Assignment task
Writer give a captivating Indicative Title
This is Report, not an Essay – you bring in diagram, photographs, appendixes, executive summary doesn’t count in the word count.
Must concentrate on information assets, in most organisations we have physical assets and information assets, we are going to specifically looking at information security. Concentrating on information security assets.
For this assignment you are required to produce a 2,000-word report of an information security assessment carried out using sound security risk management principles – Not a like physical security assessment this time we are looking at a report information security assessment which isn’t necessarily cyber but it could well include that, as we know the majority of information in an organisation hold would be screwed away somewhere in its IT system whether it is connected to internet or not and may be all together. You should use either a notional organisation or one that you work, or have worked for. The aim is for you to examine the organisation and to identify the information risks. From there you are required to produce a mitigation and management plan for information security.
The report will include:
• An introduction. Why have you selected this organisation and what methods will you use to carry out the assessment ?
• A characterisation of the organisation what it does where is active. Its risk-exposed areas in relation to information.
• A concise analysis of risks resulting from threats, their probability and impact, what are the threats and again where talking cyber or information security with threats we are looking at deliberate act by a line actor or adversaries, then probability is influenced by the degree of vulnerability and the impact would be what would happen if those information accessed were lost. To enable you to do this you need assess the current information security controls in place because that will influence the probability. What the vulnerabilities are, what can explore those vulnerabilities how likely for that terms or influence by current control in place. Don’t forget those controls from 2004 Orange Book, you looking at preventative , corrective, detective and directive controls. That might include the equipment is being in used, the personnel that is using it and technology that is being used, the operational procedures, policies, legality and legislation.
• The description of the Information Management and Security Plan.
• A summarising conclusion.
ISO 2700 family my be very useful when it come to looking at information security management plans
As a consultant, your clients will expect work to be of the highest standards including grammar, spelling, and conformity with their specifications. So, read this brief carefully and ensure that you understand what is asked of you. If unsure, please ask, but do not attempt to produce an assignment to fit what you want to write about – you must answer the specified requirements.
You should use the course materials, external resources and the various activities that you have conducted throughout the module to help to shape this assignment. All will be relevant to the report in some way.
Use your spelling and grammar checker; spacing, alignment, presentation and layout
– there is no reason to present work that is not checked. Ask a trusted colleague or critical friend to proofread before submission, if this is not possible then proofread yourself using a technique discussed in the
virtual tutorials.
Word limit is 2,000 words
In a report the use of tables, charts, photographs, maps and diagrams is expected. These are NOT included in the word count. Neither are an executive summary, contents list, the reference list nor any appendices included.
This assignment has been designed to provide you with an opportunity to demonstrate your achievement of the following module learning outcomes:
Learning outcomes
LO 1. Identify the reasons why information is a critical asset for all organisations (this could be bringing on very earlier in this report)
LO 2. Describe the various types of information which exist and can be exploited within the organisation
LO 3. Explain the various loss routes for information from an organisation
LO 4. Define cyber in relation to information and interpret the differences – information security and cyber security are not necessarily the same thing.
Task requirements
• The module title and code number must be clearly marked on the front cover.
• Student ID number and module title must be included as a footer on every page.
• Pages should be numbered.
• All work to be submitted using a sans-serif font, such as Arial, 12-point font size with 1.5 line
spacing. (As used in this brief) and with the text justified (equal left and right margins)
• It is expected that the third person, passive voice is used throughout the plan
Referencing and research requirements
Reference your work according to the Harvard style as defined in Cite Them Right Online (http://www.citethemrightonline.com). This information is also available in book form: Pears, R. and Shields, G. (2019) Cite them right: the essential reference guide. 11th edn. Basingstoke: Palgrave Macmillan.
Note: 10% of the marks available in this assignment are for correct Harvard referencing of a range of suitable material.
How your work will be assessed
Your work will be assessed on the extent to which it demonstrates your achievement of the stated learning outcomes for this assignment (see above) and against other key criteria, as defined in the University’s institutional grading descriptors. If it is appropriate to the format of your assignment and your subject area, a proportion of your marks will also depend upon your use of academic referencing conventions. This assignment will be marked according to the grading descriptors for Level 4.
Additionally, the following criteria will be applied. (The percentage of marks available):
• Identify and summarise in the introduction –the organisation, the information security issue and options for a solution. 20%
• Identify the vulnerabilities and select of appropriate information security countermeasures including any technological solutions. 20%
• Précis the risk assessment and recommendations for solutions. 20%
• Identify and apply the concepts of effective information security management and planning across the range of activities necessary. 20%
• Correctly use in and end-text referencing in the Harvard convention. The references will represent broad research from a diverse range of sources such as textbooks, journal articles, relevant websites, and company information. 10%
• Show correct use of English; grammar, spelling, and punctuation. In a well-structured, mflowing, and suitably presented report. 10% Submission details
SOURCES :
use the below sources plus other books from your library
Guidance, standards, and other sources
This space will contain links to various sources such as the UK’s National Cyber Security Centre and the US equivalent body. Along with the SANS Institute and academic sources these produce up to date threat analysis. Many will be technological but there will be general principles that a non-cyberspecialist security consultant can understand and apply to their practice. As you progress through the module you will discover how many ‘old school’ infosec principles have their cyber equivalents, indeed you will also see how many physical security protection elements have been transferred into cybersecurity.
There are also standards, British and international which will give a picture of information security risk management. The relevant BS and ISOs, for example the ISO 27000 family, can be found electronically in the Bucks’ Library.
UK NCSC – https://www.ncsc.gov.uk/
US NCSC – https://www.dni.gov/index.php/ncsc-how-we-work/ncsc-know-the-risk-raise-your-shield/ncsc-awareness-materials
Description
Instructions:
1. The writer should please go through the details attached properly. I dont what a repeat of what happened to my previous order where the marks was well below average.
2. The report should be in third person, passive voice throughout.
3. All sources attached should be used plus writer sources too.