COMP3371Cyber SecurityAssignment 1Semester 1 2015/16

Words: 2000

Weighting: 50%Learning Outcomes Assessed: 2, 3Submission date: 12/11/2015Module Leader: Richard HensonVerified by: Dr. P. MoodyElectronic copy available: Blackboard Learning System and RH’s website

If anything about this assignment is not clear to you, please contact the module leader: r.henson@worc.ac.uk

Students are expected to plan their time and work to manage their overall assessment workload.

Scenario

An employee of the microbusiness Moor-4-U has informally approached you because she is worried about her organisation’s security. She is worried about outsourcing of IT and new employees with average data management skills. She thinks the management is too trusting of their business partners and employees but has been told not to worry… that hackers are only interested in larger organisations and Government computers.

You feel that this is putting you in a difficult position, so you do the professional thing and approach senior management direct, excluding the interaction with a third party. You request a meeting to discuss “recent developments in information security policy making for SMEs”. Whilst you are waiting for a reply, you decide to prepare a response.

Assignment task(s)With regard to the scenario above, this assignment report will be your response to the above. You cannot be specific about Moor-4-U because you officially don’t know they have a problem. Also, you may wish to use your response as a template for advising other SMEs. Your response should:

1. Explain how the management of an SME in 2015, engaging in the Information Society, can be dangerously complacent in their attitude to security.

2. Explain a strategy for developing a message for staff regarding information security that can effectively used

3. Explain how this strategy could be summarised as an Information Security policy, and what that policy might contain (give an example).

4. Explain a strategy for getting the message effectively spread across all employees

5. Include a set of tools and techniques that can be used by technical staff to support implementation of an Information Security policy

6. Include referencing as appropriate in the Harvard format.

Assessment briefingThis document provides details of the assessment. There will also be an oral briefing conducted week 3. There is also an assessment Q&A Page on Blackboard

Assessment criteriaIn addition to the general points that apply to all assessed work as outlined in the Course Handbook, the following specific criteria will be used for this work:

Explanation of the current issue of SMEs and their level of attention to Cyber Security matters Appropriateness of advice on developing a strategy Quality of example information security policy Plan for raising awareness of employees Tools and techniques introduced and usefulness of each to the company explained Referencing, using the Harvard system (see the link to ‘Referencing’ from http://www.worc.ac.uk/studyskills for more information.)

Grade DescriptorA band work would be expected to be of appropriate length, include a degree of analysis and evaluation to address the assignment brief as well as including factual explanation. Typically, at least six relevant, and mostly up-to-date references should be included, and cited appropriately.B band work would be mostly as above but lacking in one or more of the analysis, evaluation, and referencing factors. Typically, at least four relevant and mostly up-to-date references should be included, and cited appropriately.C band work might be lacking analysis and evaluation, or lacking in factual content in one of the assessment criteria listed for this assignment. It may also be of slightly inappropriate length, and have fewer than four relevant and up-to-date references.D band work might be lacking analysis and evaluation, or lacking in factual content in two of the assessment criteria listed for this assignment. It may have strayed considerably from the recommended word length and conventional method of referencing, but some referencing may have been included.

Specific criteria are in the Grading Matrix for this assignment attached below. You should include the grading matrix at the front of your assignment when submitting.

Assessment feedback Feedback is provided in an ongoing basis over the course of the module (see “Types of Feedback on my Module” slides on Blackboard and Assessment & Feedback section in the Module Outline).

Formative Feedback opportunity

Your opportunity to receive written feedback will be until on Thursday November 5th 2015 before 3pm. You can submit up to 20% of your Word document via email with your student number. You will receive written feedback on the document itself in the form of comments also via email. Seek out as much feedback as you can, it is your responsibility to initiate it and helps you get at issues that need attention early on. Students who do this always achieve higher marks than those who don’t fully participate in the process because they have continued to improve their work.

Handing in and returnWork must be word-processed/typed and should clearly show your student number.  You are required to keep a copy of work handed in.  You should submit your work electronically via SOLE by the 3pm deadline on Thursday, 12/11/15. The return date for this assignment is electronically via SOLE on Thursday, 10/12/15. 

See the University’s guide to uploading and submitting assessment items at the University of Worcester via SOLE in under 60 seconds on You Tube http://youtu.be/yAEnTkVchMg.

If for any reason the systems are down, email your work to solehelp@worc.ac.uk before the deadline just to be on the safe side. You may also email your tutor before the deadline. Providing that the documents emailed are the final copy, these emails will be treated as on time submission. You can then submit to the required system when it is working again. With technology sometimes, things can go wrong; these are back-up safeguards.

Turnitin

For this assignment, please put your work through Turnitin to generate an originality report. You should include a print screen of the part of the Turnitin report showing the overall similarity percentage at the front of your assignment file and submit it with your work. In the event of problems with Turnitin, you should submit your work on time as normal but without the Turnitin report/screen dump, and then e-mail the Turnitin report to your module tutor as soon as possible when Turnitin is back working properly. Use the website submit.ac.uk. You will have to set up a class and id and password. Include below here:

Class ID: 2987613Password: computer

Technical support is available by emailing eos@worc.ac.uk

Late submission of workI t is essential that you submit your work, in order to be able to pass the module . Work which is submitted late will be subject to grade penalties as below.

Students who submit course work late but within 5 days of the due date will have work marked, but the grade will be capped at the minimum pass grade unless an application for mitigating circumstances is accepted.

Students who submit work later than 5 days but within 14 days of the due date will not have work marked unless they have submitted a valid claim of mitigating circumstances.

For full details of submission regulations see Undergraduate Regulatory Framework at http://www.worcester.ac.uk/registryservices/documents/UndergraduateRegulatoryFramework2007entry.pdf

Full details of Procedures for Dealing with Exceptional Mitigating Circumstances are available at http://www.worcester.ac.uk/registryservices/679.htm

Academic Dishonesty WarningPlease note the regulations on academic dishonesty (cheating), in particular

the inclusion in your assignments of un-attributed material taken from other sources; all assignments are individual unless otherwise stated in the assignment brief, so co-operation with other students that results in

identical material appearing in the work of more than one student is not acceptable.  Be assured that every effort will be taken to deal with you fairly, but remember that there are strict rules concerning cheating. You will find further details in your Course Handbook accessible via SOLE and at http://www.worcester.ac.uk/registryservices/documents/Proceduresforinvestigationofallegedcheating.pdf .

Word Limits: The word limit does not include the reference list, computer programme code listings, tables, diagrams or reasonably short appendices, but will include quotations, citations and the captions to tables and diagrams. The following penalties can be applied to work which exceeds the stated word limit:

Up to 10% over: no penalty 10% to 20% over: one grade point penalty (e.g. B+ to B) 20% to 30% over: two grade points penalty (e.g. B+ to B-) More than 30% over: three grade points penalty (e.g. B+ to C+)

ReassessmentIn the event you are required to take reassessment you will receive formal notification of this via a letter from Registry Services posted on the SOLE page after the meeting of the Board of Examiners. The letter will normally include a copy of the reassessment task(s). Deadlines for re-assessment can be found in the University Calendar at http://www.worcester.ac.uk/registryservices/655.htm

If there is anything about the current assignment that you don’t understand, please contact the module tutor

Student Number:

Academic Year and Semester: Sem 1

Module Title:

Cyber Security

Module Code:

COMP3371

Assignment Weighting:

50%

Assignment No:

1

Occurrence:

Assessment Criteria

Explain how the management of an SME in 2015, engaging in the Information Society, can be dangerously complacent in their attitude to security.

Explain a strategy for developing a message for staff regarding information security that can effectively used

Explain how this strategy could be summarised as an Information Security policy, and what that policy might contain (give an example).

Explain a strategy for getting the message effectively spread across all employees

Include a set of tools and techniques that can be used by technical staff to support implementation of an Information Security policy

Include referencing as appropriate in the Harvard format.

Assignment 1 - Assessment Criteria

GRADE

Explain how the management of an SME in 2015, engaging in the Information Society, can be dangerously complacent in their attitude to security.

Explain a strategy for developing a message for staff regarding information security that can effectively used

Explain how this strategy could be summarised as an Information Security policy, and what that policy might contain (give an example).

Explain a strategy for getting the message effectively spread across all employees

Include a set of tools and techniques that can be used by technical staff to support implementation of an Information Security policy

Referencing, using the Harvard system

A Detailed explanation of the online trading

Very detailed strategy identifying

Excellent Excellent dissemination

Full range of security

environment, cyber crime, SME priorities, and public perceptions of who, what is at risk, and any other relevant matters

all cyber security matters that could impact on the success of any online business

information security policy that maps well with suggested strategy

strategy through appropriately explained communication channels

enhancement tools discussed, with purpose clearly explained in each case

Typically, at least six relevant, and mostly up-to-date references should be included, and cited appropriately

B Explanations including: online trading environment, cyber crime, SME priorities, and public perceptions of who, and what is at risk, and any other relevant matters

Quite detailed strategy identifying all cyber security matters that could impact on the success of any online business

Good information security policy that maps reasonably well with suggested strategy

Good dissemination strategy through appropriately explained communication channels

Good range of security enhancement tools discussed, with purpose clearly identified in each case

Typically, at least four relevant and mostly up-to-date references should be included, and cited appropriately.

C More descriptive accounts of factors including online trading environment, cyber crime, SME priorities, and public perceptions of who, and what is at risk,

Useful strategy identifying most of the cyber security matters that could impact on the success of any online business

Workable information security policy that maps reasonably well with most of the suggested strategy

Workable dissemination strategy through appropriately explained communication channels

Reasonable number of security enhancement tools discussed, with some identification of purpose in each case

Fewer than four relevant and up-to-date references, cited appropriately.

D Highly descriptive, but still useful account of many of

Useful strategy identifying most of the cyber security

Information security policy that loosely fits with some of the suggested strategy

Poorly defined dissemination strategy with

Named security enhancement tools discussed, but

Some referencing in use, but no Harvard and not appropriately cited.

the factors involved matters that could impact on the success of any

somewhat confused communication channels

purposes not explained in sufficient detail

Fail (E-G)

Superficial account naming, describing some factors only

Highly superficial attempt at strategy identifying few cyber security matters that could impact on the business

Superficial policy which doesn’t really address the needs identified in the strategy.

Superficial and ill thought out dissemination strategy with little regard for communication channels

Too few tools/techniques, and not enough attention to purpose of each

Shows a lack of understanding of the purpose of referencing and makes no attempt to use any time of end-of-document linking to external sources