Page 1 of 4 SBM4304 IS Security and Risk Management Semester 2, 2018 Assignment 2: Essay Due date: Week 7 Group/individual: Individual assignment Word count: 2000 Weighting: 40% Unit learning...

I’m providing the assignment details below and I need it by the due time


Page 1 of 4 SBM4304 IS Security and Risk Management Semester 2, 2018 Assignment 2: Essay Due date: Week 7 Group/individual: Individual assignment Word count: 2000 Weighting: 40% Unit learning outcomes: [ULO3], [ULO5], [ULO6] Rationale In the Essay assignment students have to study the different types of IS control. Research must be conducted to understand and analyse the difference between general management controls and application controls. The students have also to evaluate the security and risk management techniques required to ensure the reliability, confidentiality, availability, integrity and security of digital business processes. Finally, they have to demonstrate how the auditing can support data quality. Task Specifications Students should select an organisation. The organization must provide IS services to the staff and customers. The students have to write a report to answer the followings related to the selected organization: 1. Briefly illustrate the services the organization provided and how the use of information system supports the organization business operations. 2. Any organization use General Management Controls (GMCs) to manage its risks. This control forms the foundations of internal control system and help provide efficient defense against threats. Outline and discuss the GMC of the selected organization. 3. Application Controls (ACs) for IS are specific type of control used by organizations to control computerize applications such as payroll systems, online learning systems and other business-related applications. Discuss the different types of ACs. 4. Compare general management controls and application controls for IS. 5. Describe and evaluate the risk management techniques adopted by the selected organization required to ensure the reliability, confidentiality, availability, integrity and security of digital business processes. Your evaluation of the risk management must include risk identification, risk assessment and risk control related to the selected organization. 6. Auditing is the process of reviewing of systems use to determine if misuse has occurred at any bussing process of the organization. Critique the importance of Page 2 of 4 auditing IS and safeguarding data quality for the selected organization. Illustrate the audit plan and process used by the organization. You may need to make some assumptions with the required justifications. Report Layout The report should be organised using the following headings and guidelines: 1. A Cover Title Page 2. Introduction - should clearly define the aims and objectives of the report. 3. A depiction of the services the organization provided and how the use of information system supports the organization business operations. 4. General Management Controls (GMCs) of the selected organization. 5. Types of Application Controls (ACs). 6. Compare general management controls and application controls for IS. 7. Risk management techniques adopted by the selected organization a. Reliability, confidentiality, availability, integrity and security. b. Risk identification, risk assessment and risk control. 8. Importance of auditing IS and safeguarding data quality for the selected organization. - audit plan - audit process 9. Conclusions and Recommendations - A summary of your findings and your recommendations regarded the security and risk management. 10. Reference Page 3 of 4 Assessment criteria SBM4304 IS Security and Risk Management Semester 1, 2018 Worth 40% Marking Criteria: Student ID: Student Name: Assessment Attributes Level of Attainment Fail Pass Credit Distinction High Distinction Compare general management controls and application controls for IS (30%) Inadequate understanding of general management controls and application controls for IS; cannot discuss concepts in own words Basic knowledge only of general management controls and application controls for IS; limited depth of basic concepts Exhibits breadth and depth of understanding of general management controls and application controls for IS Exhibits accurate and detailed breadth and depth of understanding of general management controls and application controls for IS Displays exceptional understanding of concepts and their practical application of general management controls and application controls for IS Evaluate the IS- related security and risk management techniques required to ensure the reliability, confidentiality, availability, integrity and security of digital business processes (30%) Inadequate understanding of IS-related security and risk management techniques required to ensure the reliability, confidentiality , availability, integrity and security of digital business processes; cannot discuss concepts in own words Basic knowledge only of IS- related security and risk management techniques required to ensure the reliability, confidentiality, availability, integrity and security of digital business processes; limited depth of basic concepts Exhibits breadth and depth of understanding of IS-related security and risk management techniques required to ensure the reliability, confidentiality, availability, integrity and security of digital business processes Exhibits accurate and detailed breadth and depth of understanding of IS-related security and risk management techniques required to ensure the reliability, confidentiality, availability, integrity and security of digital business processes Displays exceptional understanding of concepts and their practical application of IS-related security and risk management techniques required to ensure the reliability, confidentiality, availability, integrity and security of digital business processes Critique the Inadequate Basic knowledge Exhibits breadth Exhibits accurate Displays exceptional Page 4 of 4 importance of auditing IS and safeguarding data quality (20%) understanding of the importance of auditing IS and safeguarding data quality; cannot discuss concepts in own words only of the importance of auditing IS and safeguarding data quality; limited depth of basic concepts and depth of understanding of the importance of auditing IS and safeguarding data quality and detailed breadth and depth of understanding of the importance of auditing IS and safeguarding data quality understanding of concepts and their practical application of the importance of auditing IS and safeguarding data quality Written Communication skills (15%) Proposal lacks structure. Most components present Components present and mostly well integrated All elements are present and very well integrated. All elements are present and very well integrated. Citation of sources and list of references (5%) Lacks consistency with many errors Sometimes clear referencing style Generally good referencing style Clear referencing style Clear styles with excellent source of references. TOTAL MARKS: 100% Total Marks Obtained: Comments: Lecturer: Location: Date: