SIT382 System Security

SIT382 System Security
Assessment 1 – Research Essay
Trimester 2 2021
Objectives: see ULO1, ULO2, GLO1, GLO2, GLO4 in the unit guide.
Due Date: 8pm Friday August 27, 2021
Delays caused by computer downtime cannot be accepted as a valid reason for late submission
without penalty. Students must plan their work to allow for both scheduled and unscheduled
downtime.
Submission Details:
You must submit an electronic copy of your assessment solutions in Microsoft Word (.doc or .docx)
for the research essay via CloudDeakin. The PDF format may cause issues in the Turnitin system. So
please avoid using PDF format.
It is the student’s responsibility to ensure that they understand the submission instructions. If you
have ANY difficulties, ask the teaching team for assistance (prior to the submission date).
Copying, Plagiarism Issues:
This is an individual assessment. You are not permitted to work as a part of a group when writing this
assessment.
Plagiarism is the use of other people’s words, ideas, research findings or information without
acknowledgement, that is, without indicating the source. Plagiarism is regarded as a very serious
offence in Western academic institutions and Deakin University has procedures and penalties to deal
with instances of plagiarism.
In order not to plagiarise, all material from all sources must be correctly referenced. It is necessary to
reference direct quotes, paraphrases and summaries of sources, statistics, diagrams, images,
experiment results and laboratory data – anything taken from sources.
When plagiarism is detected, penalties are strictly imposed. Details on plagiarism can be viewed online
at https://www.deakin.edu.au/students/studying/academic-integrity.
SIT382 Assessment 1
Total marks: 40
The reliance of our society on IT systems has dramatically increased over recent years. Unfortunately,
the value of the assets that could be compromised through an IT system extends beyond the monetary
value: it is impossible to ignore that the security of IT often affects the safety of Operational
Technologies (OT). IT systems suffer from failures in maintaining security because of their increasing
complexity, the evolution of attackers’ capabilities, and the increasing value of the assets that they
hold. Exploitable vulnerabilities and risks will always exist, and their characteristics can change over
the course of an IT system’s life. There is, however, a need to manage within acceptable parameters
these errors, vulnerabilities and risks over the life of IT system. The task of those responsible for the
security of IT systems is to establish acceptable levels of security assurance and risk objectives for the
IT system.
In terms of IT security, adequate security assurance signifies that specific predefined security
requirements have been addressed through the presentation of a security assurance case: it is the
result of performing appropriate security assurance processes and activities. These security assurance
processes and activities need to be described in the form of a reasoned and compelling argument (or
many arguments), supported by a body of evidence for a security-related claim. Such a claim is
typically about certain Security Targets being met by product, system, service or organisation.
Security assurance requirements are determined from the security problem posed by the deliverable
(and potentially other factors), influencers, security requirements, and the target environment for the
deliverable. As such, it is important to understand and specify the scope and boundaries for a
deliverable that is subject to a security assessment.
Security assurance arguments substantiate security assurance claims which means that the arguments
should be structured in the appropriate manner. In general, security assurance arguments can be
constructed in many different ways and drawn from many different sources. However, for this
assessment Target of Evaluation (TOE) is a product or service. Security assurance argument must be
based on one of the following alternatives:
(a) Tools/methods used to test and evaluate TOE;
(b) Tools/methods used to design TOE.
In order to score a higher grade for their essay, students must follow specific pattern: the essay should
contain the main security argument, counterargument and defence of the main security argument.
The scope of security problems for your essay is bounded by those occurring in authentication and
access control systems. In the essay, a student is encouraged to develop an assurance argument that
contributes to one of the following security requirements:
– Human user identification and authentication;
– Machine (e.g. IoT) identification and authentication;
– Account management;
– Authenticator management;
– Strength of password-based authentication;
– Strength of public key authentication;
– Authorization enforcement;
– Auditable events;
– Non-repudiation.
It is not required to develop a complete security assurance case for one of the listed requirements.
For the essay, it is sufficient to evolve around argument(s) that can fit within potential assurance case.
For instance, an argument that claims security/privacy of attribute-based authentication may fit
within the assurance cases for ‘Human user identification and authentication’, ‘Machine (e.g. IoT)
identification and authentication’, ‘Authorization enforcement’. However, it is the student’s task to
demonstrate ‘how?’ security assurance argument fits there. The length of the essay should be 1500-
2000 words (minimum 1500 words, single spaced, 12pt font, on the A4-sized paper).
Marking Criteria for Assessment 1
Criterion Rating scale Criterion
score
1. Relation between
the problem and
presented security
argument.
Excellent
15 points
Satisfactory
9 points
Weak
6 points
Unsatisfactory
3 points
/15
Security
argument fits
within the scope
of the problem,
and this is wellarticulated.
Security
argument fits
within the scope
of the problem.
Security
argument
partially fits
within the scope
of the problem.
Security
argument is out
of the scope of
the problem.
2. Argument
Comprehension
(claims, strategies,
assumptions, context
and evidence).
Excellent
15 points
Satisfactory
9 points
Weak
6 points
Unsatisfactory
3 points
/15
The body of
argument has all
the parts, and
they can be
comprehended.
The body of
argument has
essential parts,
and they can be
comprehended.
The body of
argument has
essential parts,
but
comprehension
is incomplete.
Essential parts
are missing
from the body
of argument.
3. Argument wellformedness.
Excellent
10 points
Satisfactory
6 points
Weak
4 points
Unsatisfactory
2 points
/10
There are no
structural errors,
and this is clearly
demonstrated.
There are no
structural errors,
but the
demonstration is
lacking.
There are minor
structural errors.
There are
major
structural
errors.
4. Expressive
Sufficiency of
Argument.
Excellent
10 points
Satisfactory
6 points
Weak
4 points
Unsatisfactory
2 points
/10
Context is explicit
and is sufficient
for logical
inference.
Context is
partially explicit
but is sufficient
for logical
inference.
Implicit context
can be
understood,
which is
sufficient for
logical inference.
Context can
not be
understood,
and this is
insufficient for
logical
inference.
5. Argument Criticism
(e.g. counterargument)
Excellent
15 points
Satisfactory
9 points
Weak
6 points
Unsatisfactory
3 points
/15
The criticism is
persuasive and
effectively
undermines the
overall
sufficiency of
argument.
The criticism is
somewhat
persuasive and
may undermine
the overall
sufficiency of
argument.
Criticism is
introduced, but
it is not
persuasive.
Criticism is
missing.

YOU MAY ALSO READ ...  We can help on: How does naturalism approach interpretation
6. Argument defence /15 Defence evidence
is efficient,
trustworthy, and
its integrity is
unquestionable.
Defence
evidence is
somewhat
efficient and
trustworthy.
Defence
evidence is
either not
efficient or not
trustworthy.
Defence
evidence is
missing.
7. Correct use of
language and grammar
(Syntax, Spelling,
punctuation)
/10 Writing is
smooth, skilful,
and coherent.
Punctuation and
spelling are
accurate.
Writing is clear
and sentences
have some
varied structure.
Punctuation and
spelling are
generally
accurate.
Writing is clear,
but sentences
may lack variety.
Several
errors in
punctuation and
spelling.
Writing is
confusing and
hard to follow.
Many errors in
punctuation
and spelling.
8. Use of sources
(relevance/reliability)
Excellent
10 points
Satisfactory
6 points
Weak
4 points
Unsatisfactory
2 points
Evidence from
sources is
smoothly
integrated into
essay. All sources
are cited
accurately and
are highly
relevant and
reliable.
Evidence from
source(s)
is integrated into
the text. Most
sources are cited
accurately and
are generally
relevant and
reliable.
Some source
material is used.
Several sources
may not be cited
accurately.
Relevance and
reliability may
be questionable.
Few or no
source
material is
used.
Relevance
and/or
reliability are
strongly in
question.
/10

Excellent
15 points
Satisfactory
9 points
Weak
6 points
Unsatisfactory
3 points
Excellent
10 points
Satisfactory
6 points
Weak
4 points
Unsatisfactory
2 points

YOU MAY ALSO READ ...  Determine the three (3) key communication concepts

CLICK HERE TO GET A PROFESSIONAL WRITER TO WORK ON THIS PAPER AND OTHER SIMILAR PAPERS

CLICK THE BUTTON TO MAKE YOUR ORDER