Security evaluation Assignment

Security evaluation

Introduction

This is an individual assignment and requires students to conduct a security evaluation of their personal information management situation and report on the results of this evaluation.  The main body of the report is expected to be around 2500 words, but quality is more important than length.  The intention of this review is to give you exposure to some of the issues that organisations might face when conducting similar information security reviews, but clearly with much less formality (both in terms of how the review is conducted and the expectations around the control environment).

As it is not feasible to give you access to a ‘normal’ organisational setting, we will use your personal situation as a simulation for the organisation.  Despite this being similar to an organisational security review, it is important that you treat the situation ‘as is’ – that is you should focus on the risks that are relevant to your situation, not some real or pretend organisation. These risks may not be quite the same to those that organisations experience, but risks do vary significantly between differing organisations, so this will not undermine the integrity of this exercise.

The security evaluation review for this year will focus on some key issues, including access controls, operations security (backup and recovery, protection from malware, updates) and cybersecurity (concerning resilience and protection from cyber-attacks, malware and hacking).

There may be some overlap between these issues.

There will be opportunities for students to informally discuss issues with this assignment and their review during the classes in the weeks leading up to the submission deadline.  Make sure that you are familiar with what is required of this assignment and take advantage of this opportunity.

Requirements

This assignment is intended to cover the full range of your personal situation with respect to information and its management – this will include any technology, insomuch as it relates to information processing and storage.  This includes:

home computers, laptops and home networks; mobile devices that you may have including smart phones, tablets, smart watches, and fitness devices; other storage media that you use to store relevant information; personal information you store online (in the cloud – data storage and email).

For this exercise, you should exclude:

 other home-related devices such as smart TVs, Google/Apple/Amazon smart home devices, and electronic locks;  information about you that is stored by others (for example, the information the University keeps on students is outside of the scope of this review);

 any work-related activity or home businesses (information security issues with these work related contexts would normally be covered by the workplace and their security evaluation processes).

The first step in the review is to identify all of the relevant information assets, any associated technology resources, and what these resources are used for.  It is important for your report to include a description of these assets and their uses so that the reader has a context within which to situate the investigation and its findings.  The nature of these assets and their use will influence the risk environment, so your overview is important for the reader to the make a judgement about the reliability of the review and its findings.

In conducting such a review is common practice to have a normative model against which the situation is assessed.  You should use ISO 27002:2013 as the primary source for constructing a customised normative model for this review, but this should be supplemented by other sources as appropriate (and these other sources should be identified and properly referenced).  Note that it is important that the review extends beyond the simple technical aspects of the situation, so the customised model should account for non-technical aspects as well.  [Details on accessing ISO 27002 can be found in the week 4 tutorial work.]

As noted above, the review for this year should focus on the issues of access controls, operations security (backup and recovery, protection from malware, updates) and cybersecurity (concerning resilience and protection from cyber-attacks, malware and hacking).  These issues should become primary headings in your normative model (it is your responsibility to manage the overlap between these issues), and each of them should contain a number of controls that would then form the basis of the normative model and subsequent evaluation.

The adaption of ISO 27002 (and other sources) for the normative model needed for the evaluation should be guided by risk management principles – that means selecting a set of controls that are likely to be more important in a personal environment and leaving out controls that are not all that relevant.  As a guide for this assignment, it is expected that you would have around 15 to 20 controls in your customised normative model.  These customised controls should have a link back to the sources (such as ISO 27002 – using the control number from the standard), so the reader knows where this element was derived from.  In some cases, the customised control in your normative model may be a direct copy of the control from the standard, and in other cases it may be an adaption from a range of sources (such as those covered in the week 4 lecture and tutorial work).

To illustrate this process of adaption, Section 5 of ISO 27002 covers issues associated with security policy.  For a personal situation, it would be quite unusual to have formalised written security policies in place in relation to the issues of concern to this assignment – so the lack of such written policies would not be a reasonable finding to make in most circumstances.  However, it is quite likely you might have some informal policies in place, such as who you might allow various facilities to be used by, what security software you use, and how and when you backup your data.  This suggests that it could be helpful to have a general control in your adapted evaluation model relating to security policy, but it would be reasonable for this to be kept at a high level (and the used during the evaluation to consider whether your informal policies are adequate for the situation at hand).

After constructing the customised normative model, you should use this to conduct a review of your own personal information security situation and report on the findings and recommendations.  This is usually done by looking at the real situation and comparing this to the issues in the customised normative model.  Where there is alignment between your situation and various controls in the normative model, this suggests the security measures are appropriate and these issues become commendations.  Where there is misalignment, the differences require further investigation and can then become the basis for recommendations for change or improvement.

In conducting the review, you may find it helpful to undertake some tests to verify some of the findings.  As an example, you could physically check backup stores and verify that they keep the most recent copies of the data, as per the backup arrangements that you think might be in place, and that this backup data really is retrievable and easily able to be restored.  You could also use various software tools to verify security elements of the technical environment.

In making the findings and recommendations, you should be guided by the risk environment you are operating in.  For example, you would not make recommendations about implementing a rigorous backup routine if you had little sensitive information to lose – you should suggest a contingency approach that matches this risk profile.  It is important to recognise that an overly stringent security environment is likely to be just as problematic as one with insufficient security measures, as in the longer term, many of these stringent security measures will be ignored or neglected if they are seen as been unnecessary for the risk profile they are meant to be controlling.

And finally, you should reflect on how well this whole process has worked after completing the review.  These reflections would not normally be part of an organisational security evaluation report, but can be seen as bringing some academic rigour to this exercise and may also be part of a high quality professional practice where professionals will reflect on activities they have undertaken.  The use of references will improve the quality of your reflections.

Examples of the questions you may consider in your reflections include:  Has this review produced the intended results?  Is it likely to uncover the main information security issues and make reasonable recommendations for change?  Is a review of this nature worth the effort?  Are there easier ways that could be used to provide reasonable assurance about information security risks?  Has your adaption of the security model provided an adequate coverage of the issues for a personal situation such as the one you are in?  How easy would it be for others (particularly people without a strong IT or security background) to use these materials to assure themselves that they are not exposing themselves to unwarranted information security risks?

Required sections for your report

In summary, your report should include the following (these six dot points could be used as the basis for major headings/sections in your report):

 an overview of your personal situation and the key risks areas that may be present (information, technology, and what these artefacts are used for; what are the key risks that might be evident in these uses of information and technology);

 a brief discussion of the customised normative model that you have used for you review. This section is mainly concerned with how you have constructed this normative model and why you have included the various controls in the model, noting the various sources you have used. This section is more about providing a rationale for why various controls have been included, rather than just providing a simple list of the controls;

 a summary of the tasks undertaken to conduct the review. What steps did you follow in conducting the review?  What evidence did you consider in helping you form your views? What tests did you perform in order to verify the answers to key review questions?  Did you use any automated tools for any of this testing?

 the findings of your review and recommendations for improvement. You should provide a summary of the good and bad issues that arose from the review.  What issues from the situation came up looking good in the review, and where was there room for improvement? What things would you realistically change in order to improve the information security environment?  It is important that this section only presents a summary of the key issues from the review – the details of the evaluation of individual controls should be put in the appendix (the appendix table, with the fourth column detailing the evaluation of each individual control). You should not make recommendations that haven’t appeared anywhere in the appendix table.

 a reflection on the methodology or review approach, following your experience of applying it to your personal computing situation. This is an important part of the assignment and should not be neglected.  There are details above on what should be covered in this section and a

reasonable length for this section is around 500+ words;

 an appendix with the details of your review. The detailed issues considered (customised normative model) and the assessment against these issues should be included in an appendix in a table format (described below).  This material is not part of the main word count for the assignment.  While this appendix is not part of the word count, this will be part of the assessment for the assignment and the marker will need access to this material to ascertain the extent of the nature and quality of the review that you have undertaken.  Without this table, there is little evidence that you have actually conducted an appropriate security evaluation and your assignment will be marked accordingly.

Assessment

The assignment is worth 30% of the marks for Information Security.  The deadline for submissions of this assignment is Sunday night at the end of week 11 (24 April 2022).

The main body of the report is expected to be around 2500 words – please include a word count, but words from any quotations, your bibliography, and the appendix table, should not be included in this word count.  Note that it is not necessary to include an executive summary as this report is sufficiently brief, but a brief introduction setting out what the report covers would be helpful.

In marking the report, attention will be given to your understanding of information security concepts and how well you have met the requirements detailed above.  Style and technique of your writing will also be considered.

The section providing a reflection on the methodology and review approach is an important part of this assignment and will attract around one quarter of the marks allocated.

For the appendix only:  It is quite likely that the material in this appendix will use headings and other material taken directly from the ISO 27002 standard.  So long as you make it clear which parts have been taken from the standard and which parts are your own responses, it is not necessary to put the material from the standard in quotation marks.  For example, a sentence in your appendix (as a lead in, or a footnote) could state that ‘the controls in the left hand column have been derived directly from the ISO 27002 standard unless otherwise noted’, this then avoids the need for quotation marks and in text references for each of these controls.

Submission:  All assignments should be submitted in electronic format (via the Canvas online assignment submission process).  A coversheet is not required (submission to the Canvas drop box is a formal acknowledgement that this is your own work unless otherwise noted), but you should include your student id, assessment item name and the word count.

There is no draft submission box, but you can make multiple submissions to this assignment box and view Ouriginal reports.  Please do NOT submit your assignment to the draft Ouriginal checking processes on another unit’s Canvas site.  This will lead to a very high plagiarism score when you subsequently submit the assignment to this Canvas site and a penalty will be applied to the marking of your assignment in these cases.

A suggested process for this assignment is:

 identify your information assets, associated technology and uses; think briefly about any risks that these uses might entail;  construct your customised normative model, and use this to populate the left-hand column of your appendix table;

 conduct the security evaluation, using the appendix table as a means of documenting the

elements of this review – this should result in a fully populated appendix table;

 write the main body of the assignment, including the description of the information assets, the normative model and its construction, the description of the process you undertook, and key findings and recommendations – these findings and recommendations should connect directly with elements in your appendix table;  write the reflections section of the report.

Sample row for appendix

Note that this is a sample row only – the content of the cells in your review table is likely to be different!  Note that the text in the first column has been taken directly from the ISO 27002 standard, with the control number being a sufficient attribution in this case (there should be a statement on this elsewhere in the appendix as noted above).

It is expected that you will have about 15 to 20 rows of this nature in the appendix of your report.

ControlCurrent situation; evaluations undertakenTestsRecommendations
12.3.1: Backup copies of information, software and system images should be taken and tested regularly in accordance with agreed back-up policy.There is an informal policy in place for backing up important user data. Laissez-faire approach adopted to implementing back-up policy, but most data is synchronised with cloud storage and backed up reasonably regularly. Current work of significance is backed up frequently after major edits using email and USB drives. Minimal testing of back-up arrangements except when outages/losses are experienced.Back-up data stores viewed, with timing and frequency of backups considered. Backup data verified that it could be easily restored.Formally integrate back-up schedule into electronic calendar to ensure more regular compliance with policy. Test back-up repositories from time to time to ensure stored data can be recovered.
 No testing of system image backups due to the logistical difficulties involved.  

In some cases, rows like this could be split into multiple rows if you think this is warranted – in this case, you may have two rows – one that considers the taking of backups and a second one concerned with the testing of these backups.

The example above is about backup – the first column is a statement of the control (12.3.1 in this case); the second column is a description of what backup arrangements actually exist in your current situation, making sure you address issues mentioned in the control.  You don’t need to discuss the risks here.

The third column is about any tests that you do as part of this evaluation.  Not all controls (rows in your table) will need tests.  It is also important to distinguish between the testing that you do as a regular part of your normal operational activities, and the tests that you do for this evaluation.  For example, if you normally test your backups on a regular basis (perhaps to see that they will actually work, which is something that organisations should be doing fairly regularly), then this is something that should be noted in the second column.  But if you have specifically tested a backup as part of this evaluation process, then this is something that would be noted in the third column, along with a description of the test results.

The fourth column is used to note findings and recommendations with respect to that control.  If everything is good, you should note that.  I expect this will be the case for some (perhaps many) of the controls.  Where there are differences between what you are doing yourself and what the control indicates you should be doing, then these are findings, and also the basis for recommendations – that is, things you can change to bring your practices more in line with the control.  Some judgement may be needed around these recommendations.

All of this does have a risk element to it.  For example, things like the essential eight recommend daily backups.  From a personal perspective, this might be much more than is needed, except when you are working on something quite critical (like this assignment) where more frequent backups would be very helpful due to the amount of work that might be lost if something went wrong.  This could mean that from a risk perspective, personal backup arrangements that were not daily could still be acceptable, so long as they were ramped up when more critical work was being done.

You don’t need a lot of discussion about this risk context in the appendix table, although the recommendations you make in the table should take some account of it.  Where there are significant discrepancies between the recommendations you actually make (based on this risk context and what would be reasonable) and what the control indicates should be happening, then these could have a brief discussion in the findings section of the report.

References

ISO (2013) ISO/IEC 27002:2013 Information technology – Security techniques – Code of practice for information security controls, International Standards Organisation, Switzerland.

Order Now

Get expert help for Security evaluation and many more. 24X7 help, plag free solution. Order online now!

Universal Assignment (September 27, 2022) Security evaluation Assignment. Retrieved from https://universalassignment.com/security-evaluation-assignment/.
"Security evaluation Assignment." Universal Assignment - September 27, 2022, https://universalassignment.com/security-evaluation-assignment/
Universal Assignment July 23, 2022 Security evaluation Assignment., viewed September 27, 2022,<https://universalassignment.com/security-evaluation-assignment/>
Universal Assignment - Security evaluation Assignment. [Internet]. [Accessed September 27, 2022]. Available from: https://universalassignment.com/security-evaluation-assignment/
"Security evaluation Assignment." Universal Assignment - Accessed September 27, 2022. https://universalassignment.com/security-evaluation-assignment/
"Security evaluation Assignment." Universal Assignment [Online]. Available: https://universalassignment.com/security-evaluation-assignment/. [Accessed: September 27, 2022]

Please note along with our service, we will provide you with the following deliverables:

Please do not hesitate to put forward any queries regarding the service provision.

We look forward to having you on board with us.

Get 45%* OFF on Assignment Help

Popular Assignments

VU22977 – Practice in a Legal Environment

Advanced Diploma of Legal Practice – 22565VIC PORTFOLIO- CLIENT MATTER FILE Assessment task 1 Prepare a comprehensive portfolio of documents to create a Client Matter File which must include: Element 1 Area of law Cover sheet stating client name and short description of legal matter Client Instruction Sheet, Costs Agreement

Read More »

KIT714 ICT Research Principles: Assignment 1

Practical Qualitative Research Exercise                                                                                                                                         Type:                 In-Semester, Individual Assignment Task Length:   minimum 2,000 words Weighting:     20% of total assessment for this unit Due Date:       Friday 5 August 2022 – 11:55 pm (Week05) Submission:    electronic submission on MyLO (WORD or PDF) Description:    This practical exercise will engage students in a qualitative research

Read More »

MODULE 44-704463 Dissertation Help

ASSESSMENT CRITERIA Dissertation (12,500 words) Deadline: JULY 29th 2022, 3pm Introduction and abstract  Situates the research question within the, theory, and concepts Explains the value of the study.  Relevance of the research question, to the field of study is fully justified. Leads logically into the Literature Review. Abstract of professional

Read More »

ITECH1103-Assignment: Assignment 2: Analytics Report

Overview The purpose of this task is to provide students with practical experience in writing a data analytical report to provide useful insights, patterns, and trends in a chosen dataset in the light of a set of tasks required within this document. This dataset will be chosen from the UC

Read More »

PBHL20001 Term 1, 2022 – Supplementary Assessment

PBHL20001 Term 1, 2022 Supplementary Assessment The influenza pandemic that followed World War I and took place over the period from 1918-1920 resulted in an estimated 100 million deaths worldwide and 500 million infections. In addition, this pandemic had a significant impact on public health practice throughout the 20th century

Read More »

Community Health Project 1 (HLTH 3058): Assessment 2: Portfolio Task 2

Community Health Project 1 (HLTH 3058) Assessment 2: Portfolio Task 2 – Evaluative Framework Marking Guide Weighting: 15% the total grade for the course   Criteria Outstanding performance (75-100%) Exceeds core requirements (65-74%) Meets core requirements (50-64%) Does not meet requirements (<50%) Comments Content (70%) Demonstrates adequate knowledge of integrating

Read More »

Community Health Project 1 (HLTH 3058): Assessment 2: Portfolio Task 1

Community Health Project 1 (HLTH 3058)Assessment 2: Portfolio Task 1 – Ethical Considerations Marking GuideWeighting of 15% the total grade for the course Criteria Outstanding performance (75-100%) Exceeds core requirements (65-74%)   Meets core requirements (50-64%) Does not meet requirements (<50%) Comments CONTENT (80%) Ethical Considerations   Demonstrates adequate knowledge

Read More »

SAM 11486/SAM G 6677: Assignment 1 – Individual

Assignment 1 – Individual (25%) Report Due: 11:59pm Sunday Week 5 04/09/2022 This assignment will be marked out of 25 marks and is worth 25% of the overall mark for the unit. Please check the unit outline for late penalties and restrictions on late submissions. This assignment is an individual

Read More »

11486 Systems Analysis and Modelling

Assignment Case Study C – Feed Me Now Disclaimer: The situation described in the following case study is fictional, and bears no resemblance to any persons, businesses, or organisations, living or dead. Any such resemblance, if exists, is merely co-incidental in nature, and is not intentional. Feed Me Now is

Read More »

MAA703 – Accounting for Management

Trimester 2 2022 Assessment Task 2 Part B – Teamwork Reflection (Individual) DUE DATE AND TIME:                        Wednesday, 7 September 2022 by 8:00pm (AEST) PERCENTAGE OF FINAL GRADE:    10% WORD COUNT:                                   750 – 800 words Description Teamwork is one of the vital components of many workplaces and the ability to demonstrate

Read More »

Research project assessment proforma and marking schemes

BSc Biomedical Sciences with Health, Exercise and Nutrition (HEN6004) and BSc Biomedical Science (APS6022) Instructions for use All forms must be completed electronically and uploaded to the student submission point in  turnitin. Please note the literature review assessment will be completed in January whereas the assessment of the paper/poster and

Read More »

XERO and Spotlight reporting software Report Assignment

Case facts – Read me carefully please City Infrastructure Holdings Ltd (CIH) and Network Maintenance Services Ltd (NMS) City Infrastructure Holdings Ltd (CIH) acquired 100% of the 300,000 issued shares in Network Maintenance Services (NMS) on 1 July 2021.  The consideration provided to shareholders of NMS consisted of $1.20 in cash plus 1

Read More »

KIT103 Computational Science

School of Information and Communication Technology College of Sciences and Engineering Unit Outline KIT103 Computational Science Semester 2, 2022 Sandy Bay Campus, Hobart Newnham Campus, Launceston COVID-19 (Coronavirus Information) For information on how you can help keep us all safe, please review the Coronavirus updates page here: https://www.utas.edu.au/about/safety-security-and-wellbeing/coronavirus Sections that

Read More »

SEN725 Urban Stormwater Asset Design

Assessment Task -4 Final Report – Analysis of CoGG Stormwater Network Weight 50% This is an individual assessment task. Plagiarism and collusion is unacceptable practice at Deakin University. You must appropriately reference your work. Failure to do so will result in disciplinary action. For more information on plagiarism and collusion,

Read More »

PSY3PRP 2022 Assignment 2: Research Project Report

PSY3PRP 2022 Assignment 2: Research Project Report Guidelines and Marking Rubric Individual Research Report due Wednesday 19th October 11.59pm (50% of total grade) For this assignment—with support through structured tutorial work across much of the semester— you will produce an individually-written report on the broad topic of feeding difficulties in

Read More »

Increasing Demand for assignment help in Namibia

With the growing population, the demand for clean energy, advanced technology, new structures, and better healthcare is escalating day by day which makes engineering the most popular degree for the youth. As more people pursue engineering nowadays, it also makes it one of the most difficult and competitive degrees also.

Read More »

Online Assignment Help in Germany

How Could You Do Exam Preparation Effectively? Exam time is full of challenges and difficulties. You have to juggle exams even in high school, college, or higher education. It defines your knowledge of a specific subject and how well you know the curriculum. The exam also tests how much you

Read More »

Get Excellent Human Values Assignment Help Immediately

Get Excellent Human Values Assignment Help Immediately: Expert Solutions to all your Queries Instant Human Values Assignment Help Online Students can get Human Values assignment help online in a fast and simple way from the experts at Universal Assignment Help Service. Their team of over 172+ subject experts works every

Read More »

Get Top Modern History Assignment Help Online

Order Modern History Assignment Help immediately Students often need modern history assignment help for many reasons. Getting immediate online help for assignments helps students boost their academics in incredible ways. Sometimes, the pressure of studies is too much to take for students. This causes them to score poor grades and

Read More »

Get Instant Assignment Help in the United Arab Emirates

How Can Assignments Help Students? Whatever the definition of homework is, one thing is certain: it helps students thoroughly learn the concepts they have studied in class. The number of such assignments may cause stress or a burden. It means students and tutors are both correct in their type of

Read More »

Assignment Help in Mexico

How to Gain Awesome Grades in Your Chemistry Subject? Whether you are pursuing a technical degree or studying in the science stream, chemistry is always at the forefront. If you love to observe reactions, molecules, acids, condensation, evaporation, and dilution, chemistry will prove a resource for getting outstanding academic marks.

Read More »

Assignment Help in Kenya

How Could You Find the Best Biology Homework Website? Getting online homework help from an expert is neither embarrassing nor unauthentic. The vast majority of students around the world believe that doing online assignments and tutoring is beneficial. The Standard Graduate School of Education revealed that 56% of students suffer

Read More »

Assignment Help in Bangladesh

The Best 6 Hacks to Shortlist the Top Civil Engineering Assignment Tutor? Finding a homework expert for civil engineering assignments is a hectic task. As civil engineering has several fields, getting expertise is difficult for tutors. You may struggle to receive civil engineering assignment help in Bangladesh due to this

Read More »

Assignment Help in Pakistan

What Will Unethical Occur from Getting Homework? Homework looks like a mode of learning in most cases. But what happens to its quantity? Its quantity should be more than enough for students. Such circumstances may be detrimental to the health of the pupils. Sometimes, college faculties or teachers forget to

Read More »

Assignment Help in Malaysia

The Best 4 Skills You Should Learn For Making Your Career in 2022 As technological innovations leap forward daily, new skills are entering our market. Sticking to one skill set enables you to lose lucrative job opportunities. That is why it gives importance to having diverse skills, which should be

Read More »

MKT200 Marketing Principles: Infographic

Assessment 2 Information Subject Code: MKT200 Subject Name: Marketing Principles Assessment Title: Infographic Assessment Type: Individual infographic Length: Two pages Weighting: 30% Total Marks: 100 Submission: Online Due Date: Week 9 Your task Individually, you are required to create a two-page infographic outlining the communications process of two competitor brands.

Read More »

MMP-223, Property and Real Estate Law and Practice

MMP-223, Property and Real Estate Law and Practice, Trimester 2, 2022 Assignment 2, Client Report, Individual Assignment 25% of Unit Assessment (1,250 words*) Due Date: September 16, 2022, 8-pm AEST Assignment Brief: Clyde, being a real estate agent, loves property. With his share of the sale of the Sorrento property

Read More »

NUR1398 – Foundations of Nursing Practice Theory

Assessment: Care Plan Report Task overview Course NUR1398 – Foundations of Nursing Practice Theory Brief task description Written care plan addressing nursing care requirements for older patients with degenerative conditions. Rationale for assessment task Registered Nurses are required to think through the different aspects of patient care to arrive at

Read More »

MBA641 Project Strategy Framework

Assessment 1 Information Subject Code: MBA641 Subject Name: Strategic Project Management Assessment Title: Project Strategy Framework Assessment Type: Length: Individual video recording and supporting Infographic Video: 10-minute (no more) Supporting infographic: 1 page (no more) Weighting: 30% Total Marks: Submission: 100 Online Due Date: Week 4 Your task You are

Read More »

SEJ201 Structural Design Assessment

SEJ201 Structural Design Assessment Task 5 FINAL PROJECT REPORT Summary The Final Project Report is an individual task which builds on teamwork completed earlier in the trimester. This report shall clearly explain and justify the design solution proposed. In this report students you should identify project scope, inputs and constraints,

Read More »

42907 Design for Durability

Introduction Overall, explain what readers will find in the report, general information about the structure, location, climatic conditions, detail which specific parts of the structure will be designed according to which Australian standard. Which type of foundation, why? You can use figures in this section. Provide the scope of the

Read More »

Can't Find Your Assignment?

Open chat
1
Free Assistance
Universal Assignment
Hello 👋
How can we help you?