Moodle bl rdi co uk

Information Security Strategy Development

Information Security Strategy

Development

Assignment: Part 1

Date for Submission: Please refer to the timetable on ilearn

(The submission portal on ilearn will close at 14.00 UK time on the date

of submission)

Page 2 of 6 [377]

Assignment Brief

As part of the formal assessment for the programme you are required to submit an

Information Security Strategy Development assignment. Please refer to your Student

Handbook for full details of the programme assessment scheme and general information on

preparing and submitting assignments.

Learning Outcomes:

After completing the module, you should be able to:

1) Evaluate the basic external and internal threats to electronic assets and

countermeasures to thwart such threats by utilising relevant standards and best

practice guidelines.

2) Analyse the legalities of computer forensics phases and the impact of the legal

requirements on the overall information security policy.

3) Critically assess the boundaries between the different service models (SaaS, PaaS,

IaaS) and operational translations (i.e. cloud computing) and to identify the associated

risks.

4) Critically investigate a company information security strategy to provide consultation

and coaching through reporting and communication.

5) Assess, compare and judge computer media for evidentiary purposes and/or root

cause analysis.

6) Apply relevant standards, best practices and legal requirements for information security

to develop information security policies.

7) Lifelong Learning: Manage employability, utilising the skills of personal development

and planning in different contexts to contribute to society and the workplace.

Your assignment should include: a title page containing your student number, the module

name, the submission deadline and a word count; the appendices if relevant; and a

reference list in Arden University (AU) Harvard format. You should address all the elements

of the assignment task listed below. Please note that tutors will use the assessment criteria

set out below in assessing your work.

Maximum word count: 2,500 words

Please note that exceeding the word count will result in a reduction in grade proportionate to

the number of words used in excess of the permitted limit.

You must not include your name in your submission because Arden University operates

anonymous marking, which means that markers should not be aware of the identity of the

student. However, please do not forget to include your STU number.

Page 3 of 6 [377]

Assignment Task: Part 1

This assignment is worth 50% of the total marks for the module.

Using your current or previous workplace1 as the case study, please answer the

following:

1) Critically analyse the different types of software acquisition models and try to relate that

to those systems you are using at your workplace. [LO3]

(10 marks)

2) Do you have a handbook that describes the policies, processes, and procedures in

place? Evaluate the security strategy in that handbook for network activity monitoring,

for instance? What are the issues missing in the handbook? You need to discuss the

legal issues raised by this handbook as many companies consider a handbook as part

of the contract. [LO4]

(20 marks)

3) What is the information security strategic plan in place and how it is implemented?

[LO4, LO6]

(10 marks)

4) Analyse the external and internal threats to information systems in your workplace and

show how your security strategy should protect against those threats. Report your risk

assessment methodology in a flowchart-like figure. You can have a look at Stoneburner

(2002) work to understand how you should relate all the activities together. Please do

not copy the work from (Stoneburner, 2002) as you need to compile your own risk

assessment methodology as part of your security strategy plan. You also need to

discuss how you are going to manage the identified risks. [LO1, LO5]

(20 marks)

5) Critically analyse the access control strategy? If you are to rewrite that part of your

security plan, what would you change? Why? What sort of a strategy you will use here?

proactive or reactive? Justify your answer. [LO4, LO6]

(20 marks)

6) What do you recommend for a proper incident management strategy? How would you

implement it? Hint: Stakeholders and role responsibilities. [LO4, LO6, LO7]

(10 marks)

7) Compile a brief security strategy that suits the business requirements as well as the

security requirements of this workplace. [LO4, LO6, LO7]

(10 marks)

1 If you don't have one, please relate your answers to any other contexts such as your previous university, school, etc.

Page 4 of 6 [377]

References:

Stoneburner, G., Goguen, A.Y. and Feringa, A., 2002. Sp 800-30. risk management guide for

information technology systems.

Formative Feedback

You have the opportunity to submit your answer draft to receive formative feedback.

The feedback is designed to help you develop areas of your work and it helps you develop

your skills as an independent learner.

If you are a distance learning student, you should submit your work, by email, to your tutor,

no later than 2 weeks before the actual submission deadline. If you are a blended learning

student, your tutor will give you a deadline for formative feedback and further details.

Formative feedback will not be given to work submitted after the above date or the date

specified by your tutor - if a blended learning student.

Guidelines:

You MUST underpin your analysis and evaluation of the key issues with appropriate and wide ranging academic research and ensure this is referenced using the AU Harvard system. The My Study Skills Area contains the following useful resources:

Guide to Harvard Referencing

http://moodle.bl.rdi.co.uk/guides/HarvardRef/AU_Harvard_Quick_Ref_Guide.pdf

Guide to Harvard Citation

http://moodle.bl.rdi.co.uk/guides/HarvardRef/AU_Guide_to_Harvard_Citation.pdf

You must use the AU Harvard Referencing method in your assignment.

http://moodle.bl.rdi.co.uk/guides/HarvardRef/AU_Harvard_Quick_Ref_Guide.pdf
http://moodle.bl.rdi.co.uk/guides/HarvardRef/AU_Harvard_Quick_Ref_Guide.pdf
http://moodle.bl.rdi.co.uk/guides/HarvardRef/AU_Guide_to_Harvard_Citation.pdf
http://moodle.bl.rdi.co.uk/guides/HarvardRef/AU_Guide_to_Harvard_Citation.pdf
Page 5 of 6 [377]

Additional notes:

Students are required to indicate the exact word count on the title page of the assessment. The word count excludes the title page, tables, figures, diagrams, footnotes, reference

list and appendices. Where assessment questions have been reprinted from the

assessment brief these will also be excluded from the word count. ALL other printed words

ARE included in the word count See ‘Word Count Policy’ on the homepage of this module

for more information

Assignments submitted late will not be accepted and will be marked as a 0% fail.

Your assessment should be submitted as a single Word (MS Word) or PDF file. For more information please see the “Guide to Submitting an Assignment” document available on the module page on iLearn.

You must ensure that the submitted assignment is all your own work and that all sources used are correctly attributed. Penalties apply to assignments which show evidence of academic unfair practice. (See the Student Handbook which is on the homepage of your module and also in the Induction Area).

Page 6 of 6

Assessment Criteria (Learning objectives covered - all) Level 7 is characterised by an expectation of students’ expertise in their specialism. Students are semi-autonomous, demonstrating independence in the negotiation of assessment tasks (including the major project) and the ability to evaluate, challenge, modify and develop theory and practice. Students are expected to demonstrate an ability to isolate and focus on the significant features of problems and to offer synthetic and coherent solutions, with some students producing original or innovative work in their specialism that is potentially worthy of publication by Arden University. A clear appreciation of ethical considerations (as appropriate) is also a prerequisite.

Grade Mark Bands

Generic Assessment Criteria

Distinction 70%+

Excellent analysis of key issues and concepts/. Excellent development of conceptual structures and argument, making consistent use of scholarly conventions. Excellent research skills, independence of thought, an extremely high level of intellectual rigour and consistency, exceptional expressive / professional skills, and substantial creativity and originality. Excellent academic/intellectual skills. Work pushes the boundaries of the discipline and demonstrates an awareness of relevant ethical considerations. Work may be considered for publication by Arden university

Merit 60-69% Very good level of competence demonstrated. High level of theory application. Very good analysis of key issues and concepts. Development of conceptual structures and argument making consistent use of scholarly conventions. Some evidence of original thought and a general awareness of relevant ethical considerations

Pass 50-59%

A satisfactory to good performance. Basic knowledge of key issues and concepts. Generally descriptive, with restricted analysis of existing scholarly material and little argument development. Use of scholarly conventions inconsistent. The work lacks original thought. Some awareness of relevant ethical considerations. Satisfactory professional skills (where appropriate).

Marginal Fail

40-49%

Limited research skills impede use of learning resources and problem solving. Significant problems with structure/accuracy in expression. Very weak academic / intellectual / professional skills. Limited use of scholarly conventions. Errors in expression and the work may lack structure overall.

Fail 39% and below

A poor performance in which there are substantial gaps in knowledge and understanding, underpinning theory and ethical considerations. Little evidence of research skills, use of learning resources and problem solving. Major problems with structure/ accuracy in expression. Professional skills not present. Very weak academic / intellectual / professional skills. No evidence of use of scholarly conventions