The WannaCry RansomWare Attack in summary (About 100 words)

Q1. What sort of cyber security attack was WannaCry Ransomware Attack and when did it first emerge and occur

Q2. What was the impact of the WannaCry Ransomware Attack in dollar terms for organisations globally - give two specific examples of organisations that were impacted by the WannaCry Ransomware Attack

Q3. Explain how the WannaCry Ransomware Attack works as a process and technically - considering the perspectives of both the attacker and organisation that could be attacked (about 400 words)

Assignment 3: A Case Study: An Assessment of Security and Privacy of My Health Record system

This assignment assesses your understanding in relation to the following course objectives:

1. Analyse information security vulnerabilities and threats and determine appropriate controls that can be applied to mitigate the potential risks

2. describe the role of disaster recovery and business continuity plans in recovering information and operational systems when systems and hardware fail

3. describe why legal privacy and ethical issues play an important part in effectively managing information security

4. communicate effectively written and orally about the management of information security in organisations.

This assignment relates to the topics covered in modules 1 to 11. This assignment can be completed by teams of two students or as an individual assignment.

Details regarding the allocation of students to teams will be provided on the course study desk. Each student team will be expected to work collaboratively as a team in developing and discussing their approach to assignment 3 case study and the required Security and Privacy Assessment of My Health Record system report and presentation. Regular participation in Assignment 3 Discussion Forum each week from Monday 3rd September until the due date for Assignment 3 submission is expected. Each team member or if a student is completing this assignment as an individual will be required to keep a journal of their activities and progress related to completing this assignment. A journal will form part of the assessment for this assignment. In date order clearly list the following:

- date of research activity/discussion
- topics researched or discussed
- time duration of activity.
This journal for each team member or as an individual if you completing this assignment on your own needs to be included as an appendix to the Assignment 3 Report. Any reference to web pages and on line resources such as white papers, blogs, wikis etc. should be listed at the end of the journal.

Regular participation on the discussion forums dedicated for this assessment is highly recommended and can assist greatly with the completion of this assessment item. Also note that for this assignment 3 you are expected to do research outside of the course materials provided.

Case Study: A Security and Privacy Assessment of My Health Record: (National Electronic Health Record System)

As a senior Cyber Security Consultant at HackStop Pty Ltd, you have been commissioned to conduct a critical assessment of the security and privacy of My Health Record: Australian Electronic Health Record (EHR) system on the back of the recent compromise of the Singapore Health IT system. You are required to complete the following four tasks in a Security Assessment Report and Presentation for a Senior Management audience for Assignment 3.

Task 1 Provide a brief overview of the My Health Record system and explain what are the advantages of such a system for improving healthcare delivery for patients, state wide and nationally for administration of healthcare and for improving medical research (about 500 words)

Task 2 Describe how and what an individual can customise and manage in terms of the security and privacy of their My Health Record (about 500 words)

Task 3 Describe and justify security controls with specific examples that should be put in place to ensure the My Health Record system has an appropriate level of security and privacy using the following sub-sections (1) People (2) Process (3) Technology and (4) Legislation (about 1500 words)

Task 4 Given the recent data breach of the Singapore IT Health system (1) explain how this data breach might have occurred and (2) what can we learn from this recent security incident to improve the security of the Australian My Health Record system in terms of prevention, detection and recovery of a data breach in the My Health Record system (1000 words)

Security and Privacy Assessment Report structure
* Coverpage
* Executive Summary
* Table of Contents
* Tasks 1-4 as main headings with sub sections/tasks where relevant
* Journal of participation activities to complete this assessment
* References and Appendices
Security and Privacy Assessment Report MHR - Presentation Structure (Powerpoint)
Your presentation should be created as if it were an actual presentation for a real client and should contain the following at a minimum:
* 1 Slide for an Introduction outlining your team and the organisation you work for
* 1 Slide Overview of My Health Record System and Advantages for Improving healthcare delivery.
* 1 Slide Security and Privacy management of My Health Record by an individual.
* 4 Slides covering security controls to ensure appropriate security and privacy of My Health Records from perspective of People, Process, Technology and Legislation
* 2 Slides covering data breach of Singapore IT Healthcare system and lessons learnt that can be applied to My Health Record system in terms of prevention, detection and recovery from a data breach
* 1 Slide acknowledging key authoritative reference sources which underpin research conducted in preparing this Security and Privacy Assessment of MHR report.

Note: This assignment is focused upon seeing if as a student in this course you have built up an awareness of how security and privacy should be set up and operated in a specific environment. By being able to describe how you would review and assess the security and privacy of the My Health Record system through assessment of people, process, technology and legislation through the lens of good policies, standards, procedures and controls in place, including prevention, detection and recovery from a data breach, markers will be able to assess your level of knowledge learned from the course content and from your own additional research in relation to this case study.

Attachment:- Assignment Specifications.rar