Professional Documents
Culture Documents
ICTCY
ICTCY
Assessment Guide:
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
Copyright 2022
Version: 22.0
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means,
electronic, mechanical, photocopying, recording or otherwise without the prior written permission of Australian College of
Business Intelligence.
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
Disclaimer:
The Australian College of Business Intelligence does not invite reliance upon, nor accept responsibility for, the information it
provides. The Australian College of Business Intelligence makes every effort to provide a high-quality service. However, neither
the Australian College of Business Intelligence, nor the providers of data, gives any guarantees, undertakings or warranties
concerning the accuracy, completeness or up-to-date nature of the information provided. Users should confirm information from
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
Content
law................................................................................................................................................1
1. Assessment Information............................................................................................................4
2. Assessment Coversheet..............................................................................................................7
law................................................................................................................................................7
3. Assessment Questions................................................................................................................8
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
organization..............................................................................................................................18
D. Task D - Implement and align organization with the standards and laws....................20
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
1. Assessment Information
This assessment will develop your skills and knowledge required to understand the cyber
organization
Task D – Implement and align organization with the standards and laws
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
Tasks B, C and D of this assessment require you to use the provided case study information
Elements
To achieve competency in this unit you must demonstrate your ability to:
Performance Evidence
identify cyber security standards and laws and analyse an organisation’s operations and
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
Knowledge Evidence
To complete the unit requirements safely and effectively, the individual must:
For further information on the competencies of this unit, please refer to:
https://training.gov.au/Training/Details/ICTCYS606
To complete this assessment, please refer to the following resources provided on Moodle:
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
Plagiarism is a form of theft where the work, ideas, inventions etc. of other people are presented
as your own.
When quoting or paraphrasing from a source such as the Internet, the source must be recognised.
If you are quoting a source, make sure to acknowledge this by including “quotation marks”
around the relevant words/sentences or ideas. Note the source at the point at which it is included
within your assessment, such as by using a citation. Then list the full details of the source in a
All sources used for your assessment should be detailed in a ‘references’ section. It is advisable
Task D, Question D2
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
For these questions, as outlined below, you will be assessed on your ability to role play being an Cyber
Security Specialist. These questions require you to manage meetings and take notes on what is
discussed.
Your Trainer & Assessor will also observe your meeting for Task D, Question D2 and complete an
observation checklist.
Please note: You will also need to attend separate meetings organised by other students whereby
you role play being other people. This allows other students in your unit to also role play being
the CTO and Operational Manager. You do not need to take notes at meetings during which you
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
You may use various sources of information to inform your answers, including your resources
provided by ACBI, books, and online sources. You must acknowledge and cite your sources.
Please refer to the “Instructions for Submitting Your Assessment” found within the unit course
page on Moodle.
NOTE: Please take care to follow all instructions listed. Assessments uploaded with a draft
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
2. Assessment Coversheet
Candidate Name:
Student ID:
Contact Number:
Email:
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
and laws
organization
Assessment Tasks:
☐ Task C – Analyse the implementation of cyber security
and laws
☐ Assessment information
☐ Submitting assessments
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
Candidate signature:
Date:
3. Assessment Questions
laws
Task A instructions
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
Cybercrime is the crime resulted from the use of a computer and the network, for
instance sending an individual malware. Technology has come with many mistakes and one of
them is committing crimes. Once the user of computer commits a crime using the computer, it
A2. Describe a cyber security risk, what risks could commonly be present in an organization
there exists a cyber-attack. Many times, organisations lose their information as a result of
cyber-attack. Some of the most common risks that cyber security risks that organisations get
exposed to are; phishing which is gaining someone’s sensitive data by trying using a contact
information, hacking whereby hackers get access to one’s computer and get access to all the
information they need, and lastly insider threat, this happens when the staff leaks confidential
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
information , and it happens when organisation employs a bigger staff (Faculty, 2016).
A3. What is Risk management? What are key principles of risk management?
Risk management is the process of identifying the threats, analysing the threats,
evaluating and then address the threats in the organisation. The security team has always to be
vigilant whenever it comes to risks that can rise up due to threats. This constitutes to what is
called risk management. This enables the organisation to know how best to deal the emerging
threats. The process of cyber security risk management is ongoing process to cub the effects of
The key principle of cybersecurity risk management are five, and these are (Gaffey, 2022);
Risk control, the risk has then to be controlled to avoid the organisation from the
effects.
Risk financing, which is financing the risks which were unable to be controlled.
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
Risk tolerance can be understood as the level uncertainty or degree of risk which can
be accepted by the organisation. Risks cause damages to organisations, but small risks maybe
ignored since it is hard to operate a free risk organisation. This risks that are ignored are
A5. What laws in Australia are related to the cyber security? Provide brief description of these
laws.
Just like any country, Australia has a number of laws governing the use of computers.
These laws if violated result into punishment by the state of Australia. Some of the laws are
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
1. The security of critical infrastructure Act 2018. This Act was commenced on July 11th 2018.
It is there to ensure management of the national security risks espionage, sabotage and
coercion which is posed by the entities which are not native. This act came in response of the
cyber security risks that had increased due to technological changes from high connectivity of
2. The Privacy Act of the 1988. This Act is regarded as the principal piece for the Australian
Legislation which aims at protecting how the private information of people is handled by the
private sector in the federal public sector. This Act protects confidential information of people
from being exposed to the public by the companies that are concerned.
3. The Telecommunications Act of the 1996 (Commission, 2020). This law has been the major
overhaul when it comes to the telecommunications law for over the last 62 years. This law
protects all those that want to enter the business of Telecommunication and those who want to
leave at any time. This means it aims at letting there be competition in the telecom industry of
Australia.
A6. Describe ISO standards in relation with cyber security and governance.
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
The ISO standards are known for keeping the standards of the organisation they apply to.
When it comes to information security, the ISO/IEC 27000 family has the standards that
govern the security measures of the state or organisation follow to protect the confidential
The ISO/IEC 27001 is known for equipping the standards which govern the security
management of information systems. There are over a dozen of the standards but they all fall
under the ISO/IEC 27000 family. Using these standards helps the organisations to manage the
security of the assets like the intellectual property, the financial information, employment
detail and so on. This implies that the confidential information of people who use devices
connected these organisations or the login credentials can’t be shared by the organisations and
any other third-party which is not entitled to this information. This implies that people always
have their confidential information kept safe with any organisation due to these standards. The
standards are strictly followed by the state which limits violation of the information of the
information, an action is always put on the organisation by the state. This cuts across all the
public organisations and the private organisations/ sectors. The aim of the standards is to
A7. Describe parts 10.7 and 10.8 of the Criminal Code Act 1995 of Australia.
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
The Criminal Code Act 1995 of Australia in 10.7 part says that access to the
computer or impairing of the electronic communication from or to the computer has limited
access, modification and even impairment caused, either indirectly or directly, by any
execution of any computer function (Office of Legislative Drafting and Publishing, 2019).
person who is not supposed to have access to that information is not allowed. Access of the
information and tempering with it is only supposed to be done by a person who is supposed to
access that information. This protects information from being leaked or being modified by
people who not supposed to access the information like the hackers. This act is about computer
The next chapter of the Act which is 10.8 is about the financial information offence. Any
person who obtains a deal while using information which does not belong to him to access a
financial benefit or funds commits a crime. The part goes ahead to talk about the information
which relates to an individual, the corporation or the living or dead person. Information which
is used even when the person is dead should be authorised by those who are concerned. This
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
results into cybercrime if one uses information without being authorised for his personal
financial benefits.
PCI DSS stands for Payment Card Industry Data Security Standard. This is a set of
security standards that was designed to protect all the companies and organisations that accept,
store, process and transmit the credit card information for maintaining an environment which
is secure. PCI DSS is the security standard for protecting information for companies the deal
with branded credit cards from different card schemes. This standard was formed with an
intension of reducing fraud of credit card and augment the card controls of the card holders.
Before information of the data holder is given in to be handled, the people in charge should
always be vigilant and should be aware of the governing standards. These standards are the
PCI DSS standards. This aims at keeping information that is processed in these companies to
be secure from being modified or tempered with by an external entity that is not supposed to
access the information. The main features of the PCI DSS are;
i. Access to the data of the cardholder is restricted when it comes to a business need-to-
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
know basis.
ii. Wherever the data of the cardholder is stored, it should always be protected, and no
iii. The systems are always protected with updated anti-virus. No third-party anti-virus
software used.
iv. The networks are always tested and monitored to ensure security measures. This makes
There has not existed a model or a set of rules that can help to cub cybercrime when
followed. Many different organisations have recommended the use of the essential eight
security model to mitigate the cybercrime rate. People who use third-party software ought to
know how or where the software should be placed to help people perceive the amount of threat
essential in addressing the risks. When the software users know the software development
process, they can quickly formulate security steps against the threat involved with the use of
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
third-party software. Businesses find it hard to fully secure the third-party software they use in
their daily operations to ensure that they do not cause vulnerabilities and security risks that
may affect their mobile devices. Therefore, the security of the third-party software is in the
hands of various software developers. Sometimes webpage becomes disguised when there is a
virus on the device. Even if a given antivirus package does not entirely prevent the malicious
code, for most computer users, it remains the most vital defense they can freely attain against
malicious code attacks. The essential eight security model id based on the ACSC’s Strategies
to Mitigate Cyber Security Incidents. The strategy consists of the eight essentials being;
1. Application control
2. Patch application
8. Regular backups
A10. Describe the privacy act 1988 and how it affects the cybersecurity requirements for a
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
business?
The privacy act 1988 aims at protecting the handling of information of the people of
Australia. The act includes the collection process of the personal information, the use of the
information, storage and the disclosure of that personal information when it comes to the
federal private and public sector. This Act gives guarantee to someone having confidential
information on a computer that even when shared, it won’t be exposed with the aim of
tarnishing his or her name. The privacy policy affects the cybersecurity requirements for a
business as it doesn’t allow anyone who participates in a business to give out his personal
information yet it is vital for state. Any person willing to start a business should give in his
information about him so that the state finds it easy in tax collection. However, the privacy act
contradicts with it hence making business hard. This in turn makes states that embrace this act
to find it had in managing the business of persons whom they don’t have whereabouts when it
comes to tax collection. This brings about less tax collection by the state and also lead to tax
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
Data governance is the process of handling with care the available, usable, security and
integrity of the enterprise systems data which is based on the polices and the internal standards
which are used for controlling data usage. Data governance ensures trustworthy and
consistency in data (Stedman, 2019). Data governance simply means how data is handled.
When it is handled recklessly, it may easily be mismanaged and hence hackers may get to
The main security requirements are confidentiality, integrity and availability. These three form
what is abbreviated as CIA in security of the information systems. They are explained as
below;
information that is not to be viewed by anybody else except the one who is supposed to have
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
security means information should never be changed by a person who is not authorised to do.
3. Availability. The term availability is information security means that information should
always be available once the owner needs it. The same happens here, even if the storage
facilities of information pertaining the processes of the organisation are not working, the
A13. Would there be security requirements specific to a process or you will prefer to
implement security governance guidelines that are implemented across the organization?
Discuss.
There are many specific security requirements that can be implemented at all
processes. However, it is better to implement the security governance which is availed by the
organisation. This is because these organisations are set up with different processes and they
work differently. This means that some security requirements may not be well implemented in
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
case they are used. Using the requirements implemented by the organisation makes it easy for
every user to cope up with the organisation processes hence making implantation easy. Also,
this makes the workers in the organisation to be organised other than implementing what each
one knows differently yet they work for the good of the organisation. This in turn reduces
confusion and bring uniformity in the organisation. It is better that all organisations set up the
security requirements in their organisations and avail then to their employees before they get
fully committed to working with that organisation. This reduces the errors that the workers
perspective.
There are several principles that are used to protect the organisation from the perspective of
1. P1. The systems and the application of the organisation are designed, maintained,
deployed and also decommissioned by the organisation values and the CIA
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
2. P2. The system and the applications should be delivered by trusted suppliers.
3. P3. The systems and the applications are must be configured to reduce attack surface.
4. P4. The systems and applications must be administered in accountable and secure
manner.
5. P5. The vulnerabilities of the systems and the applications must be identified in time
6. P6. Operating systems, applications and the computer code which are trustworthy used.
7. P7. The data encrypted at transit and rest between the systems
8. P8. The information which is to be communicated between two different systems must
9. P9. Data and all the applications must be well backed up in a system which is secure.
10. P10. Only authorised personnel should be given access to the system.
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
information that is not to be viewed by anybody else except the one who is supposed to have
security means information should never be changed by a person who is not authorised to do.
3. Availability. The term availability is information security means that information should
always be available once the owner needs it. The same happens here, even if the storage
facilities of information pertaining the processes of the organisation are not working, the
Cybersecurity incident is an event or happening the determines an impact when it comes to the
organisation hence prompting need for recovery or response. An incidence is like an alert. This
indicates that there is immediate attention on the system of the organisation pertaining
security. When an incident happens, it is a warning to the persons who are responsible for
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
security of the organisation. This gives a go ahead to check the function ability of the
organisation and hence repairing the system accordingly. Security incidents always happens
to systems when they have weak security. This helps the people who store information in this
system to have an option in case they feel their information is not safe. Always information is
not safe to be stored in these systems once they have security incidents, unless they are solved.
The abbreviation MAPE-K stands for Monitor then Analyse then Plan then Execute over a
shared Knowledge. This is feedback loop which is among the influential reference control
model used for self and automatic adaptive systems. This system is used when having
communication which is to and from system users and the system develops to cub the element
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
A18. What is SIEM and what SIEM tools you ae aware of? Describe at least three tools.
SIEM is security information and event management. SIEM is a combination of SIM (security
information system) and SEM (security event system). SIEM offers on time monitoring plus
analysing in real time of the events and also logging and tracking of the security data for better
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
compliance and auditing of the processes. SIEM is a security solution used by organisation in
detecting the threats and the security vulnerabilities that could attack their system before they
attack and disrupt the operations of the businesses in the organisation. SIEM uses Artificial
Intelligence in automation of many different manual processes which are associated with
detection and response of the threats (IBM, 2019). Some of the SIEM tools are 1. Log Data
Management. The process of collecting data is the first step or foundation of the security
information and event management. Collection of real-time data, analysis and also correction
2.Network Visibility
SIEM analysis the packets inspected between visibility into the network flows by using its
analytics engine, which gets insights added into assets, protocols and IP addresses to detect
3. Threat Intelligence.
SIEM is able to combine both the open-source and proprietary intelligence feeds into the
SIEM solution for the purpose of combating and recognizing modern attack and vulnerability
signatures.
A19. What is a security incident response plan? What are the components of the plan?
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
An incident response plan is a group of tools and protocols that a security team should use in
help the security team respond to threats and possible effects of the threats. This helps the
security team to cub the threats and to protect the system from being attacked by external
threats. These protocols aim at minimizing the possible dangers and damages that could be
resulted from the external threats, like data lose, trust lose of the customers and the abuse of
the resources.
1.The incident response strategy of the organisation and how the strategy supports the
2. The responsibilities and the roles of the organisation’s stakeholders included in the incident
response.
3. The communication procedures which is in the response team in the organisation should be
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
4. Lastly, the previous incidents should be included in the plan so as to improve the security
The response plan forms what is called the incident response cycle. The incident response
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
A20. Describe different types of cyber security incidents including security vulnerabilities and
malware.
Cyber security incident is an event or act or an omission or some action that can give rise or
network. This means that the action or risk is caused by the persons having the access to the
system. The authorized person thereby gains access to the system and his actions gives
advantage to the person who is not authorised to get access to the system, thereby accessing
the system, but in that process, the authorised person is not aware of having given access to
Unauthorised users will always look for ways to getting access to confidential
2. Phishing attack.
This is process is always successful after the responsible person gives his logins to
unauthorised person, and hence gaining access to the information system and data on
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
the system.
3. Malware attack
Many hackers develop malwares with an aim of getting access to this data on their
computers. The term malware means malicious software. This includes Trojan,
4. Security vulnerabilities. The hackers will always look for system vulnerabilities.
Vulnerabilities are weak possible spots on the system that can give access to the system
by unauthorised person.
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
organization
Task B instructions:
For Task B you are to use the case study scenario relating to UniqueStore.
You are the cyber security analyst and advisor for the company responsible to develop
strategies and implement them to protect the information assets of the company.
Ensure you have read the “Tasks A, B & C information” in the “ICTCYS606 Case study
B1. Review the company policies, industry and Australian government’s regulations,
standards and laws required for organisations cyber security operations and summarise your
findings.
Cybercrime is punishable in by law in Australia both by the Federal Legislation and State. For
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
instance, hacking is considered an offense by the Federal jurisdiction under the Criminal Code
Act 1995 (Cth). In Australia, cybercrime is regulated by the Australian Competition and
Consumer Commission (ACCC) that punishes the businesses that engage in deceptive and
misleading conducts towards the customers. Cybercrime policy and legislation are created to
shield the natives from prosecute offenders and crimes as well promote and regulate a
Today, the world is widely digitalized in all industrial sectors. Different service providers and
organizations often search for means of reducing risks in their operation that is connected to
cybersecurity.
New South Wales (Australia) cybers security standards Harmonization taskforce was created
with an intention of increasing the rate of implementation of cyber security industry standards.
The cooperation in the government of New South Wales (Australia) resulted in the creation of
standards for Australia and Aust-Cyber and included telecommunications, financial services,
energy, and the defense sectors. The collaboration that was in NSW would lead the
beginning from Australia. Customers of Unique Store today do not know how to judge
whether the tools they are purchasing are made according to mutual securities doings, or if
they are being tested by their manufacturers, or how the security-linked bugs are handled.
Customers of the IoT tools also do not know the nature of the information the manufacturer of
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
such devices obtains from them while they are using the devices, whom the manufacturers
share the information concerning customers with or if the IoT systems are constantly tried by
third parties that are independent to the connection between the custom and the IoT device.
The extent of connectivity offered by the internet of things causes safety vulnerabilities, as
well as security concerns, are given that each of the connected things has a possibility of being
misused or attacked. For instance, according to some researches, power plants, voting
machines, and cars can easily be hacked if they are having the connectivity of the internet of
things. These researches showed the ransomware feats counter to the home-based thermostats
and thus exposing weaknesses of the people that were vulnerable in the entrenched heart
peacemakers.
However the cyber security standards that were set by Australia are very essential in the
1 B2. Perform analysis to align required laws and standards to organisational cyber
Laws to cyber operation include measures that protect computer systems and information
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
technology intended to forcing organizations and companies t safeguard their information and
systems from cyber attacks like control system attacks, unauthorized access, denial of service
attacks, phishing, Trojan horses, worms, and viruses. The measure against cybercrime include
software, and firewalls. Various attempts have been established through collaborative
endeavours and regulations between the private sectors and the government to enable
industry regulators like banking regulators take caution of cybersecurity risks and plan start to
The Australian laws and standards to organisation cyber operations are explained below
(Agarwal, 2018);
Australian Privacy Principles (APP): This law controls the disclosure, collection, and
holding of private data included in records. The APP law applies only if the private or
government organisation concerned has an annual turnover of more than AUD 3 million.
availed by this act, for instance, a website of child pornography, cyberstalking, computer
trespass, cyber harassment, computer fraud, theft of data, damaging data, unlawful access,
Spam Act: A scheme for regulation of electronic messages especially commercial emails
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
is established by this act. The spam act stops the unsolicited and unauthorized electronic
messages with few exceptions. The Media Authority and Australian Communications regulate
telecommunication systems in Australia. The other purpose of the act was to clarify the
Although there are laws that are formulated to enforce cybersecurity, the rate of
cybercrimes continually rises. The users of computers should be taught what they can do to
prevent falling victims of cybercrimes, for instance, the measures below can be taken;
The user should be careful when installing plug-ins: Extensions and Plug-ins may put
the device being used at risk. For instance, previously, Chrome revealed that some extensions
in Chrome browsers changed the ownership or service without the user's knowledge. However,
Chrome later fixed the issue. Users should be cautious when making extensions or plug-ins in
different browsers.
Installing security plug-ins on the users’ computers: Although most extensions and
plug-ins are safe, it is essential to boost the browser's security by installing plug-ins for one's
mobile device security. For example, HTTPS is an extension used by Opera, Chrome, and
Firefox developed by the Electronic Frontier Foundation to secure communitarians that occur
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
over computer networks. Most people commonly use the HTTP protocol, but it is not as secure
as HTTPS. The ‘S’ in HTTPS represents ‘secure.’ HTTPS secures users' browsing experiences
2 B3. Analyse organisation’s existing cyber security compliance strategies and document
a baseline for comparison with standards and further development for compliance.
Most cybersecurity concerns arise when computer user carelessly click on links to
them without analyzing them well. The most effective way to prevent clicking on suspicious
links is essential for the user to think about and search its contents, especially if the link
connects to one's email account, social networking site, bank, or if it involves making online
money transactions. Most browsers show a change in color on the left-hand side of the
location bar that shows that the site is legitimate, for instance, Microsoft Edge, Chrome, and
Firefox. Therefore, if the user does not see a green color background on https, that link should
not be clicked on, and click on it only with caution. Through proper analysis of the links, a
computer user can easily comply with cybersecurity strategies set by the government.
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
Organizations today ensure that they comply with organisational procedures and
policies against cybercrimes through examining the third-party software they use to ensure that
they do not contain malware. Securing a third-party software that is open source, outsourced,
or off-the-shelf commercial software is not easy to execute by any given company. Today,
and cloud computing to fully gain from the computing organization (quick and flexible to
market). Businesses find it hard to fully secure the third-party software they use in their daily
operations to ensure that they do not cause vulnerabilities and security risks that may affect
their mobile devices. Therefore, the security of the third-party software is in the hands of
various software developers. In most cases, different individuals conform to make the
development cycles secure. Still, since many third-party libraries are utilized in one
application, large amounts of code probably do not obtain similar levels of security checking
that are needed. People who use third-party software ought to know how or where the software
should be placed to help people perceive the amount of threat exposed. Emotional perception
of the third-party software security development lifecycle is essential in addressing the risks.
When the software users know the software development process, they can quickly formulate
security steps against the threat involved with the use of third-party software.
Therefore, one can ensure that the third-party software has a mechanism for security updates
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
by using safelists. Safelisting is done by taking back control and selecting only the third-party
Suspicious links have existed for a long time and continue to plague people who use mobile
devices. Many people have fallen victims by clicking on unknown links in documents, web
pages, and emails, critically thinking about them, and thus installing dangerous malware on
their computers, phones, and other mobile devices. Clicking on the link without thinking tells
the computer that you accept whatever is contained in that link regardless of whether they are
dangerous, and thus it has to execute it. After clicking on the link, the hacker has complete
control over the mobile device into which the malware is installed. Randomly clicking on links
puts the user at risk of covert software disabling or damaging the computer, phone, or other
mobile devices. With emails, one can easily click on undesired links that share their personal
3 B4. How much time will it to determine compliance evaluation requirements and
benchmarking of the organizational practices against the standards and laws? Prepare a
plan for the CTO along with executive summary, your findings, and recommendations.
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
Determining the compliance of the organization’s practices with the set standards and
laws is done with help of a legal audit. The audit agenda determines the analysis procedure
through determining the functionality of the company on basis of legal standards and
comply with the state and federal corporate governance standards as well as the ethical and
The legal compliance agenda ought to address different parts of the organization’s governance
practices. The audit checklist should analyze the registration of the organization to ensure that
its existence is lawful and thus includes decisions relating to performance of the organization,
and appointment of directors as these all can affect the cyber security of the computer devices
Ensuring that the data of the company is very secure is so important given the keeping
records of activities executed in a company ensures continuity. Data that is stored can be used
in determining how carry out the present activities with emphasis on the past stored
information. Organizations that often use mobile devices in their activities ought to ensure that
comprehensive, proper, and updated data concerning the operations they execute is not
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
technologies in creating, transferring, and storing their digital data. The law against
cybercrimes necessitates all entities made regarding the data of the client stays confidential
and private and only utilised for the right purposes. The legal compliance therefore agenda
(checklist) ought to consider all the needed organization information and ensure that the
cybersecurity measures are followed so that the organization does not fall victim.
One should also secure the browser by allowing automatic software updates that may
be available. The vendor's website may provide updates for the browser (Rafail, 2017).
Therefore, when the web pages are disguised, the user should search for the updates of that
browser from the vendor's websites and install them so that they usually function. Most
computers have browsers like Apple Safari, Mozilla Firefox, or Microsoft Internet Explorer
installed. Securing these web browsers is vital because they are used often. If the browser is
not secured, computer problems may result in the installation of spyware on one's computer
device even without their knowledge. The computers sold today have software installed on
them already by retail stores, internets service providers, operating system makers, or the
manufacturer; thus, the user ought to ensure that the programs on the computer and the
software installed interact in the right way. However, sometimes the web page addresses on
the web browsers are disguised and thus take the users to unexpected sites when they are
clicked.
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
Task C instructions:
For Task C, you are to continue using the case study scenario of UniqueStore. Task C
NOTE: Ensure you have read the “Tasks B & C information” in the “ICTCYS606 Case study
legislative requirements, review the documents and policies provided in the case study.
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
and identifying gaps in the controls that are prevailing in the business. At Unique store, the
assessment compliance is used in determining the actions that can be taken so that the
stakeholders are adhering to the external and internal standards and policies. The managers of
the company get a peace of mind after proving that the business programs and control program
The compliance assessment for Unique store will be done as explained in the steps below;
Planning the assessment is vey important as it identifies the scope that will be covered.
After planning the target to be achieved during the compliance assessment, assessment
of compliance in the organization will then be done. During theis step, the strengths and
weaknesses within a particular compliance area are identified and corrected. One of the
regulatory requirements to be complied with are procedures, policies, and standards. The
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
is essential for the management to be convinced with the efficiency of every program
singled out so that corrective measures can be taken. The data concerning the company
should not be corrupted by malware attacks that may be sent to the employees through
different links.
Reviewing Feedback and Employee Training: Reviewing the previous times in which
employees were trained about practices that comply with the company standards. It is
important for employees to be able to report any issues bothering them to the
After assessing the compliance achieved by the activities carried out in Unique store,
the position of the company is determined. The results attained will be recorded for reference.
Appropriate measures are then taken to obtained the required compliance during the gap
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
assessment. The results recorded will be properly kept for use in the future.
The results attained and the gap that are in the compliance level of the company will be
reported to the key stakeholders so that a plan to correct the mistakes is drafted and executed.
The organisational policies are the rules that the employees in the company follow so
that the business operations run smoothly. At unique store, the internet is widely used in
making sales and communicating to customers since many people using the internet today. It
is therefore very important that the operations carried out using mobile devices are in
compliance with the company policies so as to avoid cyber threats. Using the internet to make
transactions therefore ought to be done with caution to avoid making losses resulting from
cyber attacks. The employees that continually interact with mobile devices at unique store are
trained on how to ensure that they do not unintended install malware into the company
computers.
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
The owners mobile devices at Unique store take various measures to ensure that they
their computers. Web browsers are often exposed to questionable dynamic content that may
risk the user's mobile device. Most websites necessitate the installation of certain features on
the computers, which puts them at risk. For the users to configure their web browsers' security,
the following ways are taught to employees at Unique store so that their web browsers are
secure;
Shaping browser’s privacy and privacy settings: The users ought to review their
browsers' security and privacy settings to ensure that they are ok with what is unchecked or
checked. For instance, the users should check their browsers to find out whether the third-party
cookies in their browsers are blocked so that the advertisers do not easily track the computer
Ensuring that the employees have Antivirus installed on the computer: When
antivirus is installed on the computer, the potentially unwanted programs may (PUPs) not
affect the user's device (Alarm, 2014). Having a legitimate antivirus program like Zone Alarm
is vital in preventing the PUPs from attacking the user's browser. The antivirus software
program is created to find, avoid and take any appropriate action to prevent malicious
programs on one's browser. Although a person may be intelligent in using a mobile device to
avoid viruses, the antivirus program should be installed for security purposes. The antivirus
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
installed on the computer runs in the background even without the user's consent to prevent
malware actions on the browsers that one may be using. If the antivirus software finds any
virus that seems dormant in the computer system, it stops that virus from running and puts it
into quarantine.
Ensuring that the user’s browser is updated: Browser updates usually are made to
correct the challenges that existed with the previous version of the browser. The users,
Signing up for security alerts: Users of mobile devices that can access the internet at
Unique store should sign up for security alerts to be informed of any security to their devices.
The user can choose to attain immediate, weekly, or daily alerts every time news or any other
information relevant to the security of their devices hits the web. In case, the computer notices
any form of cyber-attack, it alerts the user so that a corrective action is taken.
5 C3. Identify and document areas of non-compliance and near misses, use a suitable format
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
The objective of Unique store is to maximize profits with customer and employee
management which leaves most employees unsatisfied at the work place. Performance
management focuses on the performance of the employees, activities, and the organization at
large. The standards and values based on performance management are disseminated and
organized by the top management in an organization who specify what is expected of the
employees, provide coaching, feedback and compare the employees’ behavior and their actual
performance with what is expected of them. Most businesses today need to have an efficient
performance management system to cope with the competitive world (Alexe, 2020). The
department of human resources tries hard to always meet the needs of the people that are
constantly changing. Failure to perceive the desires that the employees have towards work
disengages and demotivates them and thus leading to poor team performance.
The performance culture at Unique store is also not good. The paybacks of a proper
performing culture are inevitable given that a unifies and strong performance management
properly managed, a steadily progressing organization that can endure hard times are formed. The
success that most organizations realize is due to having a high-performing culture among the
employees (Obiora, 2020). The culture in the organization affects everything that occurs in the
business including the involvement of the employees, that is to say, if the employees align with the
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
culture in the company, they feel connected to the company easily. The employees at Unique store
do not fully get a chance to engage in all business decision even decisions regarding the dissipation
of company information. Different businesses have different working cultures but the growth
and development of the business occur when the culture values, engages and empowers the
employees. The employers in businesses therefore ought to discuss with their employees to
find out whether the culture at the workplace is in line with what they believe is right for them,
common purpose, and vision so that the employers easily create unity among people in the
organization. Organizations that also form cultures of gratitude for their workers and set
strategies for achieving the goals and objectives of the organization. Therefore, for the
The poor performance management prevalent at Unique store today makes the employees less
productive. The employees are intimidated to report data losses to their managers and
supervisors due to fear of loss of their jobs. This is the reason why Unique store is not as
6 C4. How will you align organisation’s activities to required standards, to fill the gaps as
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
The activities of Unique store will be organized using the performance management
process procedures as explained below to prevent threats that can result into cyber attacks and
employee unsatisfaction. Every step is essential and all the steps together create the backbone
of the performance management for Unique store. The four steps are explained below;
1. Planning.
Planning of activities to be executed is the initial step in eliminating gaps in a company. The
management and HR ought to organize the activities required to be completed including the
objectives to be achieved, short and long-term goals, and the comprehensive description. The
goals set ought to time-bound, relevant, attainable, measurable, and specific (SMART). During
planning, the employees should be given a chance to give ideas on what they think will work
best for the customers. When the employees are involved in deciding activities of the
company, they work hard to see that the company achieves the set objectives. Since both the
management and the employees agree on the objectives and goals to be attained in a particular
2. Do.
The activities that were planned are executed in this step. Individual to do different activities
are trained in their field so that there is no room for confusion. The activities executed in this
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
stage ought to ensure that the objectives and goals that were planned are being achieved. At
Unique store, the employees that perform well will be rewarded as a way of encouraging
others to work hard as well. At this stage, the actual work required to be executed is done
3. Check.
To ensure that the plan is being followed, managers have to check the performance being
achieved. Therefore, the performance attained at Unique Store will be determined and
compared with the performance that was planned to achieved. The employees will be required
4. Act.
This is the last step in ensuring that the gaps in performance management are eliminated. The
employees that perform as expected will be rewarded so that other employees in the company
can be encouraged and work hard as well. It is very essential to give the employees a reason
for working hard to achieve the company goals. In this stage, the faults that are in the company
management are analyzed and corrective measures suggested and implemented to improve
performance. Improved performance at Unique store implies satisfied customer and happy
employees who love their work. If the culture of employees in an organization is properly
managed, a steadily progressing organization that can endure hard times are formed. The success
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
that most organizations realize is due to having a high-performing culture among the employees.
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
and laws
Task D instructions:
For Task D you are to use case study scenario for UniqueStore.
Ensure you have read the “Task D information” in the “ICTCYS606 Case study information”
7 D1. Develop and document all compliance requirements and present a report to the CTO.
The activities carried out at Unique stores should be done in such a way there is no
data breach. A data breach refers to a situation where confidential information is accessed
without prior knowledge and permission from the system owners. Data breaches include theft
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
or loss of hard copy notes, mobile phone devices, USB drives, or computers. Stolen data have
confidential or sensitive information such as trade secrets, issues of national security, credit
card details, and customer data. Data breaches can potentially destroy the image of an
organization, cause financial loss to the customers, and theft of the victim's identity.
Cybersecurity, on the other hand, is the use of technology, control systems, and processes to
defend programs, processes, devices, data, and system networks from malicious attacks.
Cybersecurity aims to reduce the danger of cyber-attacks and safeguard against access by
unauthorized persons and exploitation of technologies, networks, and systems. Given that
some sales are made over the internet at Unique store (online), the data on computers should
be protected. The data on computer may be about how to over competitors in the market and
The employees should follow the ethical code of conduct at the company. Ethics are
the moral principles utilized to determine whether an action is right or wrong. In business
operations where ethics are applied, the activities of the business and the people in it should
reflect fairness, integrity, and honesty. Making actions that are always ethical is not easy, and
people often experience ethical dilemmas in cases when their actions are contrary to what is
ethically correct. Nevertheless, a leader in a business organization ought to make decisions that
prioritize the business objectives rather than personal interests. The employees who conduct
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
efficiently to achieve the company objectives. Performance management enables the employers
to reward their workers that have done remarkable work for the organization. Recognizing and
encouraging workers is very important for its success as it gives them better retention,
engagement, and employee performance. Most employees become happy and motivated to do
more work when they feel appreciated by their bosses. When the employees in a company are
aligned with the goals and objectives of the company, their focus on what should be done to
attain the objectives is raised. Performance management formulates a culture of support and
trust, creating proper relationships between the organization and its employees. Therefore, the
employers in businesses ought to analyze their objectives and determine the culture, beliefs,
and values that should be followed while the employees are working to improve relationships.
Proper relationships between the employees and managers at Unique store will enable the
The computers used in the company should be having anti-virus software installed on
them to prevent cyber-attacks. When antivirus is installed on the computer, the potentially
unwanted programs may (PUPs) not affect the user's device. Having a legitimate antivirus
program like Zone Alarm is vital in preventing the PUPs from attacking the user's browser.
The antivirus software program is created to find, avoid and take any appropriate action to
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
prevent malicious programs on one's browser. Although a person may be intelligent in using a
mobile device to avoid viruses, the antivirus program should be installed for security purposes.
The antivirus installed on the computer runs in the background even without the user's consent
to prevent malware actions on the browsers that one may be using. If the antivirus software
finds any virus that seems dormant in the computer system, it stops that virus from running
(For this activity you will perform a role play and present to your class your
recommendations and obtain the feedback)- Please attach your presentation with the
assessment.
The activities at Unique store will be realigned in the following ways so that better compliance
The employees will be grouped into department as a way of creating specialization that
can create efficiency in operation of activities. At unique store, the departments there are sales
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
department, and customer relations department. However, division of labor does not mean that
there will be no cooperation among the employees. Small companies normally delegate the
role of operations to a single individual yet the company owner and employees should work
together to the improvement of the day-to-day activities of the business. Whether a person
provides services, sells products, or manufactures the products, every business person ought to
monitor and manage the things that occur behind the scenes. Grouping the employees will
enable the management to supervise the activities done by the employees easily.
different activities, protect the resources needed for each activity, and permit the sharing of
information between the service or goods providers with their customers. Operations
delivery-focused. The inputs for retailing at Unique store include human resources,
technology, and production equipment. Operations management also includes monitoring the
leading, staffing, organizing, and planning are all involves in operation management. The
organization of tasks in Unique store will be done with the help of operation management.
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
Change the way of executing activities in a company to suit the constantly changing
needs of the customers. Normally, changing the way things are done is beneficial to the
company. The constantly changing needs of the customers necessitate varying the way of
hailing different circumstances in the company to keep the customers satisfied. New entrants
require effective market operations to minimize the barriers related to exclusive dealings.
Expertise in dealings is acquired from proper operations management as it sets the strategies to
cope with the changing needs of the customers. It depends on the behavior or leadership role
of the new entrants as they can establish a flexible system that can be settled in a new
market strategies is necessary to sell in the market due to demographic and cultural needs. The
demographic factors are of great value in terms of human resources and the supply chain of the
products. However, when embracing the change, it is important for the company to ensure that
D3..
THE SCENARIO:
You are discussing your findings and recommendations in relation to cyber security
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
unit
NOTE: Your Trainer & Assessor will also observe this meeting and complete an
observation checklist.
Organise a day and time for your meeting, in line with the availability of other students in
your unit as well as your Trainer & Assessor. This meeting should take no more than 5
minutes.
You are required to manage the meeting. Prior to the meeting ensure you have read the
instructions below on what you’ll be required to do during the meeting and prepare as
necessary.
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
Ensure you take note of what you discuss during the meeting.
Record notes of what was discussed during your meeting. Answer in 40-80 words.
Meeting notes
The meeting was intended to determine the position of Unique Store in terms of
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
security from Cyberattacks and the causes of the attacks that occur. When the data on some
computers becomes corrupted, some employees fear to report to their immediate supervisors
due to fear of being blamed or even losing their jobs. However, if employees are free to let
the management know the problem, the issues can be easily solved. Therefore, the
be used in future for compliance analysis, gap findings, solution identification and
Causality that occur during operation of activities at Unique Store should be reported
immediately. Problems that occur in a company always have a cause from which they result.
To avoid the occurrence of the problem, one has to eliminate the causes as well. A lack of
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
need of the customers enters a market; they may not develop a strategy as per the regional
culture. This is another challenge that reduces the ability to develop market segments. For
establishing retail stores in a new market, understanding and knowledge are a few important
aspects. The operations management provides effective information about the market trends
from information about market demographics and various tools that can help reach more
customers in the target market (Team, 2020). It is therefore important for retailing to know the
In a company, continuous improvement is a tradition that ensures that all the workers
in a company focus on how to achieve the goals of the company. Therefore, the workers in
Unique store ought to contribute ideas they think can be implemented to improve the
Signing up for security alerts: Users of mobile devices that can access the internet
should sign up for security alerts to be informed of any security to their devices. The user can
choose to attain immediate, weekly, or daily alerts every time news or any other information
relevant to the security of their devices hits the web. Web browsers are often exposed to
questionable dynamic content that may risk the user's mobile device. Most websites
necessitate the installation of certain features on the computers, which puts them at risk. The
users should also ensure that their browser is updated. Browser updates usually are mas to
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
correct the challenges that existed with the previous version of the browser. The users,
10 D4. Submit all documents to required personnel as a report and seek and respond to
feedback obtained. You will prepare a brief for your class and discuss it in the class to
receive feedback and to adjust your strategy accordingly, then finalize your report. Use an
Add your report here along with the brief you have prepared.
prevent data breach at Unique Store so that the company may not lose important data to its
competitors. Data breaches are sophisticated; thus financial sector must continuously apprise
its security system to avert scams. The most prevalent cause of data breaches includes the
disregard for adjustment to more innovative security approaches and third-party dangers.
Some of the most applicable mechanisms to avert possible data breaches and cyber-attacks
physical protections to the operational area, applying planned human resource worker exit
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
handling, and periodic risk assessment. The bank and any financial institutions must ensure
that data breaches and cyber-threats can be contained by restricting third-party access to
commercial software is not easy to execute by any given company. Today, most businesses
computing to fully gain from the computing organization (quick and flexible to market)
(Magalhaes, 2014). Businesses find it hard to fully secure the third-party software they use in
their daily operations to ensure that they do not cause vulnerabilities and security risks that
may affect their mobile devices. Therefore, the security of the third-party software is in the
hands of various software developers. In most cases, different individuals conform to make the
development cycles secure. Still, since many third-party libraries are utilized in one
application, large amounts of code probably do not obtain similar levels of security checking
that are needed. People who use third-party software ought to know how or where the software
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
Candidate name:
Unit of
ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
Competency:
Instructions:
Place a tick ‘✓ ’ in the Yes (“Y”) column for each question you have completed all parts for.
Task A
Y
Did you:
✓
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
A2. Describe a cyber security risk, what risks could commonly be present in an
A3. What is Risk management? What are key principles of risk management?
A5. What laws in Australia are related to the cyber security? Provide brief
A6. Describe ISO standards in relation with cyber security and governance.
A7. Describe parts 10.7 and 10.8 of the Criminal Code Act 1995 of Australia.
A10. Describe the privacy act 1988 and how it affects the cybersecurity
organization.
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
compliance perspective.
A18. What is SIEM and what SIEM tools you ae aware of? Describe at least
three tools.
A19. What is a security incident response plan? What are the components of the
plan?
Task B
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
Did you:
✓
B2. Perform analysis to align required laws and standards to organisational cyber
B4. How much time will it to determine compliance evaluation requirements and
Prepare a plan for the CTO along with executive summary, your findings, and
Task C
Did you:
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
and legislative requirements, review the documents and policies provided in the
case study.
procedures
C3. Identify and document areas of non-compliance and near misses, use a
C4. How will you align organisation’s activities to required standards, to fill the
gaps as per your findings? Research and use industry best practices.
Task D -
Did you:
✓
D1. Develop and document all compliance requirements and present a report to
the CTO.
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
stakeholders.
D4 Submit all documents to required personnel and seek and respond to feedback
obtained. You will prepare a brief for your class and discuss it in the class to
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
References
Agarwal, H. (2018, January 21). A Glance At Australia’s Cyber Security Laws. Retrieved from
https://www.appknox.com/blog/glance-australias-cyber-security-laws
Alarm, Z. (2014, May 8). 6 Ways to Secure Your Web Browser. Retrieved from
https://blog.zonealarm.com/2014/05/6-ways-to-secure-web-browser/
Alexe, G. (2020, April 9). Managing performance through organizational culture. . Retrieved
from https://doi.org/10.1080/15700760500484019
https://www.techtarget.com/searchsecurity/definition/cybercrime
1996
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
https://www.sedgwick.com/blog/2015/09/10/5-basic-principles-of-risk-
management#:~:text=The%20five%20basic%20risk%20management,most%20any
%20situation%20or%20problem.
and-regulations/australia#:~:text=The%20following%20laws%20in%20Australia,)
%20Act%201979%20(Cth).
risk-management-process/#:~:text=Cybersecurity%20risk%20management%20is
%20an,has%20a%20role%20to%20play.
Magalhaes, R. M. (2014, September 12). Third-Party Software is a Security Threat (Part 1).
institutions in Edo State, Nigeria. International Journal of Innovative Social Sciences &
Office of Legislative Drafting and Publishing, A.-G. D. (2019). Criminal Code Act 1995. Act
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022
ICT60220 Advanced Diploma of Information Technology (Cyber Security)
Student Assessment Guide: ICTCYS606 Evaluate an organisation's compliance with cyber security standards and law
https://www.cisa.gov/uscert/publications/securing-your-web-browser
Stedman, C. (2019). What is data governance and why does it matter? Retrieved from
https://www.techtarget.com/searchdatamanagement/definition/data-governance
https://blog.kintone.com/business-with-heart/what-is-operations-management
Developed by: ACBI Approved by: DoS Issued: April 2022 Review: April 2022