ASSIGNMENT BRIEF Module title Security and Risk Management Module code COM744 Module leader Julie Mayers Assessment title Assignment 1: Task 1: Security Management Case Study Report Launch date Week 1: Monday 29 January 2024 Submission deadline Monday 11 March 2024 Expected date for return of marks and feedback Grades and feedback will be available on Moodle within 15 working days. This will consist of annotations on submission, and face to face dialogue if and when required. Module outcomes assessed • Understand the issues with information security and security risks. • Identify the security risks and security control strategies in a particular context. • Discuss issues related to legal, ethical, and professional issues in security management. Assessment weighting 35% Word count (if relevant) 2000 words (+/- 10%)
Faculty of Arts, Computing and Engineering Subject of Cyber and Computing Assessment task details – provide a description of the task For this assignment you should imagine that you are the Information Security and Risk Manager for a large organisation of your choice! Students should each select a different organisation and industry from other students, you will need to get your organisation approved by your tutor. You should produce a report for the executive team of your organisation containing the following elements to help them understand the security elements of your organisation: 1. The potential cyber risks for your Industry based on global data and research . In this section you should research your selected organisation and the industry that it sits within to understand the cyber risks that face that specific industry or sector. 2. The threat landscape for your organisation . In this section you should research your selected organisation to understand the threat landscape faced by that organisation. The threat landscape means the entire scope of potential and cybersecurity threats affecting user groups, organizations, specific industries, or a particular time. Within this section you are free to make sensible assumptions but please clearly state what assumptions you have made. 3. Legal, ethical and professional issues related to the identified organisation and industry risks should they become a reality for the organisation in question . In this area you should discuss the potential impacts of the threats, vulnerabilities and risks you have identified in earlier sections from a legal, ethical and professional standpoint based on your research. You should end your report with a conclusion or executive summary of your findings. References – Your assignment must be supported by an appropriate reference base in IEEE format. References do not count towards the word count. Submission instructions – What should be the format of the submission? / Where should it be submitted?
Faculty of Arts, Computing and Engineering Subject of Cyber and Computing Academic integrity is an important part of your learning and assessment. On submission of an assignment, software called Turnitin is automatically used to check the similarity of your work to other sources of information and the work produced by other students. The similarity scores are reviewed by the marking team and any similarity scores that are a cause for concern will be flagged and investigated. By submitting this work, you confirm that you have read, understand and accept the university’s regulatio ns regarding academic integrity and academic misconduct such as plagiarism and collusion and agree to be subject to the academic integrity process if any such situation should arise. Work should be submitted as a single MS Word (.doc/.docx) or PDF document only, containing your assignment and a reference list. No appendices are required. This report should be written using the correct grammar and referencing skills (IEEE style); it must be formatted appropriately and submitted online via the appropriate Turnitin submission link found on the module space. Hints and tips All learning material will be found on the VLE. Your report should be professional, aimed at senior management. You are expected to work on this assignment on your own, and it is important that you do not discuss or exchange your ideas, data, or any work output with other students. All submitted work is expected to observe academic standards in terms of referencing, academic writing, use of language etc. Failure to adhere to these instructions may result in your work being awarded a lower grade than it would otherwise deserve. Late submissions: work submitted up to a week late without a valid reason can only gain a maximum of 40%. If an extension is required, then a Request for Extension to Assignment Deadline Form must be completed and agreed prior to the submission date. Any work submitted more than a week late without a valid reason may be read but will not be marked. Marking and moderation
Faculty of Arts, Computing and Engineering Subject of Cyber and Computing All grades/marks are indicative and may change when moderated – see the last page for the marking criteria. All required work must be submitted, in full and as directed and described, by the due time and date, to achieve marks reflecting its full worth. Work submitted after the due time and date, but within one calendar week, will be capped at 40%. Work more than a week late will not be marked and will be entered as 0%. Employability Skills Applied On successful completion of this module, a student will have had opportunities to demonstrate achievement of the following Employability Skills: Tick all that apply. CORE ATTRIBUTES Engaged ✓ Creative ✓ Enterprising ✓ Ethical ✓ KEY ATTITUDES Commitment ✓ Curiosity ✓ Resilient ✓ Confidence ✓ Adaptability ✓ PRACTICAL SKILLSETS Digital fluency ✓ Organisation ✓ Leadership and team working Critical thinking ✓ Emotional intelligence ✓ Communication ✓
Faculty of Arts, Computing and Engineering Subject of Cyber and Computing Marking criteria ELEMENT ASSESSMENT TASK <40: 40%-49% 50%-59% 60%-69% 70%+ Introduction/ Rationale Weighting: 5% Relevant selection of organisation approved by lecturer. The introduction is missing or unclear. Introduction is somewhat unclear, and the rationale is weak. Introduces the topic adequately but may lack conciseness. Introduces the topic well, with a clear rationale. Clearly and concisely introduces the topic, including a strong rationale. The potential cyber risks Weighting 25% In this section you should research your selected organisation and the industry that it sits within to understand the cyber risks that face that specific industry or sector. An ineffective analysis that lacks coherence, clarity, and depth in addressing cyber risks. A satisfactory analysis that requires substantial improvement, especially in identification and critical analysis. A fairly good analysis, but there are areas that could be strengthened, particularly in identification and critical analysis. A good analysis that identifies and assesses cyber risks well, with some room for improvement in critical analysis. A very good analysis that effectively identifies, assesses, and critically evaluates cyber risks specific to the industry and organization. The threat landscape for your organisation Weighting 25% In this section you should research your selected organisation to understand the threat landscape faced by that organisation. The threat landscape means the entire scope of potential and cybersecurity threats affecting user groups, organizations, specific industries, or a particular time. Within this section you are free to make sensible assumptions but please clearly state what assumptions you have made. An ineffective analysis that lacks coherence, clarity, and depth in addressing the threat landscape. An acceptable analysis that requires substantial improvement, especially in identification and mitigation strategies. A fairly good analysis, but there are areas that could be strengthened, particularly in identification and mitigation strategies. A good analysis that identifies and assesses threats well, with some room for improvement in mitigation strategies. A very good analysis that effectively identifies, assesses, and proposes mitigation strategies for threats specific to the organization. Legal, Ethical, and professional Issues Weighting 25% In this area you should discuss the potential impacts of the threats, vulnerabilities and risks you have identified in earlier sections from a legal, ethical and professional standpoint based on your research. An ineffective analysis that lacks coherence, clarity, and depth in addressing legal, ethical, and professional issues related to identified risks. A satisfactory analysis that requires substantial improvement, especially in depth of analysis and proposed mitigation strategies. A fairly good analysis, but there are areas that could be strengthened, particularly in depth of analysis and mitigation strategies. A good analysis that examines legal, ethical, and professional issues well, with some room for improvement in depth or specificity. A very good analysis that effectively examines legal, ethical, and professional issues related to identified risks, offering meaningful insights and mitigation strategies. Conclusion/ Executive summary Weighting 10% You should end your report with a conclusion or executive summary of your findings. An ineffective conclusion that leaves the reader with confusion or dissatisfaction. An acceptable conclusion that requires substantial improvement. A strong conclusion, but there are areas that could be strengthened. A solid conclusion that effectively concludes the paper, though some improvements could enhance it. An excellent conclusion that effectively wraps up the report and leaves a lasting impact.
Faculty of Arts, Computing and Engineering Subject of Cyber and Computing ELEMENT ASSESSMENT TASK <40: 40%-49% 50%-59% 60%-69% 70%+ Presentation and referencing (10%) Presented in a professional manner to suit the intended audience, suitable referencing in IEEE format. An ineffective presentation that lacks coherence, clarity, and professionalism, hindering the understanding. Too few references provided. Many sources are not cited or referenced correctly, or there is a complete lack of citations and references. A basic presentation that requires substantial improvement, especially in organization, clarity, and professionalism. A limited number of references provided. Many sources are inaccurately cited or referenced, and there are major errors in citation style or formatting. A solid presentation, but there are areas that could be strengthened, particularly in organization, clarity, and professionalism. A fairly good number of references provided. Some sources are inaccurately cited or referenced, with noticeable errors in citation style or formatting. A strong presentation that effectively communicates ideas and engages the audience, with some room for improvement in specific areas. A good number of references provided. Most sources are accurately cited and referenced, with minor errors in citation style or formatting. An excellent presentation that effectively communicates ideas, engages the audience, and adheres to high standards of professionalism in both content and delivery. All sources are accurately cited and referenced according to the required IEEE style.