Subject Code :- ICTCYS603
Title :- Undertake Penetration Testing For Organizations
Assessment Type :- Assignment
Assessment Information
A. Purpose of the assessment :- This assessment will develop your skills and knowledge required to use a range of methodologies to simulate an attack on an organisations information and security systems and report the results back to the organisation.
ICTCYS603 Undertake Penetration Testing For Organizations Assignment
B. What you are required to do
For this assessment, you are required to complete 4 tasks:
Task A – Task A Knowledge Test
Task B – Task B Prepare for Penetration Testing
Task C – Task C Conduct Penetration Test
Task D – Task Conduct follow up activities
Tasks B C and D of this assessment require you to use the provided case study information relating to the fictional company Falcon Accounting Services.
C. Competencies being assessed
Elements
To achieve competency in this unit you must demonstrate your ability to:
1.Prepare and plan for penetration testing
2.Perform penetration testing based on agreed plan
3.Review and recommend actions and follow up after testing is ccompleted
Performance Evidence
Evidence of the ability to:
1.plan and implement penetration testing and resolve queries and vulner abilities on at least three vulnerabilities.
Knowledge Evidence
To complete the unit requirements safely and effectively, the individual must:
1. security risks and vulnerabilities in software systems
2. tools used in testing a network for vulnerabilities including scanning tools
3. advanced level penetration testing of a system
4. methods and tools used to protect data in an organisation
5. risk mitigation strategies
6. organisational procedures applicable to undertaking penetration testing, including:
7. establishing goals and objectives of penetration testing
8. defining scope of testing and establishment of testing regime
9. documenting established requirements
10. establishing penetration testing procedures
11. documenting findings, threats and work performed
12. key organisational environments systems and networks required to undertake penetration testing for organisations.
D. Important resources for completing this assessment
To complete this assessment, please refer to the following resources provided on Moodle:
ICTCYS603 Unit Name learner guide
ICTCYS603 Observation checklist
ICTCYS603 Marking Guide
ICTCYS603 Case study folder
Additional student assessment information
E. A note on plagiarism and referencing
Plagiarism is a form of theft where the work, ideas, inventions etc. of other people are presented as your own.
When quoting or paraphrasing from a source such as the Internet the source must be recognised. If you are quoting a source make sure to acknowledge this by including quotation marks around the relevant words sentences or ideas. Note the source at the point at which it is included within your assessment such as by using a citation. Then list the full details of the source in a ‘references’ section at the end of your assessment.
All sources used for your assessment should be detailed in a references section. It is advisable to never copy another person’s work.
F. A note on questions with role plays
We do not have a role play exercise in this unit.
G. Instructions for completing this assessment
Answer the questions below using the spaces provided:
Answer all parts of each question
Use your own words and give examples wherever possible
The quality of your answer is more important than how long it is
Enter your answers in this document
You may use various sources of information to inform your answers including your resources provided by ACBI books and online sources. You must acknowledge and cite your sources.
A. Task A – Task A Knowledge Test
Task A instructions
Answer the questions below to demonstrate your knowledge of ICTCYS603.
A1. Define Term vulnerability in cyber security context
A2. What is a software application and what are bugs and loopholes in a software?
A3. What vulnerabilities can be there in a software?
A4. What sort of risks can be associated with software vulnerabilities?
A5. How a network can be exposed and vulnerable to attacks?
A6. Name at least three latest tools that are used in network vulnerability scanning and review these tools for the features they have and the cost.
A7. What does it mean by penetration testing? Define different types of penetration testing exercises.
A8. What methods and tools are necessary to protect data in an organization? What would be your recommendation at a minimum for an SME in Australia to protect its data from cyber-attacks?
A9. What shall be the planning steps in penetration testing?
A10. What will you recommend as policy to address the findings of penetration testing exercise?
A11. What shall be the risk mitigation strategies of an organization to protect its network and data?
A12. You are required to prepare guidelines and procedures for your organization for well prepared
penetration testing and result oriented approach to address the threats. Address the following:
a. Procedure to establish goals and objectives of penetration testing
b. Procedure to defining scope of testing and establishment of testing regime
c. Procedure to document established requirements for penetration testing
d. Procedure to perform penetration testing
e. Procedure to document the findings, threats and work performed during the penetration testing.
f. Procedure to review and record key organisational environments systems and networks required to under take penetration testing for organisations.
B. Task B – Task B Prepare for Penetration Testing
Task B instructions:
For Task B you are to use the case study scenario relating to Falcon Accounting Services.
You are hired as a consultant by Chief Accountant of a small accountancy firm, who wants you to perform vulnerability analysis of the IT infrastructure of his company. The reason is that he has recently faced a ransomware attack and he is concerned about the security of information as the company has financial data of its clients based in Sydney and Melbourne.
Ensure you have read the Tasks A, B & C information in the ICTCYS603 Case study information document provided on Moodle. Then answer the questions below.
B1. Analyse organisation’s existing cyber security environment systems and network requirements.
Review the information in the case study. Provide your observation here:
B2. Identify individual data types and level of security requirements: Please prepare a network diagram and advise what is the type of normal traffic and data that is used by the company. Build your virtual setup as well.
B3. Establish and outline goal and objectives of performing penetration testing for the client. Mention what type of testing you will perform and what will be your objectives.
B4. Evaluate the scanning tools you are intended to use and select tools from them according to vulnerability assessment requirements you have agreed with the client.
B5. Establish and document testing plan and schedule, and requirements according to organisational procedures you have been provided by the CEO.
C. Task C – Task C Conduct Penetration Test
Task C instructions:
For Task C, you are to continue using the case study scenario. Task C continues on from Task B.
NOTE: Ensure you have read the Tasks B & C information in the ICTCYS603 Case study information document provided on Moodle. Then answer the questions below.
C1. Perform penetration test according to testing plan and procedures. Use the tools you have selected within the scope you have identified and agreed upon.
C2. Identify and document vulnerabilities arising from vulnerability assessment using the review of output of the tools you have used. You need to attach both raw data, that is, the output of your work and the refined data, that is, the results you have obtained from the output.
C3. Identify and document potential threats arising from penetration test according to organisational and testing procedures you have prepared. You need to use your knowledge and research of threats of relevant operating system or application.
C4. Provide a plan with recommendations to remediate identified vulnerabilities according to testing procedures.This should be a change proposal with emphasis on risk and risk prevention with step by step implementation steps and timelines. You should mention the resources you will need to implement the plan.
D. Task D – Task D Name
Task D instructions:
For Task D you are to continue working on your case study and the fictitious organization Falcon Accounting Services.
Ensure you have read the Task D information in the ICTCYS603 Case study information document provided on Moodle. Then answer the questions below.
D1. Determine and document improvement plan that should be followed by the client to be proactive and secure in future. The improve plan shall be based on your observations and point to the procedural gaps that can be improved to enhance readiness for threat management.
D2. Evaluate penetration testing effectiveness against testing plan and procedures you have performed. What has gone well and where is the need for improvement?
D3. Escalate unresolved vulnerabilities to required personnel, such as the support engineer of the IT service provider of your client. Write an email to them. Paste the content of your email here.
D4. Submit your report that covers the complete penetration testing exercise and outcomes to the CEO and to other required personnel and seek and respond to feedback if you received the feedback.
ORDER This ICTCYS603 Undertake Penetration Testing For Organizations NOW And Get Instant Discount
Read More :
ICT208 Algorithms And Data Structures Assessment 2 Case Study 1