Writing style/Referencing: 10 marks
• Was the writing style appropriate for a senior management audience (i.e. business focus
with technical terms avoided or clearly explained)?
• Was the writing style clear and professional with correct grammar and spelling?
• Were appropriate references used with appropriate formatting?
Question 1 – Description: 30 marks
• Were descriptions clear and succinct with a focus on key points?
• Does the report discuss the incident?
• Does the report summarise key events using the ACSC (2016) threat lifecycle?
• Does the report identify phases from the ACSC (2016) report?
• Does the report identify techniques from the MITRE ATT&CK framework?
• Does the report identify frame discussion in the context of resources provided?
Question 1 – Analysis: 30 marks
• Did the analysis offer insights and understanding?
• Does the report explain why the events from the timeline in the Service NSW Data Breach
are mapped to different phases from ACSC (2016) report?
• Does the report explain why tools are selected?
• Does the report explain why certain techniques are selected?
Question 1 – Justification: 10 marks
• Were any conclusions justified with reference to previous description and analysis?
• Does the report provide conclusions for key events, tools, and techniques?
• Does the report provide any justifications for key events, tools, and techniques?
• Were any conclusions justified with reference to the previous description and analysis?
• Are the justifications provided relevant?
Question 2 – Analysis: 20 marks
• Did the analysis offer insights and understanding?
• Does the report include an analysis of the proposed criteria?
• Does the report explain why the criteria were selected? (i.e. why they were advantageous)
• Does the report demonstrate an understanding of the proposed criteria?
• Does the report offer any insights into the attackers’ mindset?
• Does the report offer any insights into the attackers’ motivations?
• Are any assumptions made clearly explained in the analysis?