QUT SCIENCE AND ENGINEERING FACULTY IFN511 Security Management Semester 1 2019 Assessment Item 1: Report 1 Report Organisation 1.1 Working together This is a group assessment task; your group for this...

Report writing for an organisation as a information security consultant about an information security issue.


QUT SCIENCE AND ENGINEERING FACULTY IFN511 Security Management Semester 1 2019 Assessment Item 1: Report 1 Report Organisation 1.1 Working together This is a group assessment task; your group for this task should have two members. You are free to select your own group members from the IFN511 2018 cohort. Important points to consider when selecting group members are listed on the IFN511 Blackboard site, under the Assessment section: ‘Assessment -> Assessment Item1: Report -> Forming a group for the report’. Sign up to a group on the Blackboard site in the Assessment section. Students who have not notified the unit coordinator of group details in Blackboard by the 18th April will be assumed to be doing the assignment individually and allocated to a group of one by the unit coordinator. 1.2 Report Phases There are two marking phases for this project: preliminary marking and final marking.
 1. (5%) Preliminary marking (28th April 2019): For this phase, your group needs to complete the preliminary report form (available on Blackboard) and submit it via Blackboard. At this stage, we do not expect your draft to be a polished report. However, you must be able to demonstrate progress in locating resources relevant to your topic, recording reference details and developing the content of your report. The tutors will provide feedback on your progression. 2. (25%) Final marking: Your group should submit an electronic copy of your completed report for marking by the due date (2nd June 2019). Submission for final marking is through the blackboard site; look for the Turnitin submission link below the report specification link. 1.3 Academic report writing: An important aspect of this assessment task is locating relevant information, either in online resources or in print media. However, it is important that the report is written in your own words. Do not just 'cut and paste' or copy information from any source into your report: that is considered plagiarism (a breach of academic integrity) and is not acceptable in Australian universities. If this is detected, the Unit Coordinator is obliged to notify the Faculty Academic Integrity Committee, and the penalties imposed may be severe (See the QUT MOPP for details). A useful guide to referencing, citation and report writing is: http://www.citewrite.qut.edu.au/. The QUT librarians are also willing to provide assistance; check the QUT Library homepage for links. 2 Background Information Computers and networks are a vital part of the information systems of many organisations. We depend on these information systems for the provision of services across all sectors of the economy. However, vulnerabilities exist in these information systems: within information assets such as the operating systems and application software, and with the people or procedures that are employed. These vulnerabilities can be exploited by others and must be considered by the organisation during the risk management process. Threats acting on these vulnerabilities can result in serious harm to organisational assets. 3 Assessment Task Each group is required to write a report for an organization with a computer network connected to the internet on one of the information security issues in the list below. NOTE: The organisation that you write about in your report need not be an actual organisation, it can be hypothetical. Write as if your group are information security consultants providing the organisation’s executive with a report on an issue that they are concerned about. For your report topic, choose one of the following topics: 1. Access by authorized third parties (such as vendors, consultants and contractors) to an organisation's networks. 2. Employee use of personal devices for work purposes (BYOD) both at work and elsewhere. 3. Protecting the privacy of customers and employees with regards to the Australian Privacy act as well as the General Data Protection Regulation (GDPR). 4. Addressing industrial espionage (including both internal and external parties). 5. Use of external cloud providers for essential business services such as storage, email or web application hosting. Your report should describe your hypothetical organisation and discuss the security issues associated with the chosen topic in some detail, and the control measures that could be applied. Your report must relate this specifically to the organisation you have chosen. • Description of your hypothetical organisation: which industry sector, what product/service it provides, the size and structure of the organisation (head office, branches, numbers of employees & customers), the information assets of the organisation. • Discussion of security issues: clearly explain what the issue is, identified threats to the organisations’ information assets, aspects of the organisations' information system that are vulnerable and why, how these vulnerabilities could be exploited and the possible outcomes if that exploitation occurs. Explain which information security goals may be compromised (CIA). Where other organisations have experienced similar issues or attacks previously, describe the attacks and the level of damage caused. • Information security controls: explain the controls (technology, policy and practice, education, training and awareness) available to address the identified issues. Which controls are applicable to the organisation you are writing the report for? Give specific recommendations. 4 Report structure and format Your report should be written in Word (you can save it and submit in PDF format), with a header and footer on each page. Include student numbers and names of group members in the header, and the unit code IFN511 and page number in the footer. Use 12-point font. The report should have the following sections: • Title page • Abstract • Table of contents • Introduction • Discussion • Conclusion • Recommendations • References Use the QUT APA style for citation and references. The report body should be no longer than 10 pages (excluding the title page, abstract, table of contents and references). QUT SCIENCE AND ENGINEERING FACULTY IFN511 Security Management Semester 1 2019 Assessment Item 1: Report 1 Report Organisation 1.1 Working together 1.2 Report Phases 1.3 Academic report writing: 2 Background Information 3 Assessment Task For your report topic, choose one of the following topics: 4 Report structure and format