Question (answer in red)
1. How much is the maximum similarity for this report? 15%
2. This assignment is required to write 3,000 words. Can I write 2,000 words? Or even lesser? Yes – up to you. But less than 2,500 words meaning that your report may missed out some pointers
3. How much of thereferences needed for this assignment? As you said that there is not much article can be found, can we make our own analysis without reference to derive the discussion in the assignment? Yes there are not many academic references, you may give plausilble reasons deduced from the desc stats/tables and you can also refer to internet sources such as Gartner/McKinsey/Accenture, etc.. or cybersecurity book references
4. I just want to double-check from you the step that for my assignment is whether correct. *Please comment on the steps whether is on the right track*
Step 1: Compare the company within sector A, compare with the good rating company and the bad lower rated company (which means only compare 2 companies within the same sector? OR I can choose 3 companies to compare with? ). Do step 3. take average and compare sector A vs B only.
Step 2: do the same as sector A for sector B. 5 divide by 2 ==> one group has 2 and the other have 3, vice versa within one sector, do not compare individual company..
Step 3: Compare the sector A and B by comparing their average score (discuss why the both sector has different average score? Why is there a difference? For example, payment sector need more cybersecurity to secure their customer data) – Combined with Step 1
Step 4: Conclude which Fintech entities have better cybersecurity and 3 additional cybersecurity risk (example: mobile apps)
– do not compare companies ==> Compare BETWEEN & WITHIN SECTORS (good vs lower scores)
5. By referring to the marking rubric, the first row, rationale for selection, what does this mean? Does it mean I need to provide the reason why I choose the particular sector? Or the mark is given on whether the sector that I choose is comparable or not? (Sector crowdfunding vs sector payment). Justify your selection, can be just haphazrd selection or you have hypothesis in mind.
6. By referring to the assignment instruction, “discuss the risks among the entities”, what kind of risk refer to? Discuss the table tabulating all the 10 companies Upguard output.
7. It is a good idea if I choose to do sector e-wallet and sector payment (it is a bit similar because both sectors are about payment). Or I need to choose the sector that not similar in nature so make it more comparable? Choose any two sectors from the population given
8. By looking at the credit score, can I analyze the reason that affects the company’s focus on cybersecurity based on:
1. the size of the firm
2. capital
3. reputation
Other than that, what else can I compare for? there are also other plausible reasons
Question:
I was looking through the instructions on the cybersecurity research paper and realized we need to use UpGuard to assess each company.
Are we required to interpret their cybersecurity features in detail? for example: DMARC policy is p=none, DNSSEC not enabled, Domain expires soon? I think we only have free access to UpGuard so I’m not sure if we can obtain much details on each feature as well.
Or should we just cover the broad categories such as email security, Brand protection and network security?
Answer:
Use Upguard to get the Cybersecurity scores.
Need not discuss the details. We want to compare the scores among the two sectors and within the sectors and demystify the issues of cybersecurity in fintech companies – why are they not paying attention to cybersecurity in their sector businesses or why they emphasize a lot on cybersecurity. No technical knowledge required as this is the work of IT specialists.
Discuss on website security in non-technical terms.
Question:
What is the difference between ‘identification of cybersecurity risks and threats relevant to the selected samples’ in the introduction and ‘identification of issues’ in descriptive statistics?
Answer:
Intro/Background – Identify the chosen samples and its cybersecurity risks and threats in summarised form with a conclusion (30%). The rest of the sections is to discuss in details issues identified – one issue per section (total weightage 50%) and conclusion come with future research suggestion on 3 additional cybersecurity risk areas to be addressed. (10%).
By reading the Intro section, the reader will know what the whole research about, key findings and conclusion in gist and if they want to zoom into more details, they will need to read the remaining sections.
QUESTIONS (ANSWERS IN RED)
1. The background required in this research paper is regarding the background of the 2 different fintech areas we chose or it is the background of cybersecurity? Cyber Security Rating then select 2 sectors to test your hypothesis that you have.
2. For the second part of the research paper, we just need to insert the picture of each entity’s CSR score and grade? No pictures. Do not reproduce anything without value added work. Tabulate the scores in descriptive table and tabulate the findings of the 10 companies by sector and some other commonalities so that you can deduce more plausible reasons.
3.The descriptive statistics required in the third section is the interpretation of the result in the second section? See 2 above. For between and within sectors comparisons.
4. For the risk analysis, is that we need to discuss what type of risk the entity may face based on their current CSR score and grade? The context is the Upguards tested areas of risk but discusses in non-technical terms as the reader of your report is the management/those charged with governance! After exhausting the contextual risks, you can move into other plausible risks based on your study.
5. Is that we need to do other research for each entity other than using the UpGuard-Cloud Scanner for the analysis of the risk? Also, we need to analyse each of the 5 entities when discussing the risk amongst the same type? No need for other CSR scores other than the 10 companies. Do not discussed on each individual company. Can only discuss between sectors and within sector (between good scores and lower scores sub-group for example)
6. For the risk amongst the entities between the two types, do we need to discuss all entities or we can randomly pick 2 pairs of the entities from the two areas to analyse? compare between and within sector sub groups, no selection of entities to discuss.
QUESTION (ANSWER IN RED)
For the comparison between sectors, should I still talk about the 4-5 areas of security features or can I mention other potential cybersecurity risks in each sector? You need to have three discussions on the features Sector A vs B, within Sector A and Within Sector B.
In this section, I plan to structure it as such:
1. Wealthtech has a higher score than e-wallet because wealthtech spends more in data security than e-wallet. I don’t think so. Other plausible reasons is perhaps the background of the start-ups, are they international/regional players. Also, perhaps the e-wallet website for payment is in different engine like GrabPay. Please check.
2. Not all e-wallet companies are not equipped with other security measures like biometric identification, OTPs or two factor authentication, hence lower score. ==> you can discuss in the comparison within the e-wallet sector based on the 4-5 features in Upguard before moving to other plausible reasons.
I am not planning to mention any cybersecurity features from Upguard like Email Security, Network Security, Brand Protection, etc in this section as that would be very repetitive from comparison within sector. No. you need to have three discussions on the features Sector A vs B, within Sector A and Within Sector B. The features are the same but that set the context for comparisons between & within sectors.
QUESTION
With regards to the two reasons, that is only for wealthtech/robo advisors. I have yet to come up with reasonings for e-wallet and the overall comparison between the two sectors. If that is the case, I would like to validate with you on my structure of the comparison within sector.
Comparison within sector (ie Wealthtech)
1. Table with scores of each company and the number of passes and failures in each of the 5 cybersecurity risk areas
2. Introduction of what the sector means
3. A general comparison of passes & failures between 2 groups of companies with each of the 5 cybersecurity risk areas
4. Explanation of what good companies did to achieve a good score for website risk
5. Explanation of what good companies did to achieve a good score for email security
6. General explanation of the two reasons I mentioned in the previous email
For point 4 & 5, I would only think of mentioning these two because the scores are generally indifferent in Network Security, Phishing & Malware & Brand Protection. Hence I do not see a point of explaining that.
Do let me know if this is the right approach.
ANSWER
Your line of thinking should be ok..
QUESTION
1. I am doing e-wallet and wealthtech. As I was writing the comparison within the sector of wealthtech, I did not mention much about the specific area of cybersecurity features, like under Website Risk or Email Security. Instead, I did an overall comparison of the number of passess and failures for the good and bad companies in a table, then explained that the good companies are able to achieve good scores because of financial capability to adopt better softwares & the ability to employ highly skilled human capital. Am I on the right track here by explaining it in a general way? or should I talk about how good companies are able to excel in each website risk and email security areas? There are 5 areas of cybersecurity risks so it would be difficult to talk about each area, that’s why I did not go with that approach.
2. Would an average score of each sector be the appropriate benchmark to compare between sectors? If so, should I compare it in the general way like I demonstrated in point 1?
3. Robo-Advisors is part of wealthtech. Other than wealth management, wealthtech also plays a role in facilitating transactions for users to invest. Hence, it has a similar function as an e-wallet that facilitates transaction, am I correct?
ANSWER
Your report should be 2500-3000 words, Only have two reasons – financial capability to adopt better softwares & the ability to employ highly skilled human capital?
Compare the 4 – 5 cybersecurity risk areas as shown in the Upguard report among the top and bottom group of the within sector e.g. wealthtech/robo advisors and then within ewallets and report plausible reasons apart from the two reasons above.
Remember not to report in technical language but in non-technical language that your management or those charged with governance can understand as if they don’t have an IT background.
QUESTION
I saw in the marking scheme to link to the objective of financial reporting for the introduction and body and I wanted to clarify what that meant?
ANSWER
No, it’s an error. not financial reporting
QUESTION (ANSWER IN RED)
- As currently the Securities Commission has approved only three cryptocurrency exchanges to operate in Malaysia, namely Luno, Tokenize and Sinegy, I wonder if I could select HelloGold and CoinGecko as the other two as the sample for the cryptocurrency sector because their business models are related to the trading of cryptocurrency? OK
- Do we need to include the cover sheet in the pdf to be submitted in the assignment folder? Yes. On a separate file.
- Will our assignment be marked by our assigned workshop tutor and will it be second-mark by another tutor? will be centralized blind marking
QUESTION
I would like to clarify, the cybersecurity risk that we are supposed to write in the research paper are the ones found in Upguard? For example, website risk, phishing and malware, brand protection etc?
ANSWER
Yes. The context must be from Upguards results except for suggestions for three new areas.
QUESTION
For this assignment I have chosen to compare E-Wallets and WealthTech. Whilst doing my research I realised that most of them are primarily application based. Their website is mainly used for promotion only. In that case, will I be analysing the cybersecurity risks of the website itself (which is not a channel) or the application? Or am I supposed to derive the risk of the application by looking at the websites risks (e.g. if the website is vulnerable to ransomware and the company has not done anything to protect against it, it means that there is a risk that the company also didn’t protect their application securely.)? Not too sure if that makes sense.
ANSWER
The assignment uses Upguard Scanner to obtain the Cyber Risk Score (CSR) tested on the websites of the fintech players. This is like using FICO credit scores for loan evaluations used by most financial institutions in the US.
Use the score and other available information to do the ‘between sector’ and ‘within sector’ research based on the two sectors you have chosen. The evaluation is sole based on the website and its applications (if any). You will note that Grabpay Malaysia URL will generate zero scores (Fail) which is impossible! You would need to figure out why and find the answer ( CSR, 713 “B”)
The last part of the assignment (under conclusion) requires you to discuss (for future research) additional areas to test (other than just the website).
Remember this is not an IT degree but just a unit of your business degree and your primary users are those charged with governance/ management team who are non-IT trained. You to write in business lingo.
QUESTION
For this part of the assignment
Descriptive statistics and analysis of results
Identification of issues, explanation of issues
What issues are we to discuss?
Is it about the cybersecurity risks of the companies?
or is it about the company itself having to solve the problems they face
e.g. Upguard scan shows the problems.
ANSWER
As in lecture 9, get the CSR scores and information generated from Upguard for between sector comparisons and within sector comparison.
Do not compare company by company. Tabulate the scores and Upguard security assessments (the 4 – 5 features shown in Upguard report) comparing the sectors and within each sector.
Discuss the plausible reasons for the differences between and within sectors and explain the cybersecurity risks bas
QUESTION
I’ve done some research and found that a large majority of resources discuss the cybersecurity challenges of fintech companies in general and do not discuss or provide specific comparisons or examples.
So, is it okay that I hypothesise (like the example in my previous email) and reference it to a source that discusses, for example, how smaller fintech firms are more prone to cyber attacks?
ANSWER
You are not supposed to discuss company by company and for the features, it is best to put in a descriptive table for each sector on the security feature weaknesses. You should not just reproduce but tabulate the results so that you can see the pattern of the security weaknesses in a particular sector or within the sector between the popular/known vs lesser know in the sector.
As I have mentioned in Lecture 9, the golden rule of business is that we do not pinpoint weaknesses of a specific entity but we could generalize the weaknesses among the companies between sectors and within the sector.
You do not need to discuss the weaknesses identified by upguard.com in detail but we need to discuss based on your descriptive tabulation above. For example, as the reader of your report are the management team or those charged with governance, write in non-IT language example avoid IT jargon such as DMARC but explain in layman language like what you did: For example, Grabpay is lacking a DMARC policy, which makes it easier for hackers to send out emails from their domain to trick consumers. If you want to use DMARC, you need to define in full are your readers are non-IT audience.
QUESTION
1. Are we required to screenshot the rating scores and attach them in Appendix, or is it sufficient for me to just tabulate the scores and other information and cite the source as “upguard.com“?
2. When I discuss the differences between the scores of Sector A and Sector B, and within each sector, do I need references for the reasons that I propose?
For example, if Grabpay’s score is 864 and Boost’s score is 550, can I speculate that the reason is that Gabpay is an Ewallet owned by a large company and has strong regional presence whereas Boost is a small locally-founded company, hence Grabpay has more capital/resources/expertise/motivation/incentive to make their platform more secure? Or do I have to justify this based on reference or resources?
ANSWER
1. No need screenshots, but put in descriptive tables.
2. You do not speculate, but hypothesize or provide some plausible reasons, supported with literature would be good but if not, can use web references from non-academic resources.
QUESTION
Greetings! I am currently doing the cyber security assignment on e-wallet samples such as Alipay, GrabPay, Touch’N Go.
May I know if I can interchange the “e-wallet” term with “digital payment” in the assignment as they are serving the function of digital payment in their e-wallet role as well. Besides, most of the research information I obtained tends to mention them as digital payment too.
ANSWER
e-Wallet is a sub-set of digital payments.
It is OK for you to interchange for this introductory fintech unit.
QUESTION
I have a few doubts regarding the Cyber Security Research Paper under the Descriptive Statistics and Analysis of Results section.Under this section there is a requirement of ‘identification and explanation of issues’. So, I have briefly explained about all the threats under each broad category in non-technical terms.
For example, under website risk, there are threats such as insecure SSL/TSL version available. Using outdated software protocols will cause man-in-the-middle attack.
I would like to know if my brief explanation (in non-technical terms) is necessary for each of the threats under the broad category. Or should I just discuss the broad category of website risk, email security and network security in general.
Then, I proceed the discussion with comparison between entities within the same type and between the two types of FinTech entities in terms of why some entities passed more security tests than others.
I would like to ask your opinion if my flow of ideas is in line with the requirement of this assignment.
ANSWER
So long as your report are readable by the management or those charged with governance who are non-IT guys, then it is good.
Based on your example,
“under website risk, there are threats such as insecure SSL/TSL version available. Using outdated software protocols will cause man-in-the-middle attack……”
Management/TCWG would not be able to comprehend SSL/TSL terms and man-in-the middle attack. They will have no clues (try to put on layman terms), but they could understand the phrase outdated software protocols….and the next thing they ask is why the company is still using outdated software instead of more current ones?
QUESTION
Would it be okay to add graphs, to our analysis of the score as a way to present the scores?
For the second part where we have to suggest 3 others areas. It has to be like apps and clouds and areas like that?
We have to talk about how cyber security can impact companies but not any preventive measures right?
ANSWER
Yes you can bit show the exact score too.
Suggest 3 areas.
The HSTalks Video#2 is on Cyber threat prevention by Stephen Thurlbeck!
QUESTION
For the introduction and methodology & selection of sample part, we are required to identify cybersecurity risks and threats to the selected samples.
Does the cybersecurity risk and threat means something like data breach such as leakage of customer data, phishing emails etc?
ANSWER
The discussed shd be tge areas that are covered under CSR scoring. Those areas not covered by tge scores can be discussed under limitations of csr scoring.
QUESTION
The instruction mentioned “analyse critically on the cybersecurity features, and discuss the risks among the entities.” I would like to clarify what a cybersecurity feature is. Does feature mean data breach, phishing and ransomware prevention and detection, compliance, continuous monitoring or good analytics? And when it comes to risks is it about data breach, single factor passwords or loss of data?
In the first video lecture, there is a part about ten immutable laws of security. Are those actually cybersecurity risks and can that be applied in the assignment as well? I can’t quite relate the lecture materials to the assignment.
ANSWER
The lecture materials are the underpinning theories and principles of cybersecurity and the risks associated with it while your assignment is on the application aspects. Of the sample of 10 companies from two sectors, we can see different CSR scores, why some lower scores and why some higher scores – this relates to cybersecurity features. Some score lower or very low due to missing features – what are the risks of not having certain features – susceptible to what?. You need to look from the lens of Upguard and on the 10 samples discussed between the sector and within the sector.
QUESTION
1) Could I use a website example as one of my examples if the CSR score is F/950? (See attached image below for instance).
Please correct me if I am wrong, from my understanding F means Fail in this CSR system. Meaning that they have zero security on their website.
2) Am I only supposed to be focusing on the FinTech company’s website only?
Once again, please correct me if I am wrong. From my understanding the UpGuard’s CSR scoring system is solely based on the website URL link that is inserted. However, some FinTech companies focus their operations on their mobile applications (for example, Grab and Boost e-wallet applications).
Hence, let’s say if their CSR score is F or relatively low, could I specify that the FinTech companies focus their application operations more and henceforth why their website CSR is low compared to other FinTech companies which focus their operations mainly on websites?
Is this the right way to approach this research paper?
ANSWER
1. Looks like the www.grab.com/my/pay is not the B2C website that is used for their GrabPay business. They park it under the same platform with GrabCar, Grabfood, etc. Use the main website that runs in all countries:’
2. For Cybersecurity score, the assignment only tests on websites only. That is a limitation as many companies use other applications too, not just websites – this lead you to final part of the assignment question.
QUESTION
You mentioned that we need to “discuss descriptive statistics of what you can get from the Upguard site. Do not go into computer science/IT technical analysis”. But all I can see from the website is IT technical information.
For example I choose e wallets industry, and most of them have insecure SSL/TLS protocols. Just to make sure, am I supposed to analyze the outcome of using insecure protocols such as possible leak of personal info?
ANSWER
Only take the CSI score from the website like Credit Score. If you want to include technical details, just present the differences in descriptive table/s as we are not computer science or IT major, we cover the business management, control and governance aspects than the IT areas.
Yes, You can cover the possible leaked of personal info in the lens of PDPA but not too deep into IT technical areas.
QUESTION
1. From the fintechnews.my directory fintech startup companies, there’s a section called blockchain/cryptocurrency. If I want to take 5 companies from this list, can I take both? or must be either blockchain or crypto companies?
2. Also, regarding the statistic part, does it mean that I need to take the average score of all the companies in one sector and compare the figure with the 5 specific companies that I chose? Do you expect this in the assignment?
ANSWER
Please select 2 sectors to compare – 5 companies from each sector.
If the sector is too wide like Payments where eWallet and Remittance are in the sector or under Marketplace where blockchain and cryptocurrency are included, it would better to choose either one sector classification for more meaning comparisons. Compare BETWEEN (the two) sectors – compare the 5 samples in one sector vs. the other 5 samples from the another sector of your choice. Compare between the two sectors, NOT among the 10 firms (5+5) as the cybersecurity issue differs from one sector to another.
Compare WITHIN sector – for sector chosen. You can also compare within the sector, e.g. for the samples in a sector, select 2 – 3 samples from more established/larger players and 3 -2 samples from lesser-known companies and compare the cybersecurity score between these sub-groups. Do the same for the other sector.
As the total samples in the assignment are only 10, it is not meaningful to run statistical analysis, as such you can use random sampling or more accurate is purposive sampling as we are choosing the companies in the subgroup and in the respective sector.
Only table and discuss descriptive statistics of what you can get from the Upguard site. Do not go into computer science/IT technical analysis. We are not going “through” the computer system, we are only going “around” the computer system as a business professional.
Even before you run Upguard and get the CS scores, you can hypothesize which sector should have a higher score than the other based on plausible reasons. The scores obtained will confirm or dispel your hypothesis. The same for the “within” sector subgroup comparisons.
Use BMC and/or other models and web-references (as not many academic papers are available).
Remember, all your discussions are based on between and within sectors, not an individual company one by one.
IDENTIFICATION OF ISSUES – based on industry sector, some sector are more vulnerable, deal with a remittance for example, would need more security.
The post references needed for this assignment appeared first on My Assignment Online.