BIT361 Security Management and Governance
Perform a risk analysis on a small part of a business system and provide a list of possible controls. Provide the results in a report which discusses costings, implementation issues and user impacts. (1000 words)Major Assessment Part B
Due Dates:
Allassignmentsaredueatthestartofyourlecture onthespecifiedweek!
Draft – Week 9 – 29/12/2020, Final – Week 11 – 5/1/2021
The Case study scenario: (continued from Part A)
Your report on the need for a Security Management Program has been accepted, but they management have requested more information on the need for a risk management program. Specifically, they have asked for an explanation of benefits of a risk management plan, the steps for creating a risk management plan, a description of risk assessment process.
To meet the client’s request, you need to do the following:
Document contents:
- Explanation of benefits and purpose of a risk assessment.
- Description of risk assessment process.
- Outline the steps for creating a risk management plan.
- Identify and describe the major components of a contingency plan.
- A set of asset and risk priorities Complete the tables below showing
- Identification of Assets.
(One asset from each of the different categories: people, process, hardware and software).
- Identification of threats/vulnerabilities.
(One threat from each of the different categories: Internal, external, deliberate, and accidental).
- Priorities determined.
- Preliminary impact of risks
- Suggested controls for each threat.
To assist with their understanding of risk assessment and management you have decided to consider 4 assets and 4 threats to be used to complete the tables below. To effectively demonstrate your skill, the tables would need to include examples of assets from different categories: people, process, hardware and software. Threats should also include examples from different categories: Internal, external, deliberate, and accidental.
| Table 1: Asset priority table | ||||
| Revenue impact | Profitability Impact | Public image | Priority Score (Asset impact) | |
| Criterion Weight -> Assets ˅ | ||||
| Table 2: TVA Table | ||||
| Assets Threats | ||||
| Table 3: Risk. | |||||
| Asset | Threat | Vulnerability | Likely hood | Impact | Priority |
The Assignment (Part B)
The format for submission for this document is less formal than for the original report: Cover page
Introduction (What is the purpose and why the report was needed/requested. Headings for each part of the client’s request.
Submission Instructions Submissions is in 2 parts
Week 9 Report Part B Draft
Major headings, some minor headings named to match the case study. Overall structure described.
The structure of the body with bullet points must be outlined and comments relevant to each section included. Some references should be listed. The information for the requirements of this assignment are specified above.
Week 11 (Start of class): Final Risk Assessment/Management Document
A document that covers all the information requested by the Case Study client. The Risk Assessment will include a prioritized list of Assets, Threats and Vulnerabilities to meet the request of the client. The Risk Assessment must also include suggested controls for the risks you have identified for the Case Study.
Your submission must be compatible with the software in Melbourne Polytechnic’s computer Laboratories/Classrooms. A .docx file is required. Other formats will not be accepted.
The file must be named using the following format: S9999999_Surname_PartB_ClassGroup.docx
Where S9999999 is replaced with your student ID, and the class group with 2A, 2B, 2Y, 2Z (ask your tutor which code applies to you).
TheassignmentmustbesubmittedusingtheMoodlelinkprovided.
In some cases your tutor may allow a resubmission of a failed assignment. Resubmitted assignments will be capped at a maximum mark of 50%.
See Subject outline for formal Assessment overview and feedback
Plagiarism
All used sources must be properly acknowledged with references and citations. Quotations and paraphrasing are allowed but the sources must be acknowledged. Failure to do so is regarded as plagiarism and the penalty for plagiarism is failure for the assignment. The act of giving your assignment to another student is classified as a plagiarism offence. Copying large chucks and supplying a reference will result in zero marks as you have not contributed to the report.
Penalties:Academic misconduct such as cheating and plagiarism incur penalties ranging from a zero result to program exclusion.
Late submission of assignments
Penalties may apply for late submission without an approved extension.
For assignments 1 to 7 days late, a penalty of up to 3% (of earned marks) will apply.
For assignments more than 7 – 10 days late, a penalty up to of 75% (of earned marks) will apply. Assignments more than 10 days late will not be accepted.
No assignment will be accepted after the end of the teaching period (week 13 of classes) unless accompanied by completed special consideration request approved by the department.
Extensions:Extensions are granted only for reasonable cause such as illness. A Special Consideration form, accompanied by supporting documentation, must be received before 3 working days from the due date. If granted, anextensionwillbeonlygrantedonlybythetimeperiodstatedonthedocumentation;thatis,iftheillnessmedicalcertificatewasforoneday,anextensionwillbegrantedforonedayonly. Accordinglythestudentmustsubmitwithinthattimelimit.
Marking Criteria
| Student: | ID: | ||
| Week 9 Draft (Included in assessment of Part B) | Submission on time (1) | Risk Assessment task requirements outlined with brief explanation of expected contents and relevance to CASE Study(4) | |
| Late drafts can not be accepted. | Total for draft and plan (Max 5) |
| Student: ID: | ||||||
| Part B Risk Assessment/management (Weight 30%) | N A | Attempt | Poor | Good | Very Good | Excel |
| Document Content Benefits and purpose of a risk management plan. (5) Description of risk assessment process (10) Outline the steps for creating a risk management plan (10) Identify and describe the major components of a contingency plan. (20) Perform a simple risk assessment: Identification of Assets (5) Asset priority determined using Table 1. (5) Identification of threats/vulnerabilities using TVA table. (10) Priorities set (Table 3). (10) Suggested controls (5) Document presentation Draft submitted on time (5) Grammar, file name, and references (5) | ||||||
| Turnitin Score: | Gross Result: | |||||
| Late submission deduction: | Net Result (Max 90): |
BIT361 Security Management and Governance Assignment
