Southampton Solent University
Coursework Assessment Brief
|Unit Title:||Cyber Security Application|
|Unit Leader:||Andy Farnell|
|Assessment Title:||Cyber Security Application Portfolio|
|Restrictions on Time/Word Count:||3000 words|
|Consequence of not meeting time/word count limit:||There is no penalty for submitting below the word/count limit, but students should be aware that there is a risk they may not maximise their potential mark.|
|Issue Date:||21st January 2020|
|Hand In Date:||26th May 2020|
|Planned Feedback Date:||24th June 2020|
|Mode of Submission:||on-line|
|Number of copies to be submitted:||1|
|This assessment will be marked anonymously|
As a motive to writing your portfolio imagine a context, like a company or organisation you work for, for example consider the following scenario (you can pick another if you like as a frameork for your system security portfolio):
Oppression Watch is a rights organisation supplying legal advice, counselling and information to a vulnerable group. Having many political enemies, foreign and domestic, online and offline, the organisation is a high exposure target.
As a member of the software security and privacy task force you are to audit and make recommendations for the transformation of their systems, policies and processes.
Alternatively you may choose your own fictional organisation with complex digital security needs.
You are to consider the areas of:
- Data storage, integrity, privacy, compliance.
- Secure communication for both organisational staff and clients
- System hardening, including servers, offices, and mobile devices
- Personnel and operational security
Your portfolio should include an understanding and appreciation of a range techniques related to the principles and technologies of cyber security in practical application. In particular you should demonstrate awareness of:
- Threat and vulnerability modelling, risk prioritisation
- Anticipation of emerging threats
- Access control, authorisation
- Defensive system design principles, in depth and breadth
- Scope, lifecycle, maintenance and sustainability
- Technologies, options for technical implementation
- Encryption for communications and storage
- Policies , monitoring, response plans
- Cost, roles, skills and human resources
- Trade-offs, compromises and push-backs
A 3000 word concise technical report will for the basis of your portfolio, and it may include screenshots, terminal logs, tables, lists, flow diagrams, or any other appropriate graphics or formulae summarising key techniques and considerations. Emphasise the practical execution of auditing and hardening tasks and comment on difficulties or lessons learned.
Due to the inaccessibility of the labs and the fact that not everyone has access to
virtual machine technology you may either choose to create portfolio material on your own using a terminal emulator, or to submit referenced exerpts of quality HOTO guides (for example StackExchange) to illustrate what you would do. Citations must be given.
Your submission will be assessed against the following criteria:
|Criteria||Below threshold||Grade D||Grade C||Grade B||Grade A|
|Security Engineering principles||Little or no evidence of security thinking. Contradictory, dangerous or misunderstood technique.||Weak security engineering with partial understanding of some key issues.||Viable security thinking with understanding in most key areas. Fair understanding of risks and mitigations.||Good security thinking with some flair for grasping complex risk concepts and some defences.||Broad and deep understanding, holistic integrated approach, pragmatic and balanced. Evidence of complexity thinking. Informed by best practice and relevant policy. Insightful understanding of current and emerging threats.|
|Technologies Implementation Configuration||No technological basis for implementing the process is shown.||Unrealistic implementation or poor choices of technologies. Misconfiguration or misunderstandings of tools.
No substantial plan.
|A plausible set of tools and technologies with proper description of their set-up and use. Some treatment of planning and test.||Extensive set of technical measures and ideas to deal with multiple threats. Evidence of research and understanding of the resources needed to deploy.||A textbook deployment of state-of-the-art solution. Comprehensive, well researched proposal, with milestones, test criteria, depth, redundancy,
cost and skill-set needs.
|Presentation and communication of ideas||Incoherent, unreadable report without structure, substantial content or references.||Poorly structured and written report, lacking strong communicative skills, no use of visual or tabulated data, few or no references, or poor quality research sources.||An adequate report that communicates the key ideas in an effective and concise way. References given as evidence of research reading. Appropriate sourcing.||A good report that concisely but extensively deals with significant scope. Well researched, argued points. Good use of visuals and structure. Great referencing from well chosen high quality sources.||An excellent report with well written, well informed compelling arguments, concise and nicely structured. Clever use of compact visual devices. High quality, up to date research with excellent referencing.|
This assessment will enable students to demonstrate in full or in part the learning outcomes identified in the unit descriptors.
Students are reminded that:
- If this assessment is submitted late i.e. within 5 working days of the submission deadline, the mark will be capped at 40% if a pass mark is achieved;
- If this assessment is submitted later than 5 working days after the submission deadline, the work will be regarded as a non-submission and will be awarded a zero;
- If this assessment is being submitted as a referred piece of work (second or third attempt) then it must be submitted by the deadline date; any Refer assessment submitted late will be regarded as a non-submission and will be awarded a zero.
The University’s Extenuating Circumstances procedure is in place if there are genuine circumstances that may prevent a student submitting an assessment. If students are not ‘fit to study’, they can either request an extension to the submission deadline of 5 working days or they can request to submit the assessment at the next opportunity (Defer). In both instances students must submit an EC application with relevant evidence. If accepted by the EC Panel there will be no academic penalty for late submission or non-submission dependent on what is requested. Students are reminded that EC covers only short term issues (20 working days) and that if they experience longer term matters that impact on learning then they must contact a Student Achievement Officer for advice.
A summary of guidance notes for students is given below:
Any submission must be students’ own work and, where facts or ideas have been used from other sources, these sources must be appropriately referenced. The University’s Academic Handbook includes the definitions of all practices that will be deemed to constitute academic misconduct. Students should check this link before submitting their work.
Procedures relating to student academic misconduct are given below:
The work being carried out by students must be in compliance with the Ethics Policy. Where there is an ethical issue, as specified within the Ethics Policy, then students will need an ethics release or an ethical approval prior to the start of the project.
The Ethics Policy is contained within Section 2S of the Academic Handbook:
The University uses a letter grade scale for the marking of assessments. Unless students have been specifically informed otherwise their marked assignment will be awarded a letter grade. More detailed information on grade marking and the grade scale can be found on the portal and in the Student Handbook.
Guidance for online submission through Solent Online Learning (SOL)