1009GBS Assessment Task 1

This module will cover the following:

Assessment Task 1

· Overview

Reflection and Reflective Writing

· What reflection involves

· How to write reflectively

Employability skills

· Communication

· Critical thinking

Assessment Task 1: Overview

Title: Reflection on Group Work and Teams

Due Date: 16 August 2021

Weight: 20%

Word Limit: 600 words

Task Description:

Drawing from your learning in Module 2 and your experiences working in groups i.e., workshops, school, work, etc., write a reflection on "What makes a successful team formed to resolve a Grand Challenge problem?".

What does reflection involve?

Reflection involves:

· Being a critical thinker

· Self-awareness and willingness to examine skills, beliefs, values, attitudes, biases and assumptions

· Seeking deeper meaning and justifications for actions and opinions

· Revisiting prior experiences

Why is reflection important?

At University you are expected to examine and engage in the reflective process. Sometimes it will be built into an assessment task, other times it is something you should complete for your own academic, professional and personal development.

Reflection asks you to make a link between your experience and the course content. It’s a way of clarifying the relationship between theory and practice.  Taking time to reflect allows you to become more aware of your own values and belief system and any assumptions you may hold to support those.

How do you write reflectively?

The video below details more about reflective writing:

To reiterate, when it comes to language features:

· A formal style (i.e. no abbreviations, acronyms, contractions, slang)

· Avoid criticising or judging other people or yourself too harshly

· Well-structured paragraphs (i.e. no bullet points)

· Use of past tense (for events that have taken place)

· Use of present tense when referring to literature and making comments/reflections

· Use of future conditional (e.g. I would) when commenting on what you might change in the future

· People are added to the writing when the writer is expressing personal experiences or opinions (e.g. I, me, you, we, us)

· People (i.e. I, me, you, we, us) are removed when referring to the theory

· The actions (verbs) are usually those of feeling and thinking (e.g. feeling, felt, considered, experienced, wondered, remembered, discovered, learned)

· When reflecting, the language is usually modified (e.g. may, perhaps, might, could)

In summary

Adding to your Employability Skills

Reflection and reflective writing touches on several specific transferable skills that you will require in the workplace such as:

· Critical thinking

· Communication skills (by effective writing and using digital tools)

· Problem solving skills (by choosing what is important to include in your report)

· Ability to work independently

Case Study: Information Security Risk Assessment – Answer Sheet

Case Study: Information Security Risk Assessment

In this case study assignment, you will perform a quantitative risk analysis for the company network shown below. Write your answers on the Case Study Information Security Risk Assessment Answer Sheet.

Please use your imagination and feel free to specify any vulnerabilities and threats while completing the steps of this case study.

As depicted in the textbook, the following risk analysis formula will guide you throughout the process.

Risk = Probability (Threat + Exploit of Vulnerability) * Cost of Asset Damage

This formula tells that “Risk can be calculated by multiplying the probability (of exploitation of a vulnerability by a threat) with the impact (of the exploitation once occurred.)”

Rewrite the formula as follows:

Risk = Probability of the exploitation of a vulnerability by a threat * Impact of the exploitation

There are five steps of the risk analysis process.

Step 1) Specify three assets by using the network topology and the explanations.[footnoteRef:1] [1: An asset is anything that has a value for the company. It can be software, hardware, storage media, documents, even employees. One of the most critical assets is information. Note that, one of the essential duties of the other assets (software, hardware, etc.) is to process information. Therefore, the value of a software, for example, is directly proportional to the value of information it processes.]

Step 2) For each of the assets, determine one vulnerability.[footnoteRef:2] [2: A vulnerability is a weakness in design, development, structure, properties or configurations of an asset. An asset’s weakness could allow it to be exploited and harmed by one or more threats.]

Step 3) For each vulnerability, determine one threat that may exploit the vulnerability.[footnoteRef:3] [3: A threat is an active agent that has the intent and/or potential of exploiting vulnerabilities and causing harm. There are many threat agents that fall into broad categories of deliberate or accidental actions of human (internal or external to the organization) and acts of nature. ]

Fill out the first three columns of Table-1.

Think about the threats and vulnerabilities for each asset. For each asset, appraise the probability of the exploitation of the vulnerability (in the second column) by the threat (in the third column). For this estimation, use the following reference table. You should also think about the factors like “is the threat agent external or internal, what is the severity of the vulnerability, is it remotely exploitable?”

Write the numerical value to the fourth column of Table-1.

Write your justifications here:

Step 4) Think about the assets. For each asset, appraise the impact once the asset is damaged. For this estimation, use the following reference table.

Write the numerical value to the fifth column of Table-1.

Write your justifications here:

Step 5) Multiply the values in the fourth and fifth columns in Table-1 and write the result to the sixth column.

Fill out Table-2 from the highest-level risk to the lowest level. Also replace the <asset>, <vulnerability>, and <threat> by your findings. Write your action to the third column. If it has low probability, you may accept risk; otherwise, consider mitigating the risk, and write your mitigation actions.

Use “Case Study Information Security Risk Assessment Answer Sheet” document for your answers.