Identify the reasons why information is a critical asset for all organisations.Describe the various types of information which exist and can be exploited within the organisation.
Writer give a captivating Indicative Title
This is Report not an Essay – you bring in diagram photographs appendixes executive summary doesn’t count in the word count.
Must concentrate on information assets in most organisations we have physical assets and information assets we are going to specifically looking at information security. Concentrating on information security assets.
For this assignment you are required to produce a 2000-word report of an information security assessment carried out using sound security risk management principles – Not a like physical security assessment this time we are looking at a report information security assessment which isn’t necessarily cyber but it could well include that as we know the majority of information in an organisation hold would be screwed away somewhere in its IT system whether it is connected to internet or not and may be all together. You should use either a notional organisation or one that you work or have worked for. The aim is for you to examine the organisation and to identify the information risks. From there you are required to produce a mitigation and management plan for information security.
The report will include:
- An introduction. Why have you selected this organisation and what methods will you use to carry out the assessment ?
- A characterisation of the organisation what it does where is active. Its risk-exposed areas in relation to information.
- A concise analysis of risks resulting from threats their probability and impact what are the threats and again where talking cyber or information security with threats we are looking at deliberate act by a line actor or adversaries then probability is influenced by the degree of vulnerability and the impact would be what would happen if those information accessed were lost. To enable you to do this you need assess the current information security controls in place because that will influence the probability. What the vulnerabilities are what can explore those vulnerabilities how likely for that terms or influence by current control in place. Don’t forget those controls from 2004 Orange Book you looking at preventative corrective detective and directive controls. That might include the equipment is being in used the personnel that is using it and technology that is being used the operational procedures policies legality and legislation.
- The description of the Information Management and Security Plan.
- A summarising conclusion.
ISO 2700 family my be very useful when it come to looking at information security management plans
As a consultant your clients will expect work to be of the highest standards including grammar spelling and conformity with their specifications. So read this brief carefully and ensure that you understand what is asked of you. If unsure please ask but do not attempt to produce an assignment to fit what you want to write about – you must answer the specified requirements.
You should use the course materials external resources and the various activities that you have conducted throughout the module to help to shape this assignment. All will be relevant to the report in some way.
Use your spelling and grammar checker; spacing alignment presentation and layout – there is no reason to present work that is not checked. Ask a trusted colleague or critical friend to proofread before submission if this is not possible then proofread yourself using a technique discussed in the
Word limit is 2000 words
In a report the use of tables charts photographs maps and diagrams is expected. These are NOT included in the word count. Neither are an executive summary contents list the reference list nor any appendices included.
This assignment has been designed to provide you with an opportunity to demonstrate your achievement of the following module learning outcomes:
LO 1. Identify the reasons why information is a critical asset for all organisations (this could be bringing on very earlier in this report)
LO 2. Describe the various types of information which exist and can be exploited within the organisation
LO 3. Explain the various loss routes for information from an organisation
LO 4. Define cyber in relation to information and interpret the differences – information security and cyber security are not necessarily the same thing.
• The module title and code number must be clearly marked on the front cover.
- Student ID number and module title must be included as a footer on every page.
- Pages should be numbered.
- All work to be submitted using a sans-serif font such as Arial 12-point font size with 1.5 line
spacing. (As used in this brief) and with the text justified (equal left and right margins)
- It is expected that the third person passive voice is used throughout the plan
Referencing and research requirements
Please reference your work according to the Harvard style as defined in Cite Them Right Online (http://www.citethemrightonline.com). This information is also available in book form: Pears R. and Shields G. (2019) Cite them right: the essential reference guide. 11th edn. Basingstoke: Palgrave Macmillan.
Note: 10% of the marks available in this assignment are for correct Harvard referencing of a range of suitable material.
How your work will be assessed
Your work will be assessed on the extent to which it demonstrates your achievement of the stated learning outcomes for this assignment (see above) and against other key criteria as defined in the University’s institutional grading descriptors. If it is appropriate to the format of your assignment and your subject area a proportion of your marks will also depend upon your use of academic referencing conventions. This assignment will be marked according to the grading descriptors for Level 4.
Additionally the following criteria will be applied. (The percentage of marks available):
- Identify and summarise in the introduction –the organisation the information security issue
and options for a solution. 20%
• Identify the vulnerabilities and select of appropriate information security countermeasures
including any technological solutions. 20%
• Précis the risk assessment and recommendations for solutions. 20%
- Identify and apply the concepts of effective information security management and planning
across the range of activities necessary. 20%
- Correctly use in and end-text referencing in the Harvard convention. The references will
represent broad research from a diverse range of sources such as textbooks journal articles
relevant websites and company information. 10%
- Show correct use of English; grammar spelling and punctuation. In a well-structured
flowing and suitably presented report. 10%
SOURCES : Use the below sources plus other books from uk textbooks and authors
Guidance standards and other sources
This space will contain links to various sources such as the UK’s National Cyber Security Centre and the US equivalent body. Along with the SANS Institute and academic sources these produce up to date threat analysis. Many will be technological but there will be general principles that a non-cyberspecialist security consultant can understand and apply to their practice.
As you progress through the module you will discover how many ‘old school’ infosec principles have their cyber equivalents indeed you will also see how many physical security protection elements have been transferred into cybersecurity.
There are also standards British and international which will give a picture of information security risk management. The relevant BS and ISOs for example the ISO 27000 family can be found electronically in the Bucks’ Library.
UK NCSC – https://www.ncsc.gov.uk/
US NCSC – https://www.dni.gov/index.php/ncsc-how-we-work/ncsc-know-the-risk-raise-your-shield/ncsc-awareness-materials
SANS – https://www.sans.org/reading-room
European Cyber Security Organisation – https://www.ecs-org.eu/
These are good start points as you explore cyber security.
Highly recommended for up to date information and commentary is Schneier on Security’s Crypto-Gram newsletter. To subscribe visit https://www.schneier.com/crypto-gram/
Bruce Schneier is a special advisor to IBM Security and a fellow and lecturer at Harvard University’s Kennedy School.
Cyber Book of Knowledge (CyBOK) which will be available from https://www.cybok.org/knowledgebase/