INFO5990 Final Exam Practice Answers (Bilingual)

Posted on In Word count in article: 13k Reading time ≈ 46 mins.
INFO5990 final exam practice answer sheet with bilingual English and Chinese model answers.

INFO5990 - Professional Practice in IT

Final Exam Practice Answers (Bilingual / 中英对照)

Exam-level model answers expanded from the official Answer Guide hints. Each sub-part is written to be marks-worthy in the actual exam. 基于官方答题提示扩写的考试级答案,每个小题均按考试评分标准撰写。

Question 1 — Professionalism in IT Practice (9 Marks)

Scenario / 情境

DataNova Solutions: inconsistent professional behaviour across teams; a client complained about late communication and casual handling of confidential information.

DataNova Solutions:各团队对"专业行为"理解不一致;客户投诉沟通延迟、随意处理机密信息。

(a) Define professionalism in an IT context and explain why it matters for consultants. (3 marks)

English

Professionalism in IT means applying technical expertise ethically, responsibly and competently to deliver reliable solutions that meet client and stakeholder needs. It includes honesty, accountability, respect for confidentiality, adherence to codes of conduct (e.g. ACS Code of Professional Conduct), and a commitment to continuous learning. For consultants like those at DataNova, professionalism matters because consultants are trusted with sensitive client data and high-impact decisions — professional behaviour builds client trust, protects the firm's reputation, reduces legal and ethical risk, and is the foundation for long-term commercial success.

中文

IT 领域的"专业精神"指以合乎伦理、负责任且具备胜任力的方式运用技术专长,交付能满足客户与利益相关者需求的可靠解决方案。它涵盖诚信、问责、保守机密、遵守职业行为准则(如 ACS 职业行为准则)以及持续学习的承诺。对 DataNova 这类咨询公司而言,顾问掌握着客户的敏感数据与重大决策,专业行为能建立客户信任、维护公司声誉、降低法律与伦理风险,是企业长期商业成功的基石。

(b) Identify two behaviours that demonstrate professional accountability in daily IT work. (3 marks)

English

  1. Owning mistakes and meeting commitments — when a developer's code introduces a defect or a deadline slips, the professional response is to disclose the issue promptly, explain the cause, and propose a remediation plan rather than concealing it.
  2. Transparent, honest communication about progress and confidentiality — providing accurate status updates (including bad news), and refusing to share client data with unauthorised parties even when convenient. Both behaviours show that the IT professional places client and organisational interests above personal comfort.

中文

  1. 主动承担错误并兑现承诺 —— 当代码出现缺陷或进度延误时,专业的做法是迅速披露问题、说明原因并提出补救方案,而不是隐瞒。
  2. 进度与机密信息上的透明、诚实沟通 —— 提供准确(包含坏消息在内)的状态更新,即便方便也绝不向未授权方泄露客户数据。这两种行为都体现 IT 专业人士将客户与组织利益置于个人方便之上。

(c) Suggest two practical initiatives DataNova can introduce to promote consistent professional practice. (3 marks)

English

  1. Mandatory professional-standards onboarding and annual refresher training covering the firm's code of conduct, confidentiality requirements, communication standards and client-handling protocols, so every team interprets "professional behaviour" the same way.
  2. A structured peer-mentoring and peer-feedback program where senior consultants coach juniors on real engagements and 360° feedback is collected each project; this embeds professional behaviour in day-to-day work rather than leaving it as an abstract policy.

中文

  1. 强制性的职业标准入职培训及年度复训 —— 内容涵盖公司行为准则、保密要求、沟通标准与客户接待规范,确保各团队对"专业行为"有统一理解。
  2. 结构化的同伴导师制与同伴反馈机制 —— 由资深顾问在真实项目中辅导新人,并在每个项目结束后进行 360° 反馈,将专业行为融入日常工作,而非停留在抽象的政策层面。

Question 2 — IT and Organisational Value (8 Marks)

Scenario / 情境

BluePeak Manufacturing: invested in new digital systems but productivity has not improved and costs have risen; IT projects launched without clear strategic links.

BluePeak Manufacturing:投入新数字化系统后生产率未提升、成本反而上升;IT 项目缺乏与战略目标的清晰关联。

(a) Explain two ways IT can generate organisational value beyond basic efficiency. (3 marks)

English

  1. Data-driven decision-making and innovation — analytics, predictive maintenance and AI/ML capabilities turn operational data into insight that enables new products, smarter pricing and proactive risk management, creating revenue and competitive advantage rather than just cost savings.
  2. Enhanced collaboration and customer experience through integrated systems — integrated ERP/CRM platforms break down silos, improve responsiveness to customers, and enable digital channels that grow market reach. These value streams are strategic (effectiveness, growth, differentiation) rather than purely operational (efficiency).

中文

  1. 数据驱动决策与创新 —— 分析、预测性维护和 AI/ML 能力将运营数据转化为洞察,推动新产品、智能定价与主动风险管理,带来收入与竞争优势,而不仅是节约成本。
  2. 通过集成系统提升协作与客户体验 —— ERP/CRM 等集成平台打破部门壁垒,提高对客户的响应速度,并通过数字渠道扩大市场覆盖。这些价值流是战略层面的(有效性、增长、差异化),而非纯运营层面的(效率)。

(b) Describe two methods to align IT initiatives with business strategy. (3 marks)

English

  1. Enterprise Architecture (EA) mapping — explicitly map every proposed IT project to a business capability and a strategic objective on a capability/process model so any initiative without a clear strategic link is challenged or de-prioritised.
  2. Joint IT–business planning and governance forums (e.g. a steering committee or IT Governance Board using a framework such as COBIT) where business unit leaders and the CIO co-develop the IT investment portfolio, set KPIs, and review benefits realisation. Both methods give BluePeak a structured way to stop launching disconnected projects.

中文

  1. 企业架构(EA)映射 —— 将每个拟议的 IT 项目明确映射到业务能力和战略目标的能力/流程模型,凡是缺乏明确战略关联的项目都会被质疑或降低优先级。
  2. IT 与业务联合规划与治理论坛(如使用 COBIT 等框架的指导委员会或 IT 治理委员会),由业务部门负责人与 CIO 共同制定 IT 投资组合、设定 KPI 并审查效益实现。两种方法都能为 BluePeak 提供结构化机制,避免再启动脱节的项目。

(c) Suggest one quantitative metric to evaluate IT value creation. (2 marks)

English

Return on Investment (ROI) for each IT initiative — calculated as (net benefit from the system / total cost of the system) × 100%, where net benefit aggregates measurable outcomes such as cost savings, productivity gains, revenue uplift, or reduction in defect/downtime rates. Other acceptable answers include payback period, NPV, IT-related customer satisfaction (CSAT/NPS) improvement, or productivity per employee — all tied to outcomes rather than activity.

中文

对每个 IT 项目计算 投资回报率(ROI):(系统带来的净收益 / 系统总成本) × 100%,其中净收益汇总可衡量的成果,如成本节约、生产率提升、收入增长或缺陷/停机率下降。其他可接受答案包括投资回收期、净现值(NPV)、与 IT 相关的客户满意度(CSAT/NPS)提升或人均生产率——均围绕成果而非活动。

Question 3 — IT Lifecycle and Project Phases (9 Marks)

Scenario / 情境

MetroTrans Logistics: aging delivery software with frequent crashes and data loss; planning a full replacement and wants reliability across its lifecycle.

MetroTrans Logistics:配送软件老化、频繁崩溃且数据丢失;计划全面替换并希望系统在整个生命周期中保持可靠。

(a) Outline the main phases of the IT system lifecycle and their purpose. (3 marks)

English

The IT system lifecycle (SDLC) typically includes: - Planning / feasibility — define objectives, scope, business case and risks. - Analysis / requirements — elicit and document functional and non-functional requirements with stakeholders. - Design — produce the system architecture, data model and UI specifications. - Development / build — code and configure the solution. - Testing — verify functional, integration, performance and security requirements. - Implementation / deployment — release to production with training and data migration. - Operation and maintenance — run, monitor, patch and enhance the system. - Retirement / decommissioning — securely retire the system when replaced.

Each phase ensures requirements are correctly captured, risks are managed, and the system continues to deliver value throughout its useful life.

中文

IT 系统生命周期(SDLC)通常包括: - 规划/可行性 —— 明确目标、范围、商业论证与风险。 - 分析/需求 —— 与利益相关者一起收集并记录功能与非功能需求。 - 设计 —— 产出系统架构、数据模型与界面规范。 - 开发/构建 —— 编码并配置解决方案。 - 测试 —— 验证功能、集成、性能与安全要求。 - 实施/部署 —— 上线投产,包含培训与数据迁移。 - 运维 —— 运行、监控、修补与增强系统。 - 退役/下线 —— 系统替换时安全退役。

每个阶段都确保需求被正确捕获、风险得到管理,并使系统在使用寿命内持续创造价值。

(b) Explain two risks of skipping formal lifecycle steps. (3 marks)

English

  1. Undetected requirements errors and technical debt — skipping analysis or design means assumptions go unchallenged; defects are discovered late in production, costing 10–100× more to fix than if caught early and producing systems that don't actually meet user needs.
  2. Inadequate testing leading to outages and data loss — skipping rigorous testing or deployment planning (the exact pattern at MetroTrans) leaves performance, security and integration defects in production, causing the kinds of crashes, customer complaints and reputational damage the company is already experiencing.

中文

  1. 未被察觉的需求错误与技术债务 —— 跳过分析或设计阶段会让错误假设无人质疑;缺陷直到生产环境才被发现,修复成本是早期发现的 10–100 倍,且系统往往无法真正满足用户需求。
  2. 测试不足导致宕机与数据丢失 —— 跳过严谨的测试或部署规划(正是 MetroTrans 当前的情况),会让性能、安全和集成缺陷流入生产环境,导致公司目前已经经历的崩溃、客户投诉与声誉受损。

(c) Recommend how regular lifecycle reviews help maintain system performance and cost control. (3 marks)

English

Regular lifecycle reviews — for example annual architecture reviews, post-implementation reviews (PIRs), and scheduled health/capacity checks — proactively identify obsolescence, performance degradation, and emerging security or compliance risks before they become major incidents. They allow MetroTrans to plan timely patches, refactors or replacements, smooth the IT budget over time (avoiding "big-bang" replacement costs) and ensure total cost of ownership stays predictable. Reviews also feed lessons learned back into design and procurement, improving future investment decisions.

中文

定期的生命周期评审——例如年度架构评审、上线后评审(PIR)、定期健康与容量检查——能在重大事故发生前主动发现陈旧化、性能退化以及新出现的安全或合规风险。这使 MetroTrans 能够及时规划补丁、重构或替换,平滑分摊 IT 预算(避免一次性"大爆炸"式替换的高成本),并保持总拥有成本可预测。评审还能将经验教训反馈到设计与采购环节,提升未来的投资决策质量。

Question 4 — Project Management Approaches (8 Marks)

Scenario / 情境

A university IT department traditionally uses Waterfall; stakeholders now demand faster delivery and frequent updates; management considers Agile.

某大学 IT 部门一直采用 Waterfall 模式;如今利益相关者要求更快交付和频繁更新;管理层正在考虑 Agile。

(a) Compare Agile and Waterfall approaches in terms of flexibility and stakeholder involvement. (3 marks)

English

Waterfall is a linear, sequential approach (requirements → design → build → test → deploy) where each phase must be completed and signed off before the next begins; stakeholders are heavily involved only at requirements and at final acceptance, so changes mid-project are costly. Agile delivers in short iterations (e.g. 2-week sprints) producing a working increment each cycle; stakeholders are continuously involved through backlog refinement, sprint reviews and demos, and requirements can evolve as the product is built. Agile is therefore much more flexible to change and more responsive to user needs, whereas Waterfall offers more predictable scope when requirements are fully known upfront.

中文

Waterfall 是线性、顺序的方法(需求 → 设计 → 构建 → 测试 → 部署),每个阶段必须完成并审批后才能进入下一阶段;利益相关者只在需求阶段和最终验收时深度参与,项目中途变更代价很高。Agile 则以短迭代(例如两周一个 Sprint)交付,每个周期产出可用的增量;利益相关者通过 Backlog 细化、Sprint 评审与演示持续参与,需求可随产品演进而调整。因此 Agile 在应对变化和响应用户需求方面更灵活,而 Waterfall 在需求完全明确的情况下能提供更可预测的范围。

(b) Explain how Agile reduces project risk compared to Waterfall. (3 marks)

English

Agile reduces risk by failing fast and learning fast: frequent testing, automated CI/CD pipelines and end-of-sprint reviews surface defects, integration issues and incorrect assumptions within days rather than months. Continuous stakeholder feedback ensures the team is building the right product, which slashes the risk of large late-stage rework. The incremental delivery model also means even if a project is cancelled early, the organisation still has shippable, value-generating increments in production — unlike Waterfall, where value is delivered only at the very end.

中文

Agile 通过 快速失败、快速学习 来降低风险:频繁测试、自动化 CI/CD 流水线和 Sprint 末评审能在数天内(而非数月内)暴露缺陷、集成问题和错误假设。持续的利益相关者反馈确保团队在做正确的产品,大幅降低后期大规模返工的风险。增量交付模式还意味着即便项目提前终止,组织仍已拥有可上线、能创造价值的增量产品——这与 Waterfall 在末期才交付价值形成鲜明对比。

(c) Identify one challenge when transitioning to Agile and suggest a solution. (2 marks)

English

Challenge: Cultural and role change — staff long accustomed to fixed roles (PM, BA, tester) and detailed up-front specs may struggle with self-organising teams, daily stand-ups and continuous change. Solution: Run a structured Agile transformation program — formal Scrum/SAFe training for staff and managers, certified Scrum Masters to coach teams, a pilot project to demonstrate value, and updated performance frameworks that reward collaboration and incremental delivery rather than adherence to a fixed scope.

中文

挑战: 文化与角色转变 —— 长期习惯于固定角色(PM、BA、测试)和详尽前期规范的员工,可能难以适应自组织团队、每日站会与持续变更。解决方案: 实施结构化的敏捷转型计划 —— 为员工和管理者提供正式的 Scrum/SAFe 培训,由认证 Scrum Master 辅导团队,先以一个试点项目展示价值,并更新绩效框架以奖励协作与增量交付,而非对固定范围的遵守。

Question 5 — Communication and Stakeholder Engagement (9 Marks)

Scenario / 情境

Summit Finance: developers focused on coding during a CRM upgrade and ignored end-user feedback; system met technical requirements but frustrated users.

Summit Finance:CRM 升级过程中开发人员只顾写代码、忽视终端用户反馈;系统虽满足技术要求却让用户不满。

(a) Explain why communication is critical for successful IT projects. (3 marks)

English

Communication is the mechanism by which expectations, requirements and constraints are aligned between business stakeholders, end-users and the delivery team. Without it, teams build to the wrong specification (exactly what happened at Summit Finance), assumptions diverge, scope creeps invisibly, and rework explodes. Effective two-way communication also surfaces risks and issues early, builds trust, secures the change-management buy-in needed for adoption, and ensures the final product actually delivers business value rather than merely meeting a written spec.

中文

沟通是业务利益相关者、终端用户与交付团队之间对期望、需求与约束达成一致的机制。缺乏沟通时,团队会按错误规范来构建(正是 Summit Finance 发生的情况),假设各执一词、范围悄然蔓延、返工急剧增加。有效的双向沟通还能尽早暴露风险与问题、建立信任、获得变革管理所需的认同,并确保最终产品真正交付业务价值,而不是仅满足书面规范。

(b) Identify two stakeholder groups and describe how communication can be tailored for each. (3 marks)

English

  1. Executives / sponsors (CIO, CFO) — high power, limited time. Communicate via concise dashboards, RAG status reports, and exception-based escalations focused on cost, schedule, benefits and risk. Use SBAR or BLUF (bottom-line-up-front) structure.
  2. End-users (frontline staff) — directly affected by usability and workflow change. Communicate through interactive demos, hands-on training sessions, user-acceptance testing, intranet FAQs and embedded "super users" who can answer questions in-team. Both groups need the same underlying message but in very different channels, formats and levels of technical detail.

中文

  1. 高管/项目发起人(CIO、CFO) —— 权力高、时间有限。通过简洁的仪表盘、RAG 状态报告以及聚焦成本、进度、效益与风险的例外型升级沟通;可采用 SBAR 或 BLUF(结论先行)结构。
  2. 终端用户(一线员工) —— 受可用性与流程变化的直接影响。通过互动演示、动手培训、用户验收测试、内网 FAQ 以及在团队内能解答问题的"超级用户"进行沟通。两类群体需要的核心信息相同,但渠道、格式与技术细节深度差异很大。

(c) Recommend one tool or method to ensure continuous feedback during development. (3 marks)

English

Adopt time-boxed Sprint Reviews with live demos to representative end-users at the end of every 2-week sprint, supported by a shared collaboration platform such as Microsoft Teams or Slack with a dedicated #crm-feedback channel and a JIRA/Azure DevOps backlog where users can log issues directly. This gives developers continuous, structured feedback on real working software rather than late, opinion-based feedback on documents, and ensures usability issues are caught while they are cheap to fix.

中文

在每两周的 Sprint 末,针对代表性终端用户开展 限时 Sprint 评审与现场演示,并辅以共享协作平台(如 Microsoft Teams 或 Slack 设立专门的 #crm-feedback 频道)以及 JIRA/Azure DevOps 任务积压,让用户能直接记录问题。这让开发人员能基于真实可运行的软件获得持续、结构化的反馈,而不是在文档阶段才得到迟到、主观的意见,确保在修复成本仍低时就发现可用性问题。

Question 6 — Stakeholder Communication and Influence (8 Marks)

Scenario / 情境

TechBridge Solutions: ERP implementation across IT, Finance and HR shows poor collaboration; HR feels excluded from key decisions.

TechBridge Solutions:跨 IT、财务、HR 部门的 ERP 实施中协作不佳;HR 感到被排除在关键决策之外。

(a) Using a Power–Interest matrix, classify the three stakeholder groups and explain how each should be managed. (3 marks)

English

  • IT — High power, High interest → Manage Closely. They own delivery and operational risk; involve them in every governance forum, sprint review and design decision; co-develop the project plan.
  • Finance — High power, Medium / lower interest → Keep Satisfied. They control budget and sign-off but are less involved day-to-day; provide regular concise status reports, exception alerts on budget/benefit variances and tailored escalations.
  • HR — Lower power, High interest → Keep Informed. They are critical for change management, training and people impact; involve them in workshops, share roadmaps and consultation drafts, and act on their feedback to avoid the current "left out" perception.

中文

  • IT —— 高权力、高利益 → 密切管理。 他们负责交付与运营风险;让其参与每一次治理论坛、Sprint 评审与设计决策;与其共同制定项目计划。
  • 财务 —— 高权力、利益中/较低 → 保持满意。 他们掌控预算与审批,但日常参与度较低;提供定期简洁的状态报告、预算/效益偏差的例外提醒以及定制化的升级沟通。
  • HR —— 较低权力、高利益 → 保持知情。 对变革管理、培训和人员影响至关重要;让其参与研讨会、分享路线图和咨询稿,并根据反馈采取行动,以消除目前"被排除在外"的感觉。

(b) Suggest how the SBAR (Situation–Background–Assessment–Recommendation) framework could help structure progress communication to senior management. (3 marks)

English

SBAR forces every update to senior management into four short, evidence-based sections: Situation (the issue or status in one sentence), Background (the relevant facts and history), Assessment (analysis of impact, risk and root cause) and Recommendation (the decision or action requested). For TechBridge this means senior managers no longer wade through long status decks — they receive concise, decision-ready updates such as "HR adoption is at risk because their requirements were collected late; recommend a 2-week design review with HR before the next sprint." It clarifies issues, accelerates decisions and forces the reporter to think analytically rather than just describe activity.

中文

SBAR 把所有向高管的汇报固定为四个简短、基于证据的部分:Situation(情境)——用一句话说明问题或状态;Background(背景)——相关事实与历史;Assessment(评估)——影响、风险与根因分析;Recommendation(建议)——所请求的决策或行动。对 TechBridge 而言,高管不再需要翻阅冗长的汇报材料,而是收到简洁、可决策的更新,例如:"HR 采纳存在风险,因其需求收集过晚;建议在下个 Sprint 前与 HR 进行为期 2 周的设计评审。"这能厘清问题、加快决策,并迫使汇报者从分析角度而非仅描述活动进行思考。

(c) Recommend one digital collaboration tool or approach that would enhance cross-department engagement. (2 marks)

English

Set up a Microsoft Teams workspace (or equivalent) with dedicated channels per stream (e.g. #erp-finance, #erp-hr, #erp-it), a shared OneNote/Confluence space for decisions and meeting minutes, and an integrated task board (Planner or Asana) so every department has the same real-time visibility of plans, decisions, blockers and progress. Shared visibility is the antidote to HR feeling "left out" and reduces email-based misalignment.

中文

搭建 Microsoft Teams 工作区(或同类工具),按工作流设置专属频道(如 #erp-finance、#erp-hr、#erp-it),配合用于记录决策与会议纪要的共享 OneNote/Confluence,以及集成的任务看板(Planner 或 Asana),让每个部门对计划、决策、阻塞与进度都拥有同样的实时可见性。共享可见性正是消除 HR"被排除感"的良方,也能减少因邮件沟通造成的不一致。

Question 7 — Information and Estimation Accuracy (8 Marks)

Scenario / 情境

BrightEdge Analytics: 6-month fixed deadline for ML dashboard; requirements still evolving; estimates from team leads vary by ~40%; management worried about cost overruns.

BrightEdge Analytics:机器学习仪表盘有 6 个月固定截止日期;需求仍在演进;不同 Team Lead 估算偏差高达约 40%;管理层担忧成本超支。

(a) Explain the role of estimation in IT project management and why accuracy is critical for BrightEdge's situation. (3 marks)

English

Estimation provides the forecasts of time, cost, effort and resources on which schedules, budgets, staffing plans and client commitments are built — it is the foundation of any project plan and of stakeholder expectations. For BrightEdge, accuracy is especially critical because the deadline is fixed and contractual: under-estimating effort will cause missed milestones, quality compromises and contractual penalties, while over-estimating will price the work uncompetitively and erode trust. With a 40% spread between estimators, the project today is essentially un-plannable, so improving estimation reliability is a precondition for managing client expectations, allocating the right specialists and protecting profitability.

中文

估算为时间、成本、工作量与资源提供预测,是构建进度计划、预算、人员配置与客户承诺的基础——它是任何项目计划与利益相关者期望的根基。对 BrightEdge 而言,准确性尤为关键,因为截止日期固定且具有合同性质:低估工作量会导致里程碑延误、质量妥协与违约处罚,高估则会使报价缺乏竞争力并损害信任。当前估算偏差高达 40%,项目实际已无法规划,因此提升估算可靠性是管理客户期望、配置正确专家并保障利润的前提。

(b) Identify two common causes of estimation inaccuracy and describe how they can affect project outcomes. (3 marks)

English

  1. Unclear or changing requirements — estimating against an evolving target produces scope creep, hidden rework and constant re-baselining, leading to schedule slippage and budget blow-outs (the dominant risk at BrightEdge).
  2. Optimism bias and lack of historical data — without calibrated data from past similar projects, estimators (especially under pressure from sales or executives) systematically underestimate effort and ignore low-probability/high-impact tasks. The result is missed deadlines, exhausted teams, quality defects and damaged client relationships. Other valid causes: anchoring bias, omitted non-functional work (security, integration, performance testing), and unrealistic productivity assumptions.

中文

  1. 需求不清或持续变更 —— 对一个不断移动的目标进行估算会产生范围蔓延、隐藏返工和反复重订基线,导致进度延误与预算大幅超支(正是 BrightEdge 的主要风险)。
  2. 乐观偏差与缺乏历史数据 —— 没有过去类似项目的校准数据,估算者(尤其在销售或高管施压下)会系统性地低估工作量并忽视低概率高影响的任务。结果是误期、团队疲惫、质量缺陷和客户关系受损。其他常见原因包括:锚定偏差、被忽略的非功能性工作(安全、集成、性能测试)和不切实际的生产率假设。

(c) Recommend one estimation approach suitable for projects with incomplete requirements and justify why it fits this scenario. (3 marks)

English

Use the Three-Point Estimation / PERT method, optionally combined with the Delphi technique, and re-estimate iteratively (rolling-wave planning) as requirements clarify. For each task, capture an optimistic (O), most-likely (M) and pessimistic (P) value, then compute the expected duration E = (O + 4M + P)/6 with a standard deviation σ = (P – O)/6. This explicitly models uncertainty rather than pretending a single point estimate is precise, and the Delphi version aggregates anonymous expert judgement to reduce the 40% variance between BrightEdge's team leads. Combined with rolling-wave re-estimation each sprint and confidence ranges shared with the client, this approach manages expectations honestly, exposes risk early, and produces progressively more accurate forecasts as the unknowns close out.

中文

采用 三点估算 / PERT 方法,可结合 Delphi 专家共识法,并在需求逐步明确时进行迭代再估算(滚动波次规划)。对每项任务记录 乐观值(O)最可能值(M)悲观值(P),然后计算期望时长 E = (O + 4M + P)/6,标准差 σ = (P – O)/6。它显式地建模不确定性,而不是假装单点估算就很精确;Delphi 版本通过匿名汇总专家判断,可降低 BrightEdge 各 Team Lead 之间 40% 的估算偏差。结合每个 Sprint 的滚动再估算并向客户提供置信区间,该方法能诚实地管理期望、尽早暴露风险,并随着未知因素的逐步消除产生越来越准确的预测。

Question 8 — CIA Triad, Vulnerabilities, and Secure Design (Fintech Mobile Banking App)

Scenario / 情境

Fintech mobile banking app. Security review found: PINs stored in plain text; transaction records altered without authorisation; app crashes during weekend peaks; XSS-vulnerable input fields; management still wants to release first and fix later.

某金融科技手机银行 App。安全评审发现:用户 PIN 明文存储;交易记录被未授权篡改;周末高峰时 App 崩溃;输入字段存在跨站脚本(XSS)漏洞;管理层仍坚持先上线后修复。

(a) CIA Triad Application (3.5 marks)

English

  • Confidentiality — Customer PINs are stored in plain text inside the database. Confidentiality protects sensitive information from unauthorised access. Storing PINs unencrypted/unhashed means anyone who gains database access (hacker, insider, malware) can immediately read every customer's credentials, enabling account takeover, fraudulent transactions and identity theft. For a regulated financial institution this is a catastrophic confidentiality failure.
  • IntegrityTransaction records were altered without authorisation. Integrity guarantees data remains accurate, complete and trustworthy throughout its lifecycle. Unauthorised modification means the system cannot guarantee financial records are correct, so balances may be wrong, customers may lose money, disputes will arise, and the bank faces legal and regulatory consequences.
  • Availability — The app crashes during high-traffic weekend periods. Availability ensures systems and services remain accessible to authorised users whenever needed. If customers cannot transfer money, pay bills or check balances during peak demand, they suffer financial impact and the bank suffers reputational and commercial damage.

中文

  • 保密性(Confidentiality) —— 客户 PIN 以 明文 存储在数据库中。保密性旨在防止敏感信息被未授权访问。PIN 未加密/哈希意味着任何获得数据库访问权限的人(黑客、内部人员或恶意软件)都能立即读取每位客户的凭据,从而实施账户接管、欺诈交易和身份盗用。对受监管的金融机构而言,这是灾难性的保密失败。
  • 完整性(Integrity) —— 交易记录在未授权情况下被篡改。 完整性保证数据在其生命周期内保持准确、完整且可信。未经授权的修改意味着系统无法保证财务记录正确,账户余额可能出错、客户可能蒙受损失、纠纷必然出现,银行也将面临法律与监管后果。
  • 可用性(Availability) —— App 在周末高峰期崩溃。 可用性确保系统与服务在授权用户需要时持续可用。若客户在高峰期无法转账、缴费或查询余额,将造成财务影响,银行也将承受声誉与商业损失。

(b) Vulnerability Explanation (3 marks)

English

Vulnerability 1 — Plain-text password (PIN) storage. PINs are stored without any hashing algorithm such as bcrypt, PBKDF2 or Argon2, so a single database breach immediately exposes every credential. Attackers could gain database access through SQL injection, stolen admin credentials, an insider threat or malware on a backup server; once inside they simply read the PIN column — no cracking required. The result is large-scale account takeover, identity theft and direct financial loss.

Vulnerability 2 — Cross-Site Scripting (XSS) in input fields. Because user input is not validated or output-encoded, an attacker can inject malicious JavaScript through fields such as profile names, comments or transaction notes. When another user (or worse, a bank admin) views the affected page, the malicious script executes in their browser and can steal session cookies, hijack accounts, redirect users to phishing sites, or perform actions on behalf of the victim.

中文

漏洞 1 —— 明文密码(PIN)存储。 PIN 未经任何哈希算法(如 bcrypt、PBKDF2、Argon2)处理就直接存储,因此一次数据库泄露就会立即暴露所有凭据。攻击者可通过 SQL 注入、被盗管理员凭据、内部威胁或备份服务器上的恶意软件取得数据库访问权;一旦进入,只需直接读取 PIN 列,无需破解。后果是大规模账户接管、身份盗用与直接财务损失。

漏洞 2 —— 输入字段中的跨站脚本(XSS)。 由于用户输入未做校验或输出编码,攻击者可通过个人资料、评论或交易备注等字段注入恶意 JavaScript。当其他用户(甚至银行管理员)查看相关页面时,恶意脚本会在其浏览器中执行,可窃取会话 Cookie、劫持账户、将用户重定向至钓鱼网站,或以受害者身份执行操作。

(c) Consequences of Deployment (3 marks)

English

Deploying the banking app without fixing these issues would cause severe consequences across all stakeholder groups. For customers, plain-text PIN exposure and tampered transaction records could result in stolen funds, unauthorised account access and identity theft; trust in the bank would collapse. For employees and IT teams, the inevitable breach would create huge workloads — incident response, forensic investigation, customer support, emergency patching, and morale damage from public criticism and regulator engagement. For the organisation, consequences include severe reputational damage, customer churn, regulatory action and large fines (e.g. under privacy law and banking regulations such as APRA CPS 234 in Australia or GDPR in the EU), class-action lawsuits, falling share price and long-term loss of competitive position. In short, the "release now, fix later" decision creates risk that vastly outweighs the cost of fixing first.

中文

在未修复这些问题的情况下上线该银行 App,将对所有利益相关者造成严重后果。对客户而言,PIN 明文泄露和被篡改的交易记录会导致资金被盗、账户被未授权访问以及身份盗用,对银行的信任将崩溃。对员工与 IT 团队而言,必然发生的数据泄露将带来巨大工作量——事件响应、取证调查、客户支持、紧急补丁,以及面对公众批评与监管机构所造成的士气受损。对组织而言,后果包括严重的声誉损失、客户流失、监管处罚与巨额罚款(如澳大利亚 APRA CPS 234、欧盟 GDPR 等隐私和银行业法规下的罚款)、集体诉讼、股价下跌以及长期竞争地位的丧失。简而言之,"先上线、后修复"造成的风险远高于先行修复的成本。

(d) Security Improvements (3 marks)

English

Improvement 1 — Secure password hashing with salt. Implement a strong, adaptive password-hashing algorithm such as bcrypt, PBKDF2 or Argon2 with a unique random salt per user for every PIN. Hashing is a one-way function, so even if the database is breached, attackers cannot recover the original PINs without a computationally infeasible brute-force attack. Per-user salting also defeats rainbow-table attacks. This directly addresses the confidentiality failure.

Improvement 2 — Input validation and output encoding (with Content Security Policy). Implement strict server-side input validation (allow-lists, length and type checks) and context-aware output encoding so user-supplied input is always treated as data, not executable code. Add a Content Security Policy (CSP) header to restrict where scripts can load from. Together these controls neutralise the XSS vector and most input-injection attacks. Both improvements are low-cost, well-understood industry standards that materially reduce the identified risks.

中文

改进 1 —— 加盐的安全密码哈希。 实现强适应性密码哈希算法,如 bcrypt、PBKDF2 或 Argon2,对每个用户的 PIN 使用唯一随机 盐值。哈希是单向函数,即便数据库被攻破,攻击者也无法在合理算力内还原 PIN;按用户加盐还能挫败彩虹表攻击。这直接针对保密性失败。

改进 2 —— 输入校验与输出编码(配合 CSP)。 实施严格的 服务端输入校验(白名单、长度与类型检查)以及上下文相关的 输出编码,确保用户输入始终被作为数据而非可执行代码处理。再加上 Content Security Policy(CSP) 响应头,限制脚本可加载的来源。两者结合能消除 XSS 攻击向量及大多数注入类攻击。这两项改进成本低、行业成熟,能显著降低已识别风险。

Question 9 — Incident Response and Disaster Recovery (ShopFast E-commerce)

Scenario / 情境

ShopFast e-commerce site: suspicious foreign login; mass download of payment records; ransomware on multiple servers; security team delayed containment; compromised account active for hours; recent backups also encrypted; unclear ownership of response; customers complaining publicly.

ShopFast 电商:海外可疑登录、批量下载支付记录、多服务器中勒索软件、安全团队延迟封堵、被攻陷账户活跃数小时、最近备份也被加密、响应职责不清、客户公开投诉。

(a) Incident vs Disaster Understanding (3.5 marks)

English

Incident Response situation: The suspicious foreign login and mass download of customer payment records is a classic security-incident-response situation. Incident response focuses on detecting, investigating, containing and minimising the impact of a security breach. Here the priorities are disabling the compromised account, isolating affected systems, preserving logs/evidence, and stopping further data exfiltration before it escalates.

Disaster Recovery situation: The ransomware attack rendering multiple servers unavailable is a disaster-recovery (DR) situation. Disaster recovery focuses on restoring critical systems, services and operations after a major disruption. Because production servers and even recent backups are encrypted, the organisation must invoke its DR plan — recover from clean backups (ideally offline/immutable), rebuild infrastructure, and resume customer-facing operations as quickly as possible to limit revenue loss and reputational damage.

中文

事件响应情境: 海外可疑登录与批量下载客户支付记录 属于典型的安全事件响应情境。事件响应聚焦于发现、调查、遏制并最小化安全事件的影响。当下的首要任务是停用被攻陷账户、隔离受影响系统、保存日志/证据,并在事态升级前阻止进一步的数据外泄。

灾难恢复情境: 勒索软件导致多服务器不可用 属于灾难恢复(DR)情境。灾难恢复聚焦于在重大中断后恢复关键系统、服务与运营。由于生产服务器乃至最近的备份均已被加密,组织必须启动 DR 计划——从干净备份(最好是离线/不可变备份)恢复、重建基础设施,并尽快恢复面向客户的业务,以降低收入损失与声誉损失。

(b) Response and Recovery Breakdown (3 marks)

English

Failure 1 — Delayed Incident Containment. The security team hesitated to act because they were unsure whether the alert was a real attack. This delay allowed attackers to continue downloading payment records and to deploy ransomware deeper into the network. In incident response, every minute of attacker dwell time multiplies the damage; pre-defined containment criteria and authority would have enabled an immediate response.

Failure 2 — Poor Coordination and Unclear Leadership. Employees did not know who was responsible for communications versus technical recovery, which delayed both. Lack of a defined incident commander, communications lead and recovery lead caused duplicated work, ignored stakeholders, and visible chaos that fuelled customer complaints on social media. A formal RACI (e.g. via NIST IR / ISO 27035 roles) and a tested playbook would have prevented this.

中文

失败 1 —— 事件遏制延迟。 安全团队因不确定告警是否为真实攻击而迟迟未行动。这种拖延让攻击者得以继续下载支付记录,并将勒索软件更深地植入网络。在事件响应中,攻击者每多停留一分钟,损失就会成倍增加;预设的遏制判据与授权本可使响应立即启动。

失败 2 —— 协调不力与领导不清。 员工不知道由谁负责对外沟通、由谁负责技术恢复,导致两方面均被延误。缺乏明确的事件指挥官、沟通负责人和恢复负责人,造成工作重复、利益相关者被忽视,混乱场面在社交媒体上引发客户投诉。一份正式的 RACI(如基于 NIST IR / ISO 27035 的角色定义)和一套经过演练的应急手册本可避免这一切。

(c) Data and System Challenges (3 marks)

English

Containment was severely hampered because the compromised staff account remained active for several hours, giving attackers ample time to move laterally, escalate privileges and compromise additional systems and data. Restoration was equally difficult because the most recent backups were also encrypted — meaning the organisation had no clean recovery point and had to choose between paying a ransom (which encourages future attacks and gives no guarantee of recovery) or restoring from older, less complete backups with significant data loss. On top of this, the organisation faced simultaneous operational and reputational pressure: customers could not place orders, complaints were spreading on social media, and the company had to manage technical recovery, customer communication, regulatory notification and crisis PR in parallel.

中文

遏制工作受到严重阻碍,因为 被攻陷的员工账户保持活跃数小时,给攻击者充足时间横向移动、提升权限并危及更多系统与数据。系统恢复同样困难,因为 最近的备份也已被加密——组织缺乏干净的恢复点,只能在支付赎金(鼓励未来攻击且无法保证恢复)与从更早、不完整的备份中恢复(伴随显著数据丢失)之间二选一。与此同时,组织还面对 运营与声誉的双重压力:客户无法下单、投诉在社交媒体扩散,公司需要并行处理技术恢复、客户沟通、监管报告与危机公关。

(d) Integrated Improvement Strategy (3 marks)

English

Improvement 1 — Formal incident-response plan with rehearsed playbooks. Establish a documented IR plan (aligned to NIST SP 800-61 or ISO/IEC 27035) with clearly assigned roles (Incident Commander, Comms Lead, Forensic Lead, Recovery Lead), pre-approved containment authority, escalation paths and communication protocols. Run quarterly tabletop exercises and at least one full-scale simulation per year so the team knows exactly what to do and is empowered to act without hesitation. This directly addresses the delayed-containment and coordination failures.

Improvement 2 — Secure, isolated, immutable backups with regular DR testing. Adopt a 3-2-1-1 backup strategy (three copies, two media, one off-site, one immutable/offline) so ransomware cannot encrypt the backup chain. Combine this with scheduled DR drills that actually restore systems from backups and measure RTO/RPO against targets. This ensures ShopFast always has a clean recovery point and a proven recovery procedure, eliminating the catastrophic "all backups encrypted" outcome.

中文

改进 1 —— 正式的事件响应计划与经过演练的应急手册。 制定符合 NIST SP 800-61 或 ISO/IEC 27035 的成文 IR 计划,明确分配角色(事件指挥官、沟通负责人、取证负责人、恢复负责人),预先授权遏制权限,并定义升级路径与沟通协议。每季度开展桌面演练,每年至少进行一次全规模模拟,使团队清楚自身职责并被授权果断行动。这直接解决了遏制延迟与协调不力的问题。

改进 2 —— 安全、隔离、不可变的备份并定期开展 DR 演练。 采用 3-2-1-1 备份策略(三份副本、两种介质、一份异地、一份不可变/离线),使勒索软件无法加密备份链。同时定期开展 真正从备份恢复系统 的 DR 演练,对照目标度量 RTO/RPO。这样 ShopFast 始终拥有干净的恢复点和经过验证的恢复流程,可彻底避免"所有备份都被加密"的灾难性后果。

Question 10 — CIA Triad, Vulnerabilities, and Secure Design (Online Learning Platform)

Scenario / 情境

Online learning platform: weak password hashing without salt; uploaded exam files modified by unauthorised users; site unavailable during exam periods due to traffic; SQL-injection-vulnerable search fields; PM wants to defer fixes until after deployment.

某在线学习平台:密码哈希算法弱且未加盐;上传的试卷文件被未授权修改;考试期高流量下网站不可用;搜索字段存在 SQL 注入漏洞;项目经理希望先上线后修复。

(a) CIA Triad Application (3.5 marks)

English

  • ConfidentialityWeak password hashing without salt. Confidentiality protects sensitive information such as student accounts and credentials. Weak/unsalted hashes (e.g. raw MD5 or SHA-1) are vulnerable to brute-force and rainbow-table attacks; a database breach would allow attackers to recover passwords quickly, then access personal data, assignments and grades or impersonate students.
  • IntegrityUploaded exam files modified without authorisation. Integrity ensures data remains accurate, trustworthy and unchanged unless modified by authorised users. If exam files can be altered, students may sit wrong or leaked papers, grades become unreliable, and academic integrity is undermined — creating fairness and compliance concerns.
  • AvailabilitySite unavailable during final exam periods due to excessive traffic. Availability ensures systems remain operational when users need them. If students cannot access exams or submit work during critical assessment windows, the platform damages academic outcomes and the institution's credibility.

中文

  • 保密性 —— 弱哈希且未加盐的密码存储。 保密性保护学生账户与凭据等敏感信息。弱哈希/未加盐(如裸 MD5 或 SHA-1)极易被暴力破解和彩虹表攻击;一旦数据库泄露,攻击者可快速恢复密码,进而访问个人信息、作业与成绩,或冒充学生身份。
  • 完整性 —— 上传的试卷被未授权修改。 完整性确保信息保持准确、可信,并仅在被授权时才被更改。若试卷可被篡改,学生可能拿到错误或泄露的卷子,成绩失去可靠性,学术诚信受到损害——引发公平性与合规性问题。
  • 可用性 —— 期末高流量下网站不可用。 可用性确保系统在用户需要时持续运行。若学生在关键考核时段无法访问考试或提交作业,平台将损害学业成果与学校的公信力。

(b) Vulnerability Explanation (3 marks)

English

Vulnerability 1 — Weak password hashing. The system uses weak hashing without salting for student passwords. Algorithms such as MD5 or SHA-1 are extremely fast and have known collisions, making them vulnerable to rainbow tables and GPU-accelerated brute force. An attacker who steals the password database can recover thousands of credentials within hours and use them to access sensitive academic records or impersonate students for assessments.

Vulnerability 2 — SQL Injection in search fields. Search fields accept unsanitised user input that is concatenated directly into SQL queries. An attacker can craft inputs such as ' OR 1=1 -- to bypass authentication, dump entire tables, modify or delete records, or even execute administrative database commands. SQL injection is one of OWASP's top web-application risks because it targets the backend database directly and can fully compromise data confidentiality, integrity and availability.

中文

漏洞 1 —— 弱密码哈希。 系统对学生密码使用未加盐的弱哈希。MD5、SHA-1 等算法极快且存在已知碰撞,极易遭彩虹表与 GPU 加速的暴力破解。攻击者一旦窃取密码库,可在数小时内还原成千上万的凭据,并利用其访问敏感学术记录或冒充学生参加考试。

漏洞 2 —— 搜索字段中的 SQL 注入。 搜索字段接收未经过滤的用户输入,并将其直接拼接进 SQL 查询。攻击者可构造如 ' OR 1=1 -- 的输入绕过认证、导出整张表、修改或删除记录,甚至执行管理性数据库命令。SQL 注入是 OWASP 网络应用风险榜单上的常客,因为它直接攻击后端数据库,可完全破坏数据的保密性、完整性与可用性。

(c) Consequences of Deployment (3 marks)

English

For students, compromised accounts could expose personal information, submitted assignments and grades; outages during exams could prevent submissions entirely, damaging their academic record. For teachers and academic staff, modified exam files and corrupted assessment results would create academic-integrity investigations and significant re-evaluation/re-issue work, eroding trust in the platform. For the institution, deploying an insecure platform could lead to reputational damage, formal complaints, regulatory and privacy-law breaches (e.g. Australian Privacy Act / GDPR), legal liability, loss of accreditation status, and lasting loss of trust from students, parents and partner schools. Educational data is highly sensitive and tightly regulated, so the cost of a breach can dwarf the cost of deferred fixes.

中文

对学生而言,账户被攻陷会泄露个人信息、提交的作业和成绩;考试期间的宕机可能让学生根本无法提交,影响学业记录。对教师与教务人员而言,被篡改的试卷与失真的考核结果会引发学术诚信调查,并带来繁重的重评分/重出题工作,削弱对平台的信任。对机构而言,部署不安全的平台可能导致声誉受损、正式投诉、违反隐私法律法规(如澳大利亚《隐私法》、欧盟 GDPR)、法律责任、失去认证资格,并长期失去学生、家长与合作学校的信任。教育数据高度敏感且受严格监管,泄露成本远高于延迟修复的成本。

(d) Security Improvements (3 marks)

English

Improvement 1 — Strong password protection. Replace weak hashing with a modern, adaptive algorithm — bcrypt, PBKDF2 or Argon2 — using a unique random salt per user and an appropriate work factor. Even if the password database is stolen, recovery of plaintext passwords becomes computationally infeasible. Enforce strong password policies and offer multi-factor authentication (MFA) for additional defence-in-depth.

Improvement 2 — Parameterised queries and an ORM / Web Application Firewall. Eliminate SQL injection by using prepared statements / parameterised queries (or a vetted ORM) throughout the codebase, so user input is bound as data, never interpreted as SQL. Add server-side input validation, principle-of-least-privilege database accounts, and a Web Application Firewall (WAF) for layered protection. Together these controls neutralise both of the most damaging vulnerabilities identified in the scenario.

中文

改进 1 —— 强密码保护。 用现代自适应算法 bcrypt、PBKDF2 或 Argon2 替换弱哈希,为每个用户使用唯一随机盐和合适的工作因子。即便密码库被窃,明文还原也在算力上不可行。同时强制实施强密码策略,并提供多因素认证(MFA),实现纵深防御。

改进 2 —— 参数化查询与 ORM/Web 应用防火墙。 通过在整个代码库中使用 预编译语句/参数化查询(或经过审计的 ORM),让用户输入始终被绑定为数据而非 SQL,从根源上消除 SQL 注入。配合服务端输入校验、最小权限的数据库账户以及 Web 应用防火墙(WAF)实现分层防护。这两项改进可同时消除场景中危害最大的两个漏洞。

Question 11 — Incident Response and Disaster Recovery (CloudHealth Services)

Scenario / 情境

CloudHealth Services provides cloud-based medical systems. Admin account used from unfamiliar location; prescription records exfiltrated; malware encrypts databases; IR team delays action; staff disagree on priorities (recovery vs comms vs forensics); some backups corrupted before detection; clinics lose access to patient records.

CloudHealth Services 为多家诊所与药房提供云医疗系统。管理员账户在陌生地点登录;处方记录被外传;恶意软件加密数据库;IR 团队延迟行动;员工对优先级(恢复 / 沟通 / 取证)意见不一;部分备份在被发现前已损坏;诊所失去患者记录访问权限。

(a) Incident vs Disaster Understanding (3.5 marks)

English

Incident Response activity: The suspicious administrator login from an unfamiliar location and external transfer of prescription records is an incident-response activity. Incident response focuses on detecting, investigating and containing security breaches before they spread further. The priority actions are disabling the admin account, isolating affected systems, preserving logs for forensic investigation, and stopping further data exfiltration.

Disaster Recovery activity: The malware encryption that has made multiple databases unavailable is a disaster-recovery activity. DR focuses on restoring critical systems, services and business operations after a significant disruption. Because clinics depend on continuous access to patient records to deliver safe care, restoration speed is not just a commercial concern but a patient-safety concern.

中文

事件响应活动: 管理员账户在陌生地点登录及处方记录外传 属于事件响应活动。事件响应聚焦于在安全事件蔓延前进行检测、调查与遏制。当下应立即停用管理员账户、隔离受影响系统、保存日志以备取证,并阻止进一步的数据外泄。

灾难恢复活动: 恶意软件加密导致多个数据库不可用 属于灾难恢复活动。DR 聚焦于在重大中断后恢复关键系统、服务与业务运营。由于诊所依赖患者记录的持续可用以提供安全医疗服务,恢复速度不仅关乎商业利益,更关乎患者安全。

(b) Response and Recovery Breakdown (3 marks)

English

Weakness 1 — Delayed incident response. The IR team delayed action while trying to confirm whether the alert was genuine. In healthcare environments this is particularly dangerous: every additional minute allowed attackers to exfiltrate more prescription records and spread ransomware further. Pre-approved containment criteria (e.g. "auto-suspend any admin account logging in from a new country") would have allowed immediate action while verification continued.

Weakness 2 — Lack of coordination and conflicting priorities. Staff disagreed about whether to prioritise recovery, communication or forensic investigation, slowing every workstream. The absence of a defined incident commander and a documented playbook meant evidence may have been destroyed by hasty recovery, stakeholders were not informed in time, and technical actions duplicated or contradicted each other. In a regulated healthcare setting these failures also create compliance exposure (e.g. mandatory breach-notification timelines).

中文

弱点 1 —— 事件响应延迟。 IR 团队为确认告警是否真实而推迟行动。在医疗环境中这尤其危险:每多耽搁一分钟,攻击者就能外传更多处方记录、扩散更多勒索软件。预先批准的遏制判据(如"任何管理员账户从新国家登录即自动暂停")本可在继续核实的同时立即行动。

弱点 2 —— 协调不力与优先级冲突。 员工对优先恢复、沟通还是取证意见不一,拖慢了每条工作线。缺乏明确的事件指挥官和成文的应急手册,可能导致证据被仓促的恢复动作破坏、利益相关者未被及时通知、技术行动彼此重复或冲突。在受监管的医疗场景中,这些失败还会带来合规风险(如强制性数据泄露通报时限)。

(c) Data and System Challenges (3 marks)

English

Containment was complicated by the difficulty of identifying every compromised system and account: because attackers gained administrative privileges, they could move laterally across the network, create new accounts or backdoors, and persist undetected on additional servers. Restoration was equally challenging because some backup files were already corrupted before detection, reducing the available clean recovery points and significantly extending Recovery Time Objective (RTO) and Recovery Point Objective (RPO). Compounding this, clinics demanded immediate access to patient records for ongoing patient care, creating intense pressure to restore systems before the environment was fully cleansed — a tension between safety, security and operational continuity that is characteristic of healthcare incidents.

中文

遏制工作受阻于 难以识别所有被攻陷的系统与账户:攻击者已获得管理员权限,可在网络中横向移动、创建新账户或后门,并隐蔽地在更多服务器上持久驻留。系统恢复同样具挑战性,因为 部分备份文件在被发现前已损坏,可用的干净恢复点减少,使恢复时间目标(RTO)与恢复点目标(RPO)大幅延长。雪上加霜的是,诊所要求立即恢复患者记录访问 以维持医疗服务,迫使组织在环境尚未彻底清理前就恢复系统——这种"安全 / 防护 / 业务连续性"之间的张力正是医疗事件的典型特征。

(d) Integrated Improvement Strategy (3 marks)

English

Improvement 1 — Automated threat detection and rapid containment. Deploy advanced monitoring (SIEM + UEBA) with automated playbooks (SOAR) that can immediately suspend accounts on high-confidence indicators — e.g. impossible-travel logins, abnormal data transfer volumes, or admin credentials used from a new device. Automated containment dramatically reduces attacker dwell time and removes human hesitation, directly addressing Weakness 1.

Improvement 2 — Secure, isolated, immutable backups with regular DR testing. Maintain offline, immutable, geographically separated backups (3-2-1-1 strategy) that ransomware cannot reach, and conduct quarterly DR exercises that actually restore systems from those backups against measured RTO/RPO targets. Combined with a regularly rehearsed incident-response playbook that clearly assigns Incident Commander, Forensic Lead and Comms Lead roles, this gives CloudHealth both clean recovery points and a coordinated way to execute recovery — protecting patient safety, business continuity and regulatory compliance.

中文

改进 1 —— 自动化威胁检测与快速遏制。 部署高级监控(SIEM + UEBA)并结合自动化应急手册(SOAR),在高置信度指标出现时立即暂停账户——例如不可能的旅行登录、异常的数据传输量,或管理员凭据被新设备使用。自动化遏制能大幅降低攻击者驻留时间、消除人为犹豫,直接解决弱点 1。

改进 2 —— 安全、隔离、不可变的备份并定期开展 DR 演练。 维护 离线、不可变、异地分离的备份(3-2-1-1 策略),让勒索软件无法触及;并按季度开展 真正从备份恢复系统 的 DR 演练,对照可度量的 RTO/RPO 目标。再配合定期演练、角色清晰(事件指挥官、取证负责人、沟通负责人)的事件响应手册,CloudHealth 将同时拥有干净的恢复点和协调有序的恢复方式——保护患者安全、业务连续性与合规要求。

Quick Revision Summary / 速查复习要点

Q Topic / 主题 Core frameworks & terms / 核心框架与术语
1 Professionalism / 职业精神 ACS Code of Conduct, accountability, confidentiality, onboarding & mentoring
2 IT & Organisational Value Beyond efficiency: data-driven decisions, integration; align via EA & joint planning; ROI / NPV / payback
3 IT Lifecycle / 生命周期 SDLC phases (Plan→Retire); risks of skipping; PIR & lifecycle reviews
4 Waterfall vs Agile Linear vs iterative; risk reduction by fast feedback; cultural change challenge
5 Communication Why it prevents rework; tailor to audience (execs vs end-users); Sprint Reviews / Teams
6 Stakeholders Power–Interest matrix; SBAR; Teams/Asana for shared visibility
7 Estimation Causes of inaccuracy; PERT / Delphi; rolling-wave planning
8 CIA — Banking App bcrypt/Argon2 + salt; XSS → input validation + CSP
9 IR & DR — ShopFast Fast containment, RACI; 3-2-1-1 backups; tabletop exercises
10 CIA — E-learning Strong hashing + MFA; parameterised queries vs SQLi
11 IR & DR — Healthcare SIEM + SOAR auto-containment; immutable backups; clear IR roles