• Detailed Specification
This coursework is to be completed individually. Coursework is submitted on the understanding that it is your own work and that it has not, in whole or in part, been presented elsewhere for assessment. Where material has been used from other sources it must be properly acknowledged in accordance with the University’s Regulations regarding cheating and plagiarism.
A report covering the scenario presented next. Please note that this is an open ended scenario which allows for various assumptions that can alter the scope and focal point and as such these assumptions must be clearly stated. The length of the report it should not be more than 6,000 words (font size 12 points, Calibri).
• Assessment Criteria
The assessment criteria is based upon the marks highlighted in the sections below.
In this coursework, you will propose a scenario relating to a business unit of an organisation, you will perform risk identification and risk analysis and ultimately present a risk treatment plan a for a new Information Security Management System (ISMS). You will then illustrate the changing nature of IT security Risk Management by proposing the analysis and treatments strategies that the business unit would need to implement when adding new technology or functionality to the organisation.
For your scenario, you will have to define the organisation and state your assumptions for the way they conduct business. This is not expected to be an exhaustive list but it must give a good idea of how they currently operate. Following that you have to define a business unit that will be protected by the ISMS. This business unit must be of a ‘reasonable size’ and be a recognisable entity within a the organisation (for example, a call-centre or technical support help-desk within a university).
Defining this scenario gives you the opportunity to present a business unit that you are either familiar with, or that you are interested in researching. You are advised however to not refer to specific names or disclose confidential information, and as such your report should be anonymised, and can relate for example to The University of ABC or ABC Forensics Ltd.
You will define briefly the organisation and the business unit’s operations, constraints, the roles of the personnel, the IT and physical infrastructure, and clearly identify the stakeholders.
Define the key assets that the ISMS must protect within your proposed business unit and provide some valuation of the assets.
Present research relating to threats (select the top five based on your assumptions) and exposures that have happened to similar companies/organisations, companies that contain elements that have similarity to your business unit, or are generally relevant to your scenario. This research will help you justify the risk assessment matrices.
Based upon your research, and also with reference to what has been studied in this module, draw up appropriate risk assessment matrices that will allow you to assess the risk relating to the business unit’s assets.
• Identify the threats and the risk assessment levels they represent and present appropriate risk treatment strategies
Your business unit decides to embrace a new technology. This can be cloud storage or remote working or Bring Your Own Device (BYOD) into its operations. Show how this introduction will impact the existing risk analysis and risk treatment strategy you have proposed above.
• Identify the Threats to this new technology and the risk assessment levels they represent
• Identify appropriate risk treatment strategies for this new technology, and identify changes that may need to be incorporated into the original risk treatment plan.
Please be advised that the reporting part for this coursework carry a higher weight than usual. You are required to present a professional report with the following number of headings (at a minimum):
• Executive Summary
• Organisation and Business Unit Operations
• Key Assets
• Threats and Exposures Research
• Risk Assessment and Risk Treatment Strategy
• Introducing New Technology to the Operations
Present your coursework as a report (that is proofread) of no-more than 6,000 words (not including
Appendix). This should be typed and you may use graphics and tables. References should be in the Harvard referencing system and recent. Marks are awarded for clear, coherent writing that can present the defined scenario and the risk management steps without unnecessary waffle.
Please note that the marks allocated for each task are based on the overall contribution of that task towards the solution of this coursework. As such the reporting effort for a task with lower marks might be more laborious than for a task with a higher mark contribution. This also depends on the reporting style of each students and the usage of tables diagrams