SEC301 – Information Security Management and Governance
ISM Assignment 2015
Establishing Security Policy and Promoting Awareness
- To research and produce recommendations in relation to an area of relevance to Information Security Managers. Research to be conducted utilising traditional sources (books, journals, articles etc.) as well as the Internet.
- Production of a report of no more than 3,500 words, including a proposed security policy (max. one page).
Topic and tasks
Security surveys frequently indicate a disparity in the attention that organisations direct towards technical controls and that focused upon policy and awareness. While the former are often well supported, efforts in the latter areas may more typically be lacking. This is particularly true with awareness raising, such the even if a related policy does exist, staff can often receive little support in understanding and complying with it.
This assignment requires you to identify a specific security issue that you believe to be of relevance to Plymouth University, and then to devise an associated policy and awareness-raising strategy to support it. In producing this material you should:
- Research and evidence the significant/relevance of your target issue, drawing upon (and citing) appropriate literature sources to support your case.
- Justify the aspects that you believe should be part of a related policy for users (staff and/or students) in a university context.
- Write the policy itself, in the manner (i.e. wording and length) that you would expect it to be presented to its target audience. In doing so, please remember that there is a distinction between setting policy and providing guidance, and keep in mind which one you are writing. Please note that the policy should not exceed one page in length.
- Discuss and justify the ways in which it could be best promoted. In doing so, you should give consideration to issues of likely cost and practicality in a university context.
Possible policy areas that you may consider include (but are not limited to) use of:
- mobile devices
- social networking services
- data encryption
- general Internet access
- cloud data storage services
Note that you are required to address ONE policy topic, rather than a whole series.
Given that policies of this nature can already be found for Plymouth and other academic institutions, you are NOT expected to simply take one ‘off the shelf’ and present it as a solution. Your work needs to analyse the associated topic area and justify the policy aspects that you believe should result.
You should give appropriate consideration to the presentation and structure of your report, and the use of appropriate referencing of sources in order to support the points you are making. Marks will be gained for including appropriate introduction and concluding sections, as well as for appropriate use of figures and tables that can usefully accompany and support the text.
This is an individual assignment and your overall submission will be assessed based on the following criteria:
- Significance of target issue 30%
- Policy justification 15%
- Policy document 20%
- Awareness-raising strategy 20%
- Report presentation, structure and referencing 15%
This assignment represents 50% of the overall module mark.
Threshold Criteria (please note that these are indicative only)
- To achieve a pass (40%+) you must discuss the topic, present basic evidence in terms of factual statements and answer the majority of the stated requirements.
- To achieve a 2.2 mark (50%+), you must consider the majority of issues presented in the assignment brief and present a degree of evidenced discussion based upon a range of sources.
- To achieve a 2.1 mark (60%+), you must consider all issues presented in the assignment brief and draw upon evidence from a range of sources with evaluation/discussion.
- To achieve a 1st class mark (70%+), you must conduct a thorough review and full analysis of the topic, drawing upon a range of academically credible sources. You must demonstrate an understanding of the domain and any related issues they present.
Deadline: 4pm on 17th December
- You must submit your report via the DLE. Your submission must be made by the specified deadline.
- You should give due consideration to your personal time management to ensure that coursework is submitted in plenty of time prior to the deadline.
- Coursework can be submitted at any time ahead of the deadline.
- Please note that work submitted late without valid extenuating circumstances will be penalised. Work submitted within 24 hours after the deadline will receive a mark, but it will be capped at the normal pass mark for that module. Work submitted more than 24 hours after the official deadline will receive an automatic mark of zero.
· The report that you present should be supported (where relevant) by appropriate evidence. Any such information that you present must be appropriately cited and referenced in your report – if you are unfamiliar with referencing style, then a Google search for ‘Harvard referencing’ will help to enlighten you.
Although you will be expected to make significant use of printed and online literature in researching and producing your materials, it is not acceptable for you to simply cut and paste material from other sources (small quotes are acceptable, but they must be clearly indicated as being quotes and the source must be referenced appropriately).
Steve Furnell, October 2015
Place your order now to enjoy great discounts on this or a similar topic.
People choose us because we provide:
Essays written from scratch, 100% original,
Delivery within deadlines,
Competitive prices and excellent quality,
24/7 customer support,
Priority on their privacy,
Unlimited free revisions upon request, and
Plagiarism free work,