Security evaluation Assignment

Security evaluation

Introduction

This is an individual assignment and requires students to conduct a security evaluation of their personal information management situation and report on the results of this evaluation.  The main body of the report is expected to be around 2500 words, but quality is more important than length.  The intention of this review is to give you exposure to some of the issues that organisations might face when conducting similar information security reviews, but clearly with much less formality (both in terms of how the review is conducted and the expectations around the control environment).

As it is not feasible to give you access to a ‘normal’ organisational setting, we will use your personal situation as a simulation for the organisation.  Despite this being similar to an organisational security review, it is important that you treat the situation ‘as is’ – that is you should focus on the risks that are relevant to your situation, not some real or pretend organisation. These risks may not be quite the same to those that organisations experience, but risks do vary significantly between differing organisations, so this will not undermine the integrity of this exercise.

The security evaluation review for this year will focus on some key issues, including access controls, operations security (backup and recovery, protection from malware, updates) and cybersecurity (concerning resilience and protection from cyber-attacks, malware and hacking).

There may be some overlap between these issues.

There will be opportunities for students to informally discuss issues with this assignment and their review during the classes in the weeks leading up to the submission deadline.  Make sure that you are familiar with what is required of this assignment and take advantage of this opportunity.

Requirements

This assignment is intended to cover the full range of your personal situation with respect to information and its management – this will include any technology, insomuch as it relates to information processing and storage.  This includes:

home computers, laptops and home networks; mobile devices that you may have including smart phones, tablets, smart watches, and fitness devices; other storage media that you use to store relevant information; personal information you store online (in the cloud – data storage and email).

For this exercise, you should exclude:

 other home-related devices such as smart TVs, Google/Apple/Amazon smart home devices, and electronic locks;  information about you that is stored by others (for example, the information the University keeps on students is outside of the scope of this review);

 any work-related activity or home businesses (information security issues with these work related contexts would normally be covered by the workplace and their security evaluation processes).

The first step in the review is to identify all of the relevant information assets, any associated technology resources, and what these resources are used for.  It is important for your report to include a description of these assets and their uses so that the reader has a context within which to situate the investigation and its findings.  The nature of these assets and their use will influence the risk environment, so your overview is important for the reader to the make a judgement about the reliability of the review and its findings.

In conducting such a review is common practice to have a normative model against which the situation is assessed.  You should use ISO 27002:2013 as the primary source for constructing a customised normative model for this review, but this should be supplemented by other sources as appropriate (and these other sources should be identified and properly referenced).  Note that it is important that the review extends beyond the simple technical aspects of the situation, so the customised model should account for non-technical aspects as well.  [Details on accessing ISO 27002 can be found in the week 4 tutorial work.]

As noted above, the review for this year should focus on the issues of access controls, operations security (backup and recovery, protection from malware, updates) and cybersecurity (concerning resilience and protection from cyber-attacks, malware and hacking).  These issues should become primary headings in your normative model (it is your responsibility to manage the overlap between these issues), and each of them should contain a number of controls that would then form the basis of the normative model and subsequent evaluation.

The adaption of ISO 27002 (and other sources) for the normative model needed for the evaluation should be guided by risk management principles – that means selecting a set of controls that are likely to be more important in a personal environment and leaving out controls that are not all that relevant.  As a guide for this assignment, it is expected that you would have around 15 to 20 controls in your customised normative model.  These customised controls should have a link back to the sources (such as ISO 27002 – using the control number from the standard), so the reader knows where this element was derived from.  In some cases, the customised control in your normative model may be a direct copy of the control from the standard, and in other cases it may be an adaption from a range of sources (such as those covered in the week 4 lecture and tutorial work).

To illustrate this process of adaption, Section 5 of ISO 27002 covers issues associated with security policy.  For a personal situation, it would be quite unusual to have formalised written security policies in place in relation to the issues of concern to this assignment – so the lack of such written policies would not be a reasonable finding to make in most circumstances.  However, it is quite likely you might have some informal policies in place, such as who you might allow various facilities to be used by, what security software you use, and how and when you backup your data.  This suggests that it could be helpful to have a general control in your adapted evaluation model relating to security policy, but it would be reasonable for this to be kept at a high level (and the used during the evaluation to consider whether your informal policies are adequate for the situation at hand).

After constructing the customised normative model, you should use this to conduct a review of your own personal information security situation and report on the findings and recommendations.  This is usually done by looking at the real situation and comparing this to the issues in the customised normative model.  Where there is alignment between your situation and various controls in the normative model, this suggests the security measures are appropriate and these issues become commendations.  Where there is misalignment, the differences require further investigation and can then become the basis for recommendations for change or improvement.

In conducting the review, you may find it helpful to undertake some tests to verify some of the findings.  As an example, you could physically check backup stores and verify that they keep the most recent copies of the data, as per the backup arrangements that you think might be in place, and that this backup data really is retrievable and easily able to be restored.  You could also use various software tools to verify security elements of the technical environment.

In making the findings and recommendations, you should be guided by the risk environment you are operating in.  For example, you would not make recommendations about implementing a rigorous backup routine if you had little sensitive information to lose – you should suggest a contingency approach that matches this risk profile.  It is important to recognise that an overly stringent security environment is likely to be just as problematic as one with insufficient security measures, as in the longer term, many of these stringent security measures will be ignored or neglected if they are seen as been unnecessary for the risk profile they are meant to be controlling.

And finally, you should reflect on how well this whole process has worked after completing the review.  These reflections would not normally be part of an organisational security evaluation report, but can be seen as bringing some academic rigour to this exercise and may also be part of a high quality professional practice where professionals will reflect on activities they have undertaken.  The use of references will improve the quality of your reflections.

Examples of the questions you may consider in your reflections include:  Has this review produced the intended results?  Is it likely to uncover the main information security issues and make reasonable recommendations for change?  Is a review of this nature worth the effort?  Are there easier ways that could be used to provide reasonable assurance about information security risks?  Has your adaption of the security model provided an adequate coverage of the issues for a personal situation such as the one you are in?  How easy would it be for others (particularly people without a strong IT or security background) to use these materials to assure themselves that they are not exposing themselves to unwarranted information security risks?

Required sections for your report

In summary, your report should include the following (these six dot points could be used as the basis for major headings/sections in your report):

 an overview of your personal situation and the key risks areas that may be present (information, technology, and what these artefacts are used for; what are the key risks that might be evident in these uses of information and technology);

 a brief discussion of the customised normative model that you have used for you review. This section is mainly concerned with how you have constructed this normative model and why you have included the various controls in the model, noting the various sources you have used. This section is more about providing a rationale for why various controls have been included, rather than just providing a simple list of the controls;

 a summary of the tasks undertaken to conduct the review. What steps did you follow in conducting the review?  What evidence did you consider in helping you form your views? What tests did you perform in order to verify the answers to key review questions?  Did you use any automated tools for any of this testing?

 the findings of your review and recommendations for improvement. You should provide a summary of the good and bad issues that arose from the review.  What issues from the situation came up looking good in the review, and where was there room for improvement? What things would you realistically change in order to improve the information security environment?  It is important that this section only presents a summary of the key issues from the review – the details of the evaluation of individual controls should be put in the appendix (the appendix table, with the fourth column detailing the evaluation of each individual control). You should not make recommendations that haven’t appeared anywhere in the appendix table.

 a reflection on the methodology or review approach, following your experience of applying it to your personal computing situation. This is an important part of the assignment and should not be neglected.  There are details above on what should be covered in this section and a

reasonable length for this section is around 500+ words;

 an appendix with the details of your review. The detailed issues considered (customised normative model) and the assessment against these issues should be included in an appendix in a table format (described below).  This material is not part of the main word count for the assignment.  While this appendix is not part of the word count, this will be part of the assessment for the assignment and the marker will need access to this material to ascertain the extent of the nature and quality of the review that you have undertaken.  Without this table, there is little evidence that you have actually conducted an appropriate security evaluation and your assignment will be marked accordingly.

Assessment

The assignment is worth 30% of the marks for Information Security.  The deadline for submissions of this assignment is Sunday night at the end of week 11 (24 April 2022).

The main body of the report is expected to be around 2500 words – please include a word count, but words from any quotations, your bibliography, and the appendix table, should not be included in this word count.  Note that it is not necessary to include an executive summary as this report is sufficiently brief, but a brief introduction setting out what the report covers would be helpful.

In marking the report, attention will be given to your understanding of information security concepts and how well you have met the requirements detailed above.  Style and technique of your writing will also be considered.

The section providing a reflection on the methodology and review approach is an important part of this assignment and will attract around one quarter of the marks allocated.

For the appendix only:  It is quite likely that the material in this appendix will use headings and other material taken directly from the ISO 27002 standard.  So long as you make it clear which parts have been taken from the standard and which parts are your own responses, it is not necessary to put the material from the standard in quotation marks.  For example, a sentence in your appendix (as a lead in, or a footnote) could state that ‘the controls in the left hand column have been derived directly from the ISO 27002 standard unless otherwise noted’, this then avoids the need for quotation marks and in text references for each of these controls.

Submission:  All assignments should be submitted in electronic format (via the Canvas online assignment submission process).  A coversheet is not required (submission to the Canvas drop box is a formal acknowledgement that this is your own work unless otherwise noted), but you should include your student id, assessment item name and the word count.

There is no draft submission box, but you can make multiple submissions to this assignment box and view Ouriginal reports.  Please do NOT submit your assignment to the draft Ouriginal checking processes on another unit’s Canvas site.  This will lead to a very high plagiarism score when you subsequently submit the assignment to this Canvas site and a penalty will be applied to the marking of your assignment in these cases.

A suggested process for this assignment is:

 identify your information assets, associated technology and uses; think briefly about any risks that these uses might entail;  construct your customised normative model, and use this to populate the left-hand column of your appendix table;

 conduct the security evaluation, using the appendix table as a means of documenting the

elements of this review – this should result in a fully populated appendix table;

 write the main body of the assignment, including the description of the information assets, the normative model and its construction, the description of the process you undertook, and key findings and recommendations – these findings and recommendations should connect directly with elements in your appendix table;  write the reflections section of the report.

Sample row for appendix

Note that this is a sample row only – the content of the cells in your review table is likely to be different!  Note that the text in the first column has been taken directly from the ISO 27002 standard, with the control number being a sufficient attribution in this case (there should be a statement on this elsewhere in the appendix as noted above).

It is expected that you will have about 15 to 20 rows of this nature in the appendix of your report.

ControlCurrent situation; evaluations undertakenTestsRecommendations
12.3.1: Backup copies of information, software and system images should be taken and tested regularly in accordance with agreed back-up policy.There is an informal policy in place for backing up important user data. Laissez-faire approach adopted to implementing back-up policy, but most data is synchronised with cloud storage and backed up reasonably regularly. Current work of significance is backed up frequently after major edits using email and USB drives. Minimal testing of back-up arrangements except when outages/losses are experienced.Back-up data stores viewed, with timing and frequency of backups considered. Backup data verified that it could be easily restored.Formally integrate back-up schedule into electronic calendar to ensure more regular compliance with policy. Test back-up repositories from time to time to ensure stored data can be recovered.
 No testing of system image backups due to the logistical difficulties involved.  

In some cases, rows like this could be split into multiple rows if you think this is warranted – in this case, you may have two rows – one that considers the taking of backups and a second one concerned with the testing of these backups.

The example above is about backup – the first column is a statement of the control (12.3.1 in this case); the second column is a description of what backup arrangements actually exist in your current situation, making sure you address issues mentioned in the control.  You don’t need to discuss the risks here.

The third column is about any tests that you do as part of this evaluation.  Not all controls (rows in your table) will need tests.  It is also important to distinguish between the testing that you do as a regular part of your normal operational activities, and the tests that you do for this evaluation.  For example, if you normally test your backups on a regular basis (perhaps to see that they will actually work, which is something that organisations should be doing fairly regularly), then this is something that should be noted in the second column.  But if you have specifically tested a backup as part of this evaluation process, then this is something that would be noted in the third column, along with a description of the test results.

The fourth column is used to note findings and recommendations with respect to that control.  If everything is good, you should note that.  I expect this will be the case for some (perhaps many) of the controls.  Where there are differences between what you are doing yourself and what the control indicates you should be doing, then these are findings, and also the basis for recommendations – that is, things you can change to bring your practices more in line with the control.  Some judgement may be needed around these recommendations.

All of this does have a risk element to it.  For example, things like the essential eight recommend daily backups.  From a personal perspective, this might be much more than is needed, except when you are working on something quite critical (like this assignment) where more frequent backups would be very helpful due to the amount of work that might be lost if something went wrong.  This could mean that from a risk perspective, personal backup arrangements that were not daily could still be acceptable, so long as they were ramped up when more critical work was being done.

You don’t need a lot of discussion about this risk context in the appendix table, although the recommendations you make in the table should take some account of it.  Where there are significant discrepancies between the recommendations you actually make (based on this risk context and what would be reasonable) and what the control indicates should be happening, then these could have a brief discussion in the findings section of the report.

References

ISO (2013) ISO/IEC 27002:2013 Information technology – Security techniques – Code of practice for information security controls, International Standards Organisation, Switzerland.

Order Now

Get expert help for Security evaluation and many more. 24X7 help, plag free solution. Order online now!

Universal Assignment (June 6, 2023) Security evaluation Assignment. Retrieved from https://universalassignment.com/security-evaluation-assignment/.
"Security evaluation Assignment." Universal Assignment - June 6, 2023, https://universalassignment.com/security-evaluation-assignment/
Universal Assignment July 23, 2022 Security evaluation Assignment., viewed June 6, 2023,<https://universalassignment.com/security-evaluation-assignment/>
Universal Assignment - Security evaluation Assignment. [Internet]. [Accessed June 6, 2023]. Available from: https://universalassignment.com/security-evaluation-assignment/
"Security evaluation Assignment." Universal Assignment - Accessed June 6, 2023. https://universalassignment.com/security-evaluation-assignment/
"Security evaluation Assignment." Universal Assignment [Online]. Available: https://universalassignment.com/security-evaluation-assignment/. [Accessed: June 6, 2023]

Please note along with our service, we will provide you with the following deliverables:

Please do not hesitate to put forward any queries regarding the service provision.

We look forward to having you on board with us.

Get 90%* Discount on Assignment Help

Most Frequent Questions & Answers

Universal Assignment Services is the best place to get help in your all kind of assignment help. We have 172+ experts available, who can help you to get HD+ grades. We also provide Free Plag report, Free Revisions,Best Price in the industry guaranteed.

We provide all kinds of assignmednt help, Report writing, Essay Writing, Dissertations, Thesis writing, Research Proposal, Research Report, Home work help, Question Answers help, Case studies, mathematical and Statistical tasks, Website development, Android application, Resume/CV writing, SOP(Statement of Purpose) Writing, Blog/Article, Poster making and so on.

We are available round the clock, 24X7, 365 days. You can appach us to our Whatsapp number +1 (613)778 8542 or email to info@universalassignment.com . We provide Free revision policy, if you need and revisions to be done on the task, we will do the same for you as soon as possible.

We provide services mainly to all major institutes and Universities in Australia, Canada, China, Malaysia, India, South Africa, New Zealand, Singapore, the United Arab Emirates, the United Kingdom, and the United States.

We provide lucrative discounts from 28% to 70% as per the wordcount, Technicality, Deadline and the number of your previous assignments done with us.

After your assignment request our team will check and update you the best suitable service for you alongwith the charges for the task. After confirmation and payment team will start the work and provide the task as per the deadline.

Yes, we will provide Plagirism free task and a free turnitin report along with the task without any extra cost.

No, if the main requirement is same, you don’t have to pay any additional amount. But it there is a additional requirement, then you have to pay the balance amount in order to get the revised solution.

The Fees are as minimum as $10 per page(1 page=250 words) and in case of a big task, we provide huge discounts.

We accept all the major Credit and Debit Cards for the payment. We do accept Paypal also.

Popular Assignments

BAFI 3257 – Corporate Financial Management

School of Economics, Finance and Marketing Master of Finance BAFI 3257 – Corporate Financial Management ASSESSMENT TASK 3 – INDIVIDUAL ASSIGNMENT Semester 1 – 2021 Marks Due Date Submission Instructions Objective In this assignment, you are required to apply techniques and concepts acquired in this course to analyse and provide

Read More »

MMP742 – Investment Valuation

MMP742 – Investment Valuation Trimester 1, 2021 Assessment Task 2 DUE DATE AND TIME:                        Week 10, 17/05/2021, 8PM (AEST) PERCENTAGE OF FINAL GRADE:        25% WORD COUNT:                                   2,500 words Learning Outcome Details Unit Learning Outcome (ULO) Graduate Learning Outcome (GLO) ULO 1: Collect, evaluate and interpret market data relevant to property

Read More »

Initial Instructions: Research Report

General Information For this assignment, the class will participate in a simple research project which you will write up as a research report with the following sections: Abstract, Introduction, Method, Results, Discussion and References. In order to successfully complete this assignment, you will need to I encourage you to work

Read More »

LST3LPC Policy Proposal

Due: Tuesday October 26 (11:59pm) Size: 1500 words Worth: 40% Submission: Turnitin Description Students are required to produce a policy proposal, including the discussion of a social issue, policy options and recommendations. To support students to complete this task comprehensively and in accordance with expectations for policy proposals produced outside

Read More »

HLT54115 Diploma of Nursing

Assessment 2: Literature Review- Evidence-Based Practice HLT54115 Diploma of Nursing CHCPOL003 Research and apply evidence to practice Instructions for Student Instructions Select one of the topics below and undertake a literature review using evidence-based Practice (EBP).   Topics The impacts of effective hand hygiene practices in nursing.Improvements in nursing interventions

Read More »

Assessment 2 – Narrated Presentation

Assessment 2 – Narrated Presentation Assessment Type Narrated Presentation of an Educational Resource Description: Teaching and Learning Outline.  In this assessment item you are required to: 1. Topic is: Blood Glucose level management and subcutaneous insulin application for patients with type 2 diabetes. 2. Conceptualise an educational resource that will

Read More »

FOOD PANDA Case Study

FOOD PANDA Question 2 – Delivery performance measure Delivery Performance is the level at which an organization’s provision of products and services meets the criteria anticipated by its consumers. To achieve maximum client happiness, service providers must focus on quality. The top 2 approaches performance measure to evaluate their food

Read More »

BUSN3003 Exam – Session 2, 2021

BUSN3003 Exam – Session 2, 2021 Instructions: Please save this document onto your computer. Type your answers into the document, saving the document as you go – you don’t want to lose any answers! Once complete, upload the final document via the Turnitin Exam Submission Link on the Blackboard site

Read More »

Hospitality Services Management

Hospitality Services Management Group members: each doing 7 marks worth Chloe Kate Tori Gideon Assessment 2 Group Task – (using a Wiki) A Group Task, using a Wiki, to create a new service organisation Related Topics: 3, 4, 5 & 6. You have been assigned to a group drawn from

Read More »

Development and Construction – Assignment 3

Development and Construction – Assignment 3 Marking Guide This is a guide to help you with the structuring of your report and highlighting what specific information should be included in your report. You should use information from your previous assignments, including designs and the feasibility study, as the basis for

Read More »

Case Analysis Sarita

Sarita due Sunday 12 September 2021 2500 words ± 10% You will be marked against the criteria in the marking rubric for Case analysis. Theme  5 Stress response in health and illness and theme 6 Immunology concepts Weighting: 50% referenced using APA style. • ll written assessments are to be

Read More »

Assignment 1: Argumentative Essay

Assignment 1: Argumentative Essay Topic Healthcare professionals have an ethical responsibility to always advocate for the introduction of new treatments and technologies into healthcare. Instructions In relation to your selected topic: • Consider the application of the bioethical principles. • Consider the application of ethical theories and other ethical concepts.

Read More »

Healthcare Ethics Argumentative essay

ASSESSMENT INFORMATION   Assessment Title   Argumentative essay     Purpose The purpose of this assessment is for students to demonstrate the capacity to develop an ethical argument/s based around the four bio-ethical principles: autonomy, justice, beneficence, and non-maleficence. Students will use their chosen topic to develop a sound ethical

Read More »

Marking Guide for Assessment 1 Part B: Reflection

Marking Guide for Assessment 1 Part B: Reflection Reflection (Total of 30 marks) – Due 31st October 2021 Reflect on the desirable qualities of counselling and how these qualities shape your approach and values to counselling and/or developing a therapeutic professional relationship. Reflect on your PART A reflection and consider

Read More »

Critical Reflection scenario-based essay

Purpose: The purpose of this assessment is to deepen student’s understanding of the characteristics of leadership styles and the dynamic relationship of leadership with workplace communication and culture. Aim: This assessment provides the student the opportunity to apply and evaluate leadership styles in a scenario involving making changes to improve workplace

Read More »

MBA621 Healthcare Systems

Assessment 2 Information Subject Code: MBA621 Subject Name: Assessment Title: Assessment Type: Length: Case Study Slide Deck Individual PowerPoint presentation slides with notes 2000 words (+/- 10% allowable range) 20 slides with 100 words per slide Weighting: 35% Total Marks: Submission: 100 Online Due Date: Weeks 7 Your task Develop

Read More »

MATH7017: Probabilistic Models and Inference

MATH7017: Probabilistic Models and Inference, Project 2023                    (total: 40 points) Conditional Generation with Variational Autoencoders and Generative Adversarial Networks Overview In this project, you will work with Variational Autoencoders (VAEs) and Generative Adversarial Networks (GANs). You will build and train conditional versions of these models to generate MNIST digits given

Read More »

Surveying Plan Assignment Help

Submission Component and Marks Awarded Marks   PLAN:     Find Scale of plan and explain 4   9 Bearing and Distances of three lines 3 Plan Presentation 2 HORIZONTAL ALIGNMENT     Deflection Angles 4   18 Curve Elements 4 Chainages along the Road 10 VERTICAL ALIGNMENT:    

Read More »

NURBN3034 Assessment Task

NURBN3034 Assessment Task 1a Global Health Issues Group ePoster Presentation Weighting: 30% Due date: Thursday August 18th 13.59pm each group Purpose: The purpose of this learning task is to choose one of the following global health issues that under the right conditions has or is likely to have a significant

Read More »

ISYS3375 Business Analytics

School of Business, IT and Logistics — ISYS3375 Business Analytics Assessment 2: Case Study Assessment Type: Individual report                                               Word limit: 2000-3000 (+/– 10%) Each Table or Figure is counted as Due date: Sunday of Week 5 23:59 (Melbourne time) Weighting: 35% 50 words + the number of words in its

Read More »

NURBN3032 Task 2: Managing a Transition to Practice Issue

NURBN3032 Task 2: Managing a Transition to Practice Issue Weight: 60% Due: Thursday 18th May (Week 11) In this task, students are required to demonstrate knowledge relating to understanding and addressing a transitional issue that can affect new graduate nurses. Using evidence from current scholarly literature (i.e., less than seven

Read More »

ATS2561 Sex and the Media

Assessment Guide – Research Essay Due: Friday Week 12, submit on Moodle Weighting: 40% Length: 2000 words Write an essay responding to one of the following questions/topics: ‘objectifying’ images might be different, or that they should be understood as the same, for men and women. Your argument should address why

Read More »

ITC597 Digital Forensics

ITC597 Digital Forensics – SAMPLE EXAM ONLY This paper is for Distance Education (Distance), Port Macquarie, Study Centre Sydney and Study Centre Melbourne students. EXAM CONDITIONS: NO REFERENCE MATERIALS PERMITTED No calculator is permitted No dictionary permitted WRITING TIME:                     2 hours plus 10 minutes reading time Writing is permitted during

Read More »

Simulation Project- Computer Lab Project

Model and analyse the communication tower at the Casuarina campus. Apply dead, live and wind load as per in AS 1170 or other relevant standards in SAP2000. You should measure size of the elements as far as you can from or make reasonable assumptions about the dimensions. Reasonable assumptions should

Read More »

COM621 UX Strategy

Solent University Coursework Assessment Submission Module Name:    UX Strategy Module Code:    COM621 Module Leader: Assessment Submission Date: Student Number: UX Strategy Contents Part 1 – Introduction to System (1K words) 2 1.0 Introduction. 2 1.1       Current SUAA UX Design and Business Model 2 1.2       Academic and Market Research. 3 1.3      

Read More »

MIT302 Internet of Things

Group Presentation and Video (part 2) Unit:             MIT302 Internet of Things Due Date:       09/06/2023 Total Marks:    This assessment is worth 10% of the full marks in the unit. Instructions: 1.        Students are required to cover all stated requirements. 3.        Please save the document as: MIT302_Firstname_Surname_StudentNumber[assessment1].ppt Requirements: Write a PowerPoint of

Read More »

Can't Find Your Assignment?

Open chat
1
Free Assistance
Universal Assignment
Hello 👋
How can we help you?