Write My Paper Button

WhatsApp Widget

Write My Paper Button

WhatsApp Widget

1. Select an Organization and a Threat: • Choose a specific, real-world organization (e.g., a hospital, a university, a retail company, a government agency). • Choose a relevant and current cybersecurity threat to analyze in the context of your selected

ICT5351 Cyber Defense Assessment 2: Case Study

Assessment 2: Case Study – Analysis report

Assessment Overview
Weighting 35% of unit total
Due Date Week 6, Sunday, 22/03/2026, by 23:59 AEDT
Assessment Type Individual assessment
Word Count / Length 2000 words +/- 10%
Unit Learning Outcomes

In this assessment, you will be tested on whether you have successfully met the following Unit Learning Outcomes (ULOs):

 

  • ULO3: Analyse the motivation, tactics/strategy, and impacts of cyberattacks highlighting the system vulnerabilities exploited.
  • ULO4: Critique security policy, procedural and technical controls and countermeasures to mitigate the threats of cyberattacks.
Submission Type and Required Format

The type of assessment you will be completing is a Case Study Analysis. It should include the following:

 

  • Well-structured report with a clear introduction, detailed analysis, and a conclusive summary.
  • Relevant figures and diagrams, properly labeled and referenced.
  • References listed using a recognized citation format.

 

Assessment Details
Assessment Purpose The purpose of this assessment is to develop your ability to perform a proactive threat and risk assessment for a real-world organization against an emerging cybersecurity threat. You will step into the role of a security consultant to profile a relevant threat actor, model a potential attack, identify organizational vulnerabilities, and recommend a robust defensive strategy. This will enhance your skills in threat intelligence, risk analysis, and strategic security planning.
Assessment Instructions

For this assessment, you will produce a professional report that addresses the following steps:

 

1.    Select an Organization and a Threat:

  • Choose a specific, real-world organization (e.g., a hospital, a university, a retail company, a government agency).
  • Choose a relevant and current cybersecurity threat to analyze in the context of your selected organization. Examples of threats include:
  • A specific Ransomware-as-a-Service (RaaS) group (e.g., LockBit, ALPHV).
  • AI-enhanced social engineering and deepfake attacks.
  • Supply chain attacks targeting software dependencies.
  • A specific Advanced Persistent Threat (APT) group known to target your chosen organization’s sector.
  • Your analysis must be explicitly framed within a 2025–2026 threat landscape, considering at least one recent technological, regulatory, or operational change relevant to your chosen organisation (e.g., increased AI adoption, cloud migration, remote workforce, new compliance obligations).

 

2.    Threat Actor Profile:

  • Provide an in-depth profile of the threat actor associated with your chosen threat. Discuss their likely motivations (e.g., financial, political, espionage), typical targets, and level of sophistication.

 

3.    Hypothetical Attack Chain Analysis:

  • Develop a plausible, hypothetical attack chain showing how the threat actor could compromise your chosen organization.
  • You must map the stages of your hypothetical attack to the MITRE ATT&CK® framework, detailing the specific Tactics, Techniques, and Procedures (TTPs) the attacker would likely use (e.g., Initial Access, Execution, Persistence, Exfiltration).
  • You must clearly state one key assumption made by the attacker (e.g., user behaviour, configuration weakness, process gap) and justify why this assumption is realistic for the chosen organisation.

 

4.    Vulnerability and Impact Assessment:

  • Identify and discuss the likely vulnerabilities (technical, procedural, or human) in your chosen organization that would allow your hypothetical attack to succeed.
  • Assess the potential impact of a successful attack on the organization’s operations, finances, reputation, and legal standing.

 

5.    Protective Security Recommendations:

  • Propose a set of specific, actionable defensive strategies and controls to mitigate the threat.
  • You must structure your recommendations using the core functions of the NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover). Justify why each recommendation is appropriate for the threat and the organization.

 

6.    Visual Representation:

  • Include at least one original figure or diagram created by you that visualizes a key part of your analysis (e.g., the hypothetical attack chain, a defense-in-depth model for your recommendations).
Artificial Intelligence (AI) Use

In this assessment, the use of generative artificial intelligence (AI) tools is 

PERMITTED. You can use AI tools to assist with:

 

  • Generating and modifying text related to planning and brainstorming ideas for your assessment.
  • Researching topics and preparing assignments, but 
  • all AI-generated content must be acknowledged in the final report using the specified format.

 

You CANNOT include any AI-generated material in your final report directly without modification or proper acknowledgement.

 

Specifically, for visual representations, any figures, diagrams, or flowcharts must be created by you and NOT copied or generated by AI.

 

Example tools might include:

  • ChatGPT
  • Google Gemini

 

Students take full responsibility for the content of their assessments, and AI tools should be used as a supplement to your own research and analysis rather than as a replacement. If you use AI tools in an unethical or irresponsible manner, such as copying AI-generated output without checking it against reliable sources, you risk committing academic misconduct. Any use of AI must be appropriately acknowledged in the AI declaration on the Assessment Cover Sheet.

 

Refer to the Using AI page on the ECA Library and Learning Support website for further guidance.

 

Other Important Information
Assessment Resources

It is strongly recommended that you use the following to find academic peer-reviewed sources of information.

 

  • ECA Library catalogue and databases
  • Unit Readings (Course Reserves) [The link to unit’s Course Reserves]
  • Subject Guide: ICT5351 [The link to a subject guide]

 

For in-text citation and referencing, follow the ECA HE Student Guide to APA 7th Referencing.
Submission Requirements

On completion of your assessment:

  • Follow the Assessment Presentation Guidelines
  • Submit your document as a PDF or MS Word document via the assessment submission link in Canvas.
  • Include a completed Assessment Cover Sheet, including the AI Declaration, and attach it to the assessment.
  • Save drafts of your work.
Assessment Support

For academic support or feedback on a draft of your assessment, please email academic.support@eca.edu.au

 

For assistance with finding resources, such as books and journal articles, please email library@eca.edu.au

 

For information and guides on tackling assessments and developing your academic skills, please visit in the ECA Library and Learning Support website: https://eca.libguides.com/

 

For queries about this specific assessment task, please contact the Unit Coordinator.

 

Assessment 2 Rubric

Criteria (weighted as indicated below) High Distinction (HD) 85-100 Distinction (D) 75-84 Credit (C) 65-74 Pass (P) 50-64 Fail (F) 0-49

Criteria 1

Context and Threat Profiling (20%)

 Provides an exceptionally detailed and insightful profile of a highly relevant threat actor, including a sophisticated analysis of their motivations, capabilities, and relationship to the chosen organization. Provides a clear and detailed profile of the threat actor with a strong analysis of their motivations and capabilities in the context of the chosen organization. Provides a good profile of the threat actor and organization, but the analysis of motivations or specific relevance may be less developed. Identifies a threat actor and an organization but provides a generic or superficial profile with limited analysis. Fails to identify a relevant threat actor or provide a coherent profile.

Criteria 2

Hypothetical Attack Chain Analysis (TTPs) (25%)

 Develops a highly plausible and technically sophisticated hypothetical attack narrative. Masterfully integrates the MITRE ATT&CK framework to describe a creative and logical sequence of TTPs. Develops a plausible and detailed attack chain. Effectively applies the MITRE ATT&CK framework to describe the TTPs with clear justification at each stage. Develops a logical attack chain and applies the MITRE ATT&CK framework, but the narrative may lack technical depth or some TTPs may be less relevant. Describes a basic attack sequence but the application of the MITRE ATT&CK framework is limited, inaccurate, or superficial. Fails to develop a coherent attack chain or does not use the required framework.

Criteria 3

Vulnerability and Impact Assessment (20%)

 Demonstrates exceptional critical thinking by identifying specific, nuanced vulnerabilities in the chosen organization and provides a comprehensive, quantified assessment of the potential business impact. Clearly identifies relevant organizational vulnerabilities and provides a detailed and well-reasoned assessment of the likely financial, operational, and reputational impact. Identifies key vulnerabilities and assesses the potential impact, but the analysis is more general and may not be fully tailored to the specific attack chain. Identifies obvious vulnerabilities but provides a limited or generic assessment of the impact without strong justification. Fails to identify relevant vulnerabilities or assess the potential impact of the attack.

Criteria 4

Protective Security Strategy (20%)

 Proposes a comprehensive and multi-layered security strategy with specific, actionable controls. Expertly structures recommendations using the NIST Cybersecurity Framework, justifying each control with clear alignment to the identified threat. Proposes a strong and relevant set of security controls logically structured using the NIST Framework. Recommendations are well-justified and directly address the analyzed threat. Proposes a good set of security controls that are structured using the NIST Framework, but recommendations may be more generic or lack detailed justification. Proposes basic or high-level security controls with limited use of the NIST Framework or weak justification. Fails to provide relevant or coherent security recommendations.

Criteria 5

Report Professionalism & Visualisation (15%)

 Exemplary report: professionally structured, exceptionally clear, with flawless referencing. The original diagram is insightful, professionally presented, and significantly enhances the analysis. Well-structured and clearly written report with minor referencing errors. The diagram is clear, relevant, and effectively supports the analysis. The report is logically structured but may have some issues with clarity or referencing. The diagram is relevant but may lack detail. The report structure is difficult to follow, with frequent referencing errors. The diagram adds little value to the analysis. Fails to meet basic academic standards of structure, referencing, or clarity. The diagram is missing or irrelevant.

Related Posts

March 21, 2026

Qualifi Level 7 Diploma Unit EDML706 Research Methods in Education (F/618/3140) Assignment Brief 2026

Read more
March 21, 2026

Case Study   Sizzler, a globally recognised casual dining restaurant chain famous for its salad bars, grilled steaks, seafood, and signature cheese toast, was founded in 1958 when restaurateurs Del and He

Read more
March 21, 2026

Qualifi Level 7 Diploma Unit EDML705 Leading Reflective Practice in Education (L/618/3139) Assignment Brief 2026

Read more
Type to search