TECH2400 Introduction to Cyber Security - Cyber Risk Assessment: Complete Study Guide & Solved Assessment Breakdown
If you're studying Master Of Information Technology from Kaplan Business School and working on TECH2400 Introduction to Cyber Security Assessment (Cyber Risk Assessment), you're in the right place. This guide walks you through all three major tasks - threat identification using generative AI, network traffic analysis with nmap and Wireshark, and conducting a full risk assessment aligned with NIST CSF, ISO 27001, and the ACSC Essential Eight. You'll see exactly how a well-structured submission looks.
This isn't a generic overview. It's a practical, task-by-task breakdown with a solved example based on the Kaplan Care case study. You'll find pulled insights from the marking rubric, concrete scoring tips, and a checklist to make sure you don't miss a single mark. Let's get into it.
Course Learning Outcomes: What You Will Develop
The course is structured around three interconnected learning outcomes that together form a complete risk management lifecycle:
- Contextualise cyber security terminology for diverse stakeholders across business functions.
- Identify vulnerabilities and threats pertaining to the IT infrastructure of organisations.
- Recommend risk mitigation strategies to address cyber security vulnerabilities and threats.
These three outcomes are deliberately sequenced. You first need the language (1) before you can accurately diagnose problems (2), and you cannot recommend solutions (3) without understanding both the threat landscape and the business context. Together, they reflect how a professional cyber security analyst actually operates in the field.
Assessment Task: Risk Assessment Report
Assessment Overview:
This assessment simulates industry practices for conducting risk assessments within a business context. Students are required to investigate network traffic using tools such as nmap and Wireshark, and conduct a risk assessment based on the ISO 27001 framework. Generative AI (Artificial Intelligence) tools such as ChatGPT or Gemini are used to support the workflow.
The final deliverable is a comprehensive Risk Assessment Report designed to assist the company's executives in strengthening their cyber security posture.
- LO1: Contextualise cyber security terminology for diverse business stakeholders.
- LO2: Identify vulnerabilities and threats pertaining to the IT infrastructure of organisations.
- LO3: Recommend risk mitigation strategies to address cyber security vulnerabilities and threats.
Through these outcomes, students are trained to understand fundamental aspects of cyber security - from risk assessment to practical implementation of mitigation techniques.
Case Study: Kaplan Care Medical Practice
About Kaplan Care
Kaplan Care is a small medical practice comprising several doctors and administrative staff operating in a hybrid work arrangement. The organisation's IT infrastructure includes:
- Patient Records Server: Runs an electronic medical record (EMR) system accessible via HTTP/HTTPS.
- File Sharing Server: Hosts patient scans and lab reports, shared via the SMB protocol.
- Remote Access Server: Provides VPN access for remote staff.
Recently, employees have noticed several anomalies:
- Delayed server responses
- Unauthorised login attempts on the VPN server
- Suspicious outbound connections to unrecognised IP addresses
You are provided with two files: an nmap XML file (simulating a network scan with open ports, services, and detected vulnerabilities) and a pcap file for Wireshark (capturing suspicious traffic patterns including plaintext credentials, unusual external IPs, and SMB anomalies).
Want The Full Solved Solution For TECH2400 Introduction to Cyber Security - Cyber Risk Assessment?
Our complete solution covers all three tasks - threat identification with Gen AI screenshots, annotated nmap and Wireshark analysis, a fully populated risk matrix table, and an APA 7 reference list - formatted as a professional Risk Assessment Report ready for submission.
Why Students Struggle With This Assessment
Treating AI as the answer, not the assistant. Many students screenshot the AI table and copy it verbatim. The rubric explicitly rewards critical evaluation of AI outputs - if you don't push back on at least two results with your own evidence, you cap out at Credit.
Missing or unclear screenshots. Screenshots of nmap and Wireshark need clear labels. Markers shouldn't have to guess which risk a screenshot relates to. Caption every image with a one-line explanation.
Generic risk controls. Writing 'improve password policy' without naming the ISO 27001 control or Essential Eight mitigation reads as a Pass-level response. Be specific: cite A.9.4.2, MFA, or restrict admin privileges.
Ignoring the audience requirement. LO1 explicitly asks you to contextualise terminology for diverse stakeholders. Students who write in technical jargon throughout lose marks on both language and learning outcome alignment.
Incomplete risk matrix table. The six-column format is mandatory. Students who provide a four- or five-column table - even with solid content - lose marks for not following assessment instructions.
How to Score High on This Assessment
- Show AI critical thinking: Don't just paste AI outputs. The rubric awards Distinction and HD specifically to students who question AI assumptions and provide alternative assessments for at least two threats.
- Screenshot every AI interaction: Both in Task 1 (risk identification) and Task 3 (likelihood/impact evaluation). Missing screenshots under the compulsory Level 3 Gen AI requirement is a direct marking penalty.
- Name your evidence precisely: In network traffic analysis, mention the specific port, IP address (e.g., 10.0.0.3 to 10.0.0.2), or protocol anomaly. Vague captions like 'this shows suspicious activity' score Credit at best.
- Use all six risk matrix columns: The brief specifies: Risk, Likelihood, Impact, Risk Score, Current Controls, Recommended Controls. Every missing column costs marks in the 8-mark risk assessment criterion.
- Align controls with three frameworks: NIST CSF, ISO 27001, and ACSC Essential Eight. Name the specific control reference (e.g., A.12.6.1) - don't write generic advice like 'improve security'.
- Justify manual risk overrides with evidence: Your alternative assessment in Task 3b must cite something observable - a specific open port, a captured packet anomaly, or a vulnerability confirmed in the nmap scan.
- Write for non-technical executives: Your report audience is Kaplan Care's leadership team, not IT staff. Explain risks in plain business language, not jargon. This directly addresses LO1 and earns marks in presentation.
- Cite academic sources (APA 7): Include in-text citations for referenced risks (e.g., Suryantoro et al., 2022; Binde et al., 2011). A reference list is expected despite the 500-word target.
- Stay within the word limit: 500 words ±10% (450-550 words). Penalties apply for submissions that exceed prescribed limits, per the assessment policy.
Need a complete solution for Tech2400 Introduction to Cyber Security assessment? Here's how to get it!
Are you having sleepless nights thinking how to complete your Cyber Risk Assessment? Why don't you approach us now and put an end to your woes right now? What are you waiting for now? Fill in the form, get yourself registered with us and wait for a top-notch solution to be delivered to your doorstep.
Conclusion
Cyber security is an ever-evolving field that requires continuous learning and adaptation. In the TECH2400 Introduction to Cyber Security course at Kaplan Business School, students gain valuable hands-on experience in identifying, analyzing, and mitigating cyber risks. Through the integration of industry-standard tools and frameworks, students are well-equipped to assess security vulnerabilities and provide actionable recommendations for business stakeholders.
If you're struggling with your cyber security tasks or need guidance in completing your assignments, we can help! Contact us for expert assistance.
List of relevant courses, in which our professional tutors precisely deal with:
- TECH1100 Professional Practice and Communication
- TECH1200 Fundamentals of Programming
- TECH1300 Information Systems in Business
- TECH2100 Introduction to Information Networks
- TECH2200 IT Project Management
- TECH2300 Service and Operations Management
- TECH3100 Data Visualisation in R
- TECH3200 Artificial Intelligence and Machine Learning in IT
- TECH8000 IT Capstone
Frequently Asked Questions
Q: What exactly is the TECH2400 Cyber Risk Assessment?
A: It's a 500-word artefact development task worth 20% of your TECH2400 grade. You simulate an industry-style cyber risk assessment for a fictional medical practice (Kaplan Care) by using nmap and Wireshark to analyse pre-provided network data, identifying five key risks, and presenting a risk matrix with controls aligned to ISO 27001, NIST CSF, and ACSC Essential Eight.
Q: What are the key requirements for the risk matrix table?
A: Your table must include six columns: Threat, Likelihood, Impact, Risk Score, Current Controls, and Recommended Controls. All scores should reflect Kaplan Care's Medium risk appetite, and any risk scoring above Medium requires a recommended control aligned with at least one of the three named frameworks. Missing columns will cost marks.
Q: How should I use Gen AI in this assessment?
A: This is a Level 3 (Compulsory) Gen AI assessment. You must use a tool like ChatGPT or Gemini in two places: Task 1 (brainstorming risks) and Task 3 (evaluating likelihood and impact). All interactions must be screenshotted and documented in an appendix. You must also reference Gen AI outputs in APA 7 format. Critically, you need to show you evaluated and sometimes overrode AI outputs - that's where the marks are.
Q: Can I use references beyond the academic sources provided?
A: Yes. In fact, you should. The solved example draws on Suryantoro et al. (2022) and Binde et al. (2011) to support specific risk rationales. Any credible academic or industry source (NIST publications, ACSC guidelines, ISO documentation) can strengthen your justification and signal higher-order thinking to markers.