ICTCYS612 Assessment Student Workbook
ICTCYS612 Assessment Student Workbook
ICTCYS612 Assessment Student Workbook
T: +61 2 8844 1000 | E: [email protected] | RTO ID: 45432 | CRICOS Code: 03717E
Assessment Workbook
ICTCYS612 Design and implement
virtualised cyber security infrastructure for
organizations
student
assessment
tasks
Table Of Contents
Introduction 4
Assessment Task 1: Knowledge Questions 5
Assessment Task 1: Checklist 8
Assessment Task 2: Project Portfolio 9
Section 1: Virtualised cyber security infrastructure 13
Section 2: Implementation and testing 19
Assessment Task 2: Checklist 21
Final Results Record 23
Case Study 24
Student name: Muhammad Usman
Student ID:
Date: 10/22/2024
Business this assessment Simulation Pack (Jonathans’ Graphic Design & King Edward VII
is based on: College)
i Assessment information
Information about how you should complete this assessment can be found in Appendix
A of the IT Works Student User Guide. Refer to the appendix for information on:
where this task should be completed
the maximum time allowed for completing this assessment task
whether or not this task is openbook.
Note: You must complete and submit an assessment cover sheet with your work. A
template is provided in Appendix C of the Student User Guide. However, if your RTO
has provided you with an assessment cover sheet, please ensure that you use that.
1. List three features associated with implementation methodologies for cyber security.
Access Control: This feature refers to the establishment of measures and protocols to
regulate and restrict access to sensitive data and critical systems within an
organization. It involves implementing authentication and authorization processes to
ensure that only authorized personnel can access specific resources, thereby reducing
the risk of unauthorized access and data breaches.
2. Describe each of the following that are key features of a cyber security infrastructure.
3. Describe the purpose of each of the following organisation procedures when designing and
implementing cyber security infrastructure.
Testing methods and procedures The goal of testing involves determining the
predicted observation in advance and contrasting it
with what is actually observed.
Distributed denial of service (DDoS): A denial of service (DoS) attack aims to overtax
the resources of a target system, render it inoperable, and prevent people from
accessing it. In a distributed denial of service (DDoS) attack, a large number of
compromised computers or other devices are used in a coordinated assault on the
target system.
5. List three factors that can influence tolerance of cyber security risk.
Public WiFi: Employees should never use public wifi when conducting personal or
business tasks. You should assume that all network traffic on your computer while
connected to public wifi can be accessed.
IEC/ISO 27032: A widely acknowledged standard known as ISO 27032 offers organisations
advice on cybersecurity. The Standard is made to assist organisations in managing the
risks related to the use of technology and defending themselves against cyberattacks. It
offers recommendations on how to recognise, evaluate, and control cyber threats and is
based on a risk management strategy. Guidance on incident response and recovery is also
provided in the Standard.
Student’s name:
Question 1 ☐ ☐
Question 2 ☐ ☐
Question 3 ☐ ☐
Question 4 ☐ ☐
Question 5 ☐ ☐
Question 6 ☐ ☐
Assessor signature:
Assessor name:
Date:
Assessment information
i
Information about how you should complete this assessment can be found in Appendix
A of the IT Works Student User Guide. Refer to the appendix for information on:
where this task should be completed
how your assessment should be submitted.
Note: You must complete and submit an assessment cover sheet with your work. A
template is provided in Appendix B of the Student User Guide. However, if your RTO
has provided you with an assessment cover sheet, please ensure that you use that.
This project requires you to research, design, implement and test virtualised cyber
security infrastructure on two different occasions.
You can complete this project based on the case study organisations in the
ICTCYS612 Simulation Pack or you can base it on two organisations that you are
familiar with or working for. If you choose to complete the project based on the two
organisations of your choice, it is important that they are both small to medium
sized business and you can access information about the operational details
required to determine cyber security requirements. You will also need to able to
access all of the required hardware and software and components, as well as
application and user security technologies and cyber security providers. Speak to
your assessor to get approval if you want to base this on two organisations of your
choice.
You will be collecting evidence for this unit in a Project Portfolio. The steps you
need to take are outlined below.
2. Preparation
Make sure you are familiar with the organisations you are basing this assessment
on and have read through the necessary background information. For the case
study organisations, this is all of the documents included in the ICTCYS612
Simulation Pack. If it’s your own organisations, it’s important that you have this
approved by your assessor.
Complete Page 4 of your Project Portfolio for this unit.
Read through the requirements of Section 1 and 2 of your Project Portfolio which
include detailed guidance relevant to all the assessment activities.
You are now to complete Section 1 of your Project Portfolio by preparing to design
and then designing the virtualised cyber security infrastructure. This involves:
Reviewing and reporting on each organisation’s operations to determine their
cyber security needs
Researching and identifying options for network security for each organisation,
as well as security technologies that can be used.
Determining the data types that need to be protected, required security levels
and boundaries and mission critical server requirements.
You are now to present your infrastructure designs. Your presentation will be
approximately 15 minutes.
Speak carefully to your presentation and ensure you clearly articulate the
information using industry standard technical language. In addition use suitable
questioning techniques to seek feedback and active listening skills to listen to
feedback provided.
This can either be viewed in person by your assessor or you may like to video
i
record the session for your assessor to watch later. Your assessor can provide you
with more details at this step. Make sure you follow the instructions above and
meet the timeframes allocated.
Now that you have designed your virtualised cyber security infrastructure for each
organisation, you are to implement your infrastructure as set out in your
implementation plan. Once the infrastructure for each organisation is in place, you
will also need to test it to ensure it is functioning correctly and adjust it as required.
You will also need to speak to your assessor to get their feedback on your
implementation of the design and testing.
Make sure you have completed all sections of your Project Portfolio, answered all
questions, provided enough detail as indicated and proofread for spelling and
grammar as necessary. Remember to submit all necessary attachments.
You are then to submit this to management (your assessor) via email. Your email
must seek final sign off for the identify management plan, as well as seeking
feedback (which you must also respond to).
Network security options and Network 1 Virtual Private Network (VPN): A VPN
technologies Security . creates a secure, encrypted connection
Options over a less secure network, such as the
Based on the organisation’s
internet. This ensures that data
cyber security needs, identify
transmitted between the business
and describe network security
owner’s device and the virtual machine
options, as well as suitable
(VM) is secure. It also protects data in
security technologies.
transit from eavesdropping and man in
Remember that these must
the middle attacks.
relate to virtualised cyber
security infrastructures.
2 Virtual Firewall: A virtual firewall is a
Include at least two options for . software-based firewall deployed within
Requirements Requirements
Describe the data types to be
Data Types to be Protected
protected, security levels
required and secure boundary 1. Customer Database:
requirements.
Description: Contains personal information
Further, describe the of customers.
missioncritical network servers Protection Needs: Encryption, access
that are part of the infrastructure. control, regular backups.
2. Financial Data:
Description: Managed through Xero,
includes financial transactions and
accounting information.
Protection Needs: Multifactor
authentication (MFA), encrypted data
transfer, secure access controls.
3. Graphic Design Files:
Description: Design projects and related
files stored on OneDrive.
Protection Needs: Encryption, secure
Responsibilities
IT Consultant: Set up IDS, configure logging, establish
Tools Tools
Outline the tools that you 1. VMware Workstation/Fusion or VirtualBox: These tools
will use to implement the will be used to create and manage the virtual machines for
infrastructure. Explain how both Mac and Windows environments.
you will obtain access to the 2. Firewall Software:
network and data you need. Windows Firewall: Built-in firewall for the Windows
VM.
macOS Firewall: Built-in firewall for the Mac VM.
3. Antivirus and Anti-Malware Software:
Windows Defender: Built-in antivirus for the
Windows VM.
ClamXAV or Sophos: Antivirus solutions for the
Mac VM.
4. Encryption Tools:
BitLocker: For encrypting data on the Windows VM.
FileVault: For encrypting data on the Mac VM.
5. Backup Solutions:
Time Machine: For backing up the Mac VM.
Windows Backup and Restore: For backing up the
Windows VM.
6. Multi-Factor Authentication (MFA) Tools:
Authy or Google Authenticator: For implementing
MFA for access to critical applications like Xero and
OneDrive.
7. Intrusion Detection System (IDS) and Monitoring Tools:
Snort or Suricata: Open-source IDS tools for
monitoring network traffic and detecting suspicious
activities.
8. Network Segmentation Tools:
Virtual LAN (VLAN): To create isolated networks for
the VMs.
1. Customer Database:
Location: Stored locally on the physical host or
within the VMs.
Access: Direct access through the VM software,
with encryption and access controls in place.
2. Xero Accounting System:
Location: Cloud-based service.
Access: Via a web browser or dedicated app,
secured with MFA. Ensure that secure connections
(HTTPS) are used.
Feedback Feedback
Document the feedback you
received from the
presentation regarding your
design.
Adjustments
Describe your response to
this feedback and
adjustments you will make.
Attach: Screenshots ☒
Presentation ☒
Requirements Requirements
Describe the data types
Data Types to be Protected
to be protected, security
levels required and 1. Student Management System Data:
secure boundary System: RTO Manager
requirements. Data: Student personal information, academic
records, enrolment details.
Further, describe the
2. Accounting Data:
mission critical network
System: Xero
servers that are part of
Data: Financial records, transaction details,
the infrastructure.
invoices.
3. Staff Files:
Data: Personal information, employment records,
performance reviews.
4. Operational Files:
Data: Academic documentation, enrolment forms,
institutional records.
Tools Tools
Outline the tools that you will VMware Workstation/Fusion or VirtualBox:
use to implement the Purpose: Creating and managing virtual machines.
infrastructure. Explain how you Access: Download and install from the official
will obtain access to the websites. VMware products require licenses,
network and data you need. VirtualBox is free.
Windows Firewall and macOS Firewall:
Purpose: Network traffic control and monitoring.
Access: Integrated into Windows and macOS
operating systems.
Windows Defender and ClamXAV/Sophos:
Purpose: Antivirus and anti-malware protection.
Access: Windows Defender is pre-installed;
ClamXAV/Sophos can be downloaded from their
websites.
BitLocker and FileVault:
Purpose: Encrypting data on Windows and Mac
VMs.
Access: Integrated into Windows and macOS
operating systems.
Time Machine and Windows Backup and Restore:
Purpose: Regular backups of VMs.
Access: Built into macOS and Windows operating
systems.
Authy or Google Authenticator:
Purpose: Implementing multi-factor authentication
(MFA).
Access: Available for download from app stores.
Snort or Suricata:
Purpose: Intrusion detection system (IDS) for
network monitoring.
Access: Download from official websites.
Virtual LAN (VLAN):
Purpose: Network segmentation for isolating VMs.
Access: Configure through network router or switch
settings.
Feedback Feedback
Document the feedback you
received from the presentation
regarding your design.
Attach: Screenshots ☒
Presentation ☒
Adjustments Adjustments
Based on the tests you
ran, monitoring and user
feedback describe the
adjustments you need to
make.
Attach:
Screenshots ☒
Adjustments Adjustments
Based on the tests you ran,
monitoring and user
feedback describe the
adjustments you need to
make.
Attach:
Screenshots ☒
Student’s name:
Completed
successfully? Comments
Assessor signature:
Assessor name:
Date:
Student name:
Assessor name:
Date
Result
Feedback
I hereby certify that this student has been assessed by me and that the assessment has been
carried out according to the required assessment procedures.
Mission critical network Through service providers i.e. Xero and OneDrive.
servers
Security levels A multilevel security mode is needed such that everyone must
have permission to access the system but specific access for
specific data will be required.
Mission critical network Through service providers i.e. RTO Manager, Xero and OneDrive.
servers