CMP7241 Information Security Governance PG CWK Assessment Brief 2024-25 | BCU
| Category | Assignment | Subject | Computer Science |
|---|---|---|---|
| University | Birmingham City University (BCU) | Module Title | CMP7241 Information Security Governance |
Learning Outcomes:
Completion of this assessment will address the following learning outcomes:
- identify security threats and evaluate associated risks to information assets using appropriate quantitative and qualitative methods.
- Critically evaluate the conformance of security management processes of an organisation against ISO 27001, identify gaps and recommend mitigations.
- Construct contingency and business continuity plans that are consistent with the organization’s view of associated business risks.
Submission Information
Present any written aspects of the assessment using font size 11 and using 1.5 spacing to allow for comments and annotations to be added by the markers.
Complete the appropriate cover sheet for this assessment and append your work.
This assessment will be marked anonymously and should show your student number only. Submit this coursework assessment task via Moodle.
Late Submission
Assessments must be submitted in the format specified in the assessment task, by the deadline and to the submission point published on Moodle. Failure to submit by the published deadline will result in penalties which are set out in Section 6 of the Academic Regulations, available at: https://icity.bcu.ac.uk/Quality-Enhancement-and-Inclusion/Quality-Assurance-and- Enhancement/Academic-Regulations
Word Count
The maximum word count for this module assessment is shown on Page 1. A +10% margin of tolerance is applied, beyond which nothing further will be marked. Marks cannot be awarded for any learning outcomes addressed outside the word count.
The word count refers to everything in the main body of the text (including headings, tables, citations, quotes, lists etc.). Everything before (i.e. abstract, acknowledgements, contents, executive summaries etc.) and after (i.e. references, bibliographies, appendices etc) is not included in the word count limit.
Academic Integrity Guidance
Academic integrity is the attitude of approaching your academic work honestly, by completing and submitting your own original work, attributing and acknowledging your sources when necessary.
Understanding good academic practice in written and oral work is a key element of academic integrity. It is a positive aspect of joining an academic community, showing familiarity with and acknowledging sources of evidence. The skills you require at higher education may differ from those learned elsewhere such as school or college.
You will be required to follow specific academic conventions which include acknowledging the work of others through appropriate referencing and citation as explicitly as possible. If you include ideas or quotations that have not been appropriately acknowledged, this may be seen as plagiarism which is a form of academic misconduct. If you require support around referencing, please contact the Centre for Academic Success
It is important to recognise that seeking out learning around academic integrity will help reduce the risk of misconduct in your work. Skills such as paraphrasing, referencing and citation are integral to acting with integrity and you can develop and advance these key academic skills through the Centre for Academic Success (CAS).
To learn more about academic integrity and its importance at university, you can access CAS resources on Moodle. Furthermore, you can book on to workshops and request 1-2-1 support around key academic skills.
Task: To perform a security audit on a factitious company.
Style: Report
Rationale: Assess the student’s ability to perform a security audit using industry best practices.
Description: This assignment aims to perform a security audit on a fictitious company. The scenario is as follows:
CyberSafe is a large IT services company that provides cloud solutions and IT consultancy to clients in North America, Europe, the Middle East, and Africa. The company handle extensive client data, which makes cybersecurity a high priority for them, given the current threat landscape. Their IT infrastructure consists of Data Centres, Network Infrastructure, Servers, End User Devices, Software and Applications. This audit aims to assess Cybersafe’s current security posture, identify vulnerabilities, and recommend ways to enhance the organisation’s cyber defence capabilities. You will perform risk assessments, determine conformance against the ISO 27001 standard, and propose recommendations. You will also evaluate the company’s cyber readiness and help them construct contingency and business continuity plans.
Key point to cover includes:
- Identifying the assets (25) and performing a risk assessment using risk assessment and analysis tools such as risk register, probability & impact matrix, and FAIR methodology.
- Evaluating the conformance of the security management processes of CyberSafe against ISO 27001, identify gaps, and recommend mitigations. Statement of Applicability (SOA) must be produced to justify control selection
- Constructing contingency and business continuity plans. Business Impact Analysis (BIA) should be performed to determine critical functions to help you design and construct contingency and business continuity plans
Transferable skills:
- Communication skills
- Critical analysis
- Team working
- Time management
Knowledge of industry standards and their implementation