ICT705 Cyber Security Governance and Management Assignment Help
Assessment Overview
Assessment
ID Assessment Item When due Weighting ULO# CLO# for MITS
1 Research Report (Individual)
(1000 Words)
2 Case Study Report (Individual)
(1500 Words)
3* Risk Assessment and Contingency Plan
Part A: Report
(2000 Words) (Group)
Session 6 20% 1, 2 1, 2 Session 8 30% 2, 3, 4 2, 3 Session 12 30% 1, 2, 3, 4 1, 2, 3, 4
Note: * denotes ‘Hurdle Assessment Item’ that students must achieve at least 40% in this item to pass the unit.9
Referencing guides
You must reference all the sources of information you have used in your assessments. Please use the IEEE referencing style when referencing in your assessments in this unit. Refer to the library’s referencing guides for more information.
Academic misconduct
VIT enforces that the integrity of its students’ academic studies follows an acceptable level of excellence. VIT will adhere to its VIT Policies, Procedures and Forms where it explains the importance of staff and student honesty in relation to academic work. It outlines the kinds of behaviours that are”academic misconduct”, including plagiarism.
Late submissions
In cases where there are no accepted mitigating circumstances as determined through VIT Policies, Procedures and Forms, late submission of assessments will lead automatically to the imposition of apenalty. Penalties will be applied as soon as the deadline is reached.
Short extensions and special consideration
Special Consideration is a request for:
• Extensions of the due date for an assessment, other than an examination (e.g. assignment extension).
• Special Consideration (Special Consideration in relation to a Completed assessment, including an end-of-unit Examination).
Students wishing to request Special Consideration in relation to an assessment the due date of whichhas not yet passed must engage in written emails to the teaching team to Request for Special Consideration as early as possible and prior to start time of the assessment due date, along with any accompanying documents, such as medical certificates.
For more information, visit VIT Policies, Procedures and Forms.
Inclusive and equitable assessment
Reasonable adjustment in assessment methods will be made to accommodate students with a documented disability or impairment. Contact the unit teaching team for more information.
Contract Cheating
Contract cheating usually involves purchasing an assignment or piece of research from another party. This may be facilitated by a fellow student or friend or purchased on a website. The unauthorized use of generative Artificial Intelligence (AI) is also considered cheating. Other forms of contract cheating include paying another person to sit an exam in the student’s place.
Contract cheating warning:
• By paying someone else to complete your academic work, you don’t learn as much as possible if you did the work yourself.
• You are not prepared for the demands of your future employment.
• You could be found guilty of academic misconduct.
• Many of for pay-contract cheating companies recycle assignments despite guarantees of “original, plagiarism-free work”, so the similarity is easily detected by Turnitin .
• Penalties for academic misconduct include suspension and exclusion.
• Students in some disciplines are required to disclose any findings of guilt for academicmisconduct before being accepted into certain professions (e.g., law).
• You might disclose your personal and financial information unsafely, leaving yourselfopen to many risks, including possible identity theft.
• You also leave yourself open to blackmail – if you pay someone else to do an assignment, they know you have engaged in fraudulent behaviour and can always blackmail you.
Grades
We determine your grades to the following Grading Scheme:
Grade Percentage
A 80% – 100%
B 70% – 79%
C 60% – 69%
D 50% – 59%
Assessment 1: Research Report
Overview
Weight Length Due date ULO
Introduction
In this individual assessment, you will select a country and explain the legislated cyber security regulation, laws and ethics. You should provide your opinion on your findings. You are required to reference original laws (e.g. commlaw) or court cases and to provide all references (PDFs, links, etc).
Research and discuss cyber issues concern. Identify and compare your chosen country and applicable laws in each region (Australian-Pacific, Europe, America, and Asia). Recommend what type of policy/procedures an organisation should have in place on the issue (do not write the policy/procedure) Recommend any other initiatives (for example, Counter Ransomware Initiative) that might be applicable.
Your final report must include the following:
Assignment Cover Page: (Use the cover sheet provided. Include the Title,
Assignment number, Student Names and IDs, Subject)
Executive summary
Body (Numerous headings and text at the write choice)
References/ Bibliography
Topics:
No two students can do the same topic. You are not limited to topics below.
Students Topic
– Who will it hurt and who will it protect? (In reality, not just who it is
intended for)
Student Name: Student Number:
Bitcoins
– Research bitcoins. How it works and how it is used. (e.g. Bitcoin mining) – Explain its advantages and disadvantages in detail (e.g. can it be tracked?)
– Fraud
Freedom of Speech verses Protection of Children
– Explain various Government (US, Europe, Asia, Australia-Pacific) approaches
– Explain which laws were created as a consequence of this issue. – Did they work?
Freedom of Speech versus the China Great Firewall
– Explain what the Government is trying to mitigate – Explain the technical implementation – how to overcome it. – Does this breach Freedom of Speech in Western Countries
Sexting
– Explain what it is?
– Technical possibilities to restrict
– Is it a breach of Privacy?
Online Consumer Profiling versus Privacy Laws
– Explain what it is?
– Technical implementation
– Why are people concern?
Online Self Regulatory Privacy
– Explain what it is?
– Technical implementation (e.g. Privacy seals, Membership, etc) – Does it work? What is the alternative?
Do Not Track List versus the Privacy Laws
– Explain what it is?
– Technical implementation (e.g. Google Chrome Incognito mode vs Firefox vs Windows 10 Approach)
– Would it work? What is the alternative?
Australian tax online services proposal
– Explain what it is?
– What are other countries doing?
– Technical implementation (e.g. Google Chrome Incognito mode vs Firefox vs Windows 10 Approach)
– Would it work? What is the alternative?
– Cloud Services implication?
Plagiarism and Copyright
– What is it?
– Does Plagiarism infringe copyright?
– Have there been law cases? Verdict?
– Can a student be charge?
29
Student Name: Student Number:
Student Name: Student Number:
Student Name: Student Number:
Student Name: Student Number:
Reverse engineering
– What is it?
– Do the current Australian laws provide adequate protection? – Landmark cases?
– What are other countries doing?
Small Business Fraud
– Explain the main types (False invoicing, EFT to personal accounts, Cheque/Payroll Fraud, Skimming)
– Do the current Australian laws provide adequate protection? – Why does it happen?
– What are other countries doing?
– Long term impact?
– Who is the victim?
Legal Issue with Open-Source Code
– Explain legal issues with Open-Source Code
– Conformity, detection, prevention
– Legal action
– Types
– What are governments doing?
– Which laws applies
Cyberbullying and Cyberstalking
– What is it?
– Cases
– Prevention?
– Prosecution?
Student Number: – Cases
– Prevention?
– Prosecution?
– What are Governments doing?
– Which laws apply?
Student Name: Student Number:
Student Name: Student Number:
Computer Easter Eggs
– What is it?
– Legal Implication?
– What can companies do?
– What are Governments doing?
Computer Matching (for fraudulent activities) – What is it?
– Legal Implication?
– Does it impede the Privacy laws?
– What are other Governments/Countries doing?
Marking Guide: 20 Marks
Task Description
Executive Summary and conclusion Summarize the entire documents with key findings. Research and discuss the cyber
issues concern. Introduce the report – how come this report was created?
Identify and compare your chosen country and applicable laws in each region (Australian-Pacific, Europe, America, and Asia).
Recommend what type of
policy/procedures an organisation should have in place on this issue.
Recommend any other initiatives (for example, Counter
Ransomware Initiative) that might be applicable.
Marking criteria/Rubric
Describe with appropriate laws and critically compare each region’s legal requirement
Identify what measures an organisation should have including the development of po
Conclude your report with key laws and recommendations. Include screenshots of activities such as laws, comparisons of regions, etc.
You will be assessed on the following marking criteria/Rubric:
Assessment criteria Exceptional >=80% Admirable 70% – 79%
Creditable 60% – 69%
Acceptable 50
The logic is clear and a
C1. Executive
summary includes key points
Summary and
of the whole report. Mostly
The summary is mostly consistent with some key
Adequately
summary with limited key points
A brief relevant sum a limited conclusion reference to the evi
conclusion
accurate and appropriately
2 points
deduced conclusions from
the evidence. (2)
C2. Research and
Comprehensively research
discuss the cyber
and justify the concern. (4)
issues concern.
4 points C3. Identify and
points. Mostly
accurate and
appropriately
deduced conclusions from the
evidence. (1.5)
Well-explained
research and justified the concern. (3)
Correct
conclusion with some reference to the evidence (1.25)
Adequate
research and justify the
concern. (2.5)
Limited research an the concern. (2)
Comprehensively identify
compare your chosen
Very good
Adequately
Limited explanation given on
and compare all applicable
explanation of the
country to applicable
explain
comparison few laws are identify
laws in each global region.
(4)
laws in each region (Australian-Pacific, Europe, America, and Asia).
4 points
applicable laws and comparisons in each global region. (3)
applicable laws and
comparisons in each global
region. (2.5)
discussed (2)
Limited recommend and policy/procedure not be present (2)
Recommend any other
initiatives (for example,
Comprehensively explain initiatives and develop your
Well-explained relevant initiatives. (3)
Adequately explain initiative (2.5)
Limited explanation clear initiatives. (2)
Counter Ransomware
own initiatives. (4)
Initiative) that might be
applicable.
4 points
Limited use of appe Evidence may not b relevant. (1)
Important: To confirm your chosen topic and country, please send an email to your lecturer with the subject line “Assignment 1 Topic Confirmation – [Your Name] – [Your Student ID]”. In the email, clearly state your chosen topic and the country you will be focusing on for the legislated cyber security regulation.
Instructions for Writing the Research Report (1000 Words)
Your final report must include the following sections:
Assignment Cover Page: Use the provided cover sheet. Include the Title, Assignment number, Student Names and IDs, and Subject.
Executive Summary and Conclusion: Summarize the entire document with key findings. Ensure it is accurate and appropriately deduces conclusions from the evidence.
Body (Numerous headings and text at the write choice): This section should cover the core of your research.
o Research and Discuss Cyber Issues Concern: Introduce your report and explain the relevance of the chosen cyber issue. You need to comprehensively research and justify the concern. o Identify and Compare Your Chosen Country and Applicable Laws in Each Region (Australian-Pacific, Europe, America, and Asia): Describe with appropriate laws and critically compare each region’s legal requirements related to your topic. This requires a comprehensive identification and comparison of all applicable laws across these global regions.
o Recommend What Type of Policy/Procedures an Organisation Should Have in Place on This Issue: Identify what measures an organisation should implement, including the development of relevant policies. Comprehensively identify policy/procedures needed to combat the cyber issue.
o Recommend Any Other Initiatives (For example, Counter Ransomware Initiative) That Might Be Applicable: Conclude your report with key laws and recommendations, including other relevant initiatives. Comprehensively explain initiatives and, where appropriate, develop your own initiatives.
References/Bibliography: Provide a comprehensive list of all sources used.
Appendix (including references): Include screenshots of activities such as laws, comparisons of regions, etc.. Demonstrate efficient use of the Appendix, ensuring it supports the collected evidence, and use appropriate reference citation.
Submission Instructions
All submissions are to be submitted through Turnitin. Drop-boxes linked to Turnitin will be set up in Learning Management System (LMS). Assessments not submitted through these drop- boxes will not be considered. The Turnitin similarity score will be used to determine any plagiarism of your submitted assessment. Turnitin will check conference websites, Journal articles, online resources, and your peer’s submissions for plagiarism. You can see your Turnitin similarity score when you submit your assessments to the appropriate drop-box. If your similarity score is of concern, you can change your assessment and resubmit. However, re-submission is only allowed before the submission due date and time. No excuse will be accepted due to file corruption, absence from lecture.
The report should have a consistent, professional, and well-organized appearance. Also:
Ensure that the filename for your submission follows this format: YourName-YourStudentID.docx The assignment must adhere to the following formatting guidelines: 12-point font size, single line spacing, and clear section headings.
Reports must be submitted electronically as a single Microsoft Word document, through the Turnitin enabled submission link on the Learning Management System (LMS).
Submissions in zip file format will not be accepted.
Assignments submitted on the LMS will only be accepted. Submission of assignments through email is not acceptable.
Note: All work is due by the due date and time. Late submissions will be penalized at 20% of the assessment final grade per day, including weekends. You cannot make re-submissions after the cut-off date.
Assessment 2: Case Study Report
Overview
Weight Length Due date ULO
Introduction
In this individual assessment, you will develop the cybersecurity policy, procedures, or guidelines for an organisation. Your findings should be delivered in a written report. For the given case study (below) write the Data Security and Privacy Policy for the case study presented below. Use an appropriate template to complete the report as shown in the report structure section.
Report Structure
Use an appropriate policy template. For Example:
CONTENTS
1 PURPOSE
2 SCOPE
3 POLICY STATEMENT
<Sub-headings are not numbered>
4 PROCEDURE
<Sub-headings are not numbered>
5 RESPONSIBILITIES
Compliance,
monitoring
and review
Reporting
Records management
6 DEFINITIONS
Terms and definitions <delete if not required>
7 RELATED LEGISLATION AND DOCUMENTS
8 FEEDBACK
9 APPROVAL AND REVIEW DETAILS
10 APPENDIX <or APPENDICES> <delete if not required>
Case Study
ULO2, U Young Minds Secondary College (YMSC) is a private Australian secondary school that has been operating for several years, developing innovative programs for its students. Its staff has grown from 15 to 120 and the school enrols 700 students across level 7 to 12. YMSC has been growing steadily over the past 10 years. They have built strong relationships with the community and parents tend to send all their children to the school as well as recommending it to other parents. The owners anticipate continued growth and are planning to purchase another school to set up another campus.
YMSC is owned and operated by a group of parents who originally wanted to create an alternative education for their children. Their children have since finished school but the school was so successful in growth and is now managed by Joline Schack. The school’s IT facilities have grown along with the school, and it now employs 2 full time staff (Tim and Abishek to keep the system running, as along with a program coordinator, Carol, who assists teachers to incorporate computing within their programs).
Joline can foresee a time in the near future where they employ over 300 people across two campuses. Their staff are mostly teachers, though the school does have a Human Resources manager, and Accounts Manager, several administrative assistants (receptionist, office manager, secretary), and grounds staff.
You have very recently been contracted to solve an area of concern to the owners – information security. The school’s security measures have been developed in a largely uncoordinated fashion and it has been suggested by Joline that information security could threaten the survival of the
school. You have been given access to all staff for assistance in determining the security needs for YMSC.
In fact, it is Joline that has initiated your hiring. She encountered a little resistance from current ICT staff, arguing that continuing with the current approach is satisfactory. That approach has been one without a formal policy where security has been built in an ad-hoc, piecewise manner.
They would both say that the current policy has worked well enough up to now, thanks to the knowledge and expertise within the team.
Joline would like to have Tim more onside with the structured and formal approach that you will bring. In an attempt to get that support, Joline has asked you to begin your role with YMSC by developing a report that discusses how information security could be better managed by YMSC.
While this report will largely be about general principles, she would also like you to go into detail on one specific issue as a means of further demonstrating the usefulness of your formal approach. She would like you to go into detail about a development that both she and Tim are very concerned about, problems that will be introduced by opening a second campus. You have decided that you will choose one aspect of that development and draw up a Risk Management Plan for it and include a recommendation based on a Cost-Benefit Analysis.
The Young Minds Secondary College Mission Statement
YMSC believes in providing students with an innovative educational program in a secure and modern educational environment. Hardware and Software
The school currently uses commercial applications products for its processes. This includes a learning management system (Moodle), MSOffice, accounts and finance (Business One), a VOIP telephone system internally and several mobile phones for staff use. The school has a LAN infrastructure and it uses Wi-Fi throughout the campus. All employees that require regular access to school systems are supplied with a desktop laptop – depending on their needs. Students must have their own laptop or notebook and can access the school’s network through the Wi-Fi system. Some of the school’s systems need to be accessed from off campus. The school does have a print and file servers. All data for school management is backed up to cloud services provided by a local ICT provider. Email has been contracted to Microsoft.
You can envision other hardware, software, and information/data management procedures as you deem appropriate.
Marking Guide: 30 Marks
Task: Data Security Policy Description
Purpose and Scope Appropriate define the purpose and the scope of the policy.
Describe who is responsible person at each stage of the procedure.
Relative legislation and other policies
Describe how legislation and other policy affects this policy.
Determine appropriate feedback, approval and reviews for this policy.
Task: Privacy Policy Description
Purpose and Scope Appropriate define the purpose and the scope of the policy. Procedures and Responsibilities Describe who is the responsible person at each stage of the procedure. Relative legislation and other policies Describe how legislation and other policy affects this policy.
Determine appropriate feedback, approval and reviews for this policy.
Marking criteria/Rubric
You will be assessed on the following marking criteria/Rubric: Data Security Policy
Assessment
Exceptional >=80% Admirable 70% –
Creditable 60% – Acceptable 50% –
Unsatisfactory
criteria
79%
69%
Purpose and Scope are
C1. Purpose clear, concise, and
Purpose and Scope are mostly clear, concise,
Purpose and Scope are adequately clear,
59%
Purpose and Scope are limited and may not be
<=49
Purpose and Scope are either missing or not clear
and Scope
(1)
relevant to the case study (3)
and relevant to the case study (2.5)
concise, and relevant to the case study (2)
clear, concise, and relevant to the case
ed or
Academ
3 points
study (1.5)
ic
Miscon duct. (0)
Comprehensively and
C2.
clear procedures are
Procedures clearly defined and the
and
responsibilities are
Responsibiliti clearly identified (5)
es
Mostly clear and procedures are clearly defined and the
responsibilities are clearly identified (3.5)
Appropriate clear and procedures are clearly defined and the
responsibilities are clearly identified (3)
Adequately clear procedures are clearly defined and the responsibilities are adequately identified (2.5)
Procedures and
Responsibilities are missing or not clear. (1)
Not Submitted or
Academic Misconduct. (0)
5 points
Comprehensively list of
C3. Relative
clear appropriate
legislation
legislations and policies.
and other (4)
Mostly relative legislation and policies. (3)
Appropriate relative legislation and policies are missing or not addressed. (2.5)
Adequate relative legislation and
policies are missing or not addressed. (2)
Relative legislation and other policies are missing or not clear (1)
Not Submitted or
policies 4 points
Academic Misconduct. (0)
Privacy Policy
Assessment criteria
C1. Purpose and Scope
3 points
Exceptional >=80%
Purpose and Scope are clear, concise, and relevant to the case study (3)
Admirable 70% – 79% Purpose and Scope are
mostly clear, concise, and relevant to the case study
(2.5)
Creditable 60% – 69% Purpose and Scope are
adequately clear, concise, and relevant to the case study (2)
Acceptable 50% – 59% Purpose and
Scope are limited and may not be clear, concise, and relevant to the case study (1.5)
Unsatisfactory <=49
Purpose and Scope are either missing or not clear (1) Not Submitted or Academic
Misconduct. (0)
C3. Relative legislation and other policies
4 points
Comprehensive list of clear
appropriate legislations and policies. (4)
Mostly relative legislation and policies. (3)
Appropriate relative
legislation and policies are missing or not addressed. (2.5)
Adequate
relative
legislation and policies are missing or not addressed. (2)
Relative
legislation and other policies are missing or not clear (1)
Not Submitted or Academic
Misconduct. (0)
Assessment 3: Risk Assessment and Contingency Plan Overview
Assessment
ID Assessment Item When
due Weighting ULO# CLO# for MITS
3* Risk Assessment and Contingency Plan
Part A: Report
(2000 Words) (Group)
Session 12 30% 1, 2, 3, 4 1, 2, 3, 4
Note: * denotes ‘Hurdle Assessment Item’ that students must achieve at least 40% in this item to pass the unit
Introduction
A report detailing a security management plan for an organisation, including risk analysis, incident reporting, and disaster recovery to manage security, and address legal and statutory obligations for a given case study. Your group will present a written report and an oral defence of the justification of the risks involved. In this group assessment, students will be given a case study and tasked with developing a robust security management plan. You are required to produce a comprehensive report of approximately 2000 words (plus or minus 200 words) addressing the following key aspects:
Discuss the fit of your formal approach to security with the company’s values.
Discuss the role your approach would play in terms of governance in general.
Discuss the implications of legal and statutory requirements applicable to the case study. In the introduction, explain the benefits a Risk Management Plan can bring to a company and the steps you would go through to build one.
Include a discussion on the importance of Contingency Planning to the company (as detailed in the case study), as well as the risk analysis and cost-benefit-analysis mentioned.
Development of a Security Plan
List the threats, vulnerabilities, and attacks that your formal plan would manage.
Keep the focus on the company’s context.
Write a continuity plan and a business continuity plan for the case study.
In the conclusion, discuss the benefits derived from seeing Security Management as an ongoing process.
Case Study: “InnovateTech Solutions”
Company Overview: InnovateTech Solutions is an Australian SME specializing in cutting-edge AI and machine learning development, and data analytics consulting services. The company has been in operation for seven years and has quickly gained a reputation for delivering innovative, data-driven solutions to clients in finance, healthcare, and retail sectors. InnovateTech Solutions started with a core team of 8 data scientists and engineers and has rapidly grown to a workforce of 75, serving over 150 high-profile clients globally. The company currently operates from a vibrant single office in a major city but is actively planning to expand its operations by opening two new satellite offices in different international cities within the next 18 months to better serve its growing global client base and tap into new talent pools.
Growth and Current Operations: InnovateTech Solutions has experienced exponential growth over the past few years, largely driven by its proprietary AI algorithms and successful client project outcomes. The company is managed by its visionary co-founder, Dr. Emily Clarke, who has steered the company’s rapid expansion from a startup to a recognized leader in AI solutions. Dr. Clarke anticipates continued aggressive growth and is planning to acquire two smaller AI research firms in different countries to further enhance InnovateTech Solutions’ intellectual property and market reach.
IT Infrastructure: The company’s IT infrastructure is highly specialized and critical to its operations. Initially, it was managed by a small, agile IT team focused on supporting development environments. As the company grew, the complexity and sensitivity of its IT needs significantly increased. Currently, the IT department consists of three full-time staff members: Liam (Cloud Operations Lead), Sarah (Network Administrator), and David (Data Security Analyst). They are responsible for maintaining the company’s high-performance computing clusters, secure data lakes, and ensuring operational continuity for all client projects. Additionally, Maria, the Head of Research, frequently collaborates with the IT team to integrate new research platforms securely.
Challenges and Concerns: With the planned international expansion and the acquisition of new firms, Dr. Clarke foresees an urgent need to formalize and significantly enhance the company’s information security practices. The current approach to IT security, while effective for a smaller, centralized operation, has been somewhat informal and developed in an ad-hoc manner, heavily relying on the expertise of individual IT staff. Dr. Clarke is deeply concerned that this informal approach will not be sufficient to protect the company’s highly sensitive intellectual property, vast amounts of client data (which often includes personal and financial information), and its growing global operations from sophisticated cyber threats. The prospect of managing data across multiple international jurisdictions with varying data protection laws (e.g., GDPR, CCPA, local Asian privacy acts) is a major concern.
Your Role: You have recently been contracted as a specialist cybersecurity consulting firm to assess InnovateTech Solutions’ current information security posture and provide comprehensive recommendations for improvement. Dr. Clarke initiated your hiring, recognizing the critical need for a more structured, scalable, and globally compliant approach to information security. However, there has been some apprehension from parts of the current IT staff, who feel their existing agile methods are adequate and worry that formal policies might hinder rapid innovation.
Objectives: Dr. Clarke has asked your group to develop a detailed report that outlines how information security could be better managed at InnovateTech Solutions, with a particular focus on the challenges of international expansion and cross-jurisdictional data management. While the report should cover general information security principles, Dr. Clarke also wants you to focus on a specific, critical issue: the secure integration of newly acquired international firms, specifically addressing secure data migration, network interoperability, and ensuring compliance with relevant data privacy regulations across all entities. You are expected to create a comprehensive Risk Management Plan for this issue, including a thorough risk analysis, and provide a recommendation based on a detailed Cost-Benefit Analysis of your proposed solutions.
Mission Statement: InnovateTech Solutions is committed to leading innovation in AI and data analytics, delivering transformative insights to clients while upholding the highest standards of intellectual property protection, data security, and client privacy globally.
Current IT Setup: InnovateTech Solutions utilizes a sophisticated mix of commercial, open-source, and proprietary software products for its operations. This includes advanced AI/ML development platforms (e.g., TensorFlow, PyTorch), secure code repositories (e.g., GitHub Enterprise), project management software (e.g., Jira), collaborative productivity tools (e.g., Microsoft 365 E5 suite), specialized big data analytics tools (e.g., Apache Spark, Hadoop clusters), and an internal secure VoIP communication sys tem. The company’s infrastructure relies heavily on a hybrid cloud model, leveraging both private cloud infrastructure for sensitive data processing and major public cloud providers (e.g., AWS, Azure, Google Cloud) for scalable computing and data storage. Employees are provided with high-performance workstations and laptops, and secure remote access via Zero Trust Network Access (ZTNA) is enabled for all off-site work. All critical client data and intellectual property are stored in geo-redundant, encrypted cloud data lakes with automated backups. Email and collaboration services are hosted via Microsoft 365, with advanced threat protection enabled.
Next Steps: Your group’s task is to envision additional hardware, software, security frameworks, and information/data management procedures that would robustly support the company’s ambitious international expansion and acquisition plans, while ensuring unwavering information security practices and global regulatory compliance.
Instructions for Writing and Presentation (Group)
Part A: Report (2000 Words)
Report Structure
The report must include the following:
Assignment Cover Page. Use the cover sheet provided. Include the Title, Assignment number, Student Names and IDs, Subject. Crucially, on this page, each group member must write a one-sentence statement outlining their specific contribution to the report.
Microsoft Word “Cover Page”. Include the name of the report, who it has been prepared for, and the author(s).
Executive summary (1 paragraph: Who the report is for, scope/purpose of report; action required). Table of contents.
Body (Numerous headings and text at the writer’s discretion). This will include an introduction that describes the scope of the document and its structure.
A sign-off page – a page for the relevant parties to accept and approve the report.
References (List of works used in the document)/Bibliography (Materials relevant to the report, but not directly used).
Appendices for any other document you think could usefully be included.
Your report should be a comprehensive security management plan for InnovateTech Solutions, adhering to the specified report structure. Pay close attention to the following sections as they align with the marking criteria: Executive Summary: Summarize the entire document with key findings, who the report is for, its scope/purpose, and the action required.
Introduction: Introduce the report, explaining its creation and aligning your formal security approach with InnovateTech Solutions’ values and its role in overall governance. Discuss the implications of legal and statutory requirements applicable to the case study (e.g., GDPR, APPs), and explain the benefits and steps of a Risk Management Plan, including the importance of Contingency Planning, Risk Analysis, and Cost-Benefit Analysis for InnovateTech Solutions.
Description of the Model Used to Develop a Security Management Plan: Describe the security management plan you’ve developed, focusing on how it addresses the unique context of InnovateTech Solutions. This should include identifying and listing key threats, vulnerabilities, and attacks that your plan would manage, along with recommended risk mitigation strategies. This section should clearly present the cost-benefit analysis and impact of your proposed security measures. Additionally, you must write a comprehensive continuity plan and a business continuity plan specifically tailored for InnovateTech Solutions.
The Legal and Statutory Requirements That Will Be Addressed: Detail the specific legal and statutory requirements relevant to InnovateTech Solutions’ operations, especially considering its international expansion and data handling across various jurisdictions, and how your plan addresses these.
Describe the Cost-Benefit Analysis of Your Proposal: Provide a clear and detailed cost-benefit analysis of your entire security plan, justifying the proposed investments in security measures against the potential risks and their impacts.
Conclusion: Conclude your report by discussing the benefits derived from seeing Security Management as an ongoing process at InnovateTech Solutions and provide key methods and recommendations for ongoing security.
References/Bibliography: Provide a comprehensive list of all works used and any relevant materials. Appendices: Include any additional supporting documents or detailed data you deem useful.
The report should have a consistent, professional, and well-organized appearance. Also:
Ensure that the filename for your submission follows this format: YourGroupNumber.docx The assignment must adhere to the following formatting guidelines: 12-point font size, single line spacing, and clear section headings.
Reports must be submitted electronically as a single Microsoft Word document, through the Turnitin enabled submission link on the Learning Management System (LMS).
Submissions in zip file format will not be accepted.
Assignments submitted on the LMS will only be accepted. Submission of assignments through email is not acceptable.
Note: All work is due by the due date and time. Late submissions will be penalized at 20% of the assessment final grade per day, including weekends. You cannot make re-submissions after the cut-off date.
Part B: Presentation (Group)
This is a group presentation, with only one presentation per group allowed.
Presentation Duration: Each group member must present for 2-3 minutes.
All members must present in person at the designated campus during Week 13. Failure to attend and present in person will result in a zero grade for that assessment.
Recording: You must record the video using a PowerPoint presentation (with narration/video of presenters) or Zoom. All group members must appear in the video.
Submission File Size: Your submission file size should be below 100MB.
Submission Responsibility: The group leader is responsible for submitting the recorded video. Failure to comply with these instructions will result in 0 marks for the presentation.
Marking Criteria/Rubric
You will be assessed on the following marking criteria/Rubric:
Marking Guide: 30 Marks Part A: Report (Group)
Task Description Marks Executive Summary Summarize the entire document with key findings. 2
Introductions Introduce the report – “how come this report was
3
created?”
The legal and statutory requirements that will be addressed
Describe the cost-benefit analysis of your proposal
Describe the legal and statutory requirements with
5
regard to the case study
Describe the cost-benefit analysis of your security
5
plan
Conclusion Conclude your report with key methods and
2
recommendations
Marking Guide: 20 Marks Part B:
Presentation (Group)
Task Description Marks
Present your Security Plan Describe the security plan you developed from the
15
case study
Leave A Comment