Unit Outline

This unit focuses on the planning and implementation aspects of cybersecurity. It first introduces cybersecurity frameworks and highlights the modern cybersecurity landscape. It then delves into recent cybersecurity threats and their attack models, along with modern security measures to counter these attacks. Next, the unit discusses incident response processes and enhances students' understanding of digital forensics within the cybersecurity domain. It introduces the basics of the digital forensic process, including the tools and techniques used. Students enhance their digital forensics skills through workshops and tutorials, applying an industry-proven eForensics toolkit for evidence acquisition, processing, analysis, and reporting. Lastly, the unit examines system stack weaknesses and their implications, using the most recent vulnerability listings as a reference. Students gain hands-on experience in vulnerability analysis by working on software applications that have known vulnerabilities, and learning how to prevent such occurrences.

Intended Learning Outcomes

As per the Assessment and Results Policy 1.3, your results will reflect your achievement against specified learning outcomes.

On completion of this unit, you will be able to:


1	Explain modern-day digital security and safety measures in order to devise an incident response plan.
2	Design, develop and critique a software application in order to demonstrate preventive measures against Common Weakness Enumeration Vulnerabilities.
3	Recommend and apply eForensic tools in digital forensic scenarios.
4	Investigate eForensic artefacts by applying principles and techniques of digital forensics.

Requisites


REQUISITE TYPE	REQUISITES
Pre-requisite	KIT501

Alterations as a result of student feedback

Nil.

Teaching arrangements


ATTENDANCE MODE	TEACHING TYPE	LEARNING ACTIVITY	CONTACT HOURS	FREQUENCY
On Campus	Lecture (On Campus)	A real-time (i.e. synchronous) interactive activity involving the whole class whose primary purpose is the presentation and structuring of information/ideas/skills to facilitate student learning. All students are expected to attend.	2	Once only (4 times)
	Workshop	A structured real-time (i.e. synchronous) activity that involves a mix of presentation of new information/ideas/skills and guided activities related to that information/ideas/skills. All students are expected to attend.	2	Once only (4 times)
	Tutorial	A structured real-time (i.e. synchronous) activity in a small-group setting where the primary purpose is the clarification, exploration or reinforcement of subject content presented or accessed at another time or place (e.g. lecture, preparatory work). It is reliant on student-teacher and student-student interaction and dialogue for achievement of its learning outcomes. The students enrolled in the tutorial are expected to attend.	2	Once only (5 times)
	Independent Learning	Involving reading, listening to audio, watching video, and/or completing exercises and/or quizzes, self-study is individual work undertaken when the student chooses (i.e. asynchronous), most likely through engagement with MyLO. The content is examinable, and may need to be completed prior to attending classes and/or attempting assessment tasks.	2	Weekly

Attendance / engagement expectations

If your unit is offered On campus, it is expected that you will attend all on-campus and onsite learning activities. This is to support your own learning and the development of a learning community within the unit. If you are unable to attend regularly, please discuss the situation with your course coordinator and/or our UConnect support team.

If your unit is offered Online or includes online activities, it is expected you will engage in all those activities as indicated in the Unit Outline or MyLO, including any self-directed learning.

If you miss a learning activity for a legitimate reason (e.g., illness, carer responsibilities) teaching staff will attempt to provide alternative activities (e.g., make up readings) where it is possible.

How will I be Assessed?

For more detailed assessment information please see MyLO.

Assessment schedule


ASSESSMENT TASK #	ASSESSMENT TASK NAME	DATE DUE	WEIGHT	LINKS TO INTENDED LEARNING OUTCOMES
Assessment Task 1:	Cybersecurity incident analysis	Week 6	25 %	LO1, LO3
Assessment Task 2:	Cybersecurity vulnerability analysis	Week 14	20 %	LO1, LO2
Assessment Task 3:	Cybersecurity planning, incident response, and Vulnerability Assessment quiz	Refer to Assessment Description	15 %	LO1, LO2, LO4
Assessment Task 4:	Forensic Toolkit (FTK) assignment	Refer to Assessment Description	40 %	LO3, LO4

Assessment details

Assessment Task 1: Cybersecurity incident analysis

Task Description:

Students will work in groups to research cybersecurity incidents of high impact that have occurred in the last 10 years. The template of this research will follow the "Anatomy of a cyber-attack" and “incident response planning” guidelines provided in weeks #2 and #3. The outcome of this research will be a 15-minute presentation by each group. This presentation will highlight the background, timeline, impact, preventive measures and response planning in relation to the incident. Moreover, based on the incident and response plan, the group will recommend a set of digital forensic tools that can be applied for investigation. This assignment will enable students to learn about modern-day cybersecurity measures in place and explain their motivation and limitations to devise an effective incident response plan.
This assessment consists of both group and individual tasks.
The topics for this research will be posted in week 3 on MyLO. Student groups will select the topic of their interest and research the relevant cybersecurity incident. The assessment will be due in week 6.

Task Length:

recorded presentation of 20-25 slides, depending on the incident under discussion

Due Date:

Week 6

Weight:

25 %

CRITERION #

CRITERION

MEASURES INTENDED

LEARNING OUTCOME(S)


1	Research a high impact cybersecurity incident and discuss its impact on cybersecurity planning and response.	LO1
2	Analyse the incident and present the research using the required template	LO1
3	Recommend an incident response plan and justify appropriate countermeasures to defend against similar cybersecurity threats.	LO1
4	Recommend a set of digital forensic tools that can be applied for the investigation of similar threats.	LO3

Assessment Task 2: Cybersecurity vulnerability analysis

Task Description:

This assessment is a combination of group and individual tasks. Students will work to enhance a software application that demonstrates code-level vulnerabilities. To develop the secure application variant, students will work as a team to assess the embedded software weaknesses and provide a post-solution critique. For the solution, students will work individually to design and develop security patches to the assigned weaknesses. The solution to the identified weaknesses will reference the latest CWE listings. In addition to the source code, students will submit a video demonstration and a post-implementation report that addresses the critique and the analysis aspects of the assignment. This includes a scope of work, identified vulnerability in the code and its implications, security patch design for each weakness identified and outcomes of test cases. This assignment aims to teach students to work as a team to assess vulnerabilities under the umbrella of CWE listings, and provide solution adhering to industry-based secure development practices.
Assignment specification will be made available in Week #7. Assignment submission will be due after Week 13.

Task Length:

A software application accompanied with an analysis report, For the software application with approximately 15 high-level requirements, each requirement may address 1-2 weaknesses.

Due Date:

Week 14

Weight:

20 %

CRITERION #

CRITERION

MEASURES INTENDED

LEARNING OUTCOME(S)


1	Analyse modern-day cybersecurity vulnerabilities.	LO1
2	Complete a vulnerability analysis report with identified vulnerability in the code and its implications, security patch design for each weakness identified	LO2
3	Critique the presented solution under the light of latest software vulnerability listings such as CWE-25 and OWASP top 10 where applicable.	LO2
4	Design, develop and test source code as a solution for the identified weakness	LO2
5	Report the analysis of the test results and map the identified weaknesses to overall vulnerabilities presented in the application	LO1, LO2

Assessment Task 3: Cybersecurity planning, incident response, and Vulnerability Assessment quiz

Task Description:

This individual assessment includes three in-semester quizzes. Each quiz is worth 5% of your grade and consists of 10 multiple-choice questions. They must be completed in one attempt and within a 30-minute timeframe. Students have one week to complete each quiz.
The first quiz, covering cybersecurity planning, will be due during Week #2. The second quiz, which covers incident response and principles of digital forensics, is due during Week #5. The third quiz, focusing on vulnerability analysis, is due in Week #12.

Task Length:

30 min. for each quiz

Due Date:

Refer to Assessment Description

Weight:

15 %

CRITERION #

CRITERION

MEASURES INTENDED

LEARNING OUTCOME(S)


1	Answer questions correctly on the cybersecurity planning and modern-day cybersecurity topics based on provided information and discussions during the sessions	LO1
2	Answer questions correctly on incident response planning and principles of digital forensics based on provided information and discussions during the sessions	LO1, LO4
3	Answer questions correctly on vulnerability analysis based on provided information and discussions during the sessions	LO2

Assessment Task 4: Forensic Toolkit (FTK) assignment

Task Description:

In this assessment, students will apply their digital forensics skills through the use of Access Data's forensic tools, such as Imager, Registry Viewer, and FTK. The assignment aims to allow students to apply digital forensics principles and techniques to various eForensic artifacts, including files, registry keys, logs, images, messages, and timestamps.
The assignment is divided into five parts. The first three parts, each worth 5%, are to be completed in Weeks #5, #7, and #9 tutorials respectively. The fourth part is a comprehensive digital forensics investigation test, covering all eForensic steps. This part is to be completed during the Week #10 tutorial within a 2-hour timeframe. The final part is a post-investigation follow-up report, which reflects the outcomes of the investigation process. The report is due within 24 hrs of the Week #10 tutorial.

Task Length:

~6 hrs. (2 hrs. each for Imager, Registry viewer, and Forensic toolkit modules)

Due Date:

Refer to Assessment Description

Weight:

40 %

CRITERION #

CRITERION

MEASURES INTENDED

LEARNING OUTCOME(S)


1	Acquire eForensic artefacts with forensic integrity intact	LO3, LO4
2	Investigation and evaluation of the key eForensic artefacts	LO4
3	Report key eForensics artefacts post-investigation	LO3, LO4

How your final result is determined

To pass this unit, you need to demonstrate your attainment of each of the Intended Learning Outcomes, achieve a final unit grade of 50% or greater, and pass any hurdle tasks.

Submission of assignments

Where practicable, assignments should be submitted to an assignment submission folder in MYLO. You must submit assignments by the due date or receive a penalty (unless an extension of time has been approved by the Unit Coordinator). Students submitting any assignment in hard copy, or because of a practicum finalisation, must attach a student cover sheet and signed declaration for the submission to be accepted for marking.

Academic integrity

Academic integrity is about acting responsibly, honestly, ethically, and collegially when using, producing, and communicating information with other students and staff members.

In written work, you must correctly reference the work of others to maintain academic integrity. To find out the referencing style for this unit, see the assessment information in the MyLO site, or contact your teaching staff. For more detail about Academic Integrity, see Important Guidelines & Support.

Requests for extensions

If you are unable to submit an assessment task by the due date, you should apply for an extension.

A request for an extension should first be discussed with your Unit Coordinator or teaching support team where possible. A request for an extension must be submitted by the assessment due date, except where you can provide evidence it was not possible to do so. Typically, an application for an extension will be supported by documentary evidence: however, where it is not possible for you to provide evidence please contact your Unit Coordinator.

The Unit Coordinator must notify you of the outcome of an extension request within 3 working days of receiving the request.

Late penalties

Assignments submitted after the deadline will receive a late penalty of 5% of the original available mark for each calendar day (or part day) that the assignment is late. Late submissions will not be accepted more than 10 calendar days after the due date, or after assignments have been returned to other students on a scheduled date, whichever occurs first. Further information on Late Penalties can be found on the Assessments and Results Procedure.

Review of results and appeals

You are entitled to ask for a review of the marking and grading of your assessment task if there is an irregularity in the marking standards or an error in the process for determining the outcome of an assessment. Details on how to request a review of a mark for an assignment are outlined in the Review and Appeal of Academic Decisions Procedure.