Evaluate the basic external and internal threats to electronic assets and countermeasures to thwart such threats by utilising relevant standards and best practice guidelines.
Assignment Brief
As Section of the formal assessment for the programme you are required to submit an Information Security Strategy Development assignment. Please refer to your Student Handbook for full details of the programme assessment scheme and general information on preparing and submitting assignments.
Learning Outcome 1)Evaluate the basic external and internal threats to electronic assets and countermeasures to thwart such threats by utilising relevant standards and best practice guidelines.
Learning Outcome 2)Analyse the legalities of computer forensics phases and the impact of the legal requirements on the overall information security policy.
Learning Outcome 3)Critically assess the boundaries between the different service models (SaaS, PaaS, IaaS) and operational translations (i.e. cloud computing) and to identify the associated risks.
Learning Outcome 4)Critically investigate a company information security strategy to provide consultation and coaching through reporting and communication.
Learning Outcome 5)Assess, compare and judge computer media for evidentiary purposes and/or root cause analysis.
Learning Outcome 6)Apply relevant standards, best practices and legal requirements for information security to develop information security policies.
Learning Outcome 7)Lifelong Learning: Manage employability, utilising the skills of personal development and planning in different contexts to contribute to society and the workplace.
Section 1
This assignment is worth 50% of the total marks for the module.
Using your current or previous workplace1 as the case study, please answer the following:
Question 1) Critically analyse the different types of software acquisition models and try to relate that to those systems you are using at your workplace.
Question 2) Do you have a handbook that describes the policies, processes, and procedures in place? Evaluate the security strategy in that handbook for network activity monitoring, for instance? What are the issues missing in the handbook? You need to discuss the legal issues raised by this handbook as many companies consider a handbook as Section of the contract.
Question 3) What is the information security strategic plan in place and how it is implemented?
Question 4) Analyse the external and internal threats to information systems in your workplace and show how your security strategy should protect against those threats. Report your risk assessment methodology in a flowchart-like figure. You can have a look at Stoneburner (2002) work to understand how you should relate all the activities together. Please do not copy the work from (Stoneburner, 2002) as you need to compile your own risk assessment methodology as Section of your security strategy plan. You also need to discuss how you are going to manage the identified risks.