Contents
Section 1: Overview of Assessment Section 2: Task Specification Section 3: Deliverables
Section 4: Marking Criteria
Section 1: Overview of Assessment
This assignment assesses the following module learning outcomes:
- Propose an ISMS for a real organisation, using recognised methods and to an internationally recognised stardard.
- Reflect on the process of specifying an ISMS, justifying methods used, and/or proposing alternatives.
The assignment is worth 100% of the overall mark for the module.
This assignment requires you to produce a 3000-word report that proposes a suitable Information Security Management System for an organisation of your choice. Working on this assignment will help you to understand the significance of ISO and other standards in the specification of an ISMS, and to analyse the range of real world security issues that face commercial organisations and institutes.
The assignment also requires the delivery of a 5-minute video presentation. You are expected to disseminate the findings from your report, and put forward the case of why your ISMS proposal is required and is important to the organisation.
The assignment is described in more detail in section 2. This is an individual assignment.
Section 2: Task Specification
Part A (worth 75% towards the final grade):
Produce a 3000-word report that will propose an Information Security Management System for an organisation of your choice
You need to decide on an organisation for the purpose of your report. This should be an organisation that you have an interest in, and could be a placement organisation that you have worked at. You will need to briefly outline the organisation in your report, describing their business objectives, the kind of assets and roles that exist within the organisation, and justify why they would benefit from an ISMS. To further motivate the justification of why an ISMS would be important, you should provide background on relevant real-world security incidents that you are aware of, illustrating the scenario and the issues, and how the problem could have been mitigated. You may choose to discuss topics that are covered during the seminar sessions.
You will also be expected to identify and analyse a variety of risks that would be relevant to the organisation. In order to do this, you should describe an asset inventory, and conduct a risk analysis using appropriate methodology. You will also need to propose a risk treatment plan that describes appropriate actions for each identified risk, and how this action could realistically be achieved within the constrains of the business operations, making reference to relevant control objectives from ISO27001. You should also describe the process of continual monitoring and how the organisation will ensure that this ISMS is achieved, making full use of ISO standards as is deemed appropriate. It should be clear how your report aligns with the risk management life cycle.
For both the risk assessment and the risk treatment stages, you are expected to provide a comprehensive set of examples that convey the broad spectrum of risks that your particular organisation may face. For the purpose of the report, you can make assumptions about the organisation where appropriate, providing that the proposed risks are suitable for the type of organisation that you have chosen. The report should be written for a professional audience, and should make a convincing argument for the CEO as to why your ISMS plan is both important, and required, by the organisation.
The report should contain discussion that critically reflects upon the methods used and the overall experience of establishing an ISMS for this task, including any limitations faced and pathways for further development.
References should be included in the report where appropriate. The article is expected to be no more than 3000 words, please refer to the UWE word count policy:
Part B (worth 25% towards the final grade):
Prepare an individual Powerpoint presentation that details the proposed ISMS plan
The presentation should be considered as a pitch to the CEO to justify why the proposed ISMS is important to the organisation, and why budget should be given to facilitate the implementation of your ISMS. You will need to present and reflect on the key details from your report, providing critique and justifications for the recommendations you have made. You should expand beyond what is included in the report to provide greater detail where appropriate. You should produce a professional video presentation that is no longer than 10 minutes. You may use Powerpoint to achieve this, or you can use other tools as you see fit. This contributes towards 25% of the module’s assessment.
Section 3: Deliverables
Part A: A 3000-word report is to be submitted via Blackboard by Thursday 5th May 2022 in either DOC or PDF format.
Part B: A 10-minute video presentation is to be submitted via Blackboard by Thursday 5th May 2022. Please provide a shareable link in your Blackboard submission. We would recommend that you host the video file through OneDrive or on an online video service such as YouTube (you can set this as unlisted). You must check that the link will be accessible to your marker – if the marker can not access your submission then you will be graded zero.
Section 4: Marking Criteria
Reports will be marked on the following criteria:
- Description of the organisation, assets and people, and why an ISMS is required. (10%)
- Background relating to other real-world security incidents, justifying why these are relevant to the chosen organisation and how an ISMS could help (10%)
- Risk Identification and Assessment, using appropriate methodology (30%)
- Risk Treatment Plan, including crtical analysis and justification of appropriate controls (30%)
- Critical reflection (10%)
- Report Quality and Presentation (10%) Presentations will be marked on the following criteria:
- Presentation clarity, timing, and delivery including the use of Presenter Notes (25%)
- Accuracy and appropriateness of the information presented (25%)
- How relevant the presented information is to the chosen organisation (25%)
- Thoroughness of the background, risk assessment and treatment plan (25%)
| Performance Level | Criteria |
| Fail (< 40%) | Failure to meet the criteria for a pass. |
| 3rd Class / PASS (40% – 49%) | A poor submission which does not address ALL parts of the criteria or VERY partially and poorly addresses all parts. Limited or insufficient detail, discussion, and justification has been provided for risk identification, assessment, and treatment. Report is incoherent. A weak case has been made for the relavent background and/or related security incidents. |
| Lower 2nd Class / PASS (50% – 59%) | A weak submission which does not address ALL parts of the criteria or partially and poorly addresses all parts. Some detail, discussion, and justification has been provided for risk identification, assessment, and treatment. Report has some incoherency issues. Some case has been made for the relavent background and/or related security incidents. |
| Upper 2nd Class / MERIT (60% – 69%) | A good submission which addresses ALL parts of the criteria. Good detail, discussion, and justification has been provided for risk identification, assessment, and treatment. Report is well written. Suitable detail has been provided on the organisational background in the context of the ISMS, with discussion on a related security incident. |
| 1st Class / DISTINCTION (70% +) | An excellent submission which addresses ALL parts of the criteria, showing both insight, attention to detail and high quality of presentation. Excellent detail, discussion, and justification has been provided for risk identification, assessment, and treatment. Report is written to a professional standard. Excellent detail has been provided on the organisational background in the context of the ISMS, along with reference to relavent security incidents. |
Get expert help for Security Management in Practice and many more. 24X7 help, plag free solution. Order online now!
