QAC020X352 Cyber Security

Students who successfully complete this module will be able to:

1.Identify and critically analyse information security threats to computer networks and management information systems. (management of information systems | Managing information systems)

2.Critically evaluate the range of effective security controls used to protect system and user data.

3.Synthesize solutions to security problems through effective information security governance.

4.Create understanding of professional, social, ethical and legal issues associated with cyber security.

Assessment deadline: Coursework1: Individual Assessment – 40%

Assignment Report 40% (up to 2500 words): Individual assignment based on the given scenario. Individual Report Submission by 10/08/2020 (no later than 2pm). This should be submitted via Turnitin as a Microsoft Word file.

Examination: Examination – 60% (2 hours- unseen) TBC

An end of course examination will be conducted in week 12 which follows delivery structure and exercises set in the workshops. This examination will assess module learning outcomes 1,2 and 4.

Kind reminder: You MUST make a reasonable attempt at your assignment and submit it. Failure to do so may result in CAPPED Resit and/or failure of the module.

It is also student’s full responsibility to ensure that all assignments are submitted on the correct link and on time before the submission date.

Deliverables: Coursework 1

Coursework 1 is an individual report and will be submitted as a word document (up to 2500 words in total including all diagrams, documentation and description) via Turnitin on Moodle and must include all the required components.

Coursework 1 is worth 40% of the overall assignment. The marking criteria are outlined below.

Assignment Preparation Guidelines

1. All components of the assignment report must be word processed (hand written text or hand drawn diagrams are not acceptable), font size must be within the range of 12 point to 14 point including the headings, body text and any texts within diagrams.

2. Standard and commonly used fonts such as Times New Roman, Arial or Calibri should be used.

3. Your document must be aligned left or justified with line spacing of 1.5.

4. All figures, graphs and tables must be numbered and labelled.

5. You must provide screen shots of any commands used in your ethical/Hacking tests.

6. You have cited your work thoroughly by using Harvard referencing style.

7. Material from external sources must be properly referenced and cited within the text using the Harvard referencing system.

8. All components of the assignment (text, diagrams. Code etc.) must be submitted in one Word file.

Second Assessment: Examination – 60% (2 hours- unseen)

An end of course examination will be conducted in week 12 which follows delivery structure and exercises set in the workshops. Students will have access to sample formative feedback on tasks set in workshops and mock online tests thereby helping them to improve their understanding of topics covered in this module and to prepare them for this exam. This assignment will assess module learning outcomes 1,2 and 4.  

Overall, the assessments in this module fall into two categories i.e. coursework and examination with the following weightings:

Using the given scenario, students will demonstrate an in-depth understanding of information security governance outcomes with management directives and will provide guidance for Information Security Managers on how to develop an information security strategy within the organisation’s governance framework and how to drive that strategy through an information security program.

The Scenario-Individual Assessment

You have just been appointed as Security Manager in a multinational pharmaceutical company in West Midlands. You are responsible for physical, IT and information/data security. The company conducts research into medicines and vaccines for the treatment of HIV/AIDS, tuberculosis and malaria on behalf of the WHO. The organisation applies information governance standard ISO27001 and implements a security strategy which is not imposed on everybody due to individual’s differing workload

Task 1: [50%]

You need to assess the existing threats of the organization in line with the given scenario by carrying out ethical hacking/ penetration testing. You can use your selected security testing tools or other tools/techniques to identify the vulnerabilities, threats and risks which can be physical, IT infrastructure and information/data security within this organisation.

a.Critically evaluate the choice of your investigation tools and techniques using screenshots and appropriate description of each steps.

b.You should compile your list of threats (10 threats, sort them by importance) in order of importance and use a table such as the one below to provide extra information. You should include the countermeasures against each threat you have listed.

Table 1: Example as reference.

Note: For anything not mentioned, you are to assume that it is not present: e.g. secure locks, armed guards etc. You are free to make any assumptions you wish regarding your understanding of the various operations of the company, providing that you clearly state these in your report.

Task 2: [45%]

The current security strategy is not effectively managed and followed by employees and may result in further problems if not dealt with immediately.

Therefore, you will identify the importance of security policy and write an information security policy for management purposes.  It should identify suitable countermeasures and how these can be implemented, e.g. through awareness training, monitoring, feedback and reporting.

Presentation, Report Layout and References: [5%]       

You are required to use the appropriate report layout and formatting style (see the guidelines below) as well as academic citations and a reference list. Your report should be free from grammatical and spelling errors.

Marking Criteria – Coursework 1

Task 1:

You have investigated the ethical hacking/penetration testing to identify the threat vulnerabilities by using appropriate tools like network sniffer, port scanner, and system log analysis, auditing (physical security) and evaluate critically. You made use of tools like (Namp/Xenmap or Wireshark etc) and provided screenshots. (25 Marks)

You have considered the whole scenario and produced a list of likely security threats based on their business impact.

You have suggested logical countermeasures against each of the threat.

Task 2:

You have discussed the importance of having a security policy in an organisation. You have outlined a short brief between security governance and security policy. You have used academic literature to support your arguments.

The policy must include:

Background and purpose. (5 Marks)

Scope. (5 Marks)

Roles and responsibilities (5 Marks)

Policy framework (5 Marks)

Distribution, training and implementation (5 Marks)

Monitoring, feedback and reporting (5 Marks)

Business continuity (5 Marks)