1 | 5 COIT20263 Information Security Management (HT2, 2019) Assessment Item 3 - Written Assessment Due date: 8:00 AM AEST, Monday, Week 12 ASSESSMENT Weighting: 40% 3 Length: 3000 words (±500 words)...

1 | 5 COIT20263 Information Security Management (HT2, 2019) Assessment Item 3 - Written Assessment Due date: 8:00 AM AEST, Monday, Week 12 ASSESSMENT Weighting: 40% 3 Length: 3000 words (±500 words) Objectives This assessment task relates to the Unit Learning Outcomes 3 and 4 and can be undertaken in a group of up to 4 members or individually. Distance students can form groups with on-campus students as well. In this assessment task, you will analyse the scenario given on page 3 and discuss in a report as to how you apply the principles of information security risk management as well as information security certification and accreditation to the organisation in the given scenario. Assessment Task You are required to analyse and write a report on a) guidelines for information security risk management b) guidelines for information security certification and accreditation for the organisation described in the scenario on page 3. You should ensure that you support your discussion with references and justify the content of your discussion. Your report should include: 1. Executive Summary 2. Table of Contents 3. Introduction 4. Discussion 5. Conclusion 6. References Note: You must follow the Harvard citation and referencing guidelines. Check the unit website at least once a week for further information relating to this assessment task. Please ensure that you write your report in your own words to avoid possible plagiarism and copyright violation. You can understand the Plagiarism Procedures by following the corresponding link in the CQUniversity Policies section of the Unit Profile. http://www.cqu.edu.au/?a=14032 2 | 5 Assessment Criteria You are assessed on your ability to apply the principles of information security risk management as well as information security certification and accreditation to the organisation in the given scenario. The marking criteria for Assessment Item 3 are provided on page 4. You need to familiarise yourself with the marking criteria to ensure that you have addressed them when preparing your report. Submission Each of you in the group must upload the same written report as a Microsoft Office Word file through the COIT20263 Moodle unit website assessment block on or before the due date. A group member who fails to submit the assessment item will not be awarded any marks for the assessment. Late submissions will incur the penalty as per university’s ASSESSMENT POLICY AND PROCEDURE. 3 | 5 The Scenario for Information Security Management Assessment Tasks FuturePlus is a newly established, independent charity organisation helping disadvantaged Australian students to continue their education, giving them a chance to a future full of possibilities. To start with, the support includes payments for tuition fees and educational supplies, as well as for student accommodations. However, the organisation plans to develop and offer more programs to help the disadvantaged students, for example, early intervention and tutoring programs. The costs are covered through public donations. FuturePlus collects one-off as well as monthly donations through their website equipped with a secure payment system. They also run special fund-raising drives twice a year by advertising about the event on national television, on their website, and via SMS and e-mails sent to donor list extracted from their donor database. To manage the operations of the organisation, they have recruited both full-time as well as casual staff. The full-time staff consist of an Operating Manager, an Accountant, a Planning Officer, two Case Officers, and three support staff. There are three casual staff providing extra support to the Case Officers with eligibility checks and visits to the candidate students, also providing updates on students who receive help from FuturePlus. However, the organisation is planned to grow in the number of staff members, and students they support in the next few years. FuturePlus operates from Sydney CBD, occupying one floor of a high-rise building. They have got their network designed and rolled out by your company, with all the servers located in their premise, and have employed your company to provide them ongoing network support. Their office network site is connected to the Internet via 5G cellular wireless technology. They require their database servers and the website to be up and running 24/7. FuturePlus provides their casual staff with portable devices to take on-site case notes during their site visits and send these to the office via secure communications. Since they store sensitive information about their donors, students receiving donations, as well as payment details such as bank account and credit card information, it is of utmost importance that their servers and communications over the Internet are completely secure. FuturePlus has requested your company’s service of designing a suitable information security program for their organisation. Note: This scenario was created by Dr Jahan Hassan on the 11th of June 2019 and no part of this scenario should be reproduced by any individual or an organisation without written permission from CQUniversity, Australia. . 4 | 5 Marking Criteria Section HD D C P F Max Mark Mark Obtained 5 4.5 4.25 4 3.75 3.5 3.25 3 2.5 2 0 Executive summary Summarised all key information of the report. One or two key information missing. Three key information missing. One or two key information missing. Three key information missing. Most key information missing. No Executive Summary. 5 Very clear writing with no mistakes. A few spelling or grammar mistakes. Several spelling or grammar mistakes. Very clear writing with no mistakes. Several spelling or grammar mistakes. Very clear writing with no mistakes. Several spelling or grammar mistakes. Not clear. Not clear. HD D C P F 5 4 3.5 3 2 0 Table of contents (ToC) Used decimal notation. Included all headings and page numbers. Used ToC auto-generation. Used Roman i for the Executive Summary page. Executive Summary was before the Introduction. Used a new page. One feature missing. Two features missing. Three features missing. Four or more features missing. ToC missing. 5 HD D C P F 5 4.5 4.25 4 3.75 3.5 3.25 3 2.5 2 0 Set the scene for the report and described the purpose clearly. Explained the research method used. Outlined the sections of the report. Started from a new page. Contained all information but not enough detail. Some information missing but enough detail given. Some information missing and not enough detail. Most information missing. No Introduction. 5 Introduction Very clear writing with no mistakes. A few spelling or grammar mistakes. Several spelling or grammar mistakes. Very clear writing with no mistakes. Several spelling or grammar mistakes. Very clear writing with no mistakes. Several spelling or grammar mistakes. Very clear writing with no mistakes. Several spelling or grammar mistakes. HD D C P F 20 18.5 17 16 15 14 13 12 10 8 0 Discussion Thorough and detailed discussion supported by in-text references and justifications. Contained all information but not enough detail. Some information missing but enough detail given. Some information missing and not enough detail. Most information missing. Irrelevant information. 20 Very clear writing with no mistakes. A few spelling or grammar mistakes. Several spelling or grammar mistakes. Very clear writing with no mistakes. Several spelling or grammar mistakes. Very clear writing with no mistakes. Several spelling or grammar mistakes. Very clear writing with no mistakes. Several spelling or grammar mistakes. HD D C P F 5 | 5 5 4 3.5 3 2 0 References All references are listed according to Harvard reference style. All references are listed but a few referencing errors. Not all references are listed but correctly referenced. Many references missing. Incorrect reference list. No reference list. 5 Plagiarism penalty Late submission penalty Total 40