Monthly Archives: July 2018

ITC568 – Cloud Privacy and Security-2

ITC568_Cloud Security and Privacy

Read More

ITC568 – Cloud Privacy and Security

ITC568 – Cloud Privacy and Security
Table of Contents
Subject Summary …………………………………………………………………………………………………….2
Subject Coordinator …………………………………………………………………………………………………2
Subject Coordinator……………………………………………………………………………………..2
Email …………………………………………………………………………………………………………..2
Campus ……………………………………………………………………………………………………….2
Consultation procedures ………………………………………………………………………………2
Subject Overview……………………………………………………………………………………………………..3
Abstract……………………………………………………………………………………………………….3
Learning outcomes……………………………………………………………………………………….3
Subject content ……………………………………………………………………………………………3
Key subjects…………………………………………………………………………………………………3
Assumed knowledge…………………………………………………………………………………….4
Subject Schedule & Delivery ……………………………………………………………………………………..4
Prescribed text……………………………………………………………………………………………..4
Class/tutorial times and location …………………………………………………………………..4
Schedule……………………………………………………………………………………………………..4
Learning materials………………………………………………………………………………………..6
Learning, teaching and support strategies ……………………………………………………..6
Recommended student time commitment …………………………………………………….8
Assessment Items …………………………………………………………………………………………………….8
Essential requirements to pass this subject…………………………………………………….8
Items …………………………………………………………………………………………………………..8
Privacy and Security Reflection………………………………………………………….9
Risk Assessment……………………………………………………………………………..13
Privacy and Data Protection…………………………………………………………….19
PII Strategy …………………………………………………………………………………….26
Privacy, Security and Ethical Reflection…………………………………………….34
Assessment Information …………………………………………………………………………………………38
Academic integrity ……………………………………………………………………………………..38
Referencing………………………………………………………………………………………………..38
How to submit your assessment items …………………………………………………………38
Online submission process………………………………………………………………38
Postal submission process ………………………………………………………………38
Hand delivered submission process …………………………………………………39
Alternative submission process ……………………………………………………….39
Extensions………………………………………………………………………………………………….39
How to apply for special consideration…………………………………………………………40
Penalties for late submission……………………………………………………………………….40
Resubmission …………………………………………………………………………………………….40
Feedback processes ……………………………………………………………………………………40
Assessment return………………………………………………………………………………………41
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 1 of 43
Student Feedback & Learning Analytics ……………………………………………………………………41
Evaluation of subjects …………………………………………………………………………………41
Changes and actions based on student feedback ………………………………………….41
Learning analytics ………………………………………………………………………………………41
Services & Support …………………………………………………………………………………………………42
Develop your study skills …………………………………………………………………………….42
Library Services ………………………………………………………………………………………….42
CSU Policies & Regulations………………………………………………………………………………………42
Subject Outline as a reference document……………………………………………………..42
Subject Summary
ITC568 – Cloud Privacy and Security
Session 2 2018
Faculty of Business, Justice and Behavioural Sciences
School of Computing and Mathematics
Internal Mode
Credit Points 8
Welcome to a new session of study at Charles Sturt University. Please refer to the University’s
Acknowledgement of Country. (http://student.csu.edu.au/study/acknowledgement-of-country)
Subject Coordinator
Subject Coordinator Pallavi Malhotra
Email pmalhotra@csu.edu.au
Campus Other
Consultation procedures
Any questions concerning the teaching of this subject can be made by contacting your Subject
Lecturer.
Lecturer Name : Pallavi MALHOTRA
Lecturer Email : PMalhotra@studygroup.com (mailto:PMalhotra@studygroup.com)
Email is the best option. Please send a brief message regarding the issue and include the subject
name and subject code in your email – it really helps to know which class you belong to, before I
respond to your query. If your query is urgent then meet with your respective Course
Coordinator at Level 4, 30 Church Lane.
Class times and location
General Timetable as below will be available at the following website before the start of 201860
semester, which can be accessed on any Mobile Phone or IPAD:
https://csutimetable.au.studygroup.com/Melbourne/
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 2 of 43
Subject Overview
Abstract
This subject focuses on issues surrounding cloud computing privacy and security and their
application to business. It discusses the governance framework that must underpin and define
the processes for determining risk, privacy and security issues for an enterprise which uses a
cloud model. It will examine the legal and business requirements for privacy, the need for a risk
management assessment of all data used in cloud operations, and the use of security controls to
manage the assessed risk. It further examines the major cloud deployment and delivery models
to determine how these affect the risk management assessment and subsequent security
controls when applied to business.
Learning outcomes
On successful completion of this subject, you should:
• be able to examine the legal, business and privacy requirements for a cloud deployment
model;
• be able to evaluate the risk management requirements for a cloud deployment model;
• be able to critically analyse the legal, ethical and business concerns for the security and
privacy of data to be deployed to the cloud;
• be able to develop and present a series of proposed security controls to manage the
security and privacy of data deployed to the cloud;
• be able to develop and present a cloud governance framework to underpin the cloud
operations for an enterprise.
Subject content
Information regarding the subject’s content is outlined in the Schedule section.
Key subjects
Passing a key subject is one of the indicators of satisfactory academic progress through your
course. You must pass the key subjects in your course at no more than two attempts. The first
time you fail a key subject you will be at risk of exclusion; if you fail a second time you will be
excluded from the course.
The Academic Progress Policy (https://policy.csu.edu.au/view.current.php?id=00250) sets out
the requirements and procedures for satisfactory academic progress, for the exclusion of
students who fail to progress satisfactorily and for the termination of enrolment for students
who fail to complete in the maximum allowed time.
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 3 of 43
Assumed knowledge
ITC561 Cloud Computing
Subject Schedule & Delivery
Prescribed text
The textbooks required for each of your enrolled subjects can also be found via the Student
Portal Textbooks (http://student.csu.edu.au/study/study-essentials/textbooks) page.
Prescribed Text:
• Ko, R., & Choo, K. (Eds.). (2015). The Cloud Security Ecosystem: Technical, Legal,
Business and Management Issues. Waltham, MA: Syngress.
Recommended reading:
• Winkler, V. (2011). Securing the Cloud: Cloud Computer Security Techniques and Tactics.
Waltham, MA: Syngress.
• Mather, T., Kumaraswamy, S., & Latif, S. (2009). Cloud Security and Privacy. Sebastopol,
CA: O’Reilly Media Inc.
Class/tutorial times and location
Your class times can be found at Timetable @ CSU (http://timetable.csu.edu.au/). Find out how
to use Timetable @ CSU via the Student Portal Class Timetable (http://student.csu.edu.au/study/
study-essentials/timetable) page.
Schedule
Session
Week
Week
Commencing Topics Learning activities
1 16 July 2018 Cloud security ecosystm
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 4 of 43
Session
Week
Week
Commencing Topics Learning activities
2 23 July 2018 Digital identity & privacy
3 30 July 2018 Threats & risks Assessment 1 is due on
30/07/2018
4 06 August 2018 Risk Assessment
5 13 August 2018 Business requirements & jurisdiction Assignment 2 due 13/
08/18
6 20 August 2018 Privacy, data & jurisdiction
27 August 2018 –
31 August 2018 Mid-Session Break
7
03
September 2018 Privacy, data & jurisdiction Assignment 3 due 03/
09/18
8
10
September 2018 Multi-tiered cloud security model
9
17
September 2018 Protecting digital identities & privacy
10 24
September 2018
Governance, auditing & incident
handling
Assignment 4 due 24/
09/18
11 01 October 2018 Analysis of security capability
12 08 October 2018 Bringing it all together Assignment 5 due 15/
10/18
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 5 of 43
Session
Week
Week
Commencing Topics Learning activities
Examination Period: 15 October 2018 – 26 October 2018
Learning materials
Details of learning materials that support your success in this subject can be found in the
Interact2 Subject Site.
Learning, teaching and support strategies
All of your subject materials are available on the Interact site under the Topics link in the left
hand side menu. I suggest that for each topic you read the learning objectives carefully, read
the overview, have a quick skim of the text. Once you have got a feel for what the topic is
about try and make a good set of notes under each of the topic review questions in that topic.
These questions have been designed to give you focus in the topic, so it really helps to prepare
a useful set of answers to them.
In this subject there are also lots of opportunities for you to engage with me, with your peers
and with the subject. I will be holding 12 regular sessions where we can discuss content issues
and assessment items. As part of your assessment in this subject you are required to work
alone for all the assessment items.
The study guide and/or subject materials for this subject have been written specifically to guide
you through the sections (and questions) of the prescribed textbook relevant to each topic.
You should check the Interact Site at least weekly for postings, announcements, lecture
information and other resources that will assist your studies or additional information and
resources vital to your success in the subject.
Studying at university does not mean studying alone. Take advantage of collective wisdom and
post your questions to the subject forum.
Use the subject schedule to plan your studies over the session.
Information on effective time management is available on the CSU Learning Support website
via the following link: http://student.csu.edu.au
You can also contact an adviser through Student Central on the following number:
1800 275 278 (or +61 2 6933 7507 from outside Australia).
Library Services
The CSU Library website provides access to online material and print, using Primo Search to
find online journal articles, eBooks, hardcopy books from CSU Library (see Library Manager for
Interlibrary Loan Requests), company & government reports, eJournals, dissertations, theses,
newspapers including Business & Financial newspapers in Factiva (See Business & IT Journal
Databases), and other reference resources (eg. Australian Bureau of Statistics, Australian
standards, online encyclopaedias & dictionaries to be read on the computer). You will also find
library guides, Subject Reserve for any readings eg. ITC100, ACC100, etc., and online
assistance to help you use the Library’s resources such as Ask a Librarian – Live Chat and Ask a
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 6 of 43
Librarian – Web Form.
You can find Library Services on both the SGA library online catalogue:
http://primo.unilinc.edu.au/primo_library/libweb/action/search.do?vid=SGA
The SGA library online catalogue allows students to Sign In, My Account shows student’s
current library record including all books on loan, Renew your borrowed books online before the
due date, also Search and Request all books in the SGA library, even if unavailable due to high
demand from students. Students can Request books when all books are on loan to other
students. When the requested book is returned to the SGA library, the student who requested
the book receives an email immediately to pick up the book from the SGA library. View your
library record online 24/7 at the above web link for SGA library.
And also CSU Library online:
http://student.csu.edu.au/library – CSU Library Services including Primo Search & Subject
Reserve online with 24/7 access, online and video tutorials in research skills, finding journal
articles for assignments, topic analysis, download Endnote referencing program and many
other online library services to help you successfully complete your assignments for all CSU
courses.
http://trove.nla.gov.au/ – Powerful search engine from National Library of Australia to access
many different online resources on any subject from one search.
Contact Details for renewing loans, locating books and other information:
SGA Melbourne Library:
Marian Lees – Director, Library Services
Ph: (03) 9935 7921
Email: MLees@studygroup.com (mailto:MLees@studygroup.com)
Library Help
http://student.csu.edu.au/library/help-contacts Friendly and quick assistance is available. Ask
for help finding information and navigating the library’s extensive eResources.
Online Tutorials
http://student.csu.edu.au/library/study-research/training-tutorials-videos
Learn how to:
• use Primo Search to find eReserve material and journal articles
• search journal databases and web resources for information for your assessments
• identify appropriate sources of information and peer reviewed material, and evaluate
resources.
Bookmark your Subject Library Resource Guide
Subject Library Guides are a great way to get started with research. Each online guide is
tailored to a specific area of study, including Accounting, Business & Information Technology
outlining how to research in your area and where to look for information.
http://libguides.csu.edu.au/
Academic Learning Support Assistance
Visit the learning support website for advice about assignment preparation, academic reading
and note-taking, referencing, and preparing for exams at: http://student.csu.edu.au/study
(http://student.csu.edu.au/study%E2%80%8B)
You may also contact:
Name: Craig Bellamy
Email: CBellamy@studygroup.com (mailto:CBellamy@studygroup.com)
Phone: (03) 9935 7978
Name: Monique Moloney
Email: MMoloney@studygroup.com (mailto:MMoloney@studygroup.com)
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 7 of 43
Phone: (03) 9935 7919
Name: Bethany Winkler
Email: BWinkler@studygroup.com (mailto:BWinkler@studygroup.com)
Phone: (03) 9935 7953
Name: Gail Ekici
Email: GEkici@studygroup.com (mailto:GEkici@studygroup.com)
Phone: (03) 9935 7965
Name: James Purkis
Email: JPurkis@studygroup.com (mailto:JPurkis@studygroup.com)
Phone: (03) 9935 7925
For appointments, please send an email CSUstudysupportmc@studygroup.com
(mailto:CSUstudysupportmc@studygroup.com)
Queries regarding the content of this subject should be directed to your subject lecturer.
Recommended student time commitment
CSU Academic Senate policy states that a standard 8 point subject should require students to
spend a total of between 140-160 hours engaged in learning and assessment activities. This
means an average of 10 to 12 hours each week.
Assessment Items
Essential requirements to pass this subject
This subject has no exam.
A student must obtain a pass mark of at least 50% in four (4) of the five (5) assessment items and
a total mark of at least 50% in order to pass this subject.
To be eligible for the grade AA you must have submitted all assessment items in this subject. If
you choose not to complete an assessment item and receive an overall mark between 45 and 49
then you will not be granted an AA.
Items
Item No. Title Value Due Date* Return Date**
1 Privacy and Security Reflection 10% 30-Jul-2018 21-Aug-2018
2 Risk Assessment 25% 13-Aug-2018 03-Sep-2018
3 Privacy and Data Protection 25% 03-Sep-2018 25-Sep-2018
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 8 of 43
Item No. Title Value Due Date* Return Date**
4 PII Strategy 30% 24-Sep-2018 16-Oct-2018
5 Privacy, Security and Ethical Reflection 10% 15-Oct-2018 05-Nov-2018
* Due date is the last date for assessment items to be received at the University
** Applies only to assessment items submitted by the due date
Assessment item 1
Privacy and Security Reflection
Value: 10%
Due Date: 30-Jul-2018
Return Date: 21-Aug-2018
Length: Approx. 3000 words
Submission method options: Alternative submission method
Task
This assignment is designed to get you to reflect on your personal approach and feelings on
information security and privacy.
Read:
Lau, Y. (2015). Cybercrime in cloud: Risks and responses in Hong Kong, Singapore. In Ko, R., &
Choo, K.(Eds.). (2015). The Cloud Security Ecosystem: Technical, Legal, Business and
Management Issues. Waltham, MA: Syngress.
This chapter discusses some of the approaches to cybercrime that are taken by both the Hong
Kong and Singapore governments. But, any approach to cybercrime comes with risks to
information security and privacy.
Tasks:
Assume that an Australian State Government has reviewed the Singapore Government’s Smart
Nation Plan and has decided to implement their own Smart State Plan. This will initially consist
of a network of smart sensors and cameras at traffic lights, bus stops, rubbish bins, etc. in their
CBD to monitor citizens behaviour and address street crime.
1. Discuss what you see as the personal and ethical implications for your privacy of the proposed
Government’s Smart Sensor Network by looking at:
a. The types or categories of people affected by this proposal,
b. What behavioural changes you might expect to see from normal citizens,
c. Would you expect to see changes in individual behaviours, such as choice of activities,
changes in time schedules, etc.
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 9 of 43
The next part of the Government’s plan is to deploy a Smart WiFi Network which will consist of a
series of sensor boxes to act as WiFi hotspots throughout the city. This would allow the
introduction of a heterogeneous network where smart phones and other devices could
seamless switch between mobile data and WiFi.
2. Discuss what you see as the personal and ethical implications for your privacy of the proposed
Government’s Smart WiFi Network by looking at:
a. The types or categories of people affected by this proposal,
b. What behavioural changes you might expect to see from normal citizens using their mobile
devices in the CBD,
c. Would you expect to see changes in individual behaviours, such as choice of activities,
changes in time schedules, etc.
d. What are the implications for you If you had sensitive information on your mobile device
that you did not want to share?
The Smart State Plan will also enrol all citizens with a Digital Identity to ensure that they can
correctly be identified and access services provided by the state both electronically and
physically.
3. If you were visiting the State Capital after the Smart State Plan has rolled out, do you think that
the use of a digital identity would assist you to maintain your privacy while using your mobile
phone or devices during your visit? Discuss the reasons for your answer.
4. What steps do you think that you could take to ensure the security and privacy of your digital
identity while operating your mobile device(s) in this environment? Discuss each step that you
would take along with its advantages and disadvantages.
Each question is worth 25 marks and your overall score will be scaled out of 10. As a guide, your
word limit for this assignment should be around 3,000 words.
Rationale
This assessment task will assess the following learning outcome/s:
• be able to critically analyse the legal, ethical and business concerns for the security and
privacy of data to be deployed to the cloud.
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 10 of 43
Marking criteria and standards
Question HD DI CR PS FL
Q1. Smart Sensors
(25 marks)
Comprehensive
exploration of
privacy and ethical
issues from both
personal and
behavioural
viewpoints
Thorough
exploration of
privacy and ethical
issues with good
personal and
behavioural
viewpoints
Good exploration
of privacy and
ethical issues with
some personal and
behavioural
viewpoints
Adequate
discussion of
privacy and ethical
issues with some
personal and
behavioural
viewpoints
Incomplete or
inadequate
exploration of
privacy/ethical
issues that does
not discuss
personal and
behavioural
viewpoints
Q2. WiFi hotspots
(25 marks)
Comprehensive
exploration of
security & sensitive
data issues from
both personal and
behavioural
viewpoints
Thorough
exploration of
security & sensitive
data issues with
many personal and
behavioural
viewpoints
Good exploration
of security &
sensitive data
issues with some
personal and
behavioural
viewpoints
Adequate
discussion of
security & sensitive
data issues with
some personal and
behavioural
viewpoints
Inadequate or
incomplete
discussion of
security & sensitive
data issues that
does not discuss
personal and
behavioural
viewpoints
Q3. Digital
Identity (25
Comprehensive
discussion of issues
Thorough
discussion of issues
Good discussion of
issues with use of
Adequate
discussion of issues
Incomplete or
inadequate
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 11 of 43
marks) with use of digital
identity
with use of digital
identity digital identity with use of digital
identity
discussion of issues
with use of digital
identity
Q4. Security &
privacy controls
(25 marks)
Comprehensive
exploration of steps
to take to enhance
security and
privacy of mobile
devices
Thorough
exploration of steps
to take to enhance
security and
privacy of mobile
devices
Good exploration
of steps to take to
enhance security
and privacy of
mobile devices
Adequate
exploration of steps
to take to enhance
security and
privacy of mobile
devices
Incomplete or
inadequate
exploration of steps
to take to enhance
security and
privacy of mobile
devices
Presentation Up to 5 marks may be deducted for poor presentation, spelling and grammar
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 12 of 43
Assessment item 2
Risk Assessment
Value: 25%
Due Date: 13-Aug-2018
Return Date: 03-Sep-2018
Length:
Submission method options: Alternative submission method
Task
Scenario
You are the principal consultant for a community based Charity. The Charity is involved in
locating and providing accommodation, mental health services, training and support services to
disadvantaged people in the community.
The Charity currently runs a small data centre that has some 50 x86 64 bit servers running mainly
Windows Server 2008 R2 for desktop services, database and file services. It also has 10 Red Hat
Enterprise Linux 5 servers to service public facing Web pages, Web services and support.
The Charity is considering joining a community cloud provided by a public cloud vendor in order
to provide a number of applications to all 500 support staff and administrative users. A small
number of the Charity’s applications are mission critical and the data that those applications use
is both confidential and time sensitive.
The community cloud would also be used to store the Charity’s 200TB of data. The data would
be held in a SaaS database run by the public cloud vendor. The Charity’s data contains a
considerable amount of confidential information about the people to whom the Charity provides
services.
The Charity collects PII data on the clients who use its services so that it can assist them to
manage their different service requirements. This PII data also includes holding some digital
identity data for some of the more disadvantaged clients, particularly if they also have mental
health issues.
The cloud vendor has made a presentation to management that indicates that operational costs
will drop dramatically if the cloud model is adopted. However, the Board of the Charity is
concerned with the privacy and security of the data that it holds on the people that it provides
services to in the community. It is concerned that a data breach may cause considerable damage
to substantially disadvantaged people in the community.
The Board asks that you prepare a report that proposes appropriate privacy and security policies
for the Charity’s data.
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 13 of 43
The charity has also decided to:
• Purchase a HR and personnel management application from a US based company that
provides a SaaS solution.
The application will provide the charity with a complete HR suite, which will also
include performance management. The application provider has advised that
the company’s main database is in California, with a replica in Dublin, Ireland.
However, all data processing, configuration, maintenance, updates and feature
releases are provided from the application provider’s processing centre in
Bangalore, India.
Employee data will be uploaded from the charity daily at 12:00 AEST. This will be
processed in Bangalore before being loaded into the main provider database.
Employees can access their HR and Performance Management information
through a link placed on the Charity intranet. Each employee will use their
internal charity digital ID to authenticate to the HR and Performance
management system. The internal digital ID is generated by the charity’s Active
Directory instance and is used for internal authentication and authorisation.
• Move the charity payroll to a COTS (Commercial Off The Shelf) application that it will
manage in a public cloud;
• Move the charity Intranet into a Microsoft SharePoint PaaS offering so that it can provide
Intranet services to all agencies in the WofG.
Tasks
You have been engaged to provide a risk assessment for the planned moves to SaaS application
offerings.
You are to write a report that assesses the risks to the charity for just their planned moves in the
HR area:
1. Consider the data and information that the charity holds on its employees in the current
HR system.
1. Establish the existing threats and risks to the security of that data and
information contained in the in-house HR database. (10 marks)
2. Are there any additional risks and threats to employee data that may arise after
migration to an SaaS application? (10 marks)
3. Assess the resulting severity of risk and threat to employee data. (10 marks)
2. Consider the privacy of the data for those employees who will move to an SaaS
application.
1. Establish the existing threats and risks to the privacy of that data and
information contained in the in house HR database. (10 marks)
2. Are there any additional risks and threats to the privacy of the employee data
after migration to an SaaS application? (10 marks)
3. Assess the resulting severity of risk and threat to the privacy of employee data.
(10 marks)
3. What are the threats and risks to the digital identities of charity employees from the
move to SaaS applications? (10 marks)
4. Consider the operational solution and location(s) of the SaaS provider for HR
management. Does either the operational solution, or the operational location, or both,
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 14 of 43
increase or mitigate the threats and risks identified for the security and privacy of
employee data? (20 marks)
5. Are there any issues of ethics, data sensitivity or jurisdiction that should be considered
by the charity? (10 marks)
You are to provide a written report with the following headings:
• Security of Employee Data
• Privacy of Employee Data
• Digital Identity Issues
• Provider Solution Issues
• Data Sensitivity
As a rough guide, the report should not be longer than about 5,000 words.
Rationale
This assessment task will assess the following learning outcome/s:
• be able to examine the legal, business and privacy requirements for a cloud deployment
model.
• be able to evaluate the risk management requirements for a cloud deployment model.
• be able to critically analyse the legal, ethical and business concerns for the security and
privacy of data to be deployed to the cloud.
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 15 of 43
Marking criteria and standards
Question HD DI CR PS FL
Q1.1. Existing
threats to Security of
employee data (10
marks)
Comprehensive
exploration of
threats and risks to
security of data
that includes well
thought out
reasoning
Thorough
exploration of
threats and risks to
security of data
that includes good
reasoning
Detailed
exploration of
threats and risks to
security of data
that includes some
good reasoning
Adequate
exploration of
threats and risks to
security of data
that includes some
reasoning
Incomplete or
irrelevant
exploration of
threats and risks to
security of data
that has little or no
reasoning
Q1.2. New threats
to security of
employee data (10
marks)
Comprehensive
exploration of new
threats and risks to
security of data
that includes well
thought out
reasoning
Thorough
exploration of new
threats and risks to
security of data
that includes good
reasoning
Detailed
exploration of new
threats and risks to
security of data
that includes some
good reasoning
Adequate
exploration of new
threats and risks to
security of data
that includes some
reasoning
Incomplete or
irrelevant
exploration of new
threats and risks to
security of data
that has little or no
reasoning
Q1.3 Severity of
risk to security
employee data (10
marks)
Comprehensive
security risk
assessment with
excellent severity
ratings
Thorough security
risk assessment
with very good
severity ratings
Detailed security
risk assessment
with good severity
ratings
Adequate security
risk assessment
with reasonable
severity ratings
Incomplete or
inadequate
security risk
assessment with
poor or no severity
ratings
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 16 of 43
Q2.1 Existing
threats to privacy
of employee data
(10 marks)
Comprehensive
exploration of
threats and risks to
privacy of data that
includes well
thought out
reasoning
Thorough
exploration of
threats and risks to
privacy of data that
includes good
reasoning
Detailed
exploration of
threats and risks to
privacy of data that
includes some
good reasoning
Adequate
exploration of
threats and risks to
privacy of data that
includes some
reasoning
Incomplete or
irrelevant
exploration of
threats and risks to
security of data
that has little or no
reasoning
Q2.2 New threats
to privacy of
employee data (10
marks)
Comprehensive
exploration of new
threats and risks to
privacy of data that
includes well
thought out
reasoning
Thorough
exploration of new
threats and risks to
privacy of data that
includes good
reasoning
Detailed
exploration of new
threats and risks to
privacy of data that
includes some
good reasoning
Adequate
exploration of new
threats and risks to
privacy of data that
includes some
reasoning
Incomplete or
irrelevant
exploration of new
threats and risks to
security of data
that has little or no
reasoning
Q2.3 Severity of
risk to privacy
employee data (10
marks)
Comprehensive
privacy risk
assessment with
excellent severity
ratings
Thorough privacy
risk assessment
with very good
severity ratings
Detailed privacy
risk assessment
with good severity
ratings
Adequate privacy
risk assessment
with reasonable
severity ratings
Incomplete or
inadequate privacy
risk assessment
with poor or no
severity ratings
Q3. Digital Identity
issues (10 marks)
Comprehensive
exploration of
digital identity
threats and risks
that includes well
thought out
reasoning
Thorough
exploration of
digital identity
threats and risks
that includes good
reasoning
Detailed
exploration of
digital identity
threats and risks
that includes some
good reasoning
Adequate
exploration of
digital identity
threats and risks
that includes some
reasoning
Inadequate or
incomplete
exploration of
digital identity
threats and risks
that includes poor
or no reasoning
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 17 of 43
Q4. Provider
issues (20 marks)
Comprehensive
exploration of
provider
operations issues
that includes well
thought out
reasoning
Thorough
exploration of
provider
operations issues
that includes good
reasoning
Detailed
exploration of
provider
operations issues
that includes some
good reasoning
Adequate
exploration of
provider
operations issues
that includes some
reasoning
Inadequate or
incomplete
exploration of
provider
operations issues
that includes no or
poor reasoning
Q5. Data
sensitivity issues
(10 marks)
Comprehensive
exploration of data
sensitivity issues
that includes well
thought out
reasoning
Thorough
exploration of data
sensitivity issues
that includes good
reasoning
Detailed
exploration of data
sensitivity issues
that includes some
good reasoning
Adequate
exploration of data
sensitivity issues
that includes some
reasoning
Inadequate or
incomplete
exploration of data
sensitivity issues
that includes little
or no reasoning
Presentation and
Referencing
Up to 5 marks may be deducted for poor presentation and grammer
Up to 5 marks may be deducted for incorrect or inadequate referencing
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 18 of 43
Presentation
You are to provide a written report in Word format with the following headings:
• Security of Employee Data
• Privacy of Employee Data
• Digital Identity Issues
• Provider Solution Issues
• Data Sensitivity
As a rough guide, the report should not be longer than about 5,000 words.
Assessment item 3
Privacy and Data Protection
Value: 25%
Due Date: 03-Sep-2018
Return Date: 25-Sep-2018
Length:
Submission method options: Alternative submission method
Task
Scenario
You are the principal consultant for a community based Charity. The Charity is involved in locating
and providing accommodation, mental health services, training and support services to
disadvantaged people in the community.
The Charity currently runs a small data centre that has some 50 x86 64 bit servers running mainly
Windows Server 2008 R2 for desktop services, database and file services. It also has 10 Red Hat
Enterprise Linux 5 servers to service public facing Web pages, Web services and support.
The Charity is considering joining a community cloud provided by a public cloud vendor in order
to provide a number of applications to all 500 support staff and administrative users. A small
number of the Charity’s applications are mission critical and the data that those applications use
is both confidential and time sensitive.
The community cloud would also be used to store the Charity’s 200TB of data. The data would be
held in a SaaS database run by the public cloud vendor. The Charity’s data contains a considerable
amount of confidential information about the people to whom the Charity provides services.
The Charity collects PII data on the clients who use its services so that it can assist them to
manage their different service requirements. This PII data also includes holding some digital
identity data for some of the more disadvantaged clients, particularly if they also have mental
health issues.
The cloud vendor has made a presentation to management that indicates that operational costs
will drop dramatically if the cloud model is adopted. However, the Board of the Charity is
concerned with the privacy and security of the data that it holds on the people that it provides
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 19 of 43
services to in the community. It is concerned that a data breach may cause considerable damage
to substantially disadvantaged people in the community.
The Board asks that you prepare a report that proposes appropriate privacy and security policies
for the Charity’s data.
The charity has also decided to:
• Purchase a HR and personnel management application from a US based company that
provides a SaaS application.
The application will provide the charity with a HR suite that will provide a
complete HR suite which will also include performance management. The
application provider has advised that the company’s main database is in
California, with a replica in Dublin, Ireland. However, all data processing,
configuration, maintenance, updates and feature releases are provided from the
application provider’s processing centre in Bangalore, India.
Employee data will be uploaded from DAS daily at 12:00 AEST. This will be
processed in Bangalore before being loaded into the main provider database.
Employees can access their HR and Performance Management information
through a link placed on the charity intranet. Each employee will use their
internal charity digital ID to authenticate to the HR and Performance
management system. The internal digital ID is generated by the charity’s Active
Directory Instance and is used for internal authentication and authorisation.
• Move the the charity payroll to a COTS (Commercial Off The Shelf) application that it will
manage in a public cloud;
This application will provide the Charity with the suite of tools necessary to
process and manage payrolls for all agencies within DAS. The application
provider has advised that their software is distributed throughout the AWS cloud
with instances in US East, US West, Europe, Asia Pacific, China and South
America.
All configuration, maintenance, updates and feature releases are provided from
the provider’s offices in San Francisco, Beijing, Singapore, Mumbai and Dublin.
The provider does not do any additional processing of data entered into the
application.
The charity payroll staff may access the payroll application through a SSO
(Single Sign On) link to a secure URL. Authentication is made using the user’s
charity ID credentials. Each authorised user’s authentication credentials are
uploaded to the application to allow them to logon and access the payroll.
Data is uploaded to the application by the charity’s payroll staff for each agency
staff member, but can also be uploaded in bulk using a CSV file. CSV files are
uploaded using an upload link in the application.
Completed payroll files are sent to the appropriate banking institutions through
a secure link provided by each bank.
Regular transaction and audit reports for each agency are available to the
charity’s payroll staff.
• Move the charity Intranet into a Microsoft SharePoint PaaS platform so that it can
provide Intranet services to all users in the charity no matter where they are located.
This solution will provide the charity with the ability to provide Intranet services
to all users with each charity location having its own site within the overall
structure.
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 20 of 43
The PaaS offering has been chosen as it gives the charity administrators the
ability to configure the sites for all separate charity locations, and still allow
users to access any of those individual sites.
The application provider has advised that their software is distributed
throughout the Azure cloud with instances in US East, US West, Europe, Asia
Pacific, China and Australia.
It is proposed that users will be able to access the platform through an SSO
(Single Sign On) link to the platform portal. Authentication will be made using
the user’s charity ID credentials . The charity will need to use Active Directory
Federated Services (ADFS) to federate to an Azure AD instance for authentication
and authorisation. This authentication process will be validated with a SAML 2.0
certificate.
The charity’s web staff will be able to configure all the separate charity location
sites to reflect their own internal news, along with a range of news provided by
the charity.
Tasks
After your successful engagement to provide a security and privacy risk assessment for the
charity, you and your team have again been engaged to develop privacy and personal data
protection strategies for the charity.
Team Setup
This assignment is the first of the team assignments for this subject. The rationale for using a
team approach is that most IT policy formulations are normally conducted by teams of between
2-5 Architects, Information Security experts, Operations and Business leaders for each problem.
You are already assigned to a team and the team, as a whole, will be responsible for the
development of the policies.
Team Member Responsibilities
Each team member will be assessed on:
• The final privacy and personal data protection strategies presented by the team;
• The individual contributions that they have made to the policy formulation. This will be
shown by the entries that they have made in the Team forum;
Team members should note that:
• A total of 20% of the total marks for this assignment are for individual contributions.
These include:
Contributions to the development of privacy and data protection policies (10%),
and
Reasoning behind the development of privacy and data protection policies
(10%)
• A team member without any individual contributions in the Team Forum will be
regarded as having not contributed to the risk assessment. This will result in either
reduced marks or no marks being awarded to that team member for this assignment.
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 21 of 43
The task:
Your team is to write a report that proposes appropriate policies for DAS in the following areas:
1. Develop a Privacy strategy proposal for the charity. The strategy should include the
following items:
1. Management of personal information,
2. Collection and management of solicited personal information,
3. Use and disclosure of personal information,
4. Use and security of digital identities,
5. Security of personal information,
6. Access to personal information,
7. Quality and correction of personal information.
2. The controls that you recommend that would:
1. Mitigate the previously identified privacy risks,
2. Implement the privacy strategy.
3. Develop a personal data protection strategy proposal for the charity. This strategy
should include:
1. Protection of personal information,
2. Authorised access & disclosure of personal information,
3. De-identification of personal data,
4. Use of personal digital identities,
5. Security of personal data,
6. Archiving of personal data.
4. The controls that you recommend that would:
1. Mitigate the previously identified security risks,
2. Implement the personal data protection strategy.
The team is to provide a written report with the following headings:
• Privacy strategy for personal data
• Recommended Privacy controls
• Personal data protection strategy
• Recommended personal data protection strategy.
As a rough guide, the report should not be longer than about 8,000 words. The report is to be
written in Word format and posted in the Team File Exchange area in Interact.
The Privacy Strategy Group Wiki page in the Team area in Interact should be used to develop the
strategy document and gather comments and suggestions from each team member. This Wiki
should be exported as a single file and placed in the Team File Exchange area.
Any strategy discussions in the team forum should be exported into a single document and
loaded into the Team File Exchange area in Interact.
Each student is required to submit the following through EASTS when their group assignment is
complete. This submission should contain the following:
• Student name
• Team name
• Assignment number
• Assignment file name
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 22 of 43
• Copy of the student’s answer to the question allocated to them by the team.
This will allow you to receive marks and feedback when your team assignment is marked.
Rationale
This assessment task will assess the following learning outcome/s:
• be able to examine the legal, business and privacy requirements for a cloud deployment
model.
• be able to evaluate the risk management requirements for a cloud deployment model.
• be able to critically analyse the legal, ethical and business concerns for the security and
privacy of data to be deployed to the cloud.
• be able to develop and present a series of proposed security controls to manage the
security and privacy of data deployed to the cloud.
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 23 of 43
Marking criteria and standards
Questions HD DI CR PS FL
Q1. Privacy
strategy for
personal data (20
marks)
Comprehensive
development of
policy covering all
aspects listed in
the task, with
excellent
discussion of
threats and risks to
privacy of data
Thorough
development of
policy covering
most aspects
listed in the task,
with proficient
discussion of
threats and risks to
privacy of data
Detailed
development of
policy covering
most aspects listed
in the task, with
good discussion of
threats and risks to
privacy of data
Adequate
development of
policy covering
some aspects
listed in the task,
with some
discussion of
threats and risks to
privacy of data
Incomplete or
inadequate
development of
policy covering few
aspects listed in
the task, with little
or no discussion of
threats and risks to
privacy of data
Q2. Recommended
privacy controls
(20 marks)
Comprehensive
evaluation and
matching of
privacy threats
with controls
showing excellent
logical analysis
Thorough
evaluation and
matching of
privacy threats
with controls
showing proficient
logical analysis
Detailed
evaluation and
matching of
privacy threats
with controls
showing good
logical analysis
Adequate
evaluation and
matching of
privacy threats
with controls
showing
satisfactory logical
analysis
Incomplete or
inadequate
evaluation and
matching of
privacy threats
with few controls
and little or no
logical analysis
Q3. Personal data
protection
strategy (20
marks)
Comprehensive
development of
policy covering all
aspects listed in
the task, with
Thorough
development of
policy covering
most aspects
listed in the task,
with proficient
Detailed
development of
policy covering
most aspects
listed in the task,
with competent
Adequate
development of
policy covering
some aspects
listed in the task,
with some analysis
Incomplete or
inadequate
development of
policy covering few
aspects listed in
the task, with little
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 24 of 43
Questions HD DI CR PS FL
excellent analysis
of protection of
data
analysis of
protection of data
analysis of
protection of data
of protection of
data
or no analysis of
protection of data
Q4.
Recommended
data protection
controls (20
marks)
Comprehensive
evaluation and
matching of data
protection threats
with controls
showing excellent
logical analysis
Thorough
evaluation and
matching of data
protection threats
with controls
showing proficient
logical analysis
Detailed
evaluation and
matching of data
protection threats
with controls
showing good
logical analysis
Adequate
evaluation and
matching of data
protection threats
with controls
showing
satisfactory logical
analysis
Incomplete or
inadequate
evaluation and
matching of data
protection threats
with few controls
and little or no
logical analysis
Quality of Wiki or
forum interaction
(20 marks)
Proactively
initiates and
facilitates
discussion,
explicitly using
appropriate
strategies and
tools.
Initiates and
facilitates
discussion using
appropriate
strategies and
tools.
Evidence that there
is a planned
strategy to engage
with peers in the
forums.
Some evidence of
responding to
questions or
topics on the
discussion forum.
No evidence of
interaction on
forums.
Presentation &
Referencing Up to 5 marks may be deducted for poor presentation, spelling and grammar
Up to 5 marks may be deducted for incorrect or inadequate referencing
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 25 of 43
Presentation
As a rough guide, the report should not be longer than about 8,000 words. The report is to be
written in Word format and submitted in turnitin.
The Privacy Strategy Group Wiki page in the Team area in Interact should be used to develop the
strategy document and gather comments and suggestions from each team member. This Wiki
should be exported as a single file and placed in the Team File Exchange area.
Any strategy discussions in the team forum should be exported into a single document and
loaded into the Team File Exchange area in Interact.
Requirements
Each student is required to submit the following through EASTS when their group assignment is
complete. This submission should contain the following:
• Student name
• Team name
• Assignment number
• Assignment file name
• Copy of the student’s answer to the question allocated to them by the team.
This will allow you to receive marks and feedback when your team assignment is marked.
Assessment item 4
PII Strategy
Value: 30%
Due Date: 24-Sep-2018
Return Date: 16-Oct-2018
Length:
Submission method options: Alternative submission method
Task
Scenario
You are the principal consultant for a community based Charity. The Charity is involved in locating
and providing accommodation, mental health services, training and support services to
disadvantaged people in the community.
The Charity has joined a community cloud provided by a public cloud vendor in order to access a
number of applications for their 500 support staff and administrative users. A small number of the
Charity’s applications are mission critical and the data that those applications use is both
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 26 of 43
confidential and time sensitive.
The community cloud would also be used to store the Charity’s 200TB of data. The data would be
held in a SaaS database run by the public cloud vendor. The Charity’s data contains a considerable
amount of confidential information about the people to whom the Charity provides services.
The Charity collects PII data on the clients who use its services so that it can assist them to
manage their different service requirements. This PII data also includes holding some digital
identity data for some of the more disadvantaged clients, particularly if they also have mental
health issues.
The charity has now started its move to the Cloud and is in the process of implementing the
following services:
• A SaaS HR and Personnel management suite,
• A COTS Payroll solution that is implemented in the AWS Cloud,
• A PaaS SharePoint platform that forms the basis of the charity’s Intranet platform.
You team has workshopped and researched the Threat and Risk analysis for these projects and
has developed the policy strategies and controls for Privacy and Data Protection which are
required.
The charity has been approached by the Australian Government to trial the centralisation of
support services to clients of the charity. This would include such services as income support for
clients who are disadvantaged, homeless, or in need of mental health support. Normally, this
would require the client interacting with at least three separate government agencies as well as
with the charity.
The Government has now decided that they want to centralise the application and continued
administration of these services from a number of different agencies into one single portal run
by the charity. The Government’s strategy is that the process of support applications and
administration for virtually all support services follows an almost identical workflow, even
though some of the data may differ for different types of services. Their aim is to have a single
workflow for all support services, with some additional steps in case of special requirements for
a particular type of service. Ultimately, if this trial is successful, the Government will roll out this
program to all citizens.
The Government also sees the opportunity to gain a better view of what support services these
citizens need, and wants to link that data to other data that they hold about each citizen. In
order to achieve this, the Government plans to make the charity’s clients register on the
MySupport portal and create their own informal digital identity. This will allow all the support
services, applications, supporting data, documents, renewal dates, and other associated
information for each individual digital identity to be available for viewing on a single page. This
data, particularly when linked to a citizen’s digital identity, can then be used for more effective
planning and decision making by Government and other public agencies.
The plan also has the advantage of simplifying the process of applying for support services and
ensuring that they have timely administration for the charity’s clients so that they only need to
go to a single web portal to acquire the support that they require.
Tasks
After the successful engagement of your team to develop privacy and personal data protection
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 27 of 43
strategies for the charity, the team has now been engaged to develop a Personally Identifiable
Information (PII) privacy and personal data protection strategy for the charity.
Team Setup
This assignment is the last of the team assignments for this subject. The rationale for using a
team approach is that most IT policy formulations are normally conducted by teams of between
2-5 Architects, Information Security experts, Operations and Business leaders for each problem.
You are already assigned to a team and the team, as a whole, will be responsible for the
development of the policies.
Team Member Responsibilities
Each team member will be assessed on:
• The final privacy and personal data protection strategies presented by the team;
• The individual contributions that they have made to the policy formulation. This will be
shown by the entries that they have made in the Team forum;
Team members should note that:
• A total of 20% of the total marks for this assignment are for individual contributions.
These include:
Contributions to the development of privacy and data protection policies (10%),
and
Reasoning behind the development of privacy and data protection policies
(10%)
• A team member without any individual contributions in the Team Forum will be
regarded as having not contributed to the risk assessment. This will result in either
reduced marks or no marks being awarded to that team member for this assignment.
The task:
Your team is to:
1. Develop a Threat and Risk Assessment (TRA) for PII data for the MySupport portal. This
TRA should consider both the privacy and data protection aspects of PII data in the
portal. (10 marks)
2. Develop a PII strategy proposal for the MySupport portal. The strategy should consider
the threats and risks to both Privacy and data protection for the PII data collected in the
MySupport portal as well as possible controls to mitigate the identified risks. (20 marks)
3. Develop a strategy to protect the informal Digital Identity that a user may create in the
MySupport portal. You should consider both the privacy and data protection aspects for
a digital identity as well as possible controls to mitigate the identified risks. (20 marks)
4. Develop an outline plan for the Governance of:
1. PII data and digital identities for users of the MyLicence portal.
2. Personal data and PII data for DAS users of the HR Personnel Management suite.
3. PII data and financial data for users and DAS staff in the COTS payroll suite. (20
marks)
5. Create a PowerPoint slide deck that gives a comprehensive overview of the above tasks.
This slide deck is not to exceed 30 slides. (10 marks)
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 28 of 43
Presentation
The team is to submit the following documents to complete this assessment:
• A PowerPoint presentation that gives a comprehensive overview of the four (4) tasks.
The presentation should be a maximum of 30 slides, including introduction,
conclusions and recommendations.
Each slide should have speaking notes in the Notes section which expand on the
information in the slide.
The slides should give refer to the additional information contained in the
appendices.
Images and quotations used in slides must be referenced on that slide.
The slide deck does not require a reference list.
• The TRA is to be attached in a separate Word document marked as Appendix A. The TRA
can be presented in tabular format or similar.
• The PII strategy is to be attached in a separate Word document marked as Appendix B.
This document should be fully referenced in APA 6th edition format, and should not
exceed 5 pages.
• The Digital Identity is to be attached in a separate Word document marked as Appendix
C. This document should be fully referenced in APA 6th edition format, and should not
exceed 5 pages.
• The Governance plan is to be attached in a separate Word document marked as
Appendix D. This document should be fully referenced in APA 6th edition format, and
should not exceed 10 pages.
• A copy of the discussions in the team Wiki or forum should be exported into a single
Word document marked as Appendix E.
All parts of the submission are to be loaded into the Team File Exchange Area in Interact.
Each student is required to submit the following through EASTS when their group assignment is
complete. This submission should contain the following:
• Student name
• Team name
• Assignment number
• Assignment file name
• Copy of the student’s answer to the question allocated to them by the team.
This will allow you to receive marks and feedback when your team assignment is marked.
Rationale
This assessment task will assess the following learning outcome/s:
• be able to examine the legal, business and privacy requirements for a cloud deployment
model.
• be able to evaluate the risk management requirements for a cloud deployment model.
• be able to critically analyse the legal, ethical and business concerns for the security and
privacy of data to be deployed to the cloud.
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 29 of 43
• be able to develop and present a series of proposed security controls to manage the
security and privacy of data deployed to the cloud.
• be able to develop and present a cloud governance framework to underpin the cloud
operations for an enterprise.
Identifying, assessing and explaining threats, security and risk for computer applications in the
real world requires that you interact with colleagues, peers and various stakeholders, therefore
team work has been incorporated into these assessments to facilitate this.
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 30 of 43
Marking criteria and standards
Question HD DI CR PS FL
Q1. TRA for PII
data (10 marks)
Comprehensive
evaluation and
matching of threats
to PII data with
controls showing
excellent logical
analysis
Thorough
evaluation and
matching of threats
to PII data with
controls showing
proficient logical
analysis
Detailed
evaluation and
matching of threats
to PII data with
controls showing
good logical
analysis
Adequate
evaluation and
matching of threats
to PII data with
controls showing
satisfactory logical
analysis
Inadequate
evaluation and
matching of threats
to PII data with
few controls
showing little or no
logical analysis
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 31 of 43
Question HD DI CR PS FL
Q2. PII strategy for
MySupport portal
(20 marks)
Comprehensive
development of
policy covering all
aspects, with
excellent
discussion of
threats and risks to
PII data
Thorough
development of
policy covering
most aspects, with
proficient
discussion of
threats and risks to
PII data
Detailed
development of
policy covering
most aspects, with
good discussion of
threats and risks to
PII data
Adequate
development of
policy covering
some aspects, with
some discussion of
threats and risks to
PII data
Inadequate
development of
policy covering few
aspects, with little
or no discussion of
threats and risks to
PII data
Q3. Digital Identity
strategy for
MySupport (20
marks)
Comprehensive
development of
policy covering all
aspects, with
excellent analysis
of digital identity
issues
Thorough
development of
policy covering
most aspects, with
proficient analysis
of digital identity
issues
Detailed
development of
policy covering
most aspects, with
competent
analysis of digital
identity issues
Adequate
development of
policy covering
some aspects, with
some analysis of
digital identity
issues
Inadequate
development of
policy covering few
aspects, with little
or no analysis of
digital identity
issues
Q4. Outline
Governance plan
(20 marks)
Comprehensive
development of
governance plan
showing excellent
logical analysis
Thorough
development of
governance plan
showing proficient
logical analysis
Detailed
development of
governance plan
showing good
logical analysis
Adequate
development of
governance plan
showing
satisfactory logical
analysis
Inadequate
development of
governance plan
and little or no
logical analysis
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 32 of 43
Question HD DI CR PS FL
Q5. PowerPoint
presentation (10
marks)
Comprehensive
overview that
shows excellent
logical analysis and
planning
Thorough
overview that
shows excellent
proficient analysis
and planning
Detailed overview
that shows good
logical analysis and
planning
Adequate
overview that
shows satisfactory
logical analysis and
planning
Inadequate
overview that
shows little or no
analysis or
planning
Quality of Wiki/
forum interaction
(20 marks)
Proactively
initiates and
facilitates
discussion,
explicitly using
appropriate
strategies and
tools.
Initiates and
facilitates
discussion using
appropriate
strategies and
tools.
Evidence that there
is a planned
strategy to engage
with peers in the
forums.
Some evidence of
responding to
questions or
topics on the
discussion forum.
No evidence of
interaction on
forums.
Presentation &
Referencing Up to 5 marks may be deducted for poor presentation, spelling and grammar
Up to 5 marks may be deducted for inadequate or incorrect referencing
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 33 of 43
Presentation
The team is to submit the following documents to complete this assessment:
• A PowerPoint presentation that gives a comprehensive overview of the four (4) tasks.
The presentation should be a maximum of 30 slides, including introduction,
conclusions and recommendations.
Each slide should have speaking notes in the Notes section which expand on the
information in the slide.
The slides should give refer to the additional information contained in the
appendices.
Images and quotations used in slides must be referenced on that slide.
The slide deck does not require a reference list.
• The TRA is to be attached in a separate Word document marked as Appendix A. The TRA
can be presented in tabular format or similar.
• The PII strategy is to be attached in a separate Word document marked as Appendix B.
This document should be fully referenced in APA 6th edition format, and should not
exceed 5 pages.
• The Digital Identity is to be attached in a separate Word document marked as Appendix
C. This document should be fully referenced in APA 6th edition format, and should not
exceed 5 pages.
• The Governance plan is to be attached in a separate Word document marked as
Appendix D. This document should be fully referenced in APA 6th edition format, and
should not exceed 10 pages.
• A copy of the discussions in the team Wiki or forum should be exported into a single
Word document marked as Appendix E.
All parts of the submission are to be loaded into the Team File Exchange Area in Interact.
Requirements
Each student is required to submit the following through EASTS when their group assignment is
complete. This submission should contain the following:
• Student name
• Team name
• Assignment number
• Assignment file name
• Copy of the student’s answer to the question allocated to them by the team.
This will allow you to receive marks and feedback when your team assignment is marked.
Assessment item 5
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 34 of 43
Privacy, Security and Ethical Reflection
Value: 10%
Due Date: 15-Oct-2018
Return Date: 05-Nov-2018
Length:
Submission method options: Alternative submission method
Task
This assignment is designed to enable you to reflect on privacy, security and ethics based on
your studies in this subject. You may include personal approaches and feelings on privacy,
security and the ethics of some of these approaches.
Consider:
The charity scenario introduced in assignment 4. This assignment looked at the practice of
Governments divesting some of their administrative functions to NGOs (Non Government
Organisations). This practice often, but not always, includes paying the NGO a sum of money to
process and administer clients on behalf of the Government. This assignment saw the NGO
process members of society, who they would normally help and support, on behalf of the
Government for various support services. This also included identifying the client and assisting
them to create a digital ID to access these services.
But, any approach to divestment comes with risks to information security and privacy and may
also have an ethical effect.
Tasks:
1. Discuss what you see as the personal and ethical implications for the privacy of
individual clients of an NGO that has adopted the MySupport approach. Will these
personal implications lead to possible behavioural changes?(30 marks)
2. Discuss what you see as the personal and ethical implications for the security of
individual clients of an NGO that has adopted the MySupport approach. (30 marks)
3. Discuss what you would recommend to a client of an NGO that has adopted the
MySupport approach in order to protect their individual privacy and the security of their
information and digital ID. (40 marks)
Your overall score for this assignment will be scaled out of 10. As a guide, your word limit for this
assignment should be around 3,000 words.
Rationale
This assessment task will assess the following learning outcome/s:
• be able to critically analyse the legal, ethical and business concerns for the security and
privacy of data to be deployed to the cloud.
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 35 of 43
Marking criteria and standards
Question HD DI CR PS FL
Q1. Personal and
ethical
implications for
privacy (30 marks)
Comprehensive
exploration of
privacy and ethical
issues from both
personal and
behavioural
viewpoints
Thorough
exploration of
privacy and ethical
issues with good
personal and
behavioural
viewpoints
Good exploration
of privacy and
ethical issues with
some personal and
behavioural
viewpoints
Adequate
discussion of
privacy and ethical
issues with some
personal and
behavioural
viewpoints
Incomplete or
inadequate
exploration of
privacy/ethical
issues that does
not discuss
personal and
behavioural
viewpoints
Q2. Personal and
ethical
implications for
security (30
marks)
Comprehensive
exploration of
security & sensitive
data issues from
both personal and
ethical viewpoints
Thorough
exploration of
security & sensitive
data issues with
many personal and
ethical viewpoints
Good exploration
of security &
sensitive data
issues with some
personal and
ethical viewpoints
Adequate
discussion of
security & sensitive
data issues with
some personal and
ethical viewpoints
Inadequate or
incomplete
discussion of
security & sensitive
data issues that
does not discuss
personal and
behavioural
viewpoints
Q3. Privacy and
security
recommendations
(40 marks)
Comprehensive
exploration of steps
to take to enhance
security and
privacy of mobile
devices
Thorough
exploration of steps
to take to enhance
security and
privacy of mobile
devices
Good exploration
of steps to take to
enhance security
and privacy of
mobile devices
Adequate
exploration of steps
to take to enhance
security and
privacy of mobile
devices
Incomplete or
inadequate
exploration of steps
to take to enhance
security and
privacy of mobile
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 36 of 43
Question HD DI CR PS FL
devices
Presentation &
Referencing Up to 5 marks may be deducted for poor presentation, spelling and grammar
Up to 5 marks may be deducted for inadequate or incorrect t referencing
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 37 of 43
Assessment Information
Academic integrity
Academic integrity means acting with honesty, fairness and responsibility, and involves
observing and maintaining ethical standards in all aspects of academic work. This subject
assumes that you understand what constitutes plagiarism, cheating and collusion. If you are a
new student we expect you to complete the modules called Academic Integrity at CSU.
(https://interact2.csu.edu.au/webapps/blackboard/execute/
courseMain?course_id=_16412_1&task=true&src=)
CSU treats plagiarism seriously. We may use Turnitin to check your submitted work for
plagiarism. You can use Turnitin to check for plagiarism (http://student.csu.edu.au/library/
integrity/referencing-at-csu/checking) in your assessments before submission.
Referencing
Referencing is an important component of academic work. All assessment tasks should be
appropriately referenced. The specific details of the referencing requirements are included in
each assessment task description. Get referencing style guides and help
(http://student.csu.edu.au/library/integrity/referencing-at-csu) to use for your assessments.
How to submit your assessment items
Online submission process
Assignment(s) should be submitted through Turnitin. Please meet with your respective lecturer
in the class to enroll in the Turnitin (If you are not enrolled this subject in Turnitin and/or do not
receive any email from Turnitin).
Assessment(s) such as Blogs, Quizzes, Journals and Discussion Forums are required to submit in
the Interact2, unless your lecturer advises otherwise.
Please submit the assignments only as word document in Turnitin, unless your lecturer advises
otherwise.
Assignment(s) must be submitted through Turnitin by midnight (AEST) according to the date
mentioned in the subject outline.
Assignment(s) submitted in the RESPECTIVE FINAL FOLDER only will be considered for marking.
Postal submission process
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 38 of 43
Under normal circumstances postal submissions will not be accepted for any of the assessments
required.
Hand delivered submission process
Under normal circumstances hand delivered submissions will not be accepted for any of the
assessments required.
Alternative submission process
All textual elements within an assessment must be submitted in a format that is readable by
Turnitin. Specific exceptions, where an assessment requires the insertion of image based
evidence of workings will be outlined in the context of the assessment. Students that
deliberately attempt to insert content of assessments in a format that is not readable by Turnitin
may be subject to Academic misconduct investigations.
Extensions
In order to ensure that students who hand their assignments in on time are not disadvantaged,
and to enable me to comply with the requirement to return assignments to the class within 15
working days, the following rules about extensions will be strictly enforced:
1. Extensions cannot be granted for online tests, as these have to be done within a
specific time frame, after which the answers are released to the class automatically.
2. Computer problems (such as the speed of your computer and the time it may take you
to upload assignments onto TURNITIN) and normal work-related pressures and family
commitments do not constitute sufficient reasons for the granting of extensions.
3. If it becomes obvious that you are not going to be able to submit an assignment on
time because of an unavoidable problem, you must submit your request for an
extension, prior to the due date, either by writing (email is acceptable) to your
lecturer/subject coordinator or via the Request for Special Consideration form.
You are encouraged to make requests via email (especially for urgent requests), since
the processing time for applications made through the online form can be a few days.
Requests for extensions will not be granted on or after the due date so you must make
sure that any extension is requested prior to the day on which the assignment is due.
You are expected to do all you can to meet assignment deadlines. Work and familyrelated
pressures do not normally constitute sufficient reasons for the granting of
extensions or incomplete grades.
4. If you apply for an extension, you may be asked to email your lecturer/subject
coordinator on what you have done so far on the assignment.
5. You must be able to provide documentary evidence (such as a certificate from a
doctor or counselor) justifying the need for an extension as soon as practicable – but
please note that if the circumstances giving rise to the request for an extension arise
on a day when you cannot get documentary evidence, you must still apply for the
extension before the due date and submit the documentary evidence afterwards.
6. Given the tight deadlines involved in returning assignments to students and putting
feedback on Interact, the maximum extension granted generally will be seven
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 39 of 43
(7) days from the due date.
7. Assignments received more than 10 days after the due date or extension date will not
be marked unless the staff member decides otherwise. Items received late will be
penalised at 10% of the mark available for the assessment item per day it is late (see
below).
8. Note that for purposes of measuring lateness, the ‘day’ begins just after 00.00 hrs AEST
– so an assignment received after midnight of the due date will be penalised 10% for
lateness. This rule will be applied to all students uniformly.
How to apply for special consideration
Academic regulations provide for special consideration to be given if you suffer misadventure or
extenuating circumstances during the session (including the examination period) which prevents
you from meeting acceptable standards or deadlines. Find the form on the Student Portal
Special Consideration, Misadventure, Advice and Appeals (http://student.csu.edu.au/study/
academic-advice) page.
Penalties for late submission
The penalty for late submission of an assessment task (without obtaining the Subject
Coordinator’s approval for an extension) will be:
10% deduction per day, including weekends, of the maximum marks allocated for the
assessment task, i.e. 1 day late 10% deduction, or 2 days late 20% deduction.
An example of the calculation would be:
Maximum marks allocated = 20
Penalty for one day late = 2 marks (so, a score of 18/20 becomes 16/20 and a score of 12/20
becomes 10/20).
If an assignment is due on a Friday but is not submitted until the following Tuesday, then the
penalty will be four days (40% deduction or 8 marks in the example above).
Submissions more than 10 days late will be acknowledged as received but will not be marked.
Resubmission
Under normal circumstances resubmission of assessment items will not be accepted for any of
the assessments required in this subject.
Feedback processes
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 40 of 43
Feedback for assessment items will be provided by subject lecturer/s.
Assessment return
You should normally expect your marked assignment to be returned to you within 15 working
days of the due date. If you submitted your assignment on time but have not returned by the
return date, you should make enquiries in the first instance to the subject lecturer. If the
subject lecturer is not available then contact your Course Coordinator on Level 4, 30 Church
Lane.
Student Feedback & Learning Analytics
Evaluation of subjects
CSU values constructive feedback and relies on high response rates to Subject Experience
Surveys (SES) to enhance teaching. Responses are fed back anonymously to Subject
Coordinators and Heads of Schools to form the basis for subject enhancement and recognition
of excellence in teaching. Schools report on their evaluation data; highlighting good practice and
documenting how problems have been addressed. You can view a summary of survey results via
the Student Portal SES Results (https://student.csu.edu.au/study/subject-experience-surveyresults)
page.
We strongly encourage you to complete your online Subject Experience Surveys. You will be
provided with links to your surveys via email when they open three [3] weeks before the end of
session.
Changes and actions based on student feedback
Student feedback from previous session has been taken into account for the assessment items
for the current session.
Learning analytics
Learning Analytics refers to the collection and analysis of student data for the purpose of
improving learning and teaching. It enables the University to personalise the support we provide
our students. All Learning Analytics activities will take place in accordance with the CSU Learning
Analytics Code of Practice. For more information, please visit CSU’s Learning Analytics
(http://www.csu.edu.au/division/student-learning/home/analytics-and-evaluations/learninganalytics)
website.
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 41 of 43
Data about your activity in the Interact2 site and other learning technologies for this subject will
be recorded and can be reviewed by teaching staff to inform their communication, support and
teaching practices.
Based on past analytics, changes made to the subject included and .
Services & Support
Your Student Portal (http://student.csu.edu.au/) tells you can how you can seek services and
support. These include study, admin, residential, library, careers, financial, and personal
support.
Develop your study skills
Develop your study skills (https://student.csu.edu.au/study/skills) with our free study services.
We have services online, on campus and near you. These services can help you develop your
English language, literacy, and numeracy.
Library Services
CSU Library (https://student.csu.edu.au/library) provides access to the eBooks, journal articles,
books, and multimedia resources needed for your studies and assessments. Get the most out of
these resources by contacting Library staff either online or in person, or make use of the many
Library Resource Guides, videos and online workshops available.
CSU Policies & Regulations
This subject outline should be read in conjunction with all academic policies and regulations,
e.g. Student Academic Misconduct Policy, Assessment Policy – Coursework Subjects, Assessment
Principles Policy, Special Consideration Policy, Academic Progress Policy, Academic
Communication with Students Policy, Student Charter, etc.
Please refer to the collated list of policies and regulations relevant to studying your subject(s)
(http://student.csu.edu.au/administration/policies-regulations-subjects) which includes links to
the CSU Policy Library (http://www.csu.edu.au/about/policy) – the sole authoritative source of
official academic and administrative policies, procedures, guidelines, rules and regulations of
the University.
Subject Outline as a reference document
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 42 of 43
This Subject Outline is an accurate and historical record of the curriculum and scope of your
subject. CSU’s Subject Outlines Policy (https://policy.csu.edu.au/view.current.php?id=00267)
requires that you retain a copy of the Subject Outline for future use such as for accreditation
purposes.
Charles Sturt University Subject Outline
ITC568 201860 SM I
Version 1 – Published 06 June 2018
Page 43 of 43

Read More

The Adventures of an IT Leader Book

For this assignment, complete 5 pages summary based on your readings in The Adventures of an IT Leader Book

As you read the chapters, think about pertinent issues and the relationship of these factors to situation outcomes. As you prepare your paper, respond to the following questions:

•How much time and effort should an information technology (IT) department devote to scanning for and analyzing emerging technologies?

•What are your responses to Bernie Ruben’s three questions in taking action on the blog issue at IVK:

  1. What if anything should we do about this blog entry?
  2. What should be our general policy about blogging based on inside information from within the company?
  3. What should be our process for spotting emerging technologies and analyzing them to see how they might be relevant to use for better or worse?

•Which of the three proposed processes should IVK pursue for enforcing infrastructure technology standards? Recommend and justify.

•Is IT standardization and innovation (or flexibility) in conflict in an organization like IVK?

•What do you think of the kid’s toolkit approach to management?

Use Saudi Electronic University academic writing standards and APA style guidelines, citing references as appropriate.

 

Read More

MGMT6013-Managing Information System

Read More