You should indicate key tasks that need to be performed and hardware that needs to be purchased (don’t list equipment exhaustively, rather state in what order equipment should procured and deployed). You should include a broad schedule of tasks; again, there is no need to be over-specific.
The third part describes an initial version of a business continuity plan for the organisation, the target audience of which are the organisation's managers. You may follow the template structure that was presented in the lecture, or else adopt your own, but it is essential that you include a basic security policy that relates to at least one of the issues identified in the second, security assessment part of your report.
The organisation is essentially of your own choice. It could be fictitious (made up) or a real organisation; you may also use the University. It must not be a real organisation without the express and written permission from a senior person within the organisation. If you are using a real organisation, make sure you are not including any confidential information in your coursework report.You may consult with the coursework setter for preliminary feedback on the suitability of your solution during the coursework briefing session and within the specified time of up to one week after the end of the second teaching week.
REPORT STRUCTURE
Please use font size 11pt Arial throughout the report. Overall, your report should consist of 12 pages, including references. Only key sources should be referenced, such as conference and journal papers or white papers, further documenting your chosen security framework(s).
References should take the following form: full list of authors (i.e. not ‘et al.’), title of paper/book, title of journal (publisher if a book), year of publication, volume number and first and last page numbers. If you are using a Web reference, the full URL must be included along with the date of access. The references should be listed at the end of the report, but assimilated into the text; identified by the reference number in square parentheses (this is the Vancouver referencing style).
Please use the following more detailed guidelines concerning the structure of your report:
· Executive Summary (1 Page)
· Security Assessment Report (6 Pages)
· Identification of Critical Assets, Threat and Vulnerability Assessment, Risk (5 Pages)
· Prioritised List of Issues (1 Page)
· Business Continuity Plan (4 Pages)
· Description of Continuity Plan
· Security Policy
ASSESSMENT CRITERIA – MARKING SCHEME
This coursework component contributes to 50% of the overall module grade. The marking scheme of this assignment is based on several criteria with corresponding weights, given as follows:
· Executive Summary (Suitable Title and Author information, introduces organisation and team, summarises security assessment activities and main findings) – 10%
· Security Assessment – 35% (Correct application and use of chosen framework(s), completeness, specific and realistic, correct terminology and/or use of formal worksheets)
· Business Continuity Plan – 25% (Specific and realistic, quality of security policy, relates to security assessment)
· Scope – 20% (Breadth and depth of the report, technical accuracy)
· General Presentation (Use of language, adherence to formatting instructions, professional appearance, appropriate addressing of target audience, quality of diagrams, use of references) – 10%
SUBMISSION INFORMATION
You may consult with the coursework setter for preliminary feedback on the suitability of your solution during the coursework briefing session and within the specified time of up to one week after the end of the second teaching week.
The report needs to be submitted as softcopy only, by uploading to Canvas, using the provided link. The deadline for submission of the completed coursework is Friday April 3rd. Once the deadline has passed, a late coursework link will still be available for you in case you had difficulties with the submission, but you need to e mail the coursework setter if you have used it and you may experience a penalty. You will receive written feedback, including your mark, 3 working weeks after the submission deadline.