For this module, summative assessment will be via this single in-course assignment; to support evidencing achievement of the learning outcomes for the module, a written critical analysis report forms the basis of the module assessment.
The assignment ‘Information Assurance and Risk Management White Paper’ is worth 100% of the total mark. It is an individual assessment and should therefore be all your own work. Students should not collude or plagiarise work. Appropriate action will be taken, according to Northumbria University regulations, if collusion or plagiarism is suspected. Please see the section on academic integrity for clarification.
The assignment ‘Information Assurance and Risk Management White Paper’ covers Learning Outcomes 1-5 in full. On completion of the module, you should be able to achieve the following.
The assessment task requires you to engage with a scenario which sees you commissioned by ‘Cerious Cybernetics Corp.’ a private cybernetics research and development company to identify fit- for-purpose, robust and comprehensive information assurance and risk management policies, procedures and practices which will ensure successful information assurance for their business via cutting edge and relevant risk assessment, treatment and management both in the current climate and also, for future provision.
Cerious Cybernetics Corp. has its headquarters in London, England, employing a total of 60 full time staff and at any given time upwards of 20 agency staff. The headquarters is the location for the core business functions such as Human Resources, Finance, IT, data governance, legal resources and service level agreements (including those for customers and with the agencies supplying staff). Cerious Cybernetics Corp. currently has a number of ongoing research and development contracts, including the UK Ministry of Defence and the United States Department of Defence.
The Cerious Cybernetics Corp. executive about every aspect of information assurance (from a combined, managerial, organisational and technical perspective) and risk management (from an organisational context). The white paper should aim to aid Cerious Cybernetics Corp.’s understanding and ultimately, ability to make a decision on which policies, procedures need developing and implementing within the organisation and also ensure any associated resource implications can be successfully supported.
The Cerious Cybernetics Corp. executive has further requested that you produce asample Service Improvement Plan (SIP) within your white paper as part of the wider review (although this would normally be a discrete document, please integrate it for the purposes of this assessment); specifically, they want the detailed explanation to focus on the scenario of ransomware (please see the following article for an example including infrastructure and data is kept secure.
Please note, there are various types of white paper but what is required here is a standard white paper not a technical white paper. If you’re unsure what a white paper is, guidance will be provided in class but you should also see the following
Although the structure can be more comprehensive, for the purposes of this assessment, your white paper should contain as a minimum the following:
It is expected that you will use quality sources to justify and support points being made in addition to evidencing wider reading and understanding. There are marks available specifically for this (see below). The criteria for assessing the quality of the report will focus on:
Relevance, appropriateness, accuracy, completeness and cohesive presentation of the topic and proposals/solutions: the white paper (including the sample SIP) should present up-to-date and current information which is directly appropriate and relevant to the Cerious Cybernetics Corp. commission/brief described above. All information contained within the paper should be accurate and unambiguous. The scope and proposals/solutions should be entirely relevant to the request (both overall and for the SIP) and shouldn’t contain elements which are either unrelated or only loosely related. Exploration of the area concerned and proposals/solutions are cohesive and the subtopics presented have a logical flow.
Evidence of information assurance, risk management and professional understanding: the white paper (including the sample SIP) should cover information assurance, risk management and professional factors relevant to the commission/brief. Information assurance, risk management and professional factors have been fully understood, with no evidence of confusion or lack of important detail/depth.
Use of high-quality information sources: extensive use of information sources which are not-outdated, are reputable and established as being reliable, valid and accurate should be use.
Effective communication: the paper should be well written, easily understood with good flow and clarity. The content should be explained in a way that can be easily understood by the reader given Cerious Cybernetics Corp. Executives may have limited subject knowledge or professional understanding.
Report writing style: the paper should be professionally presented with all expected components/formatting specified below and expected from a white paper. It should make good use of English language with an appropriate writing style and formal, professional tone. It should be error free with no grammatical, spelling mistakes or typo mistakes.