This module is assessed by a portfolio of assessment that weights 100% of your overall mark.
Task 1 carries 30% and task 2 carries 40% and task 3 carries 30% of the overall portfolio mark.
Tasks 2 weight 70% of your overall mark and are submitted in the form of a portfolio through this submission point.
Task 1 will assess essential facts, concepts and principles of security controls and IT security development and management and exercise critical evaluation of information sources. It is assessed separately as a Canvas quiz.
Task 2 will assess your understanding on national and international information security standards, government policies, and compliance legislation. Also, it will enable you to demonstrate detailed knowledge and understanding of information risk assessment and security management as well as confidence and flexibility in security standards, managing security incidents and related IT security problems in systems development and implementation.
Task 3 will assess a range of current security management techniques and how the principles of information risk assessment, incident management and information assurance methods are embodied therein.
You are expected to demonstrate an insight into the implications of the problem introduced in each task by using clear and concise arguments. The reports should be well written (and word-processed), showing good skills in creativity and design. Sentences should be of an appropriate length and the writing style should be brief but informative.
During the teaching weeks you will have the opportunity to receive feedback on your portfolio activities from the module team. The deadline for the complete Portfolio is the 16.12.2019.
Task 2 – Information Security Policy
Task 2 is weighted at 40% of the overall portfolio mark.
You work for a high-tech company with approximately 550 employees. Your firm recently won a large UK Government contract, which will add 30% to the revenue of your organization. It is a high-priority, high- visibility project. You will be allowed to make your own budget, project timeline, and tollgate decisions.
You have been assigned as the group leader to develop the proper security policies required to meet UK Government standards for delivery of technology services as part of the National Cyber Security Centre (NCSC). In order to achieve this, you must develop a framework of UK Government-approved policies and standards for your IT infrastructure (see below).
1. 12 servers running Microsoft Server 2016, providing the following:
a. Active Directory (AD)
b. Domain Name System (DNS)
c. Dynamic Host Configuration Protocol (DHCP)
d. Enterprise Resource Planning (ERP) application (Oracle)
e. A Research and Development (R&D) Engineering network segment for testing, separate from the production environment
f. Microsoft Exchange Server for e-mail
g. Symantec e-mail filter
h. Websense for Internet use
2. Two Linux servers running Apache Server to host your Web site
3. 420 PCs/laptops running Microsoft Windows 10, Microsoft Office 2016, Microsoft Visio, Microsoft Project, and Adobe Reader
As part of your role you should create a framework of policies in the format of one (1) page table that are UK Government compliant for the organisation’s IT infrastructure. The framework of policies you create must pass UK Government -based requirements. Currently, your organisation does not have any UK Government contracts and thus has no UK Government-compliant security policies or controls in place. You should identify 3 high-priority security controls for your organisation.
You should write an executive report of no more than two (2) pages that discusses the elements of the framework, what elements are essential, and which elements could be optional. It is imperative that the executive report should have a professional look and should be precise. After all it will be submitted to the company’s executive team as the result of your work. Also, it should include your rationale behind your decisions.
In order to complete the task, you should work on and consider the following: