KOTA DAMANSARA EXAMINATIONS DEPARTMENT BACHELOR IN INFORMATION TECHNOLOGY __________________________________________________________ SUBJECT: INFORMATION SYSTEM SECURITY SUBJECT CODE: TCS3274 Assessment – 30% Assignment 1 – SECURITY PLANNING IN AN ORGANIZATION Question 1. The Security Plan assignment, involves the design of a security plan based on a given case study. The word limit should be no less than 3,500 words with an upper limit of 4,000 words excluding attachments. 2. The learning objectives of the Security Plan Assignment are for you to recognize the threats that exist in your current or future work place. The complacent and lackadaisical approach many organizations have towards the security of their information holdings is common. You have, through your research, the opportunity to identify the threats, outline security guidelines and develop a robust and pragmatic training programme. You should develop a plan that you would regard as helpful to you, the information user, as well as protecting your organization’s information environment. Use your imagination in combination with a wide-range of material you glean from your research. 3. You are required to complete and submit a security plan based on the following scenario: a) You are the recently appointed head of a security team responsible for protecting the information holdings of a business organization of some 600 staff. The organization is housed in a detached, multistoried building located in the central business district of Kuala Lumpur city. b) The security team is responsible for overseeing the security of information from deliberate and accidental threats. A recent audit of the information security management system found it to be deficient in some key areas, notably incident response, disaster recovery and business continuity, social engineering exploitation of personnel, an apparent lack of personnel awareness of the various threats to information, and poor password security. These issues were identified as needing urgent remedy. c) Technical systems were found to be reasonably effective in maintaining database and document management security, and were well serviced by the IT team. 4. Management has directed you to undertake some security analysis and planning to improve the organization’s security of information. You are tasked to: a) Identify and describe the organization’s physical, human, and electronic threats information holdings that may be at risk. b) Design a security plan that describes counter-measures that will manage the threats that put the organization’s information holdings at risk c) Develop a comprehensive information security education and awareness programme for use by management, staff members and contractors). 5. Use the marking sheet as a possible template to prepare your security plan. The report must contain the following: Report cover page: (All the information related to your submission) Table of content: Report format: 1. All report must be write using word processing software. 2. Font Times New Roman, Font size 12pt, 1.5 spacing. 3. All the table and figure/diagram must have caption. 4. All title must be bold/underline. Reference: (at least 10 references and appropriate Citations, follow APA or Harvard citation format). TCS 3274 – ASSESSMENT VALUE 30% MARKING SCHEME MARKS SCORED 1. Security Plan - 25 Marks Identifying the risks Identifying the threats Identifying the organizational security needs Setting the meaningful security priorities Forecasting the possible threats Focusing on possible effects and consequences Identifying the constraints to meet the organizations security obligations 2. Risk Analysis of Organization - 25 Marks Organizations Physical Holdings at risk Organizations Human holdings at risk Organizations Electronic holdings at risk 3. Potential Threats for an Organization - 25 Marks Physical Threats Human Threats Electronic Threats 4. Security plan with counter measures - 25 Marks Physical Counter Measures Human Counter measures Electronic Counter measures References and Citations – 5 marks includes for all the above research each reports. *** Late Submission, 10 marks be reduced per day from the overall scored. *** EXAMINER COMMENTS: STUDENT SCORED: ASSESSMENT VALUE 30%: