Professional Documents
Culture Documents
Criteria
Unit code, name and release number
Cl_CyberAware:
BSBXCS301 - Protect own personal online profile from cyber security threats (1)
Student details
Student number
Student name
Assessment declaration
Note: If you are an online student, you will be required to complete this declaration on the
TAFE NSW online learning platform when you upload your assessment.
written for me by any other person except where such collaboration has been
authorised by the Teacher/Assessor concerned.
Assessment overview The aim of this assessment is to assess your skills required to:
Assessment Event 2 of 2
number
Instructions for this This is a skills-based assessment that assesses your ability to
assessment demonstrate skills required in the unit.
Observation checklist 1
Assessment feedback
Complete the Observation checklist for each task and activity and
the Assessment feedback to the student. Ensure you have taken a
copy of the assessment if the student has not submitted online.
Ensure you have included your name at the bottom of each page
of documents you submit.
What do I need to do To achieve a satisfactory result for this assessment you must be
to achieve a available at the arranged time to complete all the assessment
satisfactory result? criteria as outlined in the assessment instructions.
What do I need to • TAFE NSW student account username and password. If you
provide? do not know your username and password, contact your
campus or service centre on 131601.
o SMS1
Your confidentiality
The nature of this assessment requires disclosure of some personal information. You are
assured that any information provided in this assessment will be confidential and will not be
shared with any other party other than the Teacher/Assessor.
You should also ensure that you do not disclose this personal information to any of your
classmates.
Written answers
In this assessment you must word-process all your answers. Ensure that your answers are
tidy and accurate with correct spelling and grammar.
Important: Always enter your name on the bottom of each page of the assessment,
including any additional pages.
Screenshots
Where indicated in this assessment, you will be required to provide screenshots and
explanations of your work. Follow the instructions in this assessment to determine which
specific screenshots are required.
Along with the screenshots, you also need to include a short explanation of the work you
have done. Ensure that the screenshots include the date and time on your PC in the lower
right corner.
Resources
Throughout this assessment there are explicit references to a range of resources which may
include software applications, hardware, tools, and website links. At the time of writing this
assessment, the versions and links of these resources were correct. It is expected that over
time this may change.
In addition, your Teacher/Assessor may prefer a suitable alternative resource. They will let
you know if there are any alterations to prescribed resources.
Contact your Teacher/Assessor if there are any issues associated with a resource.
Gelos Enterprises
To gain an understanding of Gelos Enterprises , go to the Gelos Enterprises Cyber Security
Response policies & procedures and read the About Us and ICT Organisational Structure
information.
Your role
You have recently started working for Gelos Enterprises as an ICT Trainee. You have already
completed your induction and are now ready for work.
You have been met by your manager, Terrence Stewart, ICT Security Manager, Gelos
Enterprises. Terrence is highly aware of the risk that cyber security threats pose to the
company. Recently Gelos Enterprises had a cyber breach which was linked back to an
employee using their own devices, to access the Gelos Enterprises network, whilst working
from home.
Before you are allowed to work from home, Terrence has asked that you perform a
thorough review of your own online profile and devices to eliminate any possible cyber
security threats. This is part of Gelos Enterprises Cyber Security policy and procedure.
It contains:
About us
Cyber Security organisational structure
Gelos Enterprises Cyber Security Response policies & procedures
Responding to cyber security threats or breaches - Gelos Enterprises general staff
Online Accounts/Profiles policy and procedures
Gelos Enterprises Banking Policy
Currently in use
>= 8 Characters
Includes symbols
Weak words/numbers
Default/original password
Two-factor
Multi-factor
Biometrics
Loss of reputation
Phishing attack
Extortion
Coercion
Social engineering
Note: This account and/or profile should not be used for anything other than what is
required in this assessment. You will need to delete the account at the end of the
assessment.
See Task 5.1. Also read Your confidentiality.
2. Steps in the creation of the account and show the password used. You will need to:
3. Addition of 2-Step verification with one second step option. You will need to:
5. Test to confirm that you can logon to Google using the account with two-factor
authentication. You will need to:
Include your screenshots in the following Table 5: Google account creation adjusting and/or
adding more rows when required. Include a short explanation of the contents of the
screenshot.
Include your screenshots in the following table (Table 9), adjusting or adding more rows
when required. Include a short explanation of the contents of the screenshot(s).
b) Confirm that your Google Chrome internet browser software, used on your own
mobile phone, is current. Also confirm that this software is sufficient and not an
alternative, trial, beta, or limited edition.
Use the Google Play or Apple App Store to check this. If this is not available on your
mobile device, then talk to your Teacher/Assessor about how you may provide your
evidence.
Ensure that you use Google Chrome internet browser to perform this task.
Google Play or Apple App Store showing Google Chrome App as Open
Include your screenshots in the following table (Table 10), adjusting and/or adding more
rows when required. Include a short explanation of the contents of the screenshot(s).
Include your screenshots in the following table (Table 11), adjusting or adding more rows
when required. Include a short explanation of the contents of the screenshot(s).
Ensure that you use Microsoft OneDrive to perform this task. Ensure that you use your TAFE
NSW Office 365 student account.
For this task you will need to use your TAFE student email account and Microsoft Outlook.
Include your screenshots in the following table (Table 12), adjusting and/or adding more
rows when required. Include a short explanation of the contents of the screenshots.
This file will not cause any harm, however it does contain a link to an EICAR
file which will be perceived as a virus by MS Defender (or similar) or by the
web browser.
Field Value
a) Implement two (2) techniques to verify the request for information in this email
For this task you will need to use your TAFE student email account and Microsoft Outlook.
Include your screenshots in the following table (Table 14), adjusting and/or adding more
rows when required. Include a short explanation of the contents of the screenshots.
b) Complete a report of this potential security breach using the following Gelos
Enterprises Incident report form after reviewing Gelos Enterprises Cyber Security
Response policies & procedures.
Field Value
Include your screenshots in the following table (Table 16), adjusting or adding more rows
when required. Include a short explanation of the contents of the screenshots.
Field Value
To do this, number the order in which these steps should be followed (1 to 4).
Those steps that should not be part of this process should be marked with an 'X'.
Order (1 to 4)
Step or X
Contact your Gelos Enterprises work colleague to warn them about the
email
Ring the Gelos Enterprises Service Desk Operator to report the incident
b) Complete a report of this cyber security incident using the following Gelos
Enterprises Incident report form after reviewing Gelos Enterprises organisational
policies, procedures and plans.
Field Value
For this task you should have available a copy of the incident report you submitted in Task
3.4 for the email involving a possible cyber security threat.
Your responses will be used as part of the overall evidence requirements of the units.
You should refer to the list of criteria provided in Observation checklist 1 to understand
what skills you need to demonstrate in this section of the assessment. This Checklist outlines
the assessment criteria that will be used to assess your performance.
Maya is keen to discuss the process that you followed when you received the email. This
information will be used to update the Cyber Security Incident Response Plan. This will
include any lessons learned from your logged incident.
In this phone call your Teacher/Assessor will organise for a suitable person, such as another
teacher, student, or industry representative, to play the role of Maya, Gelos Enterprises ICT
Service Desk Operator.
2. Contributing to the update of the cyber security incident response plan including
lessons learned.
Location
If a physical classroom is not available, this ‘phone call’ may be implemented as a tele-
conference (MS Teams teleconference) with the student, ‘Maya’ and Teacher/Assessor
participating.
Resources
None required
Assessor comments
Task Task/Activity (Describe the student’s ability in demonstrating the required skills
# Performed S U/S and knowledge)
OC 1 Participates in ☐ ☐
the post-
incident review
OC 2 Contribute to ☐ ☐
the update of
the cyber
security
incident
response plan
Complete this task, using Google Account management site, to delete the account you
created in Part 2 of this assessment.
Ensure that you use Google Chrome internet browser to perform this task.
3. Test to confirm that you can no longer logon to Google using the account
Include your screenshots in the following table (Table 21), adjusting or adding more rows
when required. Include a short explanation of the contents of the screenshot.
Assessment outcome
Satisfactory
Unsatisfactory
Assessor feedback
Has the Assessment Declaration for this assessment event been signed and dated by the
student?
Are you assured that the evidence presented for assessment is the student’s own work?
Comments: