ICT 506 Fundamentals of Cyber Security

Assessment 2

Case Study (Individual)

Learning Outcomes Covered

ULO.1.7 Demonstrated understanding of the fundamental principles of cybersecurity and
demonstrated capacity to interpret, apply, and evaluate the relevant security tools and approaches
to identify and mitigate threats, attacks, and common vulnerabilities.
ULO.4.4 Demonstrated high level of written and verbal communication skills relevant to the
planning, design, and implementation of a technical solution.

Submission Details
• This is an individual assessment.
• You must submit your answers in a word or pdf format on the Turnitin link available on the
Moodle.
• The assessment carries 30% weightage and is marked out of 30.
• Your answers should not be more than 500 and not less than 300 words per question.
• Your similarity index should be less than 30%.
• The deadline to submit your work is by Friday week 8, 5 PM.

After submitting the report, in week 9, each student will have a 3-5-minute interview with the
lecturer in which needs to explain the findings of the report and demonstrate understanding of the
content. In addition to the criteria stated in the assessment briefing for evaluation of the written
report, the final mark also depends on the performance of the student in the interview.

Use of AI generative tools is fully prohibited in this assessment.

 Anzaw Pty Ltd Case study
With its headquarters in Sydney and a branch in Brisbane, Anzaw Pty Ltd operates state-of-the-art
automobile manufacturing lines. Using significant amounts of automation and advanced
technology in its production lines, together with augmented reality for designing its cars of the
future, Anzaw also embraces big data and artificial intelligence throughout its operations. Anzaw’s
organisational functions are world-class.
The headquarters’ ICT Infrastructure is shown in Figure 1. The key servers used by Anzaw Pty
Ltd are Web Server, Database Server and Mail Server. The purposes of these servers are:

− Web Server: Hosts the Website of the Anzaw Pty Ltd

− Database Server: Hosts the designs and manufacturing details of various cars
− Mail Server: Used for receiving and sending emails
Anzaw Pty Ltd would like to take advantage of scalability and on-demand resources provided by
Cloud Computing and are interested in adopting a Hybrid Cloud deployment model in the future.

Given the competitive nature of the automobile industry, and situated within a complex and
dynamic external environment, Anzaw requires their production lines to be optimised continuously
through the use of the latest cutting-edge hardware and software technology systems. In turn, these
systems need to deliver not only high levels of work-flow but also high levels of information
security. Information security is increasingly important as the company’s technological vision and
goals now extend to their automobiles through technological innovation and breakthroughs
associated with using the Internet of Things (IoT). Indeed, Anzaw currently feels it is vulnerable
to several types of malicious cyberattacks that aim to capture valuable business information in
order to sell such information in the black market. Despite these dangers, the management at
Anzaw has had little time to focus on areas of information security vulnerability. Therefore, they
have hired you as an independent information security consultant to advise them on various aspects
of information security issues and vulnerabilities.
 Figure 1: Infrastructure of Anzaw Pty Ltd

Assuming the role of an independent information security consultant, use information given in the
case study to answer the following questions.

1. Discuss the existing security landscape pertaining to information systems of Anzaw Pty Ltd,
including common vulnerabilities, potential threats, and possible repercussions of a security
breach.
(Note: general descriptions/definitions about vulnerabilities and threats will receive no marks.
You must:
i. explain where exactly in the given case and network topology you found the vulnerabilities/threats
ii. what are the consequences of each identified vulnerability/threat)

(10 marks)

2. Demonstrate your knowledge of important security tools such as authentication, access

control, and cryptographic techniques that should be used within the Anzaw Pty Ltd to
protect the information systems.
(Note: general descriptions/definitions about security tools will receive no marks.
For each selected tool, you must explain:
i. the reasons for choosing it,
ii. how the tool should be deployed and integrated with the given network architecture and topology,
iii. how would it protect the information systems.)
(10 marks)

3. Analyse and explain various security technologies, scanning and probing tools that Anzaw
Pty Ltd should use to master the best practices in protecting information.
(Note: general descriptions/definitions about security technologies, scanning and probing tools will receive
no marks.
For each selected item, you must explain:
i. the reasons for choosing it,
ii. how should it be deployed and integrated considering the given network architecture and topology,
iii. how would it help to implement best practices for protecting information.)
(10 marks)