SIT284/SIT763 Cyber Security Management
SIT284/SIT763 Cyber Security Management Assignment 1
Weight: 20%
Brief description :
This task requires students to demonstrate your ability to plan for assessment (identify) of
cyber security risks in a corporate setting. Students will be required to evaluate approaches
to cyber security management with emphasis on planning. Students will need to decide and
justify the elements to be included in a plan for a given (hypothetical) organisation and
present the plan to high level management for approval. Students will be assessed on their
ability to investigate, compare, and justify suitable elements to include in the plan and
effectively communicate this to high level management. This task will cover ULO1 and ULO2.
SIT284/SIT763 Cyber Security Management
Assignment Extensions
To seek an extension for this assignment, you will need to apply via the online Assignment
Extension Tool in the SIT763 unit site via XXXSync. Assignment extensions can be granted
up to 7 calendar days.
Referencing, plagiarism, and collusion
Any work that you submit for assessment must be your own work. Please note that this unit
has systems in place to detect plagiarism and all submissions are submitted to this system.
Submitting written work, in whole or in part, that is copied or paraphrased from other authors
(including students), without correct acknowledgement, is considered one of the most serious
academic offences. This practice is equivalent to cheating in examinations and it may lead to
expulsion from the University. For further information, you should refer to Regulation 4.1(1),
Part 2—Academic Misconduct, via (Current university legislation).
Please note that these regulations are not intended to discourage group work and exchange
of views and information with other students and staff. Such interaction is most desirable if
you write your own answers and acknowledge any quoted sources. We see responsible
attitudes to plagiarism as part of general good ethical practice. Ensure you have familiarised
yourself with the rules and regulations on plagiarism and collusion.
COVID-19 has changed the way people work. At a rapid pace, both in Australia and overseas,
many businesses have shifted to a work-from-home workforce. This has created new risks
and during these unprecedented times, cyber criminals are seeking to exploit uncertainty
surrounding COVID-19. Furthermore, this has presented numerous challenges for employers
in terms of cyber security, data protection and compliance with privacy laws.
SIT284/SIT763 Cyber Security Management
Therefore, it is vital to inform policy and guidance around cyber security for future
pandemics/outbreaks and play a role in how Australian businesses can factor this into cyber
resilience planning to better protect themselves.
The Office of the Australian Information Commissioner (OAIC) has issued some guidance to
help entities regulated by the Privacy Act 1988 address their privacy obligations during the
coronavirus pandemic.
Task 1 (brainstorming exercise) [15 Marks] :
Please refer to the legislation, Privacy Act 1988, Compilation No. 93, and address the
followings.
- What is Privacy Act 1988 and as per this Act what is the meaning of responsible
person? 3 marks - What do you mean by the breach of an Australian Privacy Principle (APP)? 3 marks
- As per Part III of the Privacy Act 1988 you have the right to know why your personal
information is being collected, how it will be used and who it will be disclosed to. Given
this, do you think that your employer needs to justify the collection of your covid
vaccination status information? 3 marks - In what circumstances your employer can disclose information about your vaccination
without your consent? 2 marks - What if you are working or applying volunteer, do you still need to disclose your
vaccination status to your employer or potential employer, respectively. 2 marks - To whom you can lodge a complaint in case if you are not satisfied. 2 marks
SIT284/SIT763 Cyber Security Management
Task 2 (brainstorming exercise) [35 marks] :
CovidSafe app is a well-known Australia’s contact and trace app used by Australian
government as a technological solution to alleviate the spread of covid-19 events. Read more
about this app and answer the following questions.
- Give five reasons, from a socio-ethical lens, why a group of researchers have
mentioned that the app has been unsuccessful. 5 marks - Identify five key vulnerable individuals (including tech infrastructure) that this app
does not account for? 5 marks - From a cyber-security context, what are the gravest five cyber challenges for these
contact tracing apps? 5 marks
Please clarify the confusion, from data ownership, trust, and control perspective. This
confusion also comes about in regards to the value of such apps when the following questions
are pose:
SIT284/SIT763 Cyber Security Management
- A) Who owns the data? B) Who is driving the deployment of the app in the first place?
C) Who are the companies behind its creation? D) Who will be held accountable and
by which oversight body, for the potential misuse of location and social networking
information when COVID-19 runs its course (for example)? Please cover all four points.
10 marks - A) Who owns the data? B) Who is driving the deployment of the app in the first place?
C) Who are the companies behind its creation? D) Who will be held accountable and
by which oversight body, for the potential misuse of location and social networking
information when COVID-19 runs its course (for example)? Please cover all four points.
10 marks
Reading resources:
Note: This is an individual assessment task. The student is required to submit their solution
for given problems along with the exhibits to support findings, and a bibliography in Harvard
style. Your response should not exceed 4 pages (or 750-1000 words). The report should be
in word file. Use Times new roman font (size 12), line spacing 1, and please justify the text.
No footnotes allowed. Tables and Figures will not be counted in the word length.