SITA cyber-attack part II: report
Task It can be useful to look at cyber-attacks in the news to prepare ourselves for similar events. While the available information may be lacking, by analysing current events we can build scenarios to gain insights into adversary tactics, techniques and procedures as well as defences which we can adopt to mitigate similar attacks. This […]
SITA cyber-attack part I: presentation
Task Research recent cloud security incidents with prominent media coverage, and identify one to study for this exercise. For the incident you select, you will then create a five-minute presentation with a voice-over discussing the following: Describe the nature of the attack. Who is the attack actor or who was responsible for this attack? What […]
Aviation cybersecurity oversight presentation
Task In this assessment you will consider the policy implications of your new Cyber Strategy, highlighting and explaining two policy statements which support the strategy. These implications will be communicated through a presentation (5-minute recorded video presentation), and an executive brief document (1-page written summary). The presentation and brief will be aimed at the executives […]
Aviation cybersecurity oversight strategy
Task As we have previously discovered, cybersecurity in the aviation sector is an emerging field. In light of other countries introducing specific aviation cybersecurity regulation and the failed Transport Security Amendment (Critical Infrastructure) Bill 2022, Australia seems to be lagging in this area. Although the Department of Home Affairs is responsible for cybersecurity, when it […]
Risk assessment consulting report
Around the globe, car rental companies rely on technology for operating in an efficient and responsive manner. Here at RideWell we use a website and app for making and managing bookings which integrate into our back of house systems, which allows us to manage our fleet, manage customers and receive and make payments. These systems […]
Quantitative vs qualitative
Continuing on from our recent presentation to make a case for advanced cyber risk monitoring, RideWell’s management team would like your view and recommendation on whether a qualitative or quantitative risk assessment method would be the best option to help evaluate cyber risks within RideWell in the short term and why. Task Prepare a memo […]
Advanced Cyber Risk Monitoring
The cyber security industry is increasingly recognising that they need to adopt mature risk management and monitoring practices in order to elevate the profession and function. The move to this paradigm will allow security practitioners to deliver better value to organisations. Task Place yourself in the shoes of a new cybersecurity manager who has recently […]
Improvements to the Privacy Act
An area of the Privacy Act that could be improved is consent in regards to Privacy Principle 3 – collection of solicited personal information. The definition of consent in the Privacy Act is quite loose, being defined at 6(1) “consent”: “express consent or implied consent” (Privacy Act 1988, 2022). There are a number of places […]
Data breach notification
The Notifiable Data Breach scheme seemed so simple back when I started this Master’s degree. Now we are exploring its intricacies in my Cyber and the Law course. Let’s look at a a scenario and how the law applies to a breach. Scenario A large national accounting/tax firm, which handles the personal tax returns of […]
Financial inclusion, digital ID and cyberwar
In this final assessment I looked the current and emerging cyber security vulnerabilities of financial inclusion. In answering this question I looked at what financial inclusion and digital identity are, and how are they correlated. I then described three significant cyber threats posed by financial inclusion projects and how they can be controlled by applying the ACSC […]