Uploaded by alamuodi11

TCS3274 - Information Systems Security - Assignment 1

advertisement
KOTA DAMANSARA
EXAMINATIONS DEPARTMENT
BACHELOR IN
INFORMATION TECHNOLOGY
__________________________________________________________
SUBJECT: INFORMATION SYSTEM SECURITY
SUBJECT CODE: TCS3274
Assessment – 30%
Assignment 1 – SECURITY PLANNING IN AN ORGANIZATION
Question
1. The Security Plan assignment, involves the design of a security plan based on a given case
study.
The word limit should be no less than 3,500 words with an upper limit of 4,000 words
excluding attachments.
2.
The learning objectives of the Security Plan Assignment are for you to recognize the
threats that exist in your current or future work place. The complacent and lackadaisical approach
many organizations have towards the security of their information holdings is common. You have,
through your research, the opportunity to identify the threats, outline security guidelines and
develop a robust and pragmatic training programme.
You should develop a plan that you would regard as helpful to you, the information user, as well
as protecting your organization’s information environment. Use your imagination in combination
with a wide-range of material you glean from your research.
3.
You are required to complete and submit a security plan based on the following scenario:
a) You are the recently appointed head of a security team responsible for protecting the
information holdings of a business organization of some 600 staff. The organization is housed in
a detached, multistoried building located in the central business district of Kuala Lumpur city.
b) The security team is responsible for overseeing the security of information from deliberate
and accidental threats. A recent audit of the information security management system found it to
be deficient in some key areas, notably incident response, disaster recovery and business
continuity, social engineering exploitation of personnel, an apparent lack of personnel awareness
of the various threats to information, and poor password security. These issues were identified as
needing urgent remedy.
c) Technical systems were found to be reasonably effective in maintaining database and
document management security, and were well serviced by the IT team.
4.
Management has directed you to undertake some security analysis and planning to improve
the organization’s security of information. You are tasked to:
a) Identify and describe the organization’s physical, human, and electronic threats information
holdings that may be at risk.
b) Design a security plan that describes counter-measures that will manage the threats that put
the organization’s information holdings at risk
c) Develop a comprehensive information security education and awareness programme for use
by management, staff members and contractors).
5.
Use the marking sheet as a possible template to prepare your security plan.
The report must contain the following:
Report cover page: (All the information related to your submission)
Table of content:
Report format:
1. All report must be write using word processing software.
2. Font Times New Roman, Font size 12pt, 1.5 spacing.
3. All the table and figure/diagram must have caption.
4. All title must be bold/underline.
Reference: (at least 10 references and appropriate Citations, follow APA or Harvard citation
format).
TCS 3274 – ASSESSMENT VALUE 30%
MARKING SCHEME MARKS SCORED
1. Security Plan
- 25 Marks
 Identifying the risks
 Identifying the threats
 Identifying the organizational security needs
 Setting the meaningful security priorities
 Forecasting the possible threats
 Focusing on possible effects and consequences
 Identifying the constraints to meet the organizations security obligations
2. Risk Analysis of Organization
- 25 Marks
 Organizations Physical Holdings at risk
 Organizations Human holdings at risk
 Organizations Electronic holdings at risk
3. Potential Threats for an Organization
- 25 Marks
 Physical Threats
 Human Threats
 Electronic Threats
4. Security plan with counter measures
- 25 Marks
 Physical Counter Measures
 Human Counter measures
 Electronic Counter measures
References and Citations – 5 marks includes for all the above research each reports.
*** Late Submission, 10 marks be reduced per day from the overall scored. ***
EXAMINER COMMENTS:
STUDENT SCORED:
ASSESSMENT VALUE 30%:
Download