SIT284: Cybersecurity Management

Assessment 1 Information

Assessment 1: Case investigation report

This is an individual assessment task and worth 30% (numerically marked) of your overall
mark. This assessment requires you to conduct an investigation of serious security
management issues in corporate organizations and prepare a report based on the findings of
your investigation. Analysing real-life cybersecurity incidents provides you with crucial
insights regarding cybersecurity posture of an organization and a thorough understanding
of details related to the cybersecurity incidents before, during and after the incidents.

Key information
• Due: by 23 August 2021 (week 6) at 8:00PM (AEST)
• Weight: 30% of total mark for this unit
• Length: 2000 words.
• Excessive use of quotes: You are allowed 2-3 direct quotes of no more than 10 words
each.
• Submit: Electronically via CloudDeakin ONLY. No email submission is accepted. No
scanned files are accepted.
• Late submission: Assignments submitted late will be penalized (5% per day for 5 days).
• Referencing: at least 3 references (extra to the page limit) in a style of
your choice but must be consistently formatted. Visit Deakin portal
http://www.deakin.edu.au/students/studying/study-
support/referencing/harvard for Harvard referencing style.

Learning Outcomes
This assessment assesses the following Unit Learning Outcomes (ULO) and related
Graduate Learning Outcomes (GLO):

Unit Learning Outcome (ULO) Graduate Learning Outcome (GLO)

• ULO2: Assess security risks, threats and GLO 1: Discipline-specific knowledge and
vulnerabilities to the organization and capabilities
implement appropriate information GLO2: Communication
security protection mechanisms.
GLO 4: Critical thinking
• ULO3: Conduct investigation of security
GLO 5: Problem Solving
management issues in organization by
analysing requirements, plans and IT
security policies.
SIT284: Cybersecurity Management
Assessment 1 Information

Brief description of assessment task

In this assignment, you will prepare a case investigations report for the board of a
Marriott International.
Marriott International, the popular hotel chain, experienced a new data breach in mid-
January 2020, affecting up to 5.2 million guest records globally. This is the second data
breach Marriott has experienced in 16 months. There is quite a bit written about the
latest Marriott data breach. For more information about the breach, you can find
Marriott’s breach disclosure statement using the following link:
https://news.marriott.com/news/2020/03/31/marriott-international-notifies-
guests-of-property-system-incident
Your task is to critically and thoroughly analyse and synthesis the Marriott
International 2020 data breach and write a case investigation report of approximately
2000 words along with a list of bibliography to support your findings.
Focus on the following:
• The analysis of the data breach.
• Analysis of cybersecurity governance and planning as related to the data breach.
• Analysis of data breach laws.

Being able to defend your answers with convincing justification is an important part of
the evaluation.

You can use the following to structure your report:

1. Introduction
2. Analysis of the breach
3. Analysis of cybersecurity governance and planning
4. Analysis of GDPR compliance
5. Conclusion
Please be sure to write in as much detail as is needed to respond in a way that clearly responds to
the question at hand, while clarifying and elaborating with examples and details, where possible.
SIT284: Cybersecurity Management
Assessment 1 Information

What do I do now?
This assessment requires to gather and piece together data sourced from different sources and
take an educated guess as to what may have transpired leading up to the loss of over 5 million
guest records. It is suggested that you start working on this assessment by following:
• Start collecting and researching information.
• Think creatively.
• Write your report.
• Look at the assessment rubric and the unit learning outcomes to ensure that you
understand what you are being assessed (and marked) on.

Referencing, plagiarism and collusion

Any work that you submit for assessment must be your own work. Please note that
this unit has systems in place to detect plagiarism and all submissions are
submitted to this system.

Submitting work, in whole or in part, that is copied or paraphrased from other

authors (including students), without correct acknowledgement, is considered one
of the most serious academic offences. This practice is equivalent to cheating in
examinations and it may lead to expulsion from the University. For further
information, you should refer to Regulation 4.1(1), Part 2—Academic Misconduct,
via (Current university legislation).

Please note that these regulations are not intended to discourage group work and
exchange of views and information with other students and staff. Such interaction is
most desirable, provided that you ultimately write your own answers and
acknowledge any quoted sources.

We see responsible attitudes to plagiarism as part of general good ethical practice.

Ensure you have familiarised yourself with the rules and regulations on plagiarism
and collusion.

Resources
[1]. EU General Data Protection Regulation, https://ovic.vic.gov.au/privacy/eu-
general-data-protection-regulation/
[2]. Coble, S. (2020), “New Marriott data breach affects 5.2 million guests”, available
at: www.infosecurity-magazine.com/news/new-marriott-data-breach-affects/