22603VIC - Certificate IV in Cyber Security

BSBINS401 – Analyse and present research information

Assessment Task 2 – Information Gathering Written Report

Student Name

Student ID

Overview
In this assessment, you will have the opportunity to demonstrate your skills and knowledge in
gathering and organising information on key issues relevant to cyber security. You will conduct
research, analyse your findings, and present your data and findings in a formal written report.

Step 1 Research & Analysis

You will research and analyse a cyber-security issue currently facing Australia. Such research
and analysis can better inform organisations about their choices for equipment, software,
services, and procedures with a view to improving their security posture.

Step 2 Research & Analysis

You will analyse the results of an organisation’s staff survey (See Appendix 1) to better
understand the cyber security awareness of its staff. An organisation can use such information
to better target training for their staff. You will use the results of the survey to create a graph or
graphs that visualises the data.

Step 3 Research Report

After completing the research and analysis described in Steps 1 & 2, you will present your
research & analysis in a formal report.

Your report should be presented using the following structure. Each bulleted item should be
included as a heading on a separate page.
 Title page include:
o Name
o Student ID
o 22603VIC - Certificate IV in Cyber Security
o BSBINS401 – Analyse and present research information
o Assessment Task 2 – Information Gathering Written Report
 Table of contents
 Summary
 Introduction, including your objectives
 Methodology
 Results
 Discussion
 Conclusion and recommendations
 Appendices, if needed
 A reference section that provides the various sources used as a reference for this project

Written Assessment Template v1.1 September 2022

[22603VIC] [BSBINS401] [Assessment Task 2] [1.0] [Nov] [2022] Page 1 of 5

Your report will not be considered sufficient unless it includes a section for each of the headings
shown above.

You are free to make your own choices about how data are best represented in the report and
exactly what you will research and analyse if it is pertinent to the cyber security issues currently
facing Australia. Also, your report should demonstrate at least the following:

 You have gathered and organised information in a format suitable for analysis, interpretation,
and dissemination
o How you have gathered and organised the data is to be explained within the
methodology section of your report
 Clearly defined objectives are stated
o This would be done in the introductory parts of the report
 You have accessed information held by the LetUsCount organisation
o Specifically, the survey results and Staff information will be used for this and so your
report must state where the information was accessed from
 You have checked the validity and reliability of the information you have gathered.
o This could be demonstrated via referencing showing multiple sources, comparison
with peers, noting the information came from a peak body or other methods.
 You have conducted research using online and non-electronic methods
o Access to non-electronic methods is demonstrated via the survey results and staff
information.
o Online research data is accessed using the links provided and other links as you see fit.
These areas need to be mentioned in the methodology section of the report
 You have used a range of technology to gather, organise and analyse information.
o Your report should note the technology used to gather and analyse information.
Again, this will be in the methodology section
 You have stated the suggested acceptable workplace practices and organisational
requirements that LetUsCount could take relative to the analysis output of both tasks
o This will go in the discussion and the conclusion sections of the report
 You have ensured that your conclusions are supported by the evidence.
o This may be demonstrated by including a reference listing of your source material, a
comparison with peers, a comparison between multiple sources, and other methods.
 You have produced your report by the due date

After conducting your research and analysing your findings, use an application such as
Microsoft Word to prepare your report.

Suggested word limit for your report: 500 words plus table/s and graph/s as appropriate.

Instructions
Before commencing the assessment, enter your name and student number in the spaces
provided above.

Written Assessment Template v1.1 September 2022

[22603VIC] [BSBINS401] [Assessment Task 2] [1.0] [Nov] [2022] Page 2 of 5

This assessment must be completed individually.

If you are requested to provide screenshots, paste the screenshot/s into the answer box.
Ensure sufficient screenshots are provided to demonstrate that you have performed the
complete task.

Any word count suggested for written answers is a recommendation only; your answers should
contain sufficient information to demonstrate your understanding of the topic.

All answers must be your own. Plagiarism is not tolerated and will lead to the assessment being
graded as unsatisfactory. You may conduct research before answering, but if you include
information from another source, it should be included in quotation marks and appropriately
referenced.

If your initial response is graded as unsatisfactory, your assessor will provide specific feedback
that can be used to improve your answer. You may re-submit the assessment once after
addressing the assessor’s feedback. Please refer to the Unit Guide for more detailed
information about assessment conditions and resubmission.

Assessment Task
Scenario
You are currently employed as an information security consultant for LetUsCount. You have
been asked to undertake two tasks. The output from those tasks will form the content of a report
that you will create.

Step 1 Research & Analysis

Research and analyse at least one cyber security issue currently facing Australia. LetUsCount
will use this information to better inform their choices for equipment, software, services, and
procedures that can be used to improve their security posture.

There is no specific scenario that needs to be followed for this task. Rather, you are free to
make your own choices about how the data is best represented in the report and exactly what
you will research and analyse.

The requirement is that the assessment criteria are demonstrated within a report and that the
information is pertinent to the cyber security issues currently facing Australia. Some
suggestions are as follows:

 Find the most common current attack types, comparing them to historical data and predicting
future events
 How phishing or other cyber-attacks have changed over time in frequency and/or method?
 Which cyber-attacks are being delivered by which methods (e.g., Email, phone, social
networking, etc.)?
 A comparison of affected age groups or other cohorts such as gender or single males, versus the
location of attacks (e.g., Victoria, NSW, Melbourne, etc.)
 Number of reports of specific cyber-attacks compared against money lost in cyber attacks
 How has wireless attack frequency and/or success changed through the evolution of protocol
changes
 Common methods of protection and their success or failure

Written Assessment Template v1.1 September 2022

[22603VIC] [BSBINS401] [Assessment Task 2] [1.0] [Nov] [2022] Page 3 of 5

  What is the proportion of human error to malicious attacks, and what is the impact of these?
For example, does the human error occur frequently but has relatively low consequences?
 Number of Notifiable Data Breaches over a period
 Which sectors are reporting the most ND breaches?
 Compare failed protections against the success of attacks
 Compare failed attacks against successful protections

Some suggestions for sources of local statistics include the following:

https://www.cyber.gov.au/acsc/view-all-content/reports-and-statistics
https://www.scamwatch.gov.au/scam-statistics
https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-statistics/

Step 2 Research & Analysis

Analyse the results of a LetUsCount staff survey in Appendix A to better understand the cyber
security awareness of its staff. LetUsCount will use this information to better target training for
their staff. Suggestions for improving staff cyber security awareness can be gained from the
analysis of the staff survey results. You will use the results of the survey to create graph/s that
visualise the data. Using the data, you will be able to visualise differences in general
awareness, differences between the two offices, and differences between staff groups. You will
discuss this in your report.

Step 3 Research Report

You are to present your findings and recommendations for both tasks in a formal research
report. It is anticipated that you will need to prepare a report that is approximately 500 words
long to address the aspects of the evidence described above.

Appendix 1 – LetUsCount Data LetUsCount employs the following staff:

Staff Name Position Office

Jan Tinbergen CEO & Founder Footscray
Anneka Frisch Senior Management Accountant Footscray
Paul Samuelson Management Accountant Footscray
Belinda Kuznets Senior Financial Accountant Footscray
John Hicks Financial Accountant Footscray
Kenneth Arrow Senior Bookkeeper Footscray
Vanesa Leontief Bookkeeper Footscray
Cindy Hayek Bookkeeper Footscray
Gunnar Myrdal Bookkeeper Footscray
Susan Kantorovich Bookkeeper Footscray
Simon Koopmans Bookkeeper Footscray
Ambika Sen Office Manager Footscray
Nathan Friedman Senior Financial Accountant Noble Park
Angela Ohlin Financial Accountant Noble Park
Lara Meade Bookkeeper Noble Park

Written Assessment Template v1.1 September 2022

[22603VIC] [BSBINS401] [Assessment Task 2] [1.0] [Nov] [2022] Page 4 of 5

 Harry Simon Bookkeeper Noble Park
Laura Lewis Office Manager Noble Park

Survey results show staff awareness of cyber security issues.

Note that blank spaces indicate an answer of ‘No’.

Staff name Phishing Uses a Identity Social Ransomwa Vhishing Locks

awareness complex theft engineeri re vector awareness devices
password awarenes ng is when
s awarenes understoo away
s d
Jan Tinbergen Yes Yes Yes Yes Yes Yes
Anneka Frisch Yes Yes
Paul Samuelson Yes Yes Yes
Belinda Kuznets Yes Yes Yes Yes
John Hicks Yes Yes
Kenneth Arrow Yes Yes Yes Yes
Vanesa Leontief Yes Yes Yes Yes
Cindy Hayek Yes Yes Yes Yes Yes Yes
Gunnar Myrdal Yes Yes Yes Yes Yes Yes
Susan Yes Yes Yes Yes
Kantorovich
Simon Yes Yes
Koopmans
Ambika Sen Yes Yes Yes Yes Yes
Nathan Yes Yes
Friedman
Angela Ohlin Yes Yes
Lara Meade Yes Yes
Harry Simon Yes
Laura Lewis Yes Yes Yes Yes

Written Assessment Template v1.1 September 2022

[22603VIC] [BSBINS401] [Assessment Task 2] [1.0] [Nov] [2022] Page 5 of 5