What could be the possible motives behind Business Email Compromise attacks within the Energy Sector?

ASSESSMENT BRIEF

L7 Cyber Security Management and Compliance

Key Details and Requirements

Submission deadline: Thursday 13 June 2024, no later than 16:30pm (UK local time)

Learning outcomes:

Successful students will typically have a knowledge and understanding of:

  • Advanced and current concepts and issues of information environment risks, vulnerabilities and threats.
  • Managing an information environment in terms of deterrence, detection, protection and reaction to incidents.
  • A systematic application of the methods and procedures used within the cyber security field under the context of risk and threat assessments.

 Successful Students will typically be able to:

  • Critically demonstrate self-direction and creativity in managing the security of an information environment at the strategic, tactical and operational levels, effectively developing information security policies.
  • Use initiative to autonomously conduct and manage a risk assessment of a complex and unpredictable environment.

Assessment details: Individual Portfolio (Tasks and activities accumulated over the semester; equivalent to 2,500 words), 100%

Referencing: Students are expected to use Harvard Referencing throughout their assignments where required. Please follow the Harvard Referencing Handbook for all your assignments at the ULBS.

Submission Method: Turnitin - Your work will be put through Turnitin. All submissions will be electronically checked for plagiarism and the use of AI software.

You have the option to upload your work ahead of the deadline, more than once. ULBS will be reviewing your last submission only. You can only upload one file. For example if your work contains a word document and power point slides/Excel spreadsheet you will need to copy your slides/spreadsheet into the word document.

ULBS Assessment Office Contact Details

The ULBS Assessment Office are here to help should you have any non-academic questions related to your assessments. You can contact them at AssessmentOffice@law.ac.uk

Note: Keep in mind that self-plagiarism (when you reuse your own specific wording and ideas from work that you have previously submitted without referencing yourself) is also a form of plagiarism and is not allowed.

ASSIGNMENT DETAILS

In responding to all the tasks below you are required to use frameworks and concepts which have been covered in the delivery of this module.

Task 1 (LO 1, 4, and 5)

Consider the following use case:

Business Email Compromise is a broad set of attacks that are extremely common across the enterprise. As part of your role as a cyber security professional in a Energy Sector company, you have been requested by the CEO to prepare a report at the next company townhall on this issue.

Your report must cover the following points:

  • What could be the possible motives behind Business Email Compromise attacks within the Energy Sector?
  • What are the potential impacts of Business Email Compromise attacks on an organisation within the Energy Sector? Apply the "Risk Wheel" elements to discuss risks related to operational disruptions, compromised safety systems, and financial losses. 

Task 2 (LO 2, 4, and 5)

Consider the learning experiences in enterprise security, specifically within the energy sector. Picking a company within the Energy Sector (a provider or distributor), discuss the following:

  • Identify and discuss the key attack vectors that are applicable from an enterprise security perspective, in the context of the Energy Sector.
  • Outline the recommended approach to operational processes such as Patch Management, Vulnerability Management, Change Management, in the context of the Energy Sector
  • Provide recommendations on any tools that you would recommend facilitating these processes. Use your chosen company/organisation to give your response the necessary context.
  • Discuss how your recommendations contribute to an overall approach to Holistic Risk Management, for your chosen company/organisation. Refer and link the discussion with themes and/or models covered in class.

Task 3 (LO 3, 4, and 5)

Consider the user security of a software development for the Energy Sector.

  • Identify and discuss the key attack vectors that are applicable from an employee perspective, in the context of your chosen organisation, linking this to the discussions in class?
  • Outline your approach to security awareness training that you plan to adopt for the employees of your chosen company/organisation? Which employee-groups would you prioritise, if any in particular, and why/why not? You are encouraged to link the discussion to themes and topics discussed in class.
  • Identify and discuss technical controls that you propose to deploy to combat the risks of phishing attacks, in the context of your chosen organisation, linking it to the various models discussed in class.
  • Recommended and justify a suggested approach to provisioning user access to the systems. 

Task 4 Summary Report

Once you have completed individual tasks, you should write a summary report (maximum approx. 1,000 words – keep in mind you have already written a brief analysis per entry). In this report you would bring all your tasks together to summarise your overall take on the cyber security management and compliance of your chosen company/organisation, along with a summary of your recommendations. As before, these need to be grounded in academic and non-academic sources, evidenced through in-text citations and inclusion of these sources in a List of References, according to Harvard Style of Referencing.Advanced and current concepts and issues of information environment risks, vulnerabilities and threats.

Portfolio instructions:

  • Any write-up in the Portfolio should be written in font size 11, single spacing.
  • With each entry (item/artefact) you put in your portfolio, you should write a brief summary of why you have chosen this particular item/artefact and how it touch on them of that particular section. You should then analyse it in accordance with the tasks as they are laid out in the instructions above.
  • Proper citations are essential. All tasks require referencing academic and other sources, listed in a Harvard Referencing style, present a reference list at the end of the Portfolio. Whenever you use external sources (pictures, definitions, line of argumentation), clearly state this at the of the sentence or paragraph by providing a reference to the original article using Harvard Referencing style.What could be the possible motives behind Business Email Compromise attacks within the Energy Sector?

Please refer to the marking criteria (below) for a breakdown of how the tasks will be marked.

Assessment Criteria

GRADE DESCRIPTORS

 

 

 

 

 

MARKING CRITERIA

 

 

 

 

 

 

Mark Weight

FAIL (0 - 49%)

PASS (50 – 59%)

COMMENDATION (60 – 69%)

DISTINCTION (70-100%)

Exhibits an unsatisfactory grasp of the issues.

Primarily descriptive and lacking in independent critical thought. Weak or no attempt at analysis, synthesis and critical reflection. Little evidence of ability to tackle the

issues. Poor structure/grammar/

Satisfactory grasp of the issues, with limited independent critical thought appropriate to the tasks.

Material is largely relevant to the tasks. Some evidence of analysis, synthesis and critical reflection. Work is presented in acceptable manner, with some minor errors.

Good/very good understanding of the issue with some independent critical thought and approach to the tasks. Good attempt at analysis, synthesis and critical reflection, with evidence of some ability to tackle issues. Work is clearly presented in a fairly well organised manner.

Excellent level of understanding.

All requirements are dealt with to a high standard. Excellent analysis, synthesis and critical reflection. Evidence of independent and original judgement in relation to resolution of problems Excellently presented.

Knowledge & Understanding: Critical analysis and reflection on the extent of the issue across use cases, using appropriate literature.

 

15

 

 

 

 

Task 1: Thoroughly presenting and conducting a detailed analysis of the concepts outlined in Task 1, supported by appropriate literature.

 

20

 

 

 

 

Task 2: Thoroughly presenting and conducting a detailed analysis of the concepts outlined in Task 2, supported by appropriate literature.

.

 

20

 

 

 

 

Task 3: Thoroughly presenting and conducting a detailed analysis of the concepts outlined in Task 3, supported by appropriate literature.

 

20

 

 

 

 

Conclusions: Conclude the report by providing an overall reflection and critical analysis of data security principles using appropriate references specific to each of the three tasks.

 

 

15

 

 

 

 

Structure & Organisation: Overall structure and cohesiveness of the Portfolio and the summary report is excellent, with a good and logical flow.

 

10

 

 

 

 

 

100% Plagiarism Free & Custom Written, Tailored to your instructions