ESOFT METRO CAMPUS #3, De Fonseka Road, Colombo 04. Higher National Diploma in Computing & Systems Development / Business Management Name ESOFT Reg. No Edexcel No Module Name Name of the Lecturer Date Due Date Submitted Fine Email-Address Contact No Check List () CD Name of Group Applicable) Members (If Managing a Successful Computing Project Formatting Sheet Harvard Referencing Assignment Brief Signature on Student Declaration Signature on Coversheet Herewith I agree for the given terms and conditions on plagiarism & Academic dishonesty also I declare the work submitted doesn’t breach these regulation. Note: Keep the softcopy of the assignment with you until the official results released by ESOFT. ESOFT has all rights to request the softcopy again at any time. _________________ ________________________ Signature Date Higher National Diploma in Computing & Systems Development / Business Management Assignment Submission Form Name Student Reg. No Edexcel No Module Name Name of the Lecturer Date Due Date Submitted Fine Email-Address Contact No Check List () CD Managing a Successful Computing Project Assignment Brief Signature Coversheet Formatting Sheet on Harvard Referencing Signature on Student Declaration I will keep the copy of this sheet until I receive the Results of my Submitted work _______________________ ________________________ Signature Date Higher Nationals Internal verification of assessment decisions – BTEC (RQF) INTERNAL VERIFICATION – ASSESSMENT DECISIONS Programme title BTEC Higher National Diploma in Computing Assessor Unit(s) Assignment title Internal Verifier Unit 6 Managing a Successful Computing Project Vulnerability Assessment – Management Information System (MIS) Project Student’s name List which assessment criteria the Assessor has awarded. Pass Merit Distinction INTERNAL VERIFIER CHECKLIST Do the assessment criteria awarded match those shown in the assignment brief? Y/N Is the Pass/Merit/Distinction grade awarded justified by the assessor’s comments on the student work? Y/N Has the work been assessed accurately? Y/N Is the feedback to the student: Give details: • Constructive? • Linked to relevant assessment criteria? Y/N Y/N • Identifying opportunities for improved performance? Y/N • Agreeing actions? Y/N Does the assessment decision need amending? Y/N Assessor signature Date Internal Verifier signature Date Programme Leader signature(if required) Date Confirm action completed Remedial action taken Give details: Assessor signature Date Internal Verifier signature Date Programme Leader signature (if required) Date Higher Nationals - Summative Assignment Feedback Form Student Name/ID Unit Title Unit 6 Managing a Successful Computing Project Assignment Number 1 Assessor Submission Date Date Received 1st submission Re-submission Date Date Received 2nd submission Assessor Feedback: LO1. Assess risks to IT security Pass, Merit & Distinction P1 Descripts LO2. Describe IT security solutions. P2 M1 D1 Pass, Merit & Distinction Descripts P4 M2 D1 P3 LO3. Review mechanisms to control organisational IT security. Pass, Merit & Distinction P5 P6 M3 Descripts M4 D2 LO4. Create and use a Test Plan to review the performance and design of a multipage website. Pass, Merit & Distinction Descripts Grade: P7 P8 M5 D3 Assessor Signature: Date: Assessor Signature: Date: Resubmission Feedback: Grade: Internal Verifier’s Comments: Signature & Date: * Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and grades decisions have been agreed at the assessment board. Pearson Higher Nationals in Computing Unit 6: Managing a Successful Computing Project General Guidelines 1. A Cover page or title page – You should always attach a title page to your assignment. Use previous page as your cover sheet and be sure to fill the details correctly. 2. This entire brief should be attached in first before you start answering. 3. All the assignments should prepare using word processing software. 4. All the assignments should print in A4 sized paper, and make sure to only use one side printing. 5. Allow 1” margin on each side of the paper. But on the left side you will need to leave room for binging. Word Processing Rules 1. Use a font type that will make easy for your examiner to read. The font size should be 12 point, and should be in the style of Time New Roman. 2. Use 1.5 line word-processing. Left justify all paragraphs. 3. Ensure that all headings are consistent in terms of size and font style. 4. Use footer function on the word processor to insert Your Name, Subject, Assignment No, and Page Number on each page. This is useful if individual sheets become detached for any reason. 5. Use word processing application spell check and grammar check function to help edit your assignment. Important Points: 1. Check carefully the hand in date and the instructions given with the assignment. Late submissions will not be accepted. 2. Ensure that you give yourself enough time to complete the assignment by the due date. 3. Don’t leave things such as printing to the last minute – excuses of this nature will not be accepted for failure to hand in the work on time. 4. You must take responsibility for managing your own time effectively. 5. If you are unable to hand in your assignment on time and have valid reasons such as illness, you may apply (in writing) for an extension. 6. Failure to achieve at least a PASS grade will result in a REFERRAL grade being given. 7. Non-submission of work without valid reasons will lead to an automatic REFERRAL. You will then be asked to complete an alternative assignment. 8. Take great care that if you use other people’s work or ideas in your assignment, you properly reference them, using the HARVARD referencing system, in you text and any bibliography, otherwise you may be guilty of plagiarism. 9. If you are caught plagiarising you could have your grade reduced to A REFERRAL or at worst you could be excluded from the course. Student Declaration I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as my own without attributing the sources in the correct way. I further understand what it means to copy another’s work. 1. I know that plagiarism is a punishable offence because it constitutes theft. 2. I understand the plagiarism and copying policy of the Edexcel UK. 3. I know what the consequences will be if I plagiaries or copy another’s work in any of the assignments for this program. 4. I declare therefore that all work presented by me for every aspects of my program, will be my own, and where I have made use of another’s work, I will attribute the source in the correct way. 5. I acknowledge that the attachment of this document signed or not, constitutes a binding agreement between myself and Edexcel UK. 6. I understand that my assignment will not be considered as submitted if this document is not attached to the attached. Student’s Signature: (Provide E-mail ID) Date: (Provide Submission Date) Assignment Brief Student Name /ID Number Unit Number and Title Unit 6: Managing a Successful Computing Project Academic Year 2017/2018 Unit Tutor Assignment Title Vulnerability Assessment - Management Information System Project Issue Date Submission Date IV Name & Date Submission Format: The submission is in the form of an individual written report. This should be written in a concise, formal business style using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as appropriate, and all work must be supported with research and referenced using the Harvard referencing system. Please also provide an end list of references using the Harvard referencing system. Unit Learning Outcomes: LO1 Establish project aims, objectives and timeframes based on the chosen theme. LO2 Conduct small-scale research, information gathering and data collection to generate knowledge to support the project. LO3 Present the project and communicate appropriate recommendations based on meaningful conclusions drawn from the evidence findings and/or analysis. LO4 Reflect on the value gained from conducting the project and its usefulness to support sustainable organizational performance. Assignment Brief and Guidance: Vulnerability Assessment - Management Information System (MIS) Project Management Information Systems (MIS) plays a very important role in today’s organizations; it creates an impact on the organization’s functions, performance and productivity. A Management Information System (MIS) ensures that an appropriate data is collected from the various sources, processed and send further to all the needy destinations. A system is expected to fulfill the information needs of an individual, a group of individuals, management functionaries, managers and top management to improve efficiency and productivity. On contrary, any system can be compromised with vulnerability issues. This is mostly in area of confidentiality, integrity and availability (security triangle). You’re advised to provide solutions for improvements for a selected Management Information System’s in a selected organization in the area of how to improve aspects of confidentiality, integrity and availability (security triangle) through a vulnerability study assessment. You should investigate the causes and impacts of vulnerabilities within computing systems and explore the solutions to the problems presented in order to make recommendations to improve their security for Management Information System. The expected solution of the project is a vulnerability assessment and action plan which includes, issues of varying severity. In general, the vulnerability assessment may focus on a test of security infrastructure devices, network servers, operational systems (including Windows and Linux), physical security of buildings, and wireless internet security. You have to mainly focus on how can vulnerabilities in an existing system be identified and counteracted. Discover unknown entry points both physical and electronic – that is threat to the overall confidentiality, integrity, and availability of network data and resources. Problem can be discovered in the areas of installing, configuring, and maintaining servers and infrastructure equipment as well as practices of different department managers and staff tend to have different ways of managing their IT. Recommendations for standardization of upcoming infrastructure installations, configurations, and maintenance. Educate and increase user awareness on what they could change to improve their security situation in order to build confidence of using the Management Information System An action plan to keep their environment secure. Your role as a student researcher means that you are not trying to perform a specific solution to any vulnerability problem case. You have to make expert recommendations on how to tighten security controls, based on a proven assessment methodology, that are in the best interest of the specific project of Management Information System which may eliminate unnecessary entry points that would greatly reduce the threat. Introducing of a set of policies and procedures for the entire Management Information System help eliminate threats through network entry points and infrastructure. The vulnerability trends and recurring issues that needed careful attention. The project span 03 months in order to provide an accurate snapshot of their current security posture. The benefit of the project is that it provides a greater awareness among the entire staff about how any vulnerability or weakness in any functional area affects the overall security posture of the Management Information System at large. You are required to provide a full report on vulnerabilities you found and how you educate the Management Information System staff on what they could change to improve their security situation with an action plan to keep their environment secure. TASK – 01 1.1 Describe aims and objectives for vulnerability assessment project which you’re introducing. Your explanation should include a brief introduction about the company, the MIS and other relevant information to the assessment project. 1.2 Produce a comprehensive project management plan, the plan should include milestone schedule and project schedule for monitoring and completing the aims and objectives of the project that includes cost, scope, time, quality, communication, and risk and resources management. 1.3 Produce a work breakdown structure and a Gantt chart to provide timeframes and stages for completion. TASK – 02 2.1 Explain qualitative and quantitative research methods appropriate for meeting project aims and objectives which you produced as vulnerability assessment project. 2.2 Evaluate the project’s management process and appropriate research methodologies applied, the accuracy and reliability of different research methods applied for the small scale research TASK – 03 3.1 Analyze research data using appropriate tools and techniques. 3.2 Describe appropriate recommendations as a result of research and data analysis to draw valid and meaningful conclusions. 3.3 Evaluate the selection of appropriate tools and techniques for accuracy and authenticity to support and justify recommendations. TASK – 04 4.1. Provide a reflection on the value of undertaking the research to meet stated objectives with your own learning and performance which includes a discussion of the project outcomes, its usefulness to support sustainability of the given organization and its’ performance, the decisionmaking process and changes or developments of the initial project management plan to support justification of recommendations and learning during the project. 4.2. Evaluate the value of the project management process and use of quality research to meet stated objectives and support own learning and performance. Grading Rubric Grading Criteria LO1 Establish project aims, objectives and timeframes based on the chosen theme P1 Devise project aims and objectives for a chosen scenario. P2 Produce a project management plan that covers aspects of cost, scope, time, quality, communication, risk and resources. P3 Produce a work breakdown structure and a Gantt Chart to provide timeframes and stages for completion. M1 Produce a comprehensive project management plan, milestone schedule and project schedule for monitoring and completing the aims and objectives of the project. LO2 Conduct small-scale research, information gathering and data collection to generate knowledge to support the project P4 Carry out small-scale research by applying qualitative and quantitative research methods appropriate for meeting project aims and objectives. M2 Evaluate the accuracy and reliability of different research methods applied. D1 Critically evaluate the project management process and appropriate research methodologies applied. LO3 Present the project and communicate appropriate recommendations based on meaningful conclusions drawn from the evidence findings and/or analysis Achieved Feedback P5 Analyse research and data using appropriate tools and techniques. P6 Communicate appropriate recommendations as a result of research and data analysis to draw valid and meaningful conclusions. M3 Evaluate the selection of appropriate tools and techniques for accuracy and authenticity to support and justify recommendations. LO4 Reflect on the value gained from conducting the project and its usefulness to support sustainable organisational performance P7 Reflect on the value of undertaking the research to meet stated objectives and own learning and performance. M4 Evaluate the value of the project management process and use of quality research to meet stated objectives and support own learning and performance. D2 Critically evaluate and reflect on the project outcomes, the decision making process and changes or developments of the initial project management plan to support justification of recommendations and learning during the project. Acknowledgment I would like to express my special thanks of gratitude to my teacher who gave me the excellent opportunity to do this wonderful network assignment, which also helped me to doing a lot of Research, and I came to know about so many new things. I am really thankful to them. Secondly, I would also like to thank my parents and friends who helped me a lot in finalizing this project within the limited period. V.DINOJAN MSCP Assignment No: 1 ii Table of Contents Introduction ..................................................................................................................... 5 TASK – 01 ......................................................................................................................... 6 1.1 Describe vulnerability assessment project aims and objectives with a brief introduction of company profile. .......................................................................................................... 6 1.2 Produce a comprehensive project management plan, milestone schedule and project schedule for monitoring and completing the aims and objectives of the project that includes cost, scope, time, quality, communication, risk and resources management. ....... 9 Introduction to the Risk Management Plan Template ..................................................... 11 Scope ............................................................................................................................. 11 Schedule Management plan ........................................................................................... 12 Risk Management Processes ........................................................................................... 15 1.1 Identify vulnerabilities................................................................................................. 15 1.2 Analyze Risks .............................................................................................................. 16 1.3 Risk Response Planning ................................................................................................... 17 1.3 Risk Monitoring and Control ........................................................................................ 17 Cost Management .......................................................................................................... 18 Communications Management ....................................................................................... 18 Resource Management ................................................................................................... 18 1.3 Produce a work breakdown structure and a Gantt chart to provide timeframes and stages for completion. .................................................................................................... 20 TASK – 02 ....................................................................................................................... 22 2.1 Explain qualitative and quantitative research methods appropriate for meeting project aims and objectives. ....................................................................................................... 22 2.2 Evaluate the project management process and appropriate research methodologies applied, the accuracy and reliability of different research methods applied for the small scale research................................................................................................................. 30 TASK – 03 ....................................................................................................................... 34 3.1 Analyze research data using appropriate tools and techniques. ................................. 34 3.2 Describe appropriate recommendations as a result of research and data analysis to draw valid and meaningful conclusions. .......................................................................... 37 3.3 Evaluate the selection of appropriate tools and techniques for accuracy and authenticity to support and justify recommendations. .................................................... 42 4.1. Provide a reflection on the value of undertaking the research to meet stated objectives with your own learning and performance which includes a discussion of the project outcomes, its usefulness to support sustainability of the given organization and its’ performance, the decision-making process and changes or developments of the initial project management plan to support justification of recommendations and learning during the project........................................................................................................... 44 V. DINOJAN MSCP Assignment No: 1 iii References ..................................................................................................................... 48 V. DINOJAN MSCP Assignment No: 1 iv MSCP Assignment No: 1 iv Introduction Risk management is one of the most important aspects in creating information systems. The most frequent reason for project failure is uncontrolled risk management where risks were not analyzed at all or insufficiently or counter-measure to reduce or eliminate potential risks was not adopted. The authors describe the approach that is based on the method of scenarios and the method of structured interviews but further quantifies the obtained information and, by creating a hierarchy of potential risks based on the probability of their materialization and the level of their impact, provides a clear instruction as to where to mostly focus in minimizing such risks. The fundamental precept of information security is to support the mission of the organization. All organizations are exposed to uncertainties, some of which impact the organization in a negative manner. In order to support the organization, IT security professionals must be able to help their organizations’ management understand and manage these uncertainties. Managing uncertainties is not an easy task. Limited resources and an ever-changing landscape of threats and vulnerabilities make completely mitigating all risks impossible. Therefore, IT security professionals must have a toolset to assist them in sharing a commonly understood view with IT and business managers concerning the potential impact of various IT security related threats to the mission. This toolset needs to be consistent, repeatable, and cost-effective and reduce risks to a reasonable level. Risk management is nothing new. There are many tools and techniques available for managing organizational risks. There are even a number of tools and techniques that focus on managing risks to information systems. MSCP Assignment No: 1 5 TASK – 01 1.1 Describe vulnerability assessment project aims and objectives with a brief introduction of company profile. Vulnerability assessment Vulnerability assessment it is a security analysis that has the goal of identifying all the potential vulnerabilities of systems and applications. Highly qualified personnel, in a second moment, integrate and verify the results through manual activities. The testing process used to identify and assign severity levels to as many security defects as possible in a given timeframe. This process may involve automated and manual techniques with varying degrees of rigor and an emphasis on comprehensive coverage. These activities have the purpose of refining the research highlighting eventual errors during the process. A vulnerability assessment Using a risk-based approach, vulnerability assessments may target different layers of technology, the most common being host-, network-, and application-layer assessments. (Swascan, 2017) About company Maharaja Food Private Limited Is A Local Food Manufacturer That Serves Local And International Customers Across Numerous Spheres In Their Lives With Supreme Quality Food Products. In 1958 start at “Lanka Stores”. Today This Company Take In Pride Offering High Quality And Affordable Products And Services Specialized Arenas Of Retail, Logistics, Courier Services, Currency Exchange, Business Consultancy And E-Commerce. This is established in 2005 under the name Maharaja Food with the aim of food security to the mass consumer. This Company located at Maharaja Foods (Private) limited, 513, Galle Road, Colombo-06, Sri Lanka. MSCP Assignment No: 1 6 Project aims and objectives The impact of security vulnerability could allow an attacker to compromise the integrity, availability, or confidentiality of an organization. The main objective of this vulnerability assessment project is to examine the multi dimensions of vulnerabilities in a management Information System from the standpoint of a student researcher. Also investigate the causes and impacts of vulnerabilities within computing systems and explore the solutions to the problems presented in order to make recommendations to improve black lily’s security for management information system. Following are the aims and objectives of vulnerability assessment project. Research about the different kind of Vulnerability and their impact in an organisation.To assesses vulnerabilities, first should get a well knowledge about the process of the select project area. Identifying the problems that can be discovered in the areas of installing, configuring, and maintaining service and infrastructure equipment Identify the problem can be occur during the practice of different Apartment managers and staff tend to have different ways of managing it An action plan to keep black Lilly’s environment secure. Recommend solution for identifying issues through a document that list what steps must be taken in order to mitigate Vulnerabilities and to secure for black Lilly’s informational assets MSCP Assignment No: 1 7 Management Information System An organized approach to the study of the information needs of an organization's management at every level in making operational, tactical, and strategic decisions. In a management information system, modern, computerized systems continuously gather relevant data, both from inside and outside an organization. This data is then processed, integrated, and stored in a centralized database where it is constantly updated and made available to all who have the authority to access it, in a form that suits their purpose. (MyAccountingCourse, 2018) Security Triangle Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization. The elements of the triad are considered the three most crucial components of security. These three together are referred to as the security triad, the CIA triad, and the AIC triad. This article provides an overview of common means to protect against loss of confidentiality, integrity, and availability. (Gibson, 2011) Confidentiality Confidentiality is roughly equivalent to privacy. Measures undertaken to ensure confidentiality are designed to prevent sensitive information from reaching the wrong people, while making sure that the right people can in fact get it: Information has value, especially in today’s world. Bank account statements, personal information, credit card numbers, trade secrets, government documents. Everyone has information they wish to keep a secret. Protecting such information is a very major part of information security. Integrity Integrity of information refers to protecting information from being modified by unauthorized parties. Data must not be changed in transit, and steps must be taken to ensure that data cannot be altered by unauthorized people. Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle. Backups or redundancies must be available to restore the affected data to its correct state. Availability Availability of information refers to ensuring that authorized parties are able to access the information when needed. It’s also important to keep current with all necessary system upgrades. Providing adequate communication bandwidth and preventing the occurrence of bottlenecks are equally important.Other factors that could lead to lack of availability to important information may include accidents such as power outages or natural disasters such as floods. MSCP Assignment No: 1 8 1.2 Produce a comprehensive project management plan, milestone schedule and project schedule for monitoring and completing the aims and objectives of the project that includes cost, scope, time, quality, communication, risk and resources management. Managing a Successful Computing Research Project Management Plan Name: - V. Dinojan ESOFT Reg No: - COL/A 59768 Edexcel Reg No: - KJ86949 Batch No: - 80 Contact No: - 0776869610 Email: - dinodinojan96@gmail.com MSCP Assignment No: 1 9 TABLE OF CONTENTS Introduction to the Risk Management Plan Template ..................................................................................... 11 Scope ..................................................................................................................................................................... 11 Schedule Management plan ................................................................................................................................ 12 Risk Management Processes ............................................................................................................................... 15 1.1 Identify vulnerabilities ........................................................................................................................................ 15 1.2 Analyze Risks ....................................................................................................................................................... 16 1.3 Risk Response Planning .......................................................................................................................................... 17 1.3 Risk Monitoring and Control ............................................................................................................................. 17 Cost Management ................................................................................................................................................ 18 Communications Management ........................................................................................................................... 18 Resource Management ........................................................................................................................................ 18 MSCP Assignment No: 1 10 Introduction to the Risk Management Plan Template Risk management can be defined as the processes and structures that are directed towards realizing potential opportunities, while simultaneously managing possible adverse impacts. From a project management perspective, risk management is a continuous activity conducted throughout the life of the project. It seeks to identify potential risks, evaluate their likely impact, develop mitigation plans, and monitor progress. The Risk Management Plan is typically created early in the project’s Planning Process Phase. Risk management planning is the process of defining how to conduct risk management activities for a project. The plan includes how the organization will identify and address events or occurrences that could negatively or positively affect the success of a project. The plan outlines a methodology to identify, analyze, track, and mitigate risks during the project lifecycle. Identifying and managing risk increases the chance of a successful project completion by reducing uncertainty associated with the project. This template provides the suggested structure for the Risk Management Plan along with instructions and descriptions to guide the reader in understanding how to complete it. Project Aims and Objectives The objective of security planning is to improve the protection of information system resources. The protection of a system must be documented in an Information Technology (IT) Security Plan. Scope Risk Management Plan consists of the process and timing for identifying Vulnerability, mitigation actions required, and organizational responsibility for monitoring and managing the Vulnerability throughout the entire lifecycle. MSCP Assignment No: 1 11 Schedule Management plan Work Breakdown Structure MSCP Assignment No: 1 12 MSCP Assignment No: 1 13 Roles and Responsibilities Role Project Sponsor Responsibilities Project Manager Ultimate decision-maker and tiebreaker Provide project oversight and guidance Review/approve some project elements Manages project in accordance to the project plan Serves as liaison to the Steering Committee Receive guidance from Steering Committee Supervises consultants Supervise vendor(s) Provide overall project direction Direct/lead team members toward project objectives Handle problem resolution Manages the project budget Participant(s) Dinojan Dinojan Chief Information Officer The Chief Information Officer (CIO) Mr. Tharaka is the agency official responsible for developing and maintaining an agency-wide information security program. Subject Matter Experts Lend expertise and guidance as needed Ms. Sumudu MSCP Assignment No: 1 14 Risk Management Processes In the Risk Management Processes section of Risk Management Plan, describe the method for conducting risk management that includes: identifying risks, documenting risks, analyzing risks, planning and implementing risk responses, and controlling risks. Define the Risk Management Process clearly enough to identify the necessary steps, activities, and responsibilities to manage risk for the entire project lifecycle. 1.1 Identify vulnerabilities Risk identification is the first step in the risk management process that projects should employ. Risk identification involves identifying risks, identifying which of those risks are likely to affect the project and documenting characteristics of those risks. All ‘Project’ team members including Stakeholders, end users, subject matter experts, customers and sponsors are encouraged to identify and report potential risks to the project immediately upon detection utilizing a Risk Submittal Form. Identifying risks is an iterative process because new risks may become known as the project progresses through its project life cycle. Risk information can initially be gathered from the business case, accumulated Lessons Learned and an initial Risk Brainstorming Session. There are a number of Risk Identification techniques including reviewing project documentation, brainstorming, interviewing, root cause analysis, checklist analysis, assumption analysis, cause and effect diagrams, process flow charts, SWOT analysis, and expert judgment. Crucial to risk identification is the input of project team members and other Stakeholders to recognize and report risks as soon as possible. Risks can also be identified during project team meetings and should therefore be incorporated into the meeting agenda and minutes templates for all project meetings. 1.1 Risk Identification Unique identifier for each risk. Description of each potential risk event and how it could affect the project. Assessment of the likelihood of occurrence and the impact/seriousness if it does. Grading of each risk according to a Risk Scoring Matrix. MSCP Assignment No: 1 15 1.2 Analyze Risks The main focus of analyzing risks is to examine each identified risk to assess the likelihood of the risk event occurring, and the probability outcomes associated with the risk event in order to determine its potential impact on the success of the project. This in turn provides the ability to prioritize each risk to ensure that the risks with the greatest potential impact to the project are dealt with first. The organization can then improve upon project performance by focusing on high priority risks. In the Analyze Risks section, describe the specific approaches the project will take to analyze risks and establish priorities for development of risk responses. The probability of the risk occurring is assessed and given a rating. Then using these ratings in conjunction with the Risk Scoring Matrix, the risks can be graded to provide a measure of the project’s risk exposure for each. The table below is an example of a simple Risk Scoring Matrix that provides a standard method to calculate grading based upon combination of probability and impact ratings. Impact (Seriousness) Probability (Likelihood) Very Low Low Medium High Very High 1 2 4 8 16 Very High 5 10 20 40 80 High 4 8 16 32 64 Medium 3 6 12 24 48 Low 2 4 8 16 32 Very Low 1 2 4 8 16 MSCP Assignment No: 1 16 1.3 Risk Response Planning Negative Risks: Avoid: Risk Avoidance involves changing the project management plan to eliminate the threat posed by the risk. Some risks can be avoided by clarifying requirements, obtaining additional information, improving communication or acquiring expertise. Transfer: Transferring a risk requires moving, shifting or reassigning some or all of the negative impact and ownership to a third party. This does not eliminate the risk but gives another party the responsibility to manage it. Mitigate: Risk Mitigation implies a reduction in the probability and/or impact of a negative risk. Reducing the probability and/or impact of a risk occurring is often more effective than dealing with the risk after it has occurred. Accept: This strategy indicates that the project team has decided not to change the project management plan: schedule, approach or reduce project scope or is unable to identify another suitable response strategy. Positive risks or opportunities: 1.3 Exploit: This strategy may be selected for risks with positive impacts where the organization wishes to ensure that the opportunity is realized. This strategy eliminates the uncertainty associated with a positive risk by ensuring that the opportunity definitely happens. Share: Sharing a positive risk involves allocating some or all of the ownership of the opportunity to a third party who is best able to capture the opportunity for the benefit of the project. Enhance: This strategy is used to increase the probability and or the positive impact of an opportunity, identifying and maximizing key drivers of positive risks. Accept: Accepting a positive risk or opportunity is being willing to take advantage of it should the opportunity come along. Risk Monitoring and Control Risk Monitoring Activities Assess currently defined risks Determine actions to be taken Evaluate effectiveness of actions taken Report on the status of actions to be taken Validate previous risk assessment Identify new vulnerability Risk Control Activities Validate mitigation strategies and alternatives Assess impact on the ‘Project’ of actions taken (scope, cost, time, schedule, & resources) Identify new risks resulting from risk mitigation actions Ensure that the projects’ Risk Management Plan is maintained Revise Risk Response plan MSCP Assignment No: 1 17 Cost Management Plan cost management is the process of establishing policies, procedures, and documentation for planning, managing, expanding and controlling project costs. There will be several project resources in a project and several different types of materials will be needed, there might be necessary tool and equipment as well. Plan cost management process aims to plan. Cost details Cost Travel charge 2000. 00 Stationery cost 1000.00 print out cost 300.00 Total cost 3300.000 Communications Management The purpose of the Communications Management Plan is to define the communication requirements for the project and how information will be distributed to ensure project success. You should give considerable thought to how you want to manage communications on every project. Type of Communicatio n Status Report Communicatio n Schedule Communication Mechanism every Monday meeting Project Manager Project teacher WhatsApp Week days chat Project Manager Friends web Free times Search project Initiator about Project Manager Recipient Web page Resource Management Resource management is the process by which businesses manage their various resources effectively. Those resources can be intangible – people and time – and tangible – equipment, materials, and finances. Resource management plan A resource management plan is a tool project managers use to manage their resources. Typically, a resource management plan is used to manage the most important resource in every project: the human resource. A project team is comprised of people with assigned roles and responsibilities for a project. MSCP Assignment No: 1 18 RESOURCE CALENDAR Resource Calendar is a part of project plan. The resource calendar identifies key resources needed for the project and the times/durations they'll be needed. MSCP Assignment No: 1 19 1.3 Produce a work breakdown structure and a Gantt chart to provide timeframes and stages for completion. Work breakdown structure A work breakdown structure (WBS) is a chart in which the critical work elements, called tasks, of a project are illustrated to portray their relationships to each other and to the project as a whole. The graphical nature of the WBS can help a project manager predict outcomes based on various scenarios, which can ensure that optimum decisions are made about whether or not to adopt suggested procedures or changes. (smartsheet, 2018) Benefits of creating a WBS Provides a visual representation of all parts of a project Offers an ongoing view for management and team members into how the entire project is progressing Defines specific and measurable outcomes Breaks the work into manageable chunks Provides a way to make successful experiences repeatable Sets a foundation for estimating costs and allocating human and other resources Ensures no overlap and no gaps in responsibility or resources MSCP Assignment No: 1 20 Gantt chart A Gantt chart is a bar chart that shows the tasks of a project. It is a graphical illustration of the duration of tasks against the progression of time. Gantt charts are useful tools for planning and scheduling projects. A Gantt chart illustrates the breakdown structure of the project by showing the start and finish dates as well as various relationships between project activities, and in this way helps you track the tasks against their scheduled time or predefined milestones. Benefits of a Gantt chart The tool’s ability to boil down. Multiple tasks and timelines into a single document. Stakeholders throughout an organization can easily understand. Teams are in a process while grasping the ways in which independent. MSCP Assignment No: 1 21 TASK – 02 2.1 Explain qualitative and quantitative research methods appropriate for meeting project aims and objectives. Research methods A research method is a systematic plan for conducting research. Research methods are the strategies, processes or techniques utilized in the collection of data or evidence for analysis in order to uncover new information or create better. Research is a systematic inquiry to describe, explain, predict and control the observed phenomenon. Research involves inductive and deductive methods. Inductive research methods are used to analyze the observed phenomenon whereas; deductive methods are used to verify the observed phenomenon. Inductive approaches are associated with qualitative research and deductive methods are more commonly associated with quantitative research. Quantitative methods aim to classify features, count them, and create statistical models to test hypotheses and explain observations. Qualitative methods aim for a complete, detailed description of observations, including the context of events and circumstances. (LIBRARIES, n.d.) MSCP Assignment No: 1 22 Qualitative Research Qualitative research is a methodology which focuses on how people feel. What they think and why they make certain choices. That kind of research is used for getting the larger, more close-up picture of the issue in order to understand something deeper and dig the problem until the cause. This is a non- statistical research method. Qualitative research is heavily dependent on the experience of the researchers and the questions used to probe the sample. Open-ended questions are asked in a manner that one question leads to another. The purpose of asking open-ended questions is to gather as much information as possible from the sample. Qualitative Research Methods Qualitative research is a research method that collects data using conversational methods, where participants involved in the research are asked open-ended questions. The responses collected are essentially nonnumerical. This method not only helps a researcher understand. Following are the methods used for qualitative research One-to-one interview: - This interview technique is systematically planned and as the name suggests is conducted with one participant at a given point in time. One-to-one interviews need a researcher to prepare questions in advance and to make sure the researcher asks only the most important questions to the participant. Focus groups: - Focus groups are small groups comprising of around less participants who are usually experts in the subject matter. A moderator’s experience in conducting focus group plays an important role. Ethnographic Research: - Ethnographic research is an in-depth form of research. This method can prove to be a bit demanding in terms of a researcher getting adapted to the natural environment. Case study research: - Case study research, as the name suggests is used to study an organization or an entity. This type of research is used in fields like education sector, philosophical and psychological studies. In this following methods techniques what I have used for the research is Interviews. MSCP Assignment No: 1 23 Interviews Interview is a conversation where questions are asked and answers are given. In common parlance, the word "interview" refers to a one-on-one conversation between an interviewer and an interviewee. The interviewer could adopt a formal or informal approach, either letting the interviewee speak freely about a particular issue or asking specific pre-determined questions. Also, it is difficult to pay attention to the non-verbal aspects of communication and to remember everything consequently; it can be helpful for the researchers to have some kind of additional record of the interview such as an audio or video recording. They should of course obtain permission before recording an interview. Reasons for using interviews Interviews can be useful as follow-up to certain respondents to surveys. Investigate issues in an in depth way. Discover how individuals think and feel about a topic and why they hold certain opinions. Investigate the use, effectiveness and usefulness of particular library collections and services. Inform decision making, strategic planning and resource allocation. Sensitive topics which people may feel uncomfortable discussing in a focus group. Add a human dimension to impersonal data. Deepen understanding and explain statistical data. Advantages of interviews They are useful to obtain detailed information about personal feelings, perceptions and opinions. They allow more detailed questions to be asked. They usually achieve a high response rate. Respondents' own words are recorded. Ambiguities can be clarified and incomplete answers followed up. Precise wording can be tailored to respondent and precise meaning of questions clarified. Interviewees are not influenced by others in the group. Some interviewees may be less self-conscious in a one-to-one situation. Interview questions also give the employer to know what all expectations the respondent has towards the company. The respondent steers the course of the interview in case of structured and unstructured interview. Try to ask for clarification and other aspects before and allow the interviewee to steer the direction of the interview. MSCP Assignment No: 1 24 Interviews Questions 1. Tell about your company? 2. What is your greatest strength? 3. What is your greatest weakness? 4. Explain your company facing risk, vulnerability and threat? 5. Tell us about your Personal achievements or certifications? 6. How do you govern various security objects? 7. How do you handle Antivirus alerts? 8. Do you use fingerprint readers to Keep track of the attendance and time of your employees? 9. How do you report risks? 10. What is an incident and how do you manage it? MSCP Assignment No: 1 25 Quantitative Research Quantitative research is a structured way of collecting and analyzing data obtained from different sources. Quantitative research involves the use of computational, statistical, and mathematical tools to derive results. The main purpose of quantitative research and analysis is to quantify the data and assess it from the angle of numbers and other commonly adopted metrics. This research method uses a computational, statistical and similar method to collect and analyze data. Quantitative research involves a larger population as more number of people means more data. In this manner, more data can be analyzed to obtain accurate results. This type of research method uses close-ended questions because, in quantitative research, the researchers are typically looking at measuring the extent and gathering foolproof statistical data. Online surveys, questionnaires, and polls are preferable data collection tools used in quantitative research. Survey respondents can receive these surveys on mobile phones, emails or can simply use the internet to access surveys or questionnaires. Quantitative Research Methods Quantitative research methods are the methods that deal with numbers and anything that can be dealt with a measurable form, in a systematic way of investigating the phenomenon. It is used to answer questions in terms of justifying relationships with measurable variables to explain, predict or control a phenomenon. There are two methods that are often used by researchers to conduct this type of research, they are. Online surveys: - The final goal of survey research is to learn about a large population by deploying the survey. Gone are the days where a survey was carried out using a pen and a paper. Today, online surveys are a popular mode of research as they are convenient and can be sent in an email or made available on the internet. In this method, a researcher designs a survey with most relevant survey questions and deploys the survey. Questionnaires: - A questionnaire is a research instrument consisting of a series of questions for the purpose of gathering information from respondents. In this two following methods techniques what I have used for the research is Questionnaires. MSCP Assignment No: 1 26 Questionnaires A questionnaire is a research instrument consisting of a series of questions for the purpose of gathering information from respondents. They can be carried out face to face, by telephone, computer or post. Questionnaires provide a relatively cheap, quick and efficient way of obtaining large amounts of information from a large sample of people. Data can be collected relatively quickly because the researcher would not need to be present when the questionnaires were completed. This is useful for large populations when interviews would be impractical. Reasons for using questionnaires Patterns, frequency, ease and success of use User needs, expectations, perspectives, priorities and preferences User satisfaction with collections and services Shifts in user attitudes and opinions Relevance of collections and services to user needs Advantages of questionnaires Relatively easy to analyses. A large sample of the given can be contacted at relatively low cost. Simple to administer. Simple and quick for the respondent to complete. Information is collected in a standardized way. They are usually straightforward to analyses. MSCP Assignment No: 1 27 Client Security Risk Assessment Questionnaire 1. Do employees have a unique log-in ID when accessing data? Yes No 2. Does the organization have disaster recovery plans for data processing facilities? Yes No 3. Are computer systems backed up according to a regular schedule? Yes No 4. Are employees required to use a VPN when accessing the organization's systems from all remote locations? Yes No 5. Is regular network vulnerability scanning performed? Yes No I'm unsure 6. Is antivirus software installed on data processing servers? Yes No 7. Will your company be processing credit cards? Yes No MSCP Assignment No: 1 28 8. Does your firm require passwords or pins for mobile devices (mobiles, iPads, etc.) that can access company email or any other business systems? Yes No Some I'm unsure 9. Does your computer screen lock after you are away from it for a while? Yes No 10. Are your staffs trained in how to identify unusual emails? Yes No 11. Can you access any websites from your PC/laptop whilst in the office? Yes Some, sites like gambling, violence and pornography are blocked MSCP Assignment No: 1 29 2.2 Evaluate the project management process and appropriate research methodologies applied, the accuracy and reliability of different research methods applied for the small scale research. Project management process Project management is one of the critical processes of any project. This is due to the fact that project management is the core process that connects all other project activities and processes together. Defines project management as the application of knowledge, skills, tools and techniques to a broad range of activities in order to meet the requirements of a particular project. It also requires the Budget, scope and schedule to deliver the project objectives under the expected quality. Each one of these elements needs to be managed in a systematic manner with the development of plans to identify the roles and resources needed. There is also the complexity of development projects that require a different approach and a new way at managing the limited resources and the increasing demands from all stakeholders. To manage this complexity the project needs to be de-constructed into manageable, interrelated parts; or processes, by separating the project into different management process the project manager has a better chance to control the outcomes of the project and manage the challenges that can never be fully predicted during its design. Managing a project requires that organizations take in consideration a system approach to manage the different elements of a project. A systems approach includes a holistic view of a project environment, and an understanding that the project is made of a series of interacting components working to meet an objective in order to obtain the desired benefits. When it comes to the activities of project management, there are plenty. However, these plenty of project management activities can be categorized into five main processes. (Smartsheet, 2018) The process of directing and controlling a project from start to finish may be further divided into 5 basic phases 1. Project Initiation This first stage of a project defines the business case, the justification for the project, and the goal of this phase is to define the project at a broad level. This phase usually begins with a business case. The value of the project is determined, as well as its feasibility. This is when you will research whether the project is feasible and if it should be undertaken. If feasibility testing needs to be done, this is the stage of the project in which that will be completed. MSCP Assignment No: 1 30 2. Project Planning This phase is key to successful project management and focuses on developing a roadmap that everyone will follow. This phase typically begins with setting goals. The project plan includes details about how the project work will be carried out, how it will be monitored and controlled, how communication will be facilitated and information about costs and timescales. The project plan will include what resources are needed, financing and materials. There are many project management tools available to assist with scheduling, one of the most common being the Gantt chart. 3. Project Execution This is the phase where deliverables are developed and completed. This project since a lot is happening during this time, like status reports and meetings, development updates, and performance reports. The person or group assigned to carry out a task will need to know, in detail, what the task involves as well as any dependencies and timescales, and will also need to understand the criteria by which each task is deemed complete. This phase is made up of these detailed processes. 4. Project Monitor and Control To ensure that the project plan is being actualized, all aspects of the project must be monitored and adjusted as needed. Project managers will use key performance indicators (KPIs) to determine if the project is on track. A PM will typically pick two to five of these KPIs to measure project performance. 5. Project Closing Once there is an approved end product the project can be formally closed and a final review held to learn from both the successes and the mistakes and take that experience forward to the next project, an evaluation is necessary to highlight project success and/or learn from project history. MSCP Assignment No: 1 31 Accuracy and reliability methods Data accuracy and reliability are very important concerns in doing good research because inaccurate and unreliable data lead to spurious or wrong conclusions. The relationship between indicators and measures and the underlying concepts they are taken to measure is often contested. In effect, the validity of information is its relevance and appropriateness to your research question and the directness and strength of its association with the concepts under scrutiny. Reliability is, literally, the extent to which we can rely on the source of the data and, therefore, the data itself. Reliable data is dependable, trustworthy, unfailing, sure, authentic, genuine, reputable. Consistency is the main measure of reliability. If the researcher designs an instrument, accuracy and reliability estimates should be made by the researcher. If an instrument is purchased, the company from which it is purchased should provide accuracy and reliability information which the researcher examines prior to purchase. (Blog, 2012) Accuracy: - The degree to which an instrument measures that which is supposed to be measured. An estimate of the validity of a measure in the form of a correlation coefficient. Reliability: -Consistency of measurement. The degree to which an instrument measures the same way each time it is used under the same conditions with the same subjects. An estimate of the reliability of a measure usually in the form of a correlation coefficient. Accuracy and reliability in Qualitative Research Assessing the reliability of study findings requires researchers and health Qualitative research is frequently criticized for lacking scientific issue with poor justification of the methods adopted, lack of transparency in the analytical procedures and the findings being merely a collection of personal opinions subject bias. Although the tests and measures used to establish the validity and reliability of quantitative research cannot be applied to qualitative research, there are ongoing debates about whether terms such as validity, reliability and generalizability are appropriate to evaluate qualitative research. Accuracy and reliability in Interviews In interviews, inferences about Accuracy are made too often on the basis of face Accuracy; one way of validating interview measures is to compare the interview measure with another measure that has already been shown to be valid. This kind of comparison is known as convergent validity. If the two measures agree, it can be assumed that the validity of the interview is comparable with the proven validity of the other measure Perhaps the most practical way of achieving greater Accuracy is to minimize the amount of bias as much as possible. The sources of bias are the characteristics of the interviewer the characteristics of the respondent, and the substantive content of the questions. MSCP Assignment No: 1 32 Accuracy and reliability in Quantitative Research Evidence-based practice includes, in part, implementation of the findings of well-conducted quality research studies. So being able to critique quantitative research is an important skill for nurses. Consideration must be given not only to the results of the study but also the issue of the research. Issue refers to the extent to which the researchers worked to enhance the quality of the studies. In quantitative research, this is achieved through measurement of the Accuracy and reliability. Accuracy and reliability in questionnaires Validity of questionnaires can be seen from two viewpoints First, whether respondents who complete questionnaires do so accurately, honestly and correctly; and second, whether those who fail to return their questionnaires would have given the same distribution of answers as did the returnees. The question of accuracy can be checked by means of the intensive interview method, a technique consisting of twelve principal tactics that include familiarization, temporal reconstruction, probing and challenging the problem of non-response It involves follow-up contact with non-respondents by means of interviewers trained to secure interviews with such people. A comparison is then made between the replies of respondents and nonrespondents and, thereby, to increase reliability. Accuracy and reliability common contrasts between quantitative and qualitative researches, as the following table shows. Quantitative Qualitative Number Words Point of view of the researcher Points of view of participants Researcher distinct Researcher close Theory testing Theory emergent Static Process Structured unstructured Generalizing context understanding Hard reliable data Rich in depth Macro Micro Artificial settings Natural setting MSCP Assignment No: 1 33 TASK – 03 3.1 Analyze research data using appropriate tools and techniques. Data analysis Data analysis is the process of evaluating data using analytical and statistical tools to discover useful information and aid in business decision making. The process of extracting, compiling, and modeling raw data for purposes of obtaining constructive information that can be applied to formulating conclusions, predicting outcomes or supporting decisions in business, scientific and social science settings. There are a variety of specific data analysis method, some of which include data mining, text analytics, business intelligence, and data visualizations. Organizations and enterprises analyze data from a multitude of sources using Big Data management solutions and customer experience management solutions that utilize data analysis to transform data into actionable insights. Data analysis involves asking questions about what happened, what is happening, and what will happen predictive analytics. There are a several data analysis methods including data mining, text analytics, business intelligence and data visualization. (Galetto, 2016) Qualitative data analysis Qualitative data analysis refers to non-numeric information such as interview transcripts, notes, video and audio recordings, images and text documents. Is the range of processes and procedures whereby move from the qualitative data that have been collected, into some form of explanation, understanding or interpretation of the people and situations investigating. Qualitative Data Analysis is usually based on an interpretative philosophy. The idea is to the meaningful and symbolic content of qualitative data. Qualitative data analysis can be divided into the following five categories: 1. Content analysis: - This refers to the process of categorizing verbal or behavioral data to classify, summarize and tabulate the data. 2. Narrative analysis: - This method involves the reformulation of stories presented by respondents taking into account context of each case and different experiences of each respondent. Narrative analysis is the revision of primary qualitative data by researcher. 3. Discourse analysis: - A method of analysis of naturally occurring talk and all types of written text. 4. Framework analysis: -Identifying a thematic framework, coding, charting, mapping and interpretation. 5. Grounded theory: - This method of qualitative data analysis starts with an analysis of a single case to formulate a theory. MSCP Assignment No: 1 34 Qualitative data analysis tools and techniques Qualitative research is something which is hard to predict, it requires lot of cognitive analysis. Qualitative Research is also used to uncover trends in thought and opinions, and dive deeper into the problem. Qualitative data collection methods vary using unstructured or semi-structured techniques. They have two deferent tools method software tools like NVivo, ATLAS.ti, MAXQDA etc. that you can access - you can perform Google search from Internet on their websites for more information, how to download a free trial copy etc. Qualitative data is better analyzed tool manually. Categories data according to themes. It is advisable to design your questionnaire in such a way that questions are categorized according to themes that may be derived from the research questions and objectives. After all, the aim of a research project is to provide answers to the research questions and meet the research objectives. Here will see some software tools NVivo: - This software used for both qualitative and mixed-methods research. Is especially used for analysis of free text, audio, video, and image data from interviews, focus groups, surveys, social media, and journal articles. ATLAS: - It is one of the used tools for qualitative analysis of large data. This software comes equipped with sophisticated features that aid organization and management of large data. Atlas is offers a large variety of media types including txt, doc, docx, pdf, mp3, mp4, avi and a host of others. MAXQDA: - Is encompassing software designed to aid and support qualitative, quantitative and mixed methods research projects. It allows you to import, organize, analyze, visualize and publish all forms of data as long as they can be collected electronically. QDA: - Miner is qualitative analysis software that helps you manage documents, and carry out common qualitative analysis tasks. Text Analysis: - The system for identifying themes in texts and was designed for use in ethnographic and discourse research. The researcher can also analyze, extract, and save coded information. MSCP Assignment No: 1 35 Quantitative data analysis Quantitative analysis is based on describing and interpreting objects statistically and with numbers. Quantitative analysis aims to interpret the data collected for the phenomenon through numeric variables and statistics. Quantitative data analysis may include the calculation of frequencies of variables and differences between variables. A quantitative approach is usually associated with finding evidence to either support or reject hypotheses you have formulated at the earlier stages of your research process. Quantitative analysis includes computational and statistical methods of analysis. Following is a list of commonly used descriptive statistics. 1. Frequencies: – a count of the number of times a particular score or value is found in the data set. 2. Percentages: – used to express a set of scores or values as a percentage of the whole. 3. Mean: – numerical average of the scores or values for a particular variable. 4. Median: – the numerical midpoint of the scores or values that is at the center of the distribution of the scores. 5. Mode: – the most common score or value for a particular variable. 6. Minimum and maximum values range: – the highest and lowest values or scores for any variable Quantitative data analysis tools and techniques Quantitative data collection and analysis tools are defined as a series of charts, maps, and diagrams designed to collect, interpret, and present data for a wide range of applications and industries. Various programs and methodologies have been developed for use in nearly any industry, ranging from manufacturing and quality assurance to research groups and data collection companies. While you’ll need to understand what to do with the data, and how to interpret the results, software that is designed for statistical analysis can make this process as smooth and as easy as possible. A great number of tools are available to carry out statistical analysis of data, and below we list Spss: -A general-purpose statistical package widely used in academic research for editing, analyzing and presenting numerical data. It is compatible with all file formats that are commonly used for structured data such as Excel, plain text files and relational (SQL) databases. R: -A free software environment for statistical computing and graphics. It compiles and runs on a wide variety of UNIX platforms, Windows and MacOS. R provides a wide variety of statistical and graphical techniques, and is highly extensible. Microsoft Excel: - While not a cutting-edge solution for statistical analysis, MS Excel does offer a wide variety of tools for data visualization and simple statistics. It’s simple to generate summary metrics and customizable graphics and figures, making it a usable tool for many who want to see the basics of their data. MSCP Assignment No: 1 36 3.2 Describe appropriate recommendations as a result of research and data analysis to draw valid and meaningful conclusions. Analysis of qualitative data Qualitative data analysis can be described as the process of making sense from research participants views and opinions of situations, corresponding patterns, themes, categories and regular similarities. When he provides the following definition of qualitative data analysis that serves as a good working definition. Qualitative data analysis tends to be an ongoing and iterative process, implying that data collection, processing, analysis and reporting are intertwined, and not necessarily a successive process Interview analysis Interviewing as data-gathering method was included to obtain additional data, clarify vague statements, permit further exploration of research topics, expand on the qualitative findings and yield a more in-depth experiential account of the extent of company risk management and the views of company managers on the they needs of company managers for training according to the research aims The recording of the interview data took place by means of note-taking Verbatim transcripts of the interviews were compiled for analysis and interpretation. To ensure reliability and validity of data, the transcribed interviews were presented to respondents to verify and confirm the contents of the interviews However, only one respondent signed and returned the transcribed text. Q: -How do you handle Antivirus alerts? Answer: - usually we every day scan the system and remove the unwanted files. Conclusions This not Complete solution my opinion is Check the policy for the AV and then the alert. If the alert is for a legitimate file then it can be whitelisted and if this is malicious file then it can be deleted. The hash of the file can be checked for reputation on various websites like virus total, malwares.com. AV needs to be finetuned so that the alerts can be reduced. MSCP Assignment No: 1 37 Q: -How do you report risks? Answer: - No, We have not done any such report yet Conclusions This is vulnerability risk because Risk can be reported but it needs to be assessed first. Risk assessment can be done in 2 ways: Quantitative analysis and qualitative analysis. This approach will cater to both technical and business guys. The business guy can see probable loss in numbers whereas the technical guys will see the impact and frequency. Q: - Do you use fingerprint readers to Keep track of the attendance and time of your employees? Answer: -No, we mark the attendance in book Conclusions It is vulnerability issue. In the workplace the need to identify individuals is particularly important, as it’s often tied to staff attendance, payroll, and workplace security. Ability to quickly identify employees and verify Analysis of Quantitative Data The quantitative data referred to the recorded data of the structured questionnaire and were presented according to the various sections and subsections of the questionnaires .quantitative data were presented in either table format or by means of charts and other graphics. That is to present data visually for a quick understanding. Each presentation of data provided an indication of numerical scores and percentages according to related categories in order to provide an overview of the particular grouping of data. Biographical data In section A of the questionnaire respondents were required to answer questions regarding their gender and age, which would enable the researcher to compile a profile of the study population as well as to draw comparisons between different groups relevant to this study. Firstly, the gender of the participants will be looked at. MSCP Assignment No: 1 38 Excel chart analyze for interview questions vulnerability rate In Excel chart this data is in Interview questions vulnerability rate total analysis shown. A total of 56 respondents from company completed the questionnaire of which 45 indicated. Of the respondents, question 7 60% were vulnerability, question 8 56% vulnerability and question 9 40% vulnerability as illustrated in Excel chart. This could be an indication that the vulnerability within the work industry, and more particularly, the company sector where the management of information. Conclusion Based on the information provided above, this company Risks can be seen by removing these risks Impairment from company risk can be reduced. MSCP Assignment No: 1 39 Bar Graphs analyze for Management security rating As can be seen from the results, the majority of the staff in the Management security rating, that is, employs 1 rating (39% %) employ 2 (65%) employ 3 (75%%) employ 4 (55%) only. Results further show a relationship with the results of emplye2 and 3 The classification of company was also important to this rate. Conclusion According to the above assessment Evaluation from four persons. The assessment of the two employees is high and the staff's assessment is slightly lower. They can underestimate the impact of companies by reviewing their opinions. MSCP Assignment No: 1 40 Pie chart analyze for Does your firm require passwords or pins for mobile devices that can Access Company email or any other business systems. From the responses obtained from does your firm require passwords or pins for mobile devices that can Access Company email or any other business systems? There are 60 percent No and 30 percent are Yes and 10 percent do not know. Conclusion According to this data, most people have answered no. The company's biggest impact is because of responding to 60 percent. Find and edit places to protect the company from this impact. MSCP Assignment No: 1 41 3.3 Evaluate the selection of appropriate tools and techniques for accuracy and authenticity to support and justify recommendations. 1. Interview. The interview constitutes a social situation between two persons; the Psychological process involved requiring both individuals mutually. In an interview a rapport is established between two people. It is applicable in survey method, but it is also applicable in historical, experimental, case studies and clinical studies. Advantage of Interview: Direct research. Deep research Mutual encouragement is possible. Supra-observation is possible. Knowledge of historical and emotional causes. Examination of the known data. 2. Schedule When a researcher is using a set of questionnaires for interview purpose it is known as schedule. As a matter of fact success in the use of schedule is largely determined by the ability and tact of the interviewer rather than by the quality of the questions posed. Advantage of Schedule: Higher percentage of responses. Possible to observe personality factors. Through interview personal contact is possible. It is possible to give human touch to schedule. Removal of doubts is possible because face to face interaction is there. It is possible to know about the defects of the interviewee. MSCP Assignment No: 1 42 Bar chart A bar graph is a chart that uses either horizontal or vertical bars to show comparisons among categories. Analyze the project and specify the basic approach to be used. Advantage of Bar chart Show each data category in a frequency distribution Display relative numbers or proportions Summarize a large data set in visual form Clarify trends better than do tables 5. estimate key values at a glance Permit a visual check of the accuracy Be easily understood Pie Chart A pie chart is a two-dimensional circle, at its most basic, divided into a few slices. As a whole, the chart represents the sum of all its data; an individual slice represents a percentage of the whole. The most prominent effects such as three-dimensional charting, dragging slices, slice pivoting of charts adds more visually appealing. Advantage of pie chart A simple and easy-to-understand picture. It represents data visually as a fractional part of a whole, which can be an effective communication tool for the even uninformed audience. It enables the audience to see a data comparison at a glance to make an immediate analysis or to understand information quickly. The need for readers to examine or measure underlying numbers themselves can be removed by using this chart. To emphasize points you want to make, you can manipulate pieces of data in the pie chart. MSCP Assignment No: 1 43 TASK – 04 4.1. Provide a reflection on the value of undertaking the research to meet stated objectives with your own learning and performance which includes a discussion of the project outcomes, its usefulness to support sustainability of the given organization and its’ performance, the decision-making process and changes or developments of the initial project management plan to support justification of recommendations and learning during the project. An effective assessment task is one which assesses students' attainment of the learning outcomes. Unit learning outcomes are what students are expected to know, understand or be able to do in order to be successful in a unit. They begin with an action verb and describe something observable and measurable. You can find out more about learning outcomes in other resources on the Learning and Teaching Centre website, and in the Evaluation Resource: Developing Your Unit - Clear Goals and Standards. Key to successful learning: aligning assessment with learning outcomes One of the keys to successful learning is the aligned curriculum this means that learning outcomes are clear, learning experiences are designed to assist student achievement of those outcomes, and carefully designed assessment tasks allow to demonstrate achievement of those outcomes. The learning outcomes are clear. The learning experiences are designed to help achieve those learning outcomes. The assessment tasks allow them to demonstrate their achievement of those learning outcomes. Designing assessments which allow students to demonstrate their achievement of the learning outcomes Assessing learning can profoundly shape the educational experiences of. One of the challenges of effective assessment is to ensure that there is a close alignment between the learning goals, the learning activities aimed at meeting learning goals and the assessment tasks used to assess whether learning goals have been met. Current best practice includes assessment which is aligned to learning goals which focus not only on content knowledge but also on process and capabilities. MSCP Assignment No: 1 44 Key assessment terms ASSESSMENT The collection of information about the nature and extent of learning outcomes/any procedure used to estimate learners learning. The term is derived from the Latin MEASUREMENT Representation of assessment information by a number or grade on a scale of some kind. Answers the question, How much? EVALUATION The making of judgments about the value of a grade and/or the nature and extent of learning outcomes. Answers the question, How well? ASSESSMENT TASK An instrument or systematic procedure by which assessment information is collected. FORMATIVE ASSESSMENT Ungraded assessment task used before or during learning to support planning and/or diagnosis and/or to provide feedback about learning progress/offers advice and feedback which does not contribute grades towards the final result. SUMMATIVE ASSESSMENT Graded assessment task used following learning which counts towards the final result. VALIDITY Degree to which the assessment task measures what it is intended to measure. RELIABILITY Degree to which the assessment task consistently yields the same result. NORMREFERENCED Uses the performance of a group of learners to rank order learners or 'grading on the curve'. Number of learners who can receive distinctions, credits, passes or fails is set. CRITERIONREFERENCED Establishes the criteria for performance and any learner meeting the criteria receives the associated grade. Every can potentially achieve the highest grade. STANDARDSBASED Establishes the criteria for performance as well as articulates the various levels of quality in performance that is associated with a grade. Grades are awarded to students based on the level of performance they have achieved. AUTHENTIC ASSESSMENT Assessment tasks which test whether a learner is able to demonstrate their learning outcomes in a situation which is as close as possible to a real world context. MSCP Assignment No: 1 45 Evaluation of continuing professional development Skills Evidence of when and how you have used this skill/ Quality Self-work Co-operation The talents within me were identifiable In addition they help to each other’s when they face difficult situation through the event. Co-operation is an action process of working together to the end Communication A building block for all co-operation skills. Vital for good meeting. Communication skills also provide a boost of the day-to-day running. Problem solving The author always had the curiosity of solving certain problems. Even though the author is good at problem solving he always has space to improve the skills. Achieving aims As try to set our final goal in my. Then the overall I try on using our knowledge, skills, face matters and achieve my target. Working with Work with others to ability to effetely interact, co-operation collaborate and manage others conflict with other people in order the complete or achieve goals. As a benefit of working with others our group increase efficiency and focus different mind on the some target. Interpersonal skills Interpersonal skills are the skills by a person to interact with other properly. Identify job and try to complete that successful. In all part works include those parts in my individual work. Written report The report is a common way of presenting information and recommendations or conclusions related to a specific purpose. Reports are often used as assessment task because well-developed report writing skills are important in many professional contexts. Reports are written based on gathering and analyzing information using a discipline specific methodology and format. They can be used to assess laboratory, field work or case studies. Presentation Presentations are usually made orally to a class on a prepared topic and may include the use of presentation aids such as PowerPoint, handouts or audiovisuals. This assessment may be undertaken individually or as a group. Presentations may take different forms such as role plays, facilitating group activities, debating, presenting a product, question and answer time, and formal speeches MSCP Assignment No: 1 46 4.2. Evaluate the value of the project management process and use of quality research to meet stated objectives and support own learning and performance The process required to assess, document and select the right project management methodology for each project is detailed, time-consuming and complex initially, but worth it in the end, assuming the most appropriate PMMs have been selected. It helps solidify successful project outcomes, ultimately determines best practices, and strengthens the connection between strategic planning and execution. PMI discusses high-level processes for tailoring PMMs that organizations should carefully evaluate and use to determine which methodologies work for various projects. The project management methodology assessment process Determine project drivers by identifying and weighing primary goals and priorities of the project. After determining project drivers, requirements and goals, identify all the criteria that a methodology will impact and vice versa. Identify all available methodologies that are most relevant for the project. Spend time comparing and contrasting each PMM in relation to the project. Consider which methodology will yield the best results and offer the least risk. Gain feedback and buy-in. Document the methodology and rationale. Implement the methodology. Monitor and modify as required. Important of project management Proper time management, planning beforehand and creating a schedule that works for the team Clearly defines the plan of the project before it begins. Establishes an agreed schedule and plan. Creates a base for teamwork. Resources are maximized. Helps to manage integration. Helps to keep control of costs. Quality is continuously managed. Strategic structuring of the project MSCP Assignment No: 1 47 Conclusion In conclusion, Project Management and the practice of the same have become indispensable to the modern day project manager and they form the basis of much of what is achieved during the course of a project. Thus, the idea of a project being managed professionally lends itself to the concepts and processes laid out for the practitioners of the art of Project Management. References Blog,M.,2012.quantitative-vs-qualitative-methods-to-establish-trustworthinessblog.[Online] Available at: https://cmalakoff.wordpress.com Galetto,M.,2016.what-is-data-analysis.[Online] Available at: https://www.ngdata.com Gibson,D.,2011.articles/article.aspx?p=1708668.[Online] Available at: http://www.pearsonitcertification.com LIBRARIES,U.,n.d.researchmethods/design-method.[Online] Available at: https://guides.lib.vt.edu MyAccountingCourse,2018.accounting-dictionarymis.[Online] Available at: https://www.myaccountingcourse.com Smartsheet,2018.demystifying-5-phases-project-management.[Online] Available at: https://www.smartsheet.com smartsheet,2018.getting-started-work-breakdown-structures-wbs.[Online] Available at: https://www.smartsheet.com Swascan,2017./swascan-vulnerability-assessment/.[Online] Available:https://www.swascan.com [Accessed 20 11 2017]. MSCP Assignment No: 1 48
