COIT20249 Assessment Details

Assessment Item 3—Report

Due date: 11:55 pm AEST, Friday, Week 10

Weighting: 40%

Length: 2500 words ± 250 words (excluding title page, executive summary, table of contents, reference list, and appendices)

Objectives

This assessment item relates to the unit learning outcomes focused on professional communication, critical analysis, research skills, and academic report writing. The task requires students to apply the ARE (Analyse, Research, Evaluate) process to investigate a practical scenario, synthesise findings, and present recommendations in a formal academic report format.

Assessment Task

Students must write a formal academic report following the structure outlined in the prescribed textbook and unit materials. The report must use the CQUniversity APA 7th edition referencing style. See the latest CQUniversity referencing guide at: https://www.cqu.edu.au/student-life/services-and-facilities/referencing.

The report addresses the following cybersecurity case study involving office, remote, and home systems in 2026.

With continued advances in artificial intelligence, generative AI tools, cloud computing, Internet of Things (IoT) devices, and interconnected networks, cyber threats have escalated dramatically. Common attacks now include ransomware, sophisticated phishing using deepfakes, supply-chain compromises, AI-assisted malware, and denial-of-service incidents. Cybersecurity remains essential to protect systems, networks, applications, and data from unauthorised access while maintaining confidentiality, integrity, and availability. Effective measures prevent financial loss, intellectual property theft, personal data breaches, and operational disruption.

Key challenges include remote and hybrid work models, BYOD policies, generative AI adoption, third-party services, cloud dependencies, and IoT proliferation. Most organisations maintain external web presence and connected smart devices, increasing exposure. Robust cybersecurity is therefore critical for businesses and individuals alike. Core cybersecurity domains encompass network security, cloud security, endpoint protection, identity and access management (IAM), zero-trust architecture, cryptography, intrusion detection/prevention systems (IDS/IPS), and data loss prevention (DLP).

You work as a Security Consultant for a leading Australian cybersecurity consultancy serving businesses, government, and individuals. A client, ABC Technologies (ABCT), recently suffered multiple cyberattacks and seeks documentation to educate staff on cybersecurity fundamentals.

ABCT is an Australian high-tech firm producing software and hardware solutions, with offices nationwide and two international sites. All services route through a virtual private network (VPN) hosted at the Canberra head office. Employees work remotely via VPN or onsite under a Bring Your Own Device (BYOD) policy. Each office offers free guest Wi-Fi. ABCT serves 12,000 customers and stores all client and product data in the cloud. The company recently integrated generative AI tools for development and customer support. Following recent breaches, ABCT fears data compromise, customer information exposure, trust erosion, and revenue decline. They aim to strengthen security policies and systems.

As initial support, prepare a staff training report covering:

1. Define cybersecurity and explain its importance to ABCT.
2. Identify and justify at least three security vulnerabilities in ABCT’s systems, supported by current research.
3. Research and detail five emerging cyber threats relevant to ABCT in 2026, including potential damage, likely perpetrators, and techniques.
4. Research and provide at least three practical recommendations to protect office and home systems from cyberattacks.

Assume details consistent with the case study where needed, incorporating them in the introduction. Avoid contradictory or irrelevant assumptions.

Report Structure (approximate word counts)

1. Title Page (not in word count): Unit code/name, assessment number, title, due date, actual word count, student details, lecturer/tutor, coordinator.
2. Executive Summary (max 1 A4 page, not in word count): Purpose, problem, investigation method, key findings, recommendations.
3. Table of Contents (auto-generated in MS Word, not in word count).
4. Introduction (~250 words): Organisation overview with assumptions, problem context, report aims, objectives (tasks), research approach, section outline.
5. Body (~1850 words): Use meaningful headings/subheadings. Define key terms, analyse tasks with research integration.
6. Conclusion (~250 words): Restate purpose, findings, significance, limitations, objectives met, future considerations.
7. Recommendations (~150 words): 3–5 specific, actionable steps based on findings.
8. Reference List (not in word count): APA 7th format.
9. Appendices (if needed, not in word count).

Other Requirements

Use at least 10–15 current references (2021–2026), with ≥6 from peer-reviewed journals/conferences. Apply the Triple R framework (relevant, reliable, reputable) during research—do not include the evaluation in the report. Write in your own words with accurate APA in-text citations. Prepare in MS Word: Times New Roman 12pt, 1.5 spacing, 2.54 cm margins.

Students produce an approximately 8–10 page professional report analysing cybersecurity issues in a technology company case study, covering importance, vulnerabilities, emerging threats, and practical recommendations using current research.

Cybersecurity involves practices, technologies, and processes that protect digital assets from unauthorised access or attack. For ABCT, it directly safeguards cloud-stored customer data, intellectual property in AI-assisted products, and operational continuity across distributed offices. Recent breaches demonstrate how vulnerabilities in VPN configurations or BYOD devices can expose sensitive information to ransomware operators seeking financial gain. Strong defences preserve customer confidence and prevent revenue loss from downtime or regulatory fines. The Australian Signals Directorate notes that small-to-medium businesses faced over 70,000 cyber incidents in 2022–2023, with many linked to remote access weaknesses (Australian Cyber Security Centre, 2023). Generative AI adoption introduces additional risks, such as model poisoning or prompt injection attacks that could compromise proprietary algorithms. Proactive cybersecurity therefore supports ABCT’s innovation while reducing exposure in an increasingly AI-driven threat environment. Multi-factor authentication, regular employee training, and zero-trust principles offer practical starting points for improvement.

References

• Australian Cyber Security Centre (2023) Annual cyber threat report 2022–2023. Available at: https://www.cyber.gov.au/sites/default/files/2023-11/ACSC-Annual-Cyber-Threat-Report-2022-2023.pdf (Accessed: 10 February 2026).
• Offner, K. et al. (2023) ‘Towards understanding cybersecurity capability in Australian healthcare organisations: a systematic review of recent trends, threats and mitigation’, Intelligent Systems with Applications, 17, p. 200188. doi: 10.1016/j.iswa.2023.200188.
• Zwilling, M. et al. (2022) ‘Cyber security awareness, knowledge and behavior: a comparative study’, Journal of Computer Information Systems, 62(1), pp. 82–97. doi: 10.1080/08874417.2020.1712269.
• Sadik, S. et al. (2023) ‘A review of the current state of cybersecurity in the banking industry’, Computers & Security, 133, p. 103389. doi: 10.1016/j.cose.2023.103389.
• Furnell, S. and Shah, J.N. (2023) ‘Still not getting it: phishing and the enduring failure of security awareness’, Computer Fraud & Security, 2023(4), pp. 12–17. doi: 10.1016/S1361-3723(23)00042-8.