Information Security Risks Report - Analysis, Governance, Compliance and Recommendations

Selected Topic and Its Relevance

This is a formal piece of work covering all LOs in the Module Descriptor. You are a newly recruited information security expert at Napier Partners LLC, an international firmof consultants with offices across the world. Existing and prospective clients include commercial companies, public sector organisations and the third sector.

In the light of the recent high profile of poorly-handled information security incidents, You have been asked to write a 3000-white paper style report, aimed at senior management which researches and evaluates one of the topics listed below, identifying the information security risks involved, and appropriate responses.

You should base your report on academic and credible professional sources. Illustrate and analyse the issues using examples from current news stories (from 2018 onwards). It should be clear how you decided the sources used can be considered credible.

1. The increasing use of centralised monitoring and automated responses in the management of information security, such as SOCs, SIEMs and SOARs.
2. Serverless computing, digital supply chains and the move to hosting core information on externally supplied services.
3. Current challenges in identification, authentication and access control.
4. “People are the weakest link”: The roles of culture and technology in managing insider threats and social engineering.
5. Incident response models in the context of the evolving threat of ransomware.

In more detail, the report should follow the following structure:

• Cover sheet (as described below)
• Executive summary
• Introduction: An overview of the aim and scope of the white paper and its intended purpose, and the context (eg the sector and region being addressed if relevant).
• Contextual information: An overview of the area under discussion, making use of relevant academic sources, explaining key terms, giving examples.
• Explanation of current issues: illustrated using examples from relevant and current news stories.

It should explain how they relate to the issue that you have selected. Relevant frameworks and laws should be identified and evaluated.

• Evaluation of implications: Should identify and evaluate

Any governance and compliance challenges raised

The professional roles involved

The relationship with other information security processes (for example risk management, incident response)

The Conclusion should wrap up the discussion, identify key points and recommendations to management, and consideration of the impact of any likely developments in next few years.

Information Security issues are now regularly in the news and well reported, so you should have no problems finding examples to illustrate your report.

The online discussion forum should be used to ask questions. The Module leader will be available to discuss your coursework ideas before you start work. There will be time allowed for this during the online and offline tutorial activities – so engagement is very important. Please avoid email queriesif possible.

You should use the supplied rubric as guidance on the marking expectations. Remember to bear in mind the relative marking weights of each section when working out target word counts.

The aim of these individual assignments is to assess your knowledge, understanding, application, etc. of the module material. Copying from any source or collusion between two or more students preventsthis aim from being achieved. So, the content of sources used must be EXPLAINED, not copied; you may help each other by DISCUSSION only, not by sharing material you have written. Copying and collusion are serious matters and will be dealt with through the University’s Academic Conduct Regulations.

This assignment is due to be submitted via Moodle on or before the due date noted above. You should use the originality report generated by the Turnitin service to help ensure that your article contains no unquoted direct copying from any source (note that a score of less than 7% is very unusual). Note also that Turnitin does not detect all forms of plagiarism and that all sources used should be cited.

If you have any problems with this assignment, please contact the module leader, preferably well before the submission date. Grades and feedback will be available to students as indicated on the Module Plan on Moodle. Work submitted after the due date will be marked and receive a maximum mark of P1 (the lowest pass). Prior warning of problems will help avoid penalties.

The report will be marked online. Please take this into account when preparing your document. You should writing using formal business English. Your work should be properly referenced throughoutand include a reference list.

The target length of the main text is given above. It is suggested that your work should be near the upper limit; report of much less is unlikely to contain adequate content, which will reduce the marks available. Works 10% over the wordcount (ie 3300) will be reduced.

You may include appendices, tables and diagrams, the content of which are not included in the main word count. They can be used to justify and support the arguments in the main text; they cannot earn you marks in their own right.