BSBXCS302 Identify and report online security threats

BSBXCS302 Identify and report online security threats

Project

BSBXCS302IA_02

Student name:

Student ID:

Student Assessment

Assessment Guide

Prior to starting your Assessment, familiarise yourself with the Assessments overview section which can be found in the 101Start Course in your MyUpskilled. The information contained in this document is relevant to all assessments you undertake in this course.

Assessment information

You are required to complete two separate assessment activities for BSBXCS302.

This document includes instructions for the second assessment activity BSBXCS302IA_02.

Grading outcomes

• The outcome of an assessment tasks as either Satisfactory (S) or Not Satisfactory (NS).

• When all assessment tasks are deemed Satisfactory (S), the unit outcome is marked Competent (C).

• If at least one of the assessment tasks is deemed Not Satisfactory (NS), the unit outcome is Not Yet Competent (NYC).

• If deemed Not Yet Competent (NYC), the student will be able to resubmit for additional attempts as outlined in the Student Handbook.

Assessment Type

This assessment contains the following for you to complete:

Assessment 2: Project

Required resources and equipment

You will need the following resources, tools and equipment to complete this assessment task:

• At least 1 person (i.e., colleagues or fellow students) to participate in the assessment roleplay

• Word processing software (Google Docs or other)

• A device with an active internet connection

• Internet browser

Submission Requirements

• Answer all questions

• Upload your answers to MyUpskilled.

• The due date for this assessment is provided in the students individual training plan

• Check your submission for spelling, grammar, readability, etc.

• Check your submission addresses the assessment instructions, the requirements in the assessment checklist and any other requirements.

• Ensure you have provided references for material that has been sourced from elsewhere.

• Save your submission in an appropriate format:

• Text documents must be saved in .docx, Excel in .xls, PowerPoint in .pptx, etc.

• Audio files must be saved in WAV, MP3, AAC, WMA or FLAC format

• Video files must be saved in MP4, WMV, MOV or AVI format

• You must save your submission documents in the format Unit of competency_Assessment task or part_your name_date submitted.docx. For example, UOC Code _Task 1_Joan Smith_20Apr2020.docx.

• Do not compress (zip) the documents when uploading it for assessment or include within folders.

Video/audio submission requirements

There are activities which will require you to submit a video or audio recording to fulfill the requirements of an assessment Activity. Videos or audio recordings that require participants (i.e., meetings, or role plays, etc.) will require the student and participant(s) to provide a Declaration of Consent statement. Participants need to be (16) sixteen years of age or older. This is necessary for Upskilled to maintain Upskilled policies and procedures and comply with Privacy Legislation.

• At the start of the recording, EACH person who is participating in the video/audio recording must declare their name and they are a willing participant. For video recordings, it is necessary for the participant to be seen in the video making their statement.

• Student Script:
  My name is _____, a student with Upskilled. I am recording this video or audio for my Upskilled course and understand it will be viewed by Upskilled staff and may also be viewed by regulatory staff. I am a willing participant for this recording.

• Participant script:
  My name is _____ and will be a participant in this recording. I understand the purpose and use of this recording and I am participating willingly.

Feedback

Trainer/Assessors are required to review the assessments and make comments either in the document or in the Trainer/Assessors Feedback form and upload it to My Upskilled

Assessment Overview

Skillage IT was established in 1996 to provide information technology solutions for small to medium-sized businesses. You can learn more about Skillage IT from their website.

You have joined Skillage IT and are working within their ICT department. Your supervisor requires you to undertake a basic review and analysis to identify and report online security threats, respond to an online security breach and support post-breach review.

You will be required to demonstrate skills and knowledge to work effectively and efficiently to complete the required assessment tasks and activities.

You have spoken to your supervisor and received the following information:

Network security risks are rising in the business. The efficiency of these threats cascading into major attacks and subsequent breaches depends on the weakness of the networking structures of the organisation. Data security and data protection itself are essential considerations for the organisation. Due to the transparency of the new software-based systems, it is increasingly necessary and essential to detect and mitigate network security threats and vulnerabilities by using correct security test techniques. The most common network security threats in the organisation are computer viruses, rogue security software, trojan horse, adware and spyware, computer worm, DOS and DDOS attack, phishing, rootkit, SQL injection attack, and man-in-the-middle attacks.

You must complete this task considering the following assessment requirements:

• The assessment is based on identifying network security threats (work area)

• The assessment can be completed in a home network

• You will be required to consider the home network as a workplace extension to carry out the assessment.

• Your participant will still provide you with assistance and participate according to the job role and responsibilities assigned.

• You will be assessed according to the assessment criteria.

Assessment requirements

• The purpose of this assessment task is to identify and report online security threats to limit potential impact of cybersecurity breaches.

• This is an individual assessment.

• To ensure your responses are satisfactory, you should consult a range of learning resources and other information such as textbooks, and learner resources in Canvas, etc.

• All questions must be answered to gain competency for this assessment.

• This assessment task requires you to assume the role of a technical support engineer

• This assessment task requires you to complete different assessment activities as per the given scenario.

• You must use the given templates while giving the answers.

• Your Trainer/Assessor will assess your work according to the given performance criteria/ performance checklist

Assessment Instructions

Successful submission of the project means that you submit evidence for a portfolio of three (3) Activities listed below. You are to submit this document and all documents listed in the Assessment Checklist below:

• Activity 1: Identify and report three (3) online security (Written)

• Activity 2: Respond to an online security breach (Written)

• Activity 3: Support post- breach review (Written & Meeting)

Project Objectives

You are required to identify and report online security threats to limit potential impact of cybersecurity breaches.

The following are the goals and objectives to complete this assessment task:

• Identify online security threats

• Review internal policies, procedures and plans relating potential online security breaches

• Identify features of common types of potentially fraudulent communications

• Implement techniques to verify suspicious requests for information

• Respond to an online security breach

• Block and report potential security breaches on computer and mobile device according to organisational policies and procedures

• Respond to actual security breach or cybersecurity incident according to organisational response plan

• Report security breach or cybersecurity incident according to legislative requirements and organisational policies and procedures

• Support post- breach review

• Provide information to required personnel to assist in documenting potential and actual breaches

• Support post-incident review and identifying lessons learnt

• Contribute updates to cybersecurity incident response plan as required and within scope of own role

Your Role and Responsibilities

As part of your job role, you have the following job responsibilities:

• Modifies behaviour following exposure to new information

• Asks open and closed probing questions and actively listens to ensure that concepts regarding cybersecurity are well understood

• Recognises and interprets information from relevant sources to determine organisational expectations relating to cybersecurity

• Uses clear, specific and industry-related terminology relating to cybersecurity for breach and incident reports

• Uses appropriate technology platforms to share information within the organisation relating to potential online security threats.

Roles and Responsibilities of Participants

Throughout the project, you will be required to communicate with your participant, either face to face or remotely through teleconferencing or the use of social media technologies or applications.

Your friends, family members or fellow students (befriend students in the course discussion forums) will play the part of your participant in the roles for each of the activities. They can be the same people or differing people for each of the activities. The main roles applicable to the assessment task includes:

Participant: Supervisor/Manager

The supervisor or manager is the individual who supervises you in your job role. They belong of higher rank or status. Their job role and responsibilities are:

• Assist you to complete the project

• Help you to clarify relevant information

• Communicate and collaborate with you for relevant assessment activities

Note: Each student will be assessed individually for all assessment activities.

Assessment Activities

Activity 1: Identify and report three (3) online security threats (Written)

In this assessment activity, you will be required to prepare yourself to identify and report three (3) online security threats in a work area.

Access and review Skillage ITs policies that can be found on the Resources page of their website.

You are required to collate information on the business need for online security from threats, and then document and complete the following report template:

Activity 1 Performance Checklist

Activity 2: Respond to an online security breach (Written)

This activity is a continuation of activity 1.

In this assessment activity, you are required to respond to one online security breach. The online security breach can be selected from the three security breaches identified as part of the Assessment Activity 1.

You are expected to:

• Block and report potential security breaches on computer and mobile device according to organisational policies and procedures

• Respond to the security breach or cybersecurity incident according to Skillage ITs Cybersecurity Response Plan

• Report security breach or cybersecurity incident according to legislative requirements and organisational policies and procedures

You must use the template below to record the answers for this assessment activity.

Note: You must attach the evidence of completion of each of the below-mentioned skills assessments. You may use any emails or documents that you create. You may also use the following documents from Skillage ITs Cybersecurity Response Plan, available in Additional Resources, or any others you deem appropriate:

• Incident Report Form Template

Activity 2 Performance Checklist

Activity 3: Support post- breach review (Written & Meeting)

This activity is a continuation of the previous assessment activities.

To complete this assessment task, you are required to support post-breach review, and provide information to your supervisor (your participant) during a meeting. There are two parts to this activity:

• Part A: Prepare post-breach review

• Part B: Record and participate in the meeting

Part A: Prepare post-breach review

In this assessment activity, you are required to support post- breach review by demonstrating practically that you meet each of the following criteria:

• Provide information to required personnel to assist in documenting potential and actual breaches

• Support post-incident review and identifying lessons learnt

• Contribute updates to Cybersecurity Incident Response Plan as required and within scope of own role

Access and use the Skillage ITs Cybersecurity Response Plan that can be found on the Resources page of their website.

You must use the template below to record the answers for this assessment activity.

Note: You must attach the evidence of completion of each of the below-mentioned skills assessments. You may use any emails or documents that you create. You may also use the following documents from Skillage ITs Cybersecurity Response Plan, available in Additional Resources, or any others you deem appropriate:

• Post-Breach Review Form Template

• Resolution Action Plan Template

Part B: Participate in the meeting

This part requires you to participate in the meeting with your participant. Remember to audio or video record the meeting.

When conducting the meeting, you are required to:

• Greet your supervisor

• Provided information on:
  
  
  • assisting in documenting potential and actual breaches
  
  
  • supporting post-incident review
  
  
  • identifying lessons learnt
  
  
  • contributing updates to Cybersecurity Incident Response Plan
  
  
  
• Obtain feedback from your supervisor
  
  
  • Use listening and questioning to elicit the views of others and to clarify or confirm understanding
  
  
  

The supervisor will:

• Clarify their doubts by asking questions

• Provide feedback on the improvements required

• Take receipt of the final evaluation and recommendations report

Meeting Requirements

• Refer to Activity 3 Assessors Observation Checklist before conducting this meeting.

• The video should be between 5- and 8-minute duration.

• Save your submission in an appropriate format:

• Video files must be saved in MP4, WMV, MOV or AVI format

• Click to view Video/audio submission requirements

Activity 3 Assessors Observation Checklist

Assessment Checklist