Write My Paper Button

Uncategorized

1. Select an Organization and a Threat: • Choose a specific, real-world organization (e.g., a hospital, a university, a retail company, a government agency). • Choose a relevant and current cybersecurity threat to analyze in the context of your selected

March 21, 2026 · 8 min read · By adminPro

📋 Table of Contents

    ICT5351 Cyber Defense Assessment 2: Case Study

    Assessment 2: Case Study – Analysis report

    Assessment Overview
    Weighting 35% of unit total
    Due Date Week 6, Sunday, 22/03/2026, by 23:59 AEDT
    Assessment Type Individual assessment
    Word Count / Length 2000 words +/- 10%
    Unit Learning Outcomes

    In this assessment, you will be tested on whether you have successfully met the following Unit Learning Outcomes (ULOs):

     

    • ULO3: Analyse the motivation, tactics/strategy, and impacts of cyberattacks highlighting the system vulnerabilities exploited.
    • ULO4: Critique security policy, procedural and technical controls and countermeasures to mitigate the threats of cyberattacks.
    Submission Type and Required Format

    The type of assessment you will be completing is a Case Study Analysis. It should include the following:

     

    • Well-structured report with a clear introduction, detailed analysis, and a conclusive summary.
    • Relevant figures and diagrams, properly labeled and referenced.
    • References listed using a recognized citation format.

     

    Assessment Details
    Assessment Purpose The purpose of this assessment is to develop your ability to perform a proactive threat and risk assessment for a real-world organization against an emerging cybersecurity threat. You will step into the role of a security consultant to profile a relevant threat actor, model a potential attack, identify organizational vulnerabilities, and recommend a robust defensive strategy. This will enhance your skills in threat intelligence, risk analysis, and strategic security planning.
    Assessment Instructions

    For this assessment, you will produce a professional report that addresses the following steps:

     

    1.    Select an Organization and a Threat:

    • Choose a specific, real-world organization (e.g., a hospital, a university, a retail company, a government agency).
    • Choose a relevant and current cybersecurity threat to analyze in the context of your selected organization. Examples of threats include:
    • A specific Ransomware-as-a-Service (RaaS) group (e.g., LockBit, ALPHV).
    • AI-enhanced social engineering and deepfake attacks.
    • Supply chain attacks targeting software dependencies.
    • A specific Advanced Persistent Threat (APT) group known to target your chosen organization’s sector.
    • Your analysis must be explicitly framed within a 2025–2026 threat landscape, considering at least one recent technological, regulatory, or operational change relevant to your chosen organisation (e.g., increased AI adoption, cloud migration, remote workforce, new compliance obligations).

     

    2.    Threat Actor Profile:

    • Provide an in-depth profile of the threat actor associated with your chosen threat. Discuss their likely motivations (e.g., financial, political, espionage), typical targets, and level of sophistication.

     

    3.    Hypothetical Attack Chain Analysis:

    • Develop a plausible, hypothetical attack chain showing how the threat actor could compromise your chosen organization.
    • You must map the stages of your hypothetical attack to the MITRE ATT&CK® framework, detailing the specific Tactics, Techniques, and Procedures (TTPs) the attacker would likely use (e.g., Initial Access, Execution, Persistence, Exfiltration).
    • You must clearly state one key assumption made by the attacker (e.g., user behaviour, configuration weakness, process gap) and justify why this assumption is realistic for the chosen organisation.

     

    4.    Vulnerability and Impact Assessment:

    • Identify and discuss the likely vulnerabilities (technical, procedural, or human) in your chosen organization that would allow your hypothetical attack to succeed.
    • Assess the potential impact of a successful attack on the organization’s operations, finances, reputation, and legal standing.

     

    5.    Protective Security Recommendations:

    • Propose a set of specific, actionable defensive strategies and controls to mitigate the threat.
    • You must structure your recommendations using the core functions of the NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover). Justify why each recommendation is appropriate for the threat and the organization.

     

    6.    Visual Representation:

    • Include at least one original figure or diagram created by you that visualizes a key part of your analysis (e.g., the hypothetical attack chain, a defense-in-depth model for your recommendations).
    Artificial Intelligence (AI) Use

    In this assessment, the use of generative artificial intelligence (AI) tools is 

    PERMITTED. You can use AI tools to assist with:

     

    • Generating and modifying text related to planning and brainstorming ideas for your assessment.
    • Researching topics and preparing assignments, but 
    • all AI-generated content must be acknowledged in the final report using the specified format.

     

    You CANNOT include any AI-generated material in your final report directly without modification or proper acknowledgement.

     

    Specifically, for visual representations, any figures, diagrams, or flowcharts must be created by you and NOT copied or generated by AI.

     

    Example tools might include:

    • ChatGPT
    • Google Gemini

     

    Students take full responsibility for the content of their assessments, and AI tools should be used as a supplement to your own research and analysis rather than as a replacement. If you use AI tools in an unethical or irresponsible manner, such as copying AI-generated output without checking it against reliable sources, you risk committing academic misconduct. Any use of AI must be appropriately acknowledged in the AI declaration on the Assessment Cover Sheet.

     

    Refer to the Using AI page on the ECA Library and Learning Support website for further guidance.

     

    Other Important Information
    Assessment Resources

    It is strongly recommended that you use the following to find academic peer-reviewed sources of information.

     

    • ECA Library catalogue and databases
    • Unit Readings (Course Reserves) [The link to unit’s Course Reserves]
    • Subject Guide: ICT5351 [The link to a subject guide]

     

    For in-text citation and referencing, follow the ECA HE Student Guide to APA 7th Referencing.
    Submission Requirements

    On completion of your assessment:

    • Follow the Assessment Presentation Guidelines
    • Submit your document as a PDF or MS Word document via the assessment submission link in Canvas.
    • Include a completed Assessment Cover Sheet, including the AI Declaration, and attach it to the assessment.
    • Save drafts of your work.
    Assessment Support

    For academic support or feedback on a draft of your assessment, please email [email protected]

     

    For assistance with finding resources, such as books and journal articles, please email [email protected]

     

    For information and guides on tackling assessments and developing your academic skills, please visit in the ECA Library and Learning Support website: https://eca.libguides.com/

     

    For queries about this specific assessment task, please contact the Unit Coordinator.

     

    Assessment 2 Rubric

    Criteria (weighted as indicated below) High Distinction (HD) 85-100 Distinction (D) 75-84 Credit (C) 65-74 Pass (P) 50-64 Fail (F) 0-49

    Criteria 1

    Context and Threat Profiling (20%)

    		 Provides an exceptionally detailed and insightful profile of a highly relevant threat actor, including a sophisticated analysis of their motivations, capabilities, and relationship to the chosen organization. Provides a clear and detailed profile of the threat actor with a strong analysis of their motivations and capabilities in the context of the chosen organization. Provides a good profile of the threat actor and organization, but the analysis of motivations or specific relevance may be less developed. Identifies a threat actor and an organization but provides a generic or superficial profile with limited analysis. Fails to identify a relevant threat actor or provide a coherent profile.

    Criteria 2

    Hypothetical Attack Chain Analysis (TTPs) (25%)

    		 Develops a highly plausible and technically sophisticated hypothetical attack narrative. Masterfully integrates the MITRE ATT&CK framework to describe a creative and logical sequence of TTPs. Develops a plausible and detailed attack chain. Effectively applies the MITRE ATT&CK framework to describe the TTPs with clear justification at each stage. Develops a logical attack chain and applies the MITRE ATT&CK framework, but the narrative may lack technical depth or some TTPs may be less relevant. Describes a basic attack sequence but the application of the MITRE ATT&CK framework is limited, inaccurate, or superficial. Fails to develop a coherent attack chain or does not use the required framework.

    Criteria 3

    Vulnerability and Impact Assessment (20%)

    		 Demonstrates exceptional critical thinking by identifying specific, nuanced vulnerabilities in the chosen organization and provides a comprehensive, quantified assessment of the potential business impact. Clearly identifies relevant organizational vulnerabilities and provides a detailed and well-reasoned assessment of the likely financial, operational, and reputational impact. Identifies key vulnerabilities and assesses the potential impact, but the analysis is more general and may not be fully tailored to the specific attack chain. Identifies obvious vulnerabilities but provides a limited or generic assessment of the impact without strong justification. Fails to identify relevant vulnerabilities or assess the potential impact of the attack.

    Criteria 4

    Protective Security Strategy (20%)

    		 Proposes a comprehensive and multi-layered security strategy with specific, actionable controls. Expertly structures recommendations using the NIST Cybersecurity Framework, justifying each control with clear alignment to the identified threat. Proposes a strong and relevant set of security controls logically structured using the NIST Framework. Recommendations are well-justified and directly address the analyzed threat. Proposes a good set of security controls that are structured using the NIST Framework, but recommendations may be more generic or lack detailed justification. Proposes basic or high-level security controls with limited use of the NIST Framework or weak justification. Fails to provide relevant or coherent security recommendations.

    Criteria 5

    Report Professionalism & Visualisation (15%)

    		 Exemplary report: professionally structured, exceptionally clear, with flawless referencing. The original diagram is insightful, professionally presented, and significantly enhances the analysis. Well-structured and clearly written report with minor referencing errors. The diagram is clear, relevant, and effectively supports the analysis. The report is logically structured but may have some issues with clarity or referencing. The diagram is relevant but may lack detail. The report structure is difficult to follow, with frequent referencing errors. The diagram adds little value to the analysis. Fails to meet basic academic standards of structure, referencing, or clarity. The diagram is missing or irrelevant.

    Need Help with Your Assignment?

    Post your brief free on TopEssay.com and post your brief free and get expert quotes in minutes.

    Get Expert Help Free →
    WeCreativez WhatsApp Support
    Our customer support team is here to answer your questions. Ask us anything!
    👋 Hi, how can I help?
    Hi, how can I help?