Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: zz-x2580
CYBR7003
Assessment Item 1
Legal perspectives in cyber security
You are required to research and write an essay in relation to a legal issue that arises in a business context in relation to cybersecurity. Essay 01
What is the Australian notifiable data breach regime and why do we have it? What are the positive and the negative aspects of the notifiable data breach regime? What recommendations do you have to change the Australian notifiable data breach regime?
Essay 02
In respect of ransomware, it has been stated: “For a ban on ransom payments to be effective, the penalties for paying the ransom would need to be more severe than the impact of the ransom itself. If the penalties are inadequate, organisations may simply pay the ransom and deal with the legal consequences so they can move on with normal operations.” See https://theconversation.com/australia-is-considering-a-ban-on-cyber-ransom-payments-but-it- could-backfire-heres-another-idea-194516 Is it currently legal in Australia to negotiate and pay a ransom because of a ransomware attack in Australia? Do you think the law in Australia relating to ransomware payments should change, and if so, why or why not? Why do some companies decide to pay ransomware?
Essay 03
You work for an Australian telco that is buying network equipment from a supplier (an OEM) outside of Australia. What are the legal risks relating to cybersecurity, and how should these risks be minimised when dealing with this supplier? 2
Essay 04
In the Privacy Act, APP 11.1 states, in summary:
APP 11.1 – if entity holds personal information, the entity must take such steps as are reasonable in the circumstances to protect the information from: • Misuse, interference and loss; and • Unauthorised access, modification and disclosure
Optus, Medibank Private, Latitude Finance and HWL Ebsworth Lawyers have all been the subject of recent data breaches. See, for example, https://www.oaic.gov.au/newsroom/oaic- opens-investigation-into-hwl-ebsworth-over-data-breach. Using at least one of these data breaches as a case study, explain how an Australian business should determine what steps to take “as are reasonable in the circumstances” to protect the personal information that the business holds.
Essay 05
The Australian Parliament passed the Security Legislation Amendment (Critical Infrastructure) Act 2021 (Cth) which implements a number of amendments to the existing Security of Critical Infrastructure Act 2018 (Cth) (SOCI Act). What is the purpose of the SOCI Act? In light of the SOCI Act, what do you consider should be respective roles of government and industry in protecting critical infrastructure? What is your opinion of the impact of the SOCI Act on the security of critical infrastructure in Australia? Does the SOCI Act go too far, or not far enough?
