and different types of networking-based attacks. Tutorial Graded 1% Assessment 2 due: Quiz. 5 04 Apr Networking-based and web server attacks Ch. 5 Complete exercises in Tutorials on webserver attacks.. Graded 1% 6 11 Apr Network security devices, technologies, and design Ch. 6 Complete exercises in Tutorials on securing a host computer and application security. How to secure data. Tutorial Graded 1% ICT205 ICT205 CYBER SECURITY T122 16/10/2021 11:37 PAGE 4 OF 16 7 18 Apr Administering a secure network and systems and application security Chs. 7, 9 Complete exercises in Tutorials on network security devices and their uses, network technologies and security. Tutorial Graded 1% 8 25 Apr Wireless network security and mobile and embedded devices Chs. 8, 10 Complete exercises in Tutorials on network design elements, functions of common network protocols, principles of network administration and how they can be secured. Tutorial Graded 1% 9 02 May Access management fundamentals Ch. 11 Complete exercises in Tutorials on different types of wireless network attacks and the vulnerabilities in IEEE 802.11 security. Solutions for securing a wireless network. Tutorial Graded 1% 10 09 May Authentication and account management Ch. 12 Complete exercises in Tutorials on four access control models, how to implement access control and the different types of authentication services. Tutorial Graded 1% 11 16 May Cryptography: hash; symmetric; and asymmetric algorithm Chs. 3, 4 Complete exercises in Tutorials on authentication credentials and account management procedures for securing passwords. Tutorial Graded 1% Assignment 3 due: Report 12 23 May Business continuity Ch. 14 Complete exercises in Tutorials on cryptography, hash, symmetric, and asymmetric cryptographic algorithms. Tutorial Graded 1% Complete exercises in Tutorials on how to control risk, ways in which security policies can reduce risk Revision Assignment 3 due: Demonstration 13 30 May Study review week 14 06 Jun Examination Continuing students – enrolments for T222 open Please see exam timetable for exam date, time and location 15 13 Jun Student Vacation begins New students – enrolments for T222 open 16 20 Jun Results Released 24 Jun 2022 Certification of Grades 01 July 2022 T222 04 July 2022 1 04 Jul Week 1 of classes for T222 Tue 28 Jun – Review of Grade Day for T122 – see Sections 2.6 and 3.2 below for more information. 2.5 Public Holiday Amendments Please note: KOI is closed on all scheduled NSW Public Holidays. T122 has three (3) public holidays that occur during this trimester. Classes scheduled for these public holidays (Calendar Class Dates) will be rescheduled as per the table below. This applies to ALL subjects taught in T122. Please see the table below and adjust your class timing as required. Please make sure you have arrangements in place to attend the rescheduled classes if applicable to your T122 enrolment. ICT205 ICT205 CYBER SECURITY T122 16/10/2021 11:37 PAGE 5 OF 16 Classes will be conducted at the same time and in the same location as your normally scheduled class except these classes will be held on the date shown below. Calendar Class Date Rescheduled Class Date Friday 15 Apr 2022 Monday 18 Apr 2022 Monday 25 Apr 2022 Wednesday 01 Jul 2022 Monday 30 May 2022 Tuesday 31 May 2022 2.6 Review of Grade, Deferred Exams & Supplementary Exams/Assessments Review of Grade: There may be instances when you believe that your final grade in a subject does not accurately reflect your performance against the marking criteria. Section 8 of the Assessment and Assessment Appeals Policy (www.koi.edu.au) describes the grounds on which you may apply for a Review of Grade. If you have a concern about your marks and you are unable to resolve it with the Academic staff concerned, then you can apply for a formal Review of Grade as explained in section 3.2(e) Appeals Process below. Please note the time limits for requesting a review. Please ensure you read the Review of Grade information before submitting an application. Review of Grade Day: Final exam scripts will not normally be returned to students. Students can obtain feedback on their exam performance and their results for the whole subject at the Review of Grade Day. KOI will hold the Review of Grade Day for all subjects studied in T122 on TUE 28 JUN Only final exams and whole subject results will be discussed as all other assessments should have been reviewed during the trimester. Further information about Review of Grade Day will be available through Moodle. If you fail one or more subjects and you wish to consider applying for a Review of Grade you are STRONGLY ADVISED to attend the Review of Grade Day. You will have the chance to discuss your final exam and subject result with your lecturer, and will be advised if you have valid reasons for applying for a Review of Grade (see Section 3.2 below and the Assessment and Assessment Appeals Policy). A formal request for a review of grade may not be considered unless you first contact the subject coordinator to discuss the result. Deferred Exams: If you wish to apply for a deferred exam because you are unable to attend the scheduled exam, you should submit the Assignment Extension / Exam Deferment Form available by clicking the following link Assignment Extension / Exam Deferment Form as soon as possible, but no later than three (3) working days of the assessment due date. If you miss your mid-trimester or final exam there is no guarantee you will be offered a deferred exam. You must apply within the stated timeframe and satisfy the conditions for approval to be offered a deferred exam (see Section 8.1 of the Assessment and Assessment Appeals Policy and the Application for ICT205 ICT205 CYBER SECURITY T122 16/10/2021 11:37 PAGE 6 OF 16 Assignment Extension or Deferred Exam Forms). In assessing your request for a deferred exam, KOI will take into account the information you provide, the severity of the event or circumstance, your performance on other items of assessment in the subject, class attendance and your history of previous applications for special consideration. Deferred mid-trimester exams will be held before the end of week 9. Deferred final exams will be held on two days during week 1 or 2 in the next trimester. You will not normally be granted a deferred exam on the grounds that you mistook the time, date or place of an examination, or that you have made arrangements to be elsewhere at that time; for example, have booked plane tickets. If you are offered a deferred exam, but do not attend you will be awarded 0 marks for the exam. This may mean it becomes difficult for you to pass the subject. If you apply for a deferred exam within the required time frame and satisfy the conditions you will be advised by email (to your KOI student email address) of the time and date for the deferred exam. Please ensure that you are available to take the exam at this time. Marks awarded for the deferred exam will be the marks awarded for that item of assessment towards your final mark in the subject. Supplementary Assessments (Exams and Assessments): A supplementary assessment may be offered to students to provide a final opportunity to demonstrate successful achievement of the learning outcomes of a subject. Supplementary assessments are only offered at the discretion of the Board of Examiners. In considering whether or not to offer a supplementary assessment, KOI will take into account your performance on all the major assessment items in the subject, your attendance, participation and your history of any previous special considerations. If you are offered a supplementary assessment, you will be advised by email to your KOI student email address of the time and due date for the supplementary assessment – supplementary exams will normally be held at the same time as deferred final exams during week 1 or week 2 of the next trimester. You must pass the supplementary assessment to pass the subject. The maximum grade you can achieve in a subject based on a supplementary assessment is a PASS grade. If you: o are offered a supplementary assessment, but fail it; o are offered a supplementary exam, but do not attend; or o are offered a supplementary assessment but do not submit by the due date; you will receive a FAIL grade for the subject. Students are also eligible for a supplementary assessment for their final subject in a course where they fail the subject but have successfully completed all other subjects in the course. You must have completed all major assessment tasks for the subject and obtained a passing mark on at least one of the major assessment tasks to be eligible for a supplementary assessment. If you believe you meet the criteria for a supplementary assessment for the final subject in your course, but have not received an offer, complete the Complaint, Grievance, Appeal Form and send your form to [email protected] The deadline for applying for supplementary assessment is the Friday of the first week of classes in the next trimester. ICT205 ICT205 CYBER SECURITY T122 16/10/2021 11:37 PAGE 7 OF 16 2.7 Teaching Methods/Strategies Briefly described below are the teaching methods/strategies used in this subject: o Lectures (2 hours/week) are conducted in seminar style and address the subject content, provide motivation and context and draw on the students’ experience and preparatory reading. o Tutorials (2 hours/week) include class discussion of case studies and research papers, practice sets and problem-solving and syndicate work on group projects. Tutorials often include group exercises and so contribute to the development of teamwork skills and cultural understanding. Tutorial participation is an essential component of the subject and contributes to the development of many of the graduate attributes (see section 2.2 above). Tutorial participation contributes towards the assessment in many subjects (see details in Section 3.1 for this subject). Supplementary tutorial material such as case studies, recommended readings, review questions etc. will be made available each week in Moodle. o Online teaching resources include class materials, readings, model answers to assignments and exercises and discussion boards. All online materials for this subject as provided by KOI will be found in the Moodle page for this subject. Students should access Moodle regularly as material may be updated at any time during the trimester o Other contact – academic staff may also contact students either via Moodle messaging, or via email to the email address provided to KOI on enrolment. 2.8 Student Assessment Assessment is designed to encourage effective student learning and enable students to develop and demonstrate the skills and knowledge identified in the subject learning outcomes. Assessment tasks during the first half of the study period are usually intended to maximise the developmental function of assessment (formative assessment). These assessment tasks include weekly tutorial exercises (as indicated in the weekly planner) and low stakes graded assessment (as shown in the graded assessment table). The major assessment tasks where students demonstrate their knowledge and skills (summative assessment) generally occur later in the study period. These are the major graded assessment items shown in the graded assessment table. Final grades are awarded by the Board of Examiners in accordance with KOI’s Assessment and Assessment Appeals Policy. The definitions and guidelines for the awarding of final grades within the BIT degree are: o HD High distinction (85-100%) an outstanding level of achievement in relation to the assessment process. o DI Distinction (75-84%) a high level of achievement in relation to the assessment process. o CR Credit (65-74%) a better than satisfactory level of achievement in relation to the assessment process. o P Pass (50-64%) a satisfactory level of achievement in relation to the assessment process. o F Fail (0-49%) an unsatisfactory level of achievement in relation to the assessment process. ICT205 ICT205 CYBER SECURITY T122 16/10/2021 11:37 PAGE 8 OF 16 Provided below is a schedule of formal assessment tasks and major examinations for the subject. Assessment Type When assessed Weighting Learning Outcomes Assessed Assessment 1: Tutorial Weekly Weeks 3 – 12 1% each submission Total: 10% a, b, c, d Assessment 2: Quiz Week 4 5% a Assessment 3: Written individual assignment (2,000 words) Week 11 Report Submission Week 12 Demonstration 35% a, b, c, d Assessment 4: Final examination On-campus: 2 hours + 10 mins reading time Online: 2 hours + 30 mins technology allowance Final exam period 50% a, b, c, d Requirements to Pass the Subject: To gain a pass or better in this subject, students must gain a minimum of 50% of the total available subject marks. 2.9 Prescribed and Recommended Readings Provided below, in formal reference format, is a list of the prescribed and recommended readings. Prescribed Text: Ciampa, M., 2020, Security+ Guide to Network Security Fundamentals, 7th ed., Cengage Learning: Boston, USA. Recommended Readings: Easttom, W 2019. Computer Security Fundamentals, 4th Edition, Pearson. Moschovitis, C 2018, Cybersecurity Program Development for Business: The Essential Planning Guide, John Wiley & Sons, Incorporated, Newark. Available from: ProQuest Ebook Central. [9 June 2020]. Whitman, M, & Mattord, H 2018, Principles of Information Security, Cengage Learning US, Mason, OH. Available from: ProQuest Ebook Central. [9 June 2020]. Journal Articles: Furnell S., “The cybersecurity workforce and skills”, Elsevier Computers & Security, Vol. 100, PP. 102080, 2021. ISSN 0167-4048. Zhang D., Feng, G., Shi, Y. and Srinivasan, D., Physical Safety and Cyber Security Analysis of Multi- Agent Systems: A Survey of Recent Advances,” in IEEE/CAA Journal of Automatica Sinica, vol. 8, no. 2, pp. 319-333, 2021, doi: 10.1109/JAS.2021.1003820. Zhang-Kennedy, L. and Chiasson, S., A Systematic Review of Multimedia Tools for Cybersecurity ICT205 ICT205 CYBER SECURITY T122 16/10/2021 11:37 PAGE 9 OF 16 Awareness and Education, ACM Computing Survey, Vol. 54, No. 1, 2021. ISSN = 0360-0300. Journals: o Journal of Information System Security o ACM Transactions on Information and System Security o Computers and Security o IEEE Transactions on Information Forensics and Security Conference/ Journal Articles: Students are encouraged to read peer reviewed journal articles and conference papers. Google Scholar provides a simple way to broadly search for scholarly literature. From one place, you can search across many disciplines and sources: articles, theses, books, abstracts and court opinions, from academic publishers, professional societies, online repositories, universities and other web sites. Useful Websites: The following websites are useful sources covering a range of information useful for this subject. However, most are not considered to be sources of Academic Peer Reviewed theory and research. If your assessments require academic peer reviewed journal articles as sources, you need to access such sources using the Library database, Ebscohost, or Google Scholar. Please ask in the Library if you are unsure how to access Ebscohost. Instructions can also be found in Moodle. o https://www.cybersecurity-insiders.com/ 3. Assessment Details 3.1 Details of Each Assessment Item The assessments for this subject are described below. The description includes the type of assessment, its purpose, weighting, due date and submission requirements, the topic of the assessment, details of the task and detailed marking criteria, including a marking rubric for essays, reports and presentations. Supplementary assessment information and assistance can be found in Moodle. KOI expects students to submit their own original work in both assignments and exams, or the original work of their group in the case of group assignments. Marking guides for assessments follow the assessment descriptions. Students should compare final drafts of their assessment against the marking guide before submission. Assessment 1 Type: Tutorial Weekly Submissions (10%) (1% each submission) Purpose: Students will be required to answer questions in weekly tutorial exercises based on the topics covered in lectures. This assessment contributes to learning outcomes a, b, c, d. Value: 10% Due Date: Weekly (1% per week from weeks 3 – 12) Assessment topic: weekly covered contents. Task details: Weekly tutorial participation assessed during tutorial time. Students must complete the weekly tutorial exercises and upload the answers on Moodle. Tutors will provide feedback to the students during the activities conducted in tutorials Submission requirements details: Upload on Moodle every week on link provided ICT205 ICT205 CYBER SECURITY T122 16/10/2021 11:37 PAGE 10 OF 16 Assessment 2 Assessment type: Multiple Choice Quiz – individual assignment invigilated open book. Purpose: This assessment will allow students to demonstrate their understanding of the topics discussed during tutorials. This assessment contributes to learning outcome a. Value: 5% Due Date: Week 4 in usual tutorial timeslots Task Details: The quiz will consist of a series of multiple-choice questions relating to subject content taught in weeks 1 – 3 inclusive. Marking Rubric Quiz on Moodle: Criteria Fail (0 – 49%) Pass (50 – 64%) Credit (65 – 74%) Distinction (75 – 84%) High Distinction (85 – 100%) Number of correct answers 4 5 7 8 9 Total Mark: / 5 5% COMMENTS: Assessment 3 Assessment type: Practical and Written Assessment, Individual assignment (2000 words). Purpose: The purpose of this assignment is to assess the students’ understanding on identifying the risks, vulnerabilities and awareness of current industry and research trends in the field of information security. Students need to exercise operational, analytical, and critical skills in order to reduce the potential security risks involved in the given case study. Analyse and evaluate the organizational adoption of security controls. Design solutions for concrete security problems for distributed applications. This assessment contributes to learning outcomes a, b, c, d. Value: 35% Due Date: Report submission Week 11; Demonstration Week 12 Submission requirements details: All work must be submitted on Moodle by the due date. Reference sources must be cited in the text of the report and listed appropriately at the end in a reference list using Harvard Anglia referencing style. Assessment topic: Risk identification, assessment and treatment Task details: This Assignment requires you to perform risk identification, assessment and treatment based on the given case study. Also, it is required to implement ethical hacking (which does not do any malicious activity) on your own virtual machine. This is just for demonstration purposes and focusing the risk identification, assessment and treatment accordingly and you should not implement it on any other computers. The assignment’ requirements are Kali Linux and the required tools. Case Study for the Assignment: A pharmacy is specialized on selling health products. The pharmacy’s main sales are through their e-commerce website, where customers can issue orders and pay online. The pharmacy can receive orders through the following lines of sales • Online e-commerce website • Phone calls • Email orders Then the sales team are responsible on checking those emails and orders, prepare them and the deliver them to customer. This business got an exponential growth since 2020. This steady growth also brought challenges for the pharmacy. They have to secure the sensitive information of their employee; customer ICT205 ICT205 CYBER SECURITY T122 16/10/2021 11:37 PAGE 11 OF 16 and the most important assets are the orders Database. Moreover, their employees receive many emails and they have to filter the orders emails from other emails. The pharmacy had no dedicated security team and therefore till now no security policy is in place. Data breaches could have the pharmacy puts its reputation at risk, and patient expect a high level of protection of their data. It is highly recommended that there is a need to impose a certain level of filtering for the network to be secure so as to sustain from threats and attacks. To add restrictions on a particular network it is necessary to identify the possible threats to the organization. For example, it is necessary to identify the important services that run on the network. In order to get this done, there is a need to perform scanning on the network to identify the services and ports of the applications. Furthermore, the firewall needs to be configured by adding rules to block and allow the services based on the requirements of the organization and the security perspectives of the network. Part A: The pharmacy had no dedicated security team and therefore till now no security policy is in place. Recently, the governing body of this business forms a security team and makes following two goals that they would like to achieve in six months – Assessing the current risk of the entire business Treat the Risk as much as possible Task I: Risk Identification In achieving the above two goals, you will do the followings – 1. Find at least five assets 2. Find at least two threats against each asset 3. Identify vulnerabilities for the assets Task II: Risk Assessment At the end of the risk identification process, you should have i) a prioritized list of assets and ii) a prioritized list of threats facing those assets and iii) Vulnerabilities of assets. At this point, create ThreatsVulnerabilities-Assets (TVA) worksheet. Also, calculate the risk rating of each of the five triplets out of 25. TASK III: Risk Treatment In terms of Risk Treatment, for each of the five identified risk, state what basic strategy you will take. Justify for each decision. Also, Advise all possible protection mechanism and corresponding place of application. Part B: For better understanding of the above tasks, implement threat on your own virtual machine and consider tasks I, II, and III of part A: Tips: You may implement XSS attack or SQL injection or any other attacks that you can run it on your own system NOTE: You should not run the attacks on any other systems as you are not allowed to collect a user’s personal information due to the cybercrime. Section Description Marks Executive Summary Summary on what the report is addressing 3 Introduction Include a short description about the case study and an introduction on what is security from the organization’s perspective and what is the need for a security plan. 4 ICT205 ICT205 CYBER SECURITY T122 16/10/2021 11:37 PAGE 12 OF 16 Risk Mitigation Plan – Detail on how the organization wants to attain security (identify risks, threats, attacks) – Identify solutions to safeguard the organization (physical, human, electronic countermeasures) – Develop an appropriate security policy 8 Analysis Critical analysis of the scenario (include the attack implementation on your own system, testing the attack, and the treatment). 8 Conclusion Concluding thoughts on what has been addressed in the report – focus on the discussion of the findings 4 References and layout Enough references with a proper format The report must have a nice layout and structure 3 Demonstration Student presentation of the report 5 Marking Rubric for Assessment 1: Value 35% Criteria Fail (0 – 49%) Pass (50 – 64%) Credit (65 – 74%) Distinction (75 – 84%) High Distinction (85 – 100%) Executive Summary 3% Did not include the summary on what the report is addressing Includes executive summary but not clear and precise Clear with respect to the contents but can include more details Includes the complete details in the summary Very clearly written and structured Introduction 4% Did not provided the introduction Introduction provided but no complete details presented about the organization in the case study Introduction presented with a report on the case study Well-presented introduction with a report on the case study but not a clear structure and the problem is not raised Very clearly written and structured and the problem is clearly discussed Risk Mitigation Plan 8% No details provided on the most possible vulnerabilities, threats, and controls for the organization discussed in the case study Minimum level of details provided with a minimum of 1 to 2 vulnerabilities, threats, and controls identified A maximum of vulnerabilities, threats, and controls identified but needs more details on them Almost all possible vulnerabilities, threats, and controls identified with necessary level of details provided Very clearly written and structured with required detailed explanation and structure Analysis 8% No proper commands of Nmap have been used to provide a detailed analysis of the report and not supported with any screenshots. A minimum of 2 to 3 Nmap commands used with screenshots and results but no proper discussion provided on the analysis and the results obtained. A maximum of 4 to 5 Nmap commands has been used with screenshots and results but with minimum discussion provided on the analysis and the results obtained. A maximum of 6 to 8 Nmap commands has been used with screenshots and results with appropriate discussion provided on the analysis and the results obtained. A maximum of 8 Nmap commands used with screenshots and results with a very clear discussion on the analysis and well structured. Conclusion 4% No conclusion provided Conclusion not provided with complete findings in the report Conclusion not provided with necessary details Conclusion provided Very clearly written and structured ICT205 ICT205 CYBER SECURITY T122 16/10/2021 11:37 PAGE 13 OF 16 References and layout 3% No references used. No proper layout One reference is used with a poor format Poor layout 2-3 references are used with some inconsistencies in format Fair layout 4-5 references are used with a proper format Good layout More than 5 references are used with a proper format The report is well structured Demonstration 5% Did not attend the demonstration session Attended but not a good presentation. Not able to provide a clear explanation. Viva voce questions not answered properly The details provided to some extent. A few questions in the viva voce has been answered Good presentation with most of the questions answered Good presentation with all the answers Total Mark: / 35% COMMENTS: The assessment rubric has a demonstration. The requirements of the completion of this assessment looks for a demonstration to be completed by the students. Assessment 4 Assessment type: Final Exam: individual– invigilated open book exam. Duration: On-campus: 2 hours + 10 mins reading time. Online: 2 hours + 30 mins technology allowance. Purpose: The purpose of the final examination is to test student understanding of all topics covered in this subject. This assessment contributes specifically to learning outcomes a, b, c, and d. Value: 40% Due Date: The final exam will be held in the official KOI exam period in Week 14 of the trimester. The specific date and time of the exam will be posted towards the end of the trimester. Topic: The examination may cover content from any part of the subject. Task Details: Students will be expected to answer written response questions 3.2 General information about assessment a) Late Penalties and Extensions An important part of business life and key to achieving KOI’s graduate outcome of Professional Skills is the ability to manage workloads and meet deadlines. Completing assessment tasks on time is a good way to master these habits. Students who miss mid-trimester tests and final exams without a valid and accepted reason may not be granted a deferred exam and will be awarded 0 marks for the assessment item. Assessment items which are missed or submitted after the due date/time will attract a penalty unless there is a compelling reason (see below). These penalties are designed to encourage students to develop good time management practices, and to create equity for all students. Any penalties applied will only be up to the maximum marks available for the specific piece of assessment attracting the penalty. Late penalties, granting of extensions and deferred exams are based on the following: In Class Tests and Quizzes (excluding Mid-Trimester Tests) ICT205 ICT205 CYBER SECURITY T122 16/10/2021 11:37 PAGE 14 OF 16 o Generally, extensions are not permitted. A make-up test may only be permitted under very special circumstances where acceptable supporting evidence of illness, hardship or unavoidable problems preventing completion of the assessment is provided (see section (b) below). The procedures and timing to apply for a make-up test (only if available) are as shown in the section Applying for an Extension (see below). o Missing a class test will result in 0 marks for that assessment item unless the above applies. Written Assessments and Video Assessments o There is a late penalty of 5% of the total available marks per calendar day unless an extension is approved (see Applying for an Extension section below). Presentations o Generally, extensions are not permitted. Missing a presentation will result in 0 marks for that assessment item. The rules for make-up presentations are the same as for missing in-class tests (described above). For group presentations, if serious circumstances prevent some members of the group from participating, the members of the group who are present should make their contributions as agreed. If a make-up presentation is approved, the other members of the group will be able to make their individual presentation later and will be marked according to the marking rubric. A video presentation may be used to facilitate the process. Mid-Trimester Tests and Final Exams If students are unable to attend mid-trimester tests or final exams due to illness, hardship or some other unavoidable problem (acceptable to KOI), they must: o Complete the Assignment Extension / Exam Deferment Form available by clicking the following link Assignment Extension / Exam Deferment Form as soon as possible, but no later than three (3) working days after the exam date. o Provide acceptable documentary evidence (see section (b) below). o Agree to attend the deferred exam as set by KOI if a deferred exam is approved. Deferred exam o There will only be one deferred exam offered. o Marks obtained for the deferred exam will be the marks awarded for that assessment item. o If you miss the deferred exam you will be awarded 0 marks for the assessment item. This may mean you are unable to pass the subject. b) Applying for an Extension If students are unable to submit or attend an assessment when due, they must o Complete the Assignment Extension / Exam Deferment Form available by clicking the following link Assignment Extension / Exam Deferment Form as soon as possible, but no later than three (3) working days of the assessment due date. o Provide acceptable documentary evidence in the form of a medical certificate, police report or some other appropriate evidence of illness or hardship, or a technician’s report on problems with computer or communications technology, or a signed and witnessed statutory declaration explaining the circumstances. o Students and lecturers / tutors will be advised of the outcome of the extension request as soon as practicable. Please remember there is no guarantee of an extension being granted, and poor organisation is not a satisfactory reason to be granted an extension. c) Referencing and Plagiarism Please remember that all sources used in assessment tasks must be suitably referenced. ICT205 ICT205 CYBER SECURITY T122 16/10/2021 11:37 PAGE 15 OF 16 Failure to acknowledge sources is plagiarism, and as such is a very serious academic issue. Students plagiarising run the risk of severe penalties ranging from a reduction in marks through to 0 marks for a first offence for a single assessment task, to exclusion from KOI in the most serious repeat cases. Exclusion has serious visa implications. The easiest way to avoid plagiarising is to reference all sources. Harvard referencing is the required method – in-text referencing using Author’s Surname (family name) and year of publication. A Referencing Guide, “Harvard Referencing”, and a Referencing Tutorial can be found on the right-hand menu strip in Moodle on all subject pages. An effective way to reference correctly is to use Microsoft Word’s referencing function (please note that other versions and programs are likely to be different). To use the referencing function, click on the References Tab in the menu ribbon – students should choose Harvard. Authorship is also an issue under plagiarism – KOI expects students to submit their own original work in both assessment and exams, or the original work of their group in the case of a group project. All students agree to a statement of authorship when submitting assessments online via Moodle, stating that the work submitted is their own original work. The following are examples of academic misconduct and can attract severe penalties: o Handing in work created by someone else (without acknowledgement), whether copied from another student, written by someone else, or from any published or electronic source, is fraud, and falls under the general Plagiarism guidelines. o Copying / cheating in tests and exams is academic misconduct. Such incidents will be treated just as seriously as other forms of plagiarism. o Students who willingly allow another student to copy their work in any assessment may be considered to assisting in copying/cheating, and similar penalties may be applied. Where a subject coordinator considers that a student might have engaged in academic misconduct, KOI may require the student to undertake an additional oral exam as a part of the assessment for the subject, as a way of testing the student’s understanding of their work. Further information can be found on the KOI website. d) Reasonable Adjustment The Commonwealth Disability Discrimination Act (1992) makes it unlawful to treat people with a disability less fairly than people without a disability. In the context of this subject, the principle of Reasonable Adjustment is applied to ensure that participants with a disability have equitable access to all aspects of the learning for the subject. For assessment, this means that barriers to their demonstrating competence are removed wherever it is reasonably practical to do so. Examples of reasonable adjustment in assessment may include: o provision of an oral assessment, rather than a written assessment o provision of extra time o use of adaptive technology. The focus of the adjusted assessment should be on enabling the student to demonstrate achievement of the learning outcomes for the subject, rather than on the method of assessment. e) Appeals Process Full details of the KOI Assessment and Assessment Appeals Policy may be obtained in hard copy from the Library, and on the KOI website www.koi.edu.au under Policies and Forms. Assessments and Mid-Trimester Exams: Where students are not satisfied with the results of an assessment, including mid-trimester exams, they have the right to appeal. The process is as follows: ICT205 ICT205 CYBER SECURITY T122 16/10/2021 11:37 PAGE 16 OF 16 o Discuss the assessment with their tutor or lecturer – students should identify where they feel more marks should have been awarded – students should provide valid reasons based on the marking guide provided for the assessment. Reasons such as “I worked really hard” are not considered valid. o If still not satisfied, students should complete an Application for Review of Assessment Marks form, clearly explaining the reasons for seeking a review. This form is available from the KOI website under Policies and Forms and is also available at KOI Reception (Kent St, Market St and O’Connell St). The completed Application for Review of Assessment Marks form should be submitted as explained on the form with supporting evidence attached to [email protected] . o The form must be submitted within ten (10) working days of the return of the marked assessment, or within five (5) working days after the return of the assessment if the assessment is returned after the end of the trimester. Review of Grade – whole of subject and final exams: Where students are not satisfied with the results of the whole subject or with their final exam results, they have the right to request a Review of Grade – see the Assessment and Assessment Appeals Policy for more information. An Application for Review of Grade/Assessment Form (available from the KOI Website under Policies and Forms and from KOI Reception at Kent St, Market St and O’Connell St) should be completed clearly explaining the grounds for the application. The completed application should be submitted as explained on the form, with supporting evidence attached to [email protected] .