assignment details in the file
Assessment 2 Assessment type: Written Individual assignment (2,000 words). Purpose: The purpose of this assessment is to demonstrate student awareness of current industry and research trends in the field of information security. Analyse and evaluate the organizational adoption of security controls. Design solutions for concrete security problems for distributed applications This assessment contributes to learning outcomes c, d. Value: 30% (Report 25%; Presentation 5%) Due Date: Report Submission Week 11; Presentation Week 12 Submission requirements details: All work must be submitted on Moodle by the due date followed by the presentation in week 12. Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using Harvard Anglia referencing style. Assessment topic: Security Plan and Training Program Task Details: This assignment requires you to design a security plan based on a given case study. The learning outcomes of this assignment are to recognize the threats that exist in your current or future work place. Through your research, identify the threats, outline security guidelines and develop a robust and pragmatic training programme. You are required to complete and submit a security plan based on the following scenario: The assignment has two parts: Report Submission – Week 11 (25 Marks) & Presentation – Week 12 (5 Marks) Case Study Scenario: You are the recently appointed head of a security team responsible for protecting the information holdings of Seek Hardware Ltd which is a medium organization selling IT hardware parts. The organization is based in multiple locations managing its communications through logical point to point connections. Each of the location office comprises of 550 staffs. The security team is responsible for administering the security of information from deliberate and accidental threats. The recent information security management team found that the security has not been properly addressed in some key areas such as social engineering attacks, password security, various other threats to the organization. The team also realized that there is lack of personnel awareness about security among the user group belonging to the organization. Technical systems were found to be reasonably effective in maintaining database and document management security, and were well serviced by the IT team. The above issues required urgent remedy considering the fact that unattended vulnerabilities in the network are open to attacks. As the head of the team, it becomes your responsibility to ask your team to analyze the possible threats and provide a report on the detailed security countermeasures for all the possible threats. As a part of the security analysis, the tasks of the team is to: a) Identify and describe the organizational holdings (assets) at risk b) Identify and describe the potential security threats to the organization c) Design the necessary security counter-measures to manage and address the threats d) Develop a comprehensive information security training and awareness program for the users of the organization belonging to the different levels of the organizational hierarchy Marking Criteria: Sections Description of the section Marks Executive Summary Summary on what the report is addressing 1 Introduction Give an introduction on what is security from the organization’s perspective discussed in the case study and what is the need for a security plan 2 Security Plan Detail on how the organization wants to attain security (identify risks, threats, attacks) 5 Security Countermeasures Identify security solutions to safeguard the organization 5 Training Identify level of awareness provided for the users 5 Security Policy Develop an appropriate security plan 5 Conclusion and References Conclusion with references 2 Total 25 Presentation 5 Marking Rubric for Assessment 2: Report 25% Criteria Fail (0 – 49%) Pass (50 – 64%) Credit (65 – 74%) Distinction (75 – 84%) High Distinction (85 – 100%) Executive Summary1% Did not provide executive summary in the report Not a well written summary Presented the summary but not enough details provided Includes the complete details in the summary Very clearly written and structured Introduction 2% Did not provided the introduction Introduction provided but no complete details presented about the organization in the case study Introduction presented with a report on the case study Well presented introduction with a report on the case study but not a clear structure Very clearly written and structured Security Plan 5% No details on the security plan or very minimum amount of information Minimum details of security information provided for the plan A security plan has been provided for the organization discussed in the case study A well written security plan with necessary details for the organization discussed in the report Very clearly written and structured plan for the organization discussed in the report Security Countermeasures 5% The section not presented in the report or the countermeasures not discussed appropriately A few countermeasures provided for some of the assets for the case study Countermeasures addressed for most of the assets for the case study A well discussed set of countermeasures for all the assets identified in the report Very clearly written and structured with all assets identified and all the countermeasures discussed for the assets Training 5% This section not provided in the report or not discussed appropriately No appropriate amount of details provided for the different types of training needs for the users of the organization Minimum amount of details provided for the different types of training needs for the users of the organization Complete details provided for the different types of training needs for the users of the organization Very clearly written and structured with necessary details of types of training Security Policy 5% This section not provided in the report or not discussed appropriately No appropriate amount of details provided on the security policy Minimum amount of details provided for the different types of training needs for the users of the organization Complete details provided for the different types of training needs for the users of the organization Very clearly written and structured with necessary details of types of training Conclusion 2% No conclusion provided Conclusion not provided with complete findings in the report Conclusion not provided with necessary details Conclusion provided Very clearly written and structured Presentation 5% Total Mark:/ 30% Marking Rubric Assessment 2: Presentation (5%) Criteria Fail (0 - 49%) Pass (50 - 64%) Credit (65 - 74%) Distinction (75 - 84%) High Distinction (85 - 100%) Visual Appeal (Group) 1% There are many errors in spelling, grammar and punctuation. The slides were difficult to read, not proper color and font used, too much information been copied. No visual appeal. There are many errors in spelling, grammar and punctuation. Too much information was contained on many slides. Minimal effort made to make slides, too much going on. There are some errors in spelling, grammar and punctuation. Too much information on two or more slides. Significant visual appeal. There are no errors in spelling, grammar and punctuation. Information is clear and concise on each slide. Visually appealing and engaging. Professional looking presentation There are no errors in spelling, grammar and punctuation. Information is clear and concise on each slide. Visually appealing and very engaging. Content (Group) 1% The presentation provides a brief look at the topic but many questions are left unanswered, majority of information is irrelevant and significant points left out The presentation Is informative but several elements are unanswered, much of the information irrelevant, coverage of some of major points The presentation is a good summary of the topic, most important information covered, little irrelevant information The presentation is a concise summary of the topic with all questions answered, comprehensive and complete coverage of information Exceptionally good summary of the topic and provides extensive supportive elements to aid the ease of understanding of the audience Preparedness/ participation/ group dynamics (Group) 1.5% Unbalanced presentation or tension resulting from over-helping. Multiple group members not participating, evident lack of preparation/rehearsal , dependence on slides Significant controlling by some members with one minimally contributing, primarily prepared but with some dependence on just reading off slides Slight predominance of One presenter, Members help each other, very well prepared All presenters know the information, participated equally and help each other as needed, extremely well prepared and rehearsed Exceptionally good group dynamics, presentation would be considered professional Presentation Skills (Individual) 1.5% Minimal eye contact focusing on small part of audience, the audience is not engaged, spoke too quickly or quietly making it difficult to understand, poor body language Focuses on only part of the audience, sporadic eye contact and the audience is distracted, speaker could be heard by only half of the audience, body language is distracting Speaks to majority of the audience, steady eye contact, the audience is engaged by the presentation, speaks at a suitable volume, minor problems with body language eg. fidgeting Regular/constant eye contact, the audience is engaged, and presenter held the audience’s attention, appropriate speaking volume and good body language Professional presentation skills, excellent audience engagement