| University | Unitec Institute of Technology (Unitec) |
| Subject | HTCS6701: Information System Security |
| Course No: HTCS6701
|
Information System Security | Level: 6
Credits: 15 |
|
Student Name: |
Assessor Name: |
|
Student ID: |
Programme Name: New Zealand Diploma in Cybersecurity |
|
Assessment Type: Report |
Weighting: 30% Marks: 100 |
| Student declaration
I confirm that:
|
|
| Student Signature: | Date: |
| Assessment Summary | Marks Obtained | Resubmission/Resit | |
| Opportunity 1
Date: |
/ | Yes/No | |
| Opportunity 2
Date: |
/ | Pass/Fail | |
| Total marks obtained | / % | Overall Grade/Result | |
| In signing, I can confirm that this assessment has been marked against the marking rubric of this assessment.
Assessors signature: ………………………………………….. Date: …………………………….
|
|||
Stuck! Do not Know Assessment Answers?
Hire NZ Native Experts 24/7.
Assessment Mapping
After completing this assessment, the student will have met the following learning outcomes related to the graduate profile outcome.
| Graduate Profile Outcome | Learning Outcome | Section 1 | Section 2 |
| Analyse the legal, privacy and ethical impacts of the regulatory environment and organisational decisions, to advise decision makers on cybersecurity implications and organisational obligations applicable to a particular situation. | 3. Analyse the impact of legal, privacy and ethical factors on organisation’s information system security decisions. | ü
|
ü
|
Assessment instructions:
- This is individual and compulsory assessment.
- Read the scenario provided carefully on page 3.
- Your analysis should be research based and findings must be presented in form of report.
- Correctly reference your used sources in-text and include a full reference list at the end of the report, using APA 7thedition or IEEE guidelines.
- Report must have formal structure with a count of 2000-2500 words [+/- 10%], excluding reference list, table of contents, or any other administrative sections.
- Your report must be professional and organized. A recommended format for the report is:
a. Executive Summary
b. Table of contents
c. Introduction
d. Analysis (section 1 and 2)
e. Conclusion
f. References
Assessment submission instructions:
- Your report must be presented in the format stated above and must have margins and page numbers.
- Upload your report to the Moodle link “Upload Report here”.
Read the scenario given below carefully
You have just completed the ‘New Zealand Diploma in Cyber Security (Level 6)’ from Unitec, Auckland and have landed with a job at Google as a Security Analyst on their SOC team. Late one night, you are investigating an alert and upon auditing the email logs, you see communications between the CISO and a Russian Actor. Upon review, it appears that the CISO has fallen for a phishing attack, data has been breached and they want BTC in return.
You contact the CISO who admits falling for the attack and having knowledge about the breach. He’s been dealing with APT-1, a hacking group dealing in data breaches, in an attempt to get the data back.
Apparently they have Google’s data with 1.5 million clear-text user names and passwords, via a phishing attempt targeting an unpatched Microsoft IIS server [GOOG-2265456]. APT-1 have provided proof and the CISO tells you they have been in the system since January. The attack vector was via a phishing attempt and he was the one to click the link.
He is considering whether to disclose the breach or keep it quiet as no one knows yet except for you.
He has asked you to quietly conduct a security audit on the company’s infrastructure to check for any signs of malware and to ensure the malware has really gone. He warns you to be careful about making any mistakes as he does not want the situation to worsen and asks that you just check the processes and memory, looking for indicators of compromise.
Google has clients throughout Europe, the United States, New Zealand and other developed nations.
He tells you that he has been offered the data back from the hackers, via encrypted email. The hackers are known as APT1 and have demanded $10 Million NZD-BTC in return for the information and if the money is not paid, the data will be dumped on the Dark Web for Auction. This could affect public confidence, perceptions and reputation as well as potentially opening the way for various legal and civil issues. It could also impact his position within the company.
He trusts you as a recent graduate of the New Zealand Diploma in Cybersecurity to have the knowledge, ability and discretion to assist him. He asking you to conduct an analysis of the impact with legal, privacy, reputational and ethical factors on the Google’s information system security decisions and present the findings in form of report on his desk by 8AM Monday the following week.
You commence an audit of GOOG-2265456 and see an interesting file hidden in a file-share named ‘APT-finance.docx’. Upon clicking this document, the server begins to respond slowly and you can see file extension names being changed to ‘.Lockbit’. You decide to quickly shut down the GOOG-2265456 and delete the logs in an attempt to stop the spread and to cover it up.
Buy Custom Assignment & Homework Solutions
Pay to NZ Native Writers | Cheap Cost & Plag Free
In your report to Google, you must include the following:
Section 1. The Initial data breach and the obligations to disclose
Question 1
[20 marks]
- Analyse the impact to both Google and the CISO personally as to the discission as to disclose or not disclose the initial data breach (considering legal, civil, privacy, reputational and ethical factors)
Your response must include the relevant parts and/or principals of any acts that govern the Google data (either at rest or transit). Refer to National and International Law, treaties and/or other aspects).
Question 2
[10 marks]
- Analyse the various penalties for non-disclosure when sustaining a data breach and back this up with a brief case study.
In your analysis refer to National and International law and/or other aspects.
Question 3
[10 marks]
- Analyse any legal and/or work-related impact for the CISO who introduced the malware to the network. This is the person who clicked the hyperlink and as a result, infected the company servers with the malware. Also consider his current position of wanting it kept quiet. Consider legal, ethical and reputational damage.
Section 2. The Audit of the company’s infrastructure
Question 1
[15 marks]
- Based on the likelihood of you now introducing malware into the impacted server, analyse any legal, reputational and ethical fall-out (impact) on you and google for going out of scope in this engagement. Research a brief case study to underscore your findings.
Question 2
a. Analyse the ethical differences between the three hacking hats and comment on where your own actions put you. [10 marks]
b. Recommend on whether the CISO should pay for the data to be returned. [10 marks]
Marking Scheme
| Marking Scheme | ||||
| Maximum
Marks |
Your mark | Comment | ||
| Executive summary and introduction | 10 | |||
| Section 1 | Question 1 | 20 | ||
| Question 2 | 10 | |||
| Question 3 | 10 | |||
| Section 2 | Question 1 | 15 | ||
| Question 2 (a) | 10 | |||
| Question 3 (b) | 10 | |||
| Conclusion | 5 | |||
| References | 5 | |||
| Report format | 5 | |||
| Total | 100 | |||
In quest for a professional assignment help?
Flexible rates compatible with everyone’s budget
Assessment 1 Marking Rubric
| Excellent | Good | Pass | Need to improve | |
| Executive summary and introduction [10 marks] | Detail executive summary which provides a clear overview of the report summarising the key points required in the report.
The purpose of the report is clearly explained, the impact for the company is clearly identified and a clear outline of the content of the report is provided in the introduction. However, minor error or corrections may exist. [10 – 8] |
Executive summary provides an overview of the report summarising the key points required in the report.
The purpose of the report is explained, the impact for the company is identified and the outline of the content of the report is provided in the introduction. [7- 6.5]
|
The executive summary is limited in detail and provides an overview of the report without clearly summarising the key points required in the report.
The purpose of the report is explained, the impact for the company may or may not be identified properly and outline of the content of the report has some errors. [6 – 5] |
Very limited in detail with illogical overview of the report and little explanation. And/or The purpose of the report is not clearly explained, and/or the impact for the company is not identified properly. [4 – 0] |
| Section 1 | ||||
| Question 1
Analyse the impact of legal, privacy and ethical factors on disclosure vs non-disclosure of the data breach. [20 marks]
|
Analysis includes identification of relevant NZ laws with the Privacy act with details and International Law and Treaties. Also, include the relevant parts and/or principals of any acts that govern the Google and IT data (either at rest or transit). Details surrounding GDPR and the relevant issues surrounding non-disclosure are clearly provided. Ethical and moral values with disclosure and maintaining public confidence and trust are discussed in detail. However, there may be minor errors in the analysis.
[20 – 16] |
Analysis includes identification of relevant NZ laws with the Privacy act with some details and International Law and Treaties. Also, include the relevant parts and/or principals of any acts that govern the Google and IT data (either at rest or transit). Details surrounding GDPR and the relevant issues surrounding non-disclosure are provided. Ethical and/or moral values with disclosure and maintaining public confidence are discussed. However, some key points are not addressed properly.
[15 – 13] |
Analysis includes identification of relevant NZ laws with the Privacy act with some details and International Law and Treaties. Also, include parts and/or principals of some acts that govern the Google and IT data (either at rest or transit). GDPR and some relevant issues surrounding non-disclosure are provided. Ethical or moral values with disclosure and maintaining public confidence are discussed. However, key points are missing or not addressed properly. [12 – 10] | Analysis fails to identify the relevant NZ laws with the Privacy act and/or no or little mention to International Law and Treaties. And/or Fail to include parts and/or principals of acts that govern the Google and IT data. And/or GDPR and some relevant issues surrounding non-disclosure are not provided or addressed properly. And/or Fail to discuss ethical or moral values with disclosure and maintaining public confidence.
[9 – 0] |
| Section 1 | Excellent | Good | Pass | Need to improve |
| Question 2
Analyse the penalties for non-disclosure and sustaining a data breach. [10 marks]
|
Provide robust discussion surrounding both transnational and national law with regard to GDPR, CCPA. To then consider the same issues with regards to the national framework with the new Privacy bill, current Privacy act [10 – 8] | Provide basic discussion surrounding transnational law with regard to GDPR, CCPA. To then consider the same issues with regards to the national framework with the new Privacy bill, current Privacy act [7 – 6.5] | As per good, but missing two elements of national or transnational law.
[6 – 5] |
No reference to National or transnational law or missing more than two key elements
. [4 – 0]
|
| Question 3
Analyse the legal/work related impact for the victim of the phishing attack. [10 marks]
|
Legal, ethical, employment and civil ramifications with regard to employment after falling for a phishing attack are analysed in detail. However, there may be minor errors in the analysis.
[10 – 8] |
Missing one of the following from the analysis with regard to employment after falling for a phishing attach:
Legal Ethical, Employment Civil [7 – 6.5] |
Missing two of the following from the analysis with regard to employment after falling for a phishing attach:
Legal Ethical, Employment Civil Or, the analysis is generic in nature and does not relate to the scenario. [6 – 5] |
Not reference to the scenario, and missing two or more of the following:
Legal Ethical, Employment Civil And/Or, the analysis fails show the impact of the phishing attack on the victim. [4 – 0] |
| Question 1
Based on the likelihood of you now introducing malware into the impacted server, analyse any legal, reputational and ethical fall-out (impact) on you and google for going out of scope in this engagement. Research a brief case study to underscore your findings. [15 marks]
|
The legal and ethical impact on the company and individual are analysed in detail. This includes evidence of risk-avoidance principals and consideration of the benefits of having a pen testing contract in place to set out scope and responsibility, including what to do if the pen-test goes wrong and there is an emergency. However, minor error or corrections may exist. There is also a case study provided [15 – 13] | Missing a case study or consideration of a binding contract. [12 – 9]
|
Missing a case study and consideration of relevant laws
[7 – 8]
|
Fail to analyse the legal and/or ethical impact on the company and/or fail to identify where risks could occur and/or no contractual benefits discussed.
[6 – 0]
|
| Question 2 (a)
Analyse the ethical differences between the three hacking hats. [10 marks]
|
The three hacking hats are identified correctly. The ethical differences between the three hacking hats are analysed in detail.
However, minor error or corrections may exist. [10 – 8] |
The three hacking hats are identified correctly. The ethical differences between the three hacking hats are analysed. However, some key differences are missing or not addressed properly.
[7 – 6.5]
|
The three hacking hats are identified. The ethical differences between the three hacking hats are analysed. However, key differences are missing or not addressed properly.
[6 – 5] |
Fail to correctly identify the three hacking hats and/or fail to analyse the ethical differences between the three hacking hats.
[4 – 0] |
| Question 2 (b)
Recommend on whether the CISO should pay for the data to be returned. [10 marks] |
Recommendation is based on the situation mentioned in the scenario and is supported with valid justification. However, minor error or corrections may exist.
[10 – 8] |
Recommendation is based on the situation mentioned in the scenario and is supported with valid justification. However, some key points are missing or not addressed properly. [7 – 6.5]
|
Recommendation based on the situation mentioned in the scenario but is not supported with a valid justification or the provided justification is weak. [6 – 5]
|
Recommendation is provided but does not relate to the situation mentioned in the scenario or fail to provide an appropriate recommendation and/or fail to support with a valid justification or the provided justification is weak.
[4 – 0] |
| Conclusion
[5 marks] |
The conclusion clearly summaries the key points of the analysis of the legal, privacy and ethical impact.
However, minor mistakes or corrections may exist. [5 – 4] |
The conclusion summaries the key points of the analysis of the legal, privacy and ethical impact. However, some key points are missing or not addressed properly. [3.5] | The conclusion summaries some of key points of the of the analysis of the legal, privacy and ethical impact. However, many key points are still missing or not addressed properly.
[2.5] |
The conclusion fails to summarise majority or all the key points of the analysis.
[2 – 0]
|
| Referencing
[5 marks] |
This report is correctly referenced in APA 7th edition style or IEEE guidelines. In-text references and the reference list are correctly formatted with no errors or omissions. [5 – 4] | This report is referenced in APA 7th edition style or IEEE guidelines, but contains limited errors in:
in-text referencing or the reference list. [ 3.5] |
This report is referenced in APA 7th edition style or IEEE guidelines but contains numerous errors in
in-text referencing or the reference list. [2.5] |
This report is not referenced in APA 7th edition style or IEEE guidelines. It contains significant errors in in-text referencing or the reference list, or is completely missing in-text referencing or a reference list.
[2 – 0] |
| Report format
[5 marks] |
Report must include: executive summary, table of content, introduction, analysis, conclusion and references.
All the required criteria are covered and strong in all areas. [ 5] |
Report must include: executive summary, table of content, introduction, analysis, conclusion and references. Most of the required criteria are covered but weaknesses are identified in two areas.
[3.5] |
Report must include: executive summary, table of content, introduction, analysis, conclusion and references. Most of the required criteria are covered but weaknesses are identified in three areas.
[2.5] |
Report format may not be based on the criteria given. Weaknesses are identified in four or more areas.
[2 – 0] |
Stuck! Do not Know Assessment Answers?
Hire NZ Native Experts 24/7.
Many students find HTCS6701 information system security assignments hard because they involve legal rules, privacy, and ethical issues. If you are stuck with tasks like analyzing data breaches, checking security risks, or understanding regulations, expert help can save you time and stress. Our team at NZ Assignment Help offers diploma assignment help that is 100% original, AI-free, and meets NZ Cybersecurity standards. Get reliable support and finish your assignments with confidence today.
- Postgraduate Diploma in Health Sciences Assignment – Pain, Pain Assessment and Pain Management for Health Professionals
- BSYS601 Business Process Management Workshop Individual Assignment 3
- MAMC01803 Level 8 Analytics for Managers Assessment 2 Analysis Report
- MAMC01803 Level 8 Analytics for Managers Assessment 1 Report
- Health Issue of Pacific Assignment: Addressing Type 2 Diabetes in Pacific Communities Through Evidence-Based Nursing Practice and Tanner’s Model of Clinical Judgment
- AM804001 Project Management Assessment 1 Case Study
- Level 5 MGT502 Introduction to Human Resource Management Assignment 1
- PROPERTY 261 Property Economics Assignment Essay Semester 2 2025
- 230210 Tū Rangaranga Global Citizenship and Conflict/Poverty and Inequality Assignment 4 Essay
- Tipu Ora: Perspectives In Violence and Trauma Assignment 3
