Assignment Instructions In this assessment, you are required to critically analyse the Optus data breach from a professional, ethical, legal, and organisational perspective. Your report should demonstrate your understanding of information

Individual Assignment Assessment Details and Submission Guidelines Trimester T1 2026 Unit Code HI5031 Unit Title Professional Issues in IS Ethics and Practice Assessment Type Individual Assignment Weight 50 % Word limit (if applicable) 2500 words Submission Guidelines All work must be submitted on Blackboard by the due date along with a completed Assignment Cover Page. The assignment must be in MS Word format unless otherwise specified. Academic Integrity Information Holmes Institute is committed to ensuring and upholding academic integrity. All assessments must comply with academic integrity guidelines. Please learn about academic integrity and consult your teachers with any questions. Violating academic integrity is serious and punishable by penalties that range from deduction of marks, failure of the assessment task or unit involved, suspension of course enrolment, or cancellation of course enrolment. Penalties All work must be submitted on Blackboard by the due date and time, along with a completed Assessment Cover Page. Late penalties apply. Your answers must be based on Holmes Institute syllabus of this unit. Outside sources may not amount to more than 10% of any answer and must be correctly referenced in full. Over-reliance on outside sources will be penalised Reference sources must be cited in the text of the report and listed appropriately at the end in a reference list using Holmes Institute Adapted Harvard Referencing. Penalties are associated with incorrect citation and referencing. Individual Assignment Guidelines and Specifications HI5031 Professional Issues in IS Ethics and Practice

Individual Case Study Report – Submission Structure

You need to submit the final version of your assignment in Week 5.

Case Study Optus Data Breach, 2022

Students should use the 2022 Optus data breach as the main case study. The breach exposed the personal information of millions of Australian customers, including names, dates of birth, phone numbers, email addresses, addresses, and identity document details. The incident raised major concerns about cybersecurity governance, privacy protection, data management, corporate accountability, and ethical responsibility.

Case Study Topic Optus Data Breach: Privacy, Cybersecurity Governance, and Organisational Accountability

Read the case study on the 2022 Optus data breach, then prepare an individual analytical report using the structure below.

Assignment Instructions In this assessment, you are required to critically analyse the Optus data breach from a professional, ethical, legal, and organisational perspective. Your report should demonstrate your understanding of information systems ethics, cybersecurity responsibility, professional conduct, privacy protection, and ethical decision-making.

Your discussion must be supported by academic research and relevant professional sources.

You must use at least ten quality references, including journal articles, cybersecurity standards, privacy regulations, government or regulatory reports, and professional codes of conduct.

You must apply:

one professional code of conduct, such as ACS, ACM, or IEEE; and at least two ethical theories, such as utilitarianism, deontology, contract theory, or virtue ethics. Report Structure

1. Executive Summary — 200 words

Provide a brief overview of the Optus data breach, the main cybersecurity and ethical issues, the key findings of your analysis, and the main recommendations.

2. Background of the Case — 300 words

Briefly explain the Optus data breach

3. Stakeholder Identification and Impact Analysis — 350 words

Identify the key stakeholders involved in or affected by the breach

4. Cybersecurity, Privacy, and Governance Issues — 450 words

Analyse the major cybersecurity, privacy, and governance issues in the Optus case

5. Professional Conduct Analysis — 400 words

Choose one professional code of conduct: ACS, ACM, or IEEE.

Use the selected code to analyse the responsibilities of:

Optus leadership; IT and cybersecurity professionals; data governance and privacy officers; employees responsible for handling customer information. Your analysis should consider professional duties such as:

acting in the public interest; protecting privacy and confidentiality; maintaining professional competence; ensuring security of information systems; being honest and transparent; accepting accountability for professional decisions. 6. Ethical Theory Application — 500 words

Apply at least two ethical theories to the Optus data breach. You may choose from:

Utilitarianism — evaluating overall harm and benefit to customers, Optus, regulators, and society; Deontology — assessing duties and obligations to protect customer data regardless of business cost; Contract theory — examining the trust relationship between Optus and its customers; Virtue ethics — evaluating whether Optus demonstrated integrity, responsibility, honesty, and care. Explain how these theories help evaluate the decisions and actions of Optus, its employees, regulators, and other relevant stakeholders.

7. Legal and Regulatory Accountability — 250 words

Discuss the legal and regulatory implications of the Optus data breach

8. Recommendations — 250 words

Provide practical and justified recommendations for preventing similar incidents and improving ethical organisational practice.

9. Conclusion — 100 words

Summarise your overall findings and explain why the Optus data breach is an important case for understanding privacy protection, cybersecurity ethics, professional responsibility, and organisational accountability in information systems practice.

10. Reference List

Use Adapted Harvard referencing style.

All references must be cited in-text in the body of your report. You must include at least ten quality academic or professional references.

Important Notes Word Count: 2500 words, excluding references. Submission Format: Single MS Word document. Do not submit as PDF or Pages. Headings, citations, references, and appendices do not count towards the word limit. Student Assessment Citation and Referencing Rules Adapted Harvard Referencing Rules

Holmes has implemented a revised Harvard approach to referencing. The following rules apply:

Reference sources in assignments are limited to sources that provide full-text access to the source’s content for lecturers and markers. The reference list must be located on a separate page at the end of the essay and titled: “References”. The reference list must include the details of all the in-text citations, arranged A-Z alphabetically by author surname with each reference numbered (1 to 10, etc.) and each reference MUST include a hyperlink to the full text of the cited reference source. For example:

1. Hawking, P., McCarthy, B. & Stein, A. 2004. Second Wave ERP Education, Journal of Information Systems Education, Fall, http://jise.org/Volume15/n3/JISEv15n3p327.pdf All assignments must include in-text citations to the listed references. These must include the surname of the author/s or name of the authoring body, year of publication, page number of the content, and paragraph where the content can be found. For example, “The company decided to implement an enterprise-wide data warehouse business intelligence strategies (Hawking et al., 2004, p3(4)).” author   year    page

(Hawking et al., 2004, p3(4))

paragraph

Non-Adherence to Referencing Rules Where students do not follow the above rules:

For students who submit assignments that do not comply with the rules, a 10% penalty will be applied. As per the Student Handbook, late penalties will apply each day after the student/s has been notified of the due date. Students who comply with rules and the citations are “fake” may be reported for academic misconduct. HI5031 Individual Assignment T1 2026