Web viewCyber Security. Assignment 1. Semester 1 ... If anything about this assignment is not ......
Transcript of Web viewCyber Security. Assignment 1. Semester 1 ... If anything about this assignment is not ......
COMP3371Cyber SecurityAssignment 1Semester 1 2015/16
Words: 2000
Weighting: 50%Learning Outcomes Assessed: 2, 3Submission date: 12/11/2015Module Leader: Richard HensonVerified by: Dr. P. MoodyElectronic copy available: Blackboard Learning System and RH’s website
If anything about this assignment is not clear to you, please contact the module leader: [email protected]
Students are expected to plan their time and work to manage their overall assessment workload.
Scenario
An employee of the microbusiness Moor-4-U has informally approached you because she is worried about her organisation’s security. She is worried about outsourcing of IT and new employees with average data management skills. She thinks the management is too trusting of their business partners and employees but has been told not to worry… that hackers are only interested in larger organisations and Government computers.
You feel that this is putting you in a difficult position, so you do the professional thing and approach senior management direct, excluding the interaction with a third party. You request a meeting to discuss “recent developments in information security policy making for SMEs”. Whilst you are waiting for a reply, you decide to prepare a response.
Assignment task(s)With regard to the scenario above, this assignment report will be your response to the above. You cannot be specific about Moor-4-U because you officially don’t know they have a problem. Also, you may wish to use your response as a template for advising other SMEs. Your response should:
1. Explain how the management of an SME in 2015, engaging in the Information Society, can be dangerously complacent in their attitude to security.
2. Explain a strategy for developing a message for staff regarding information security that can effectively used
3. Explain how this strategy could be summarised as an Information Security policy, and what that policy might contain (give an example).
4. Explain a strategy for getting the message effectively spread across all employees
5. Include a set of tools and techniques that can be used by technical staff to support implementation of an Information Security policy
6. Include referencing as appropriate in the Harvard format.
Assessment briefingThis document provides details of the assessment. There will also be an oral briefing conducted week 3. There is also an assessment Q&A Page on Blackboard
Assessment criteriaIn addition to the general points that apply to all assessed work as outlined in the Course Handbook, the following specific criteria will be used for this work:
Explanation of the current issue of SMEs and their level of attention to Cyber Security matters Appropriateness of advice on developing a strategy Quality of example information security policy Plan for raising awareness of employees Tools and techniques introduced and usefulness of each to the company explained Referencing, using the Harvard system (see the link to ‘Referencing’ from http://www.worc.ac.uk/studyskills for more information.)
Grade DescriptorA band work would be expected to be of appropriate length, include a degree of analysis and evaluation to address the assignment brief as well as including factual explanation. Typically, at least six relevant, and mostly up-to-date references should be included, and cited appropriately.B band work would be mostly as above but lacking in one or more of the analysis, evaluation, and referencing factors. Typically, at least four relevant and mostly up-to-date references should be included, and cited appropriately.C band work might be lacking analysis and evaluation, or lacking in factual content in one of the assessment criteria listed for this assignment. It may also be of slightly inappropriate length, and have fewer than four relevant and up-to-date references.D band work might be lacking analysis and evaluation, or lacking in factual content in two of the assessment criteria listed for this assignment. It may have strayed considerably from the recommended word length and conventional method of referencing, but some referencing may have been included.
Specific criteria are in the Grading Matrix for this assignment attached below. You should include the grading matrix at the front of your assignment when submitting.
Assessment feedback Feedback is provided in an ongoing basis over the course of the module (see “Types of Feedback on my Module” slides on Blackboard and Assessment & Feedback section in the Module Outline).
Formative Feedback opportunity
Your opportunity to receive written feedback will be until on Thursday November 5th 2015 before 3pm. You can submit up to 20% of your Word document via email with your student number. You will receive written feedback on the document itself in the form of comments also via email. Seek out as much feedback as you can, it is your responsibility to initiate it and helps you get at issues that need attention early on. Students who do this always achieve higher marks than those who don’t fully participate in the process because they have continued to improve their work.
Handing in and returnWork must be word-processed/typed and should clearly show your student number. You are required to keep a copy of work handed in. You should submit your work electronically via SOLE by the 3pm deadline on Thursday, 12/11/15. The return date for this assignment is electronically via SOLE on Thursday, 10/12/15.
See the University’s guide to uploading and submitting assessment items at the University of Worcester via SOLE in under 60 seconds on You Tube http://youtu.be/yAEnTkVchMg.
If for any reason the systems are down, email your work to [email protected] before the deadline just to be on the safe side. You may also email your tutor before the deadline. Providing that the documents emailed are the final copy, these emails will be treated as on time submission. You can then submit to the required system when it is working again. With technology sometimes, things can go wrong; these are back-up safeguards.
Turnitin
For this assignment, please put your work through Turnitin to generate an originality report. You should include a print screen of the part of the Turnitin report showing the overall similarity percentage at the front of your assignment file and submit it with your work. In the event of problems with Turnitin, you should submit your work on time as normal but without the Turnitin report/screen dump, and then e-mail the Turnitin report to your module tutor as soon as possible when Turnitin is back working properly. Use the website submit.ac.uk. You will have to set up a class and id and password. Include below here:
Class ID: 2987613Password: computer
Technical support is available by emailing [email protected]
Late submission of workI t is essential that you submit your work, in order to be able to pass the module . Work which is submitted late will be subject to grade penalties as below.
Students who submit course work late but within 5 days of the due date will have work marked, but the grade will be capped at the minimum pass grade unless an application for mitigating circumstances is accepted.
Students who submit work later than 5 days but within 14 days of the due date will not have work marked unless they have submitted a valid claim of mitigating circumstances.
For full details of submission regulations see Undergraduate Regulatory Framework at http://www.worcester.ac.uk/registryservices/documents/UndergraduateRegulatoryFramework2007entry.pdf
Full details of Procedures for Dealing with Exceptional Mitigating Circumstances are available at http://www.worcester.ac.uk/registryservices/679.htm
Academic Dishonesty WarningPlease note the regulations on academic dishonesty (cheating), in particular
the inclusion in your assignments of un-attributed material taken from other sources; all assignments are individual unless otherwise stated in the assignment brief, so co-operation with other students that results in
identical material appearing in the work of more than one student is not acceptable. Be assured that every effort will be taken to deal with you fairly, but remember that there are strict rules concerning cheating. You will find further details in your Course Handbook accessible via SOLE and at http://www.worcester.ac.uk/registryservices/documents/Proceduresforinvestigationofallegedcheating.pdf .
Word Limits: The word limit does not include the reference list, computer programme code listings, tables, diagrams or reasonably short appendices, but will include quotations, citations and the captions to tables and diagrams. The following penalties can be applied to work which exceeds the stated word limit:
Up to 10% over: no penalty 10% to 20% over: one grade point penalty (e.g. B+ to B) 20% to 30% over: two grade points penalty (e.g. B+ to B-) More than 30% over: three grade points penalty (e.g. B+ to C+)
ReassessmentIn the event you are required to take reassessment you will receive formal notification of this via a letter from Registry Services posted on the SOLE page after the meeting of the Board of Examiners. The letter will normally include a copy of the reassessment task(s). Deadlines for re-assessment can be found in the University Calendar at http://www.worcester.ac.uk/registryservices/655.htm
If there is anything about the current assignment that you don’t understand, please contact the module tutor
Student Number:
Academic Year and Semester: Sem 1
Module Title:
Cyber Security
Module Code:
COMP3371
Assignment Weighting:
50%
Assignment No:
1
Occurrence:
Assessment Criteria
Explain how the management of an SME in 2015, engaging in the Information Society, can be dangerously complacent in their attitude to security.
Explain a strategy for developing a message for staff regarding information security that can effectively used
Explain how this strategy could be summarised as an Information Security policy, and what that policy might contain (give an example).
Explain a strategy for getting the message effectively spread across all employees
Include a set of tools and techniques that can be used by technical staff to support implementation of an Information Security policy
Include referencing as appropriate in the Harvard format.
Assignment 1 - Assessment Criteria
GRADE
Explain how the management of an SME in 2015, engaging in the Information Society, can be dangerously complacent in their attitude to security.
Explain a strategy for developing a message for staff regarding information security that can effectively used
Explain how this strategy could be summarised as an Information Security policy, and what that policy might contain (give an example).
Explain a strategy for getting the message effectively spread across all employees
Include a set of tools and techniques that can be used by technical staff to support implementation of an Information Security policy
Referencing, using the Harvard system
A Detailed explanation of the online trading
Very detailed strategy identifying
Excellent Excellent dissemination
Full range of security
environment, cyber crime, SME priorities, and public perceptions of who, what is at risk, and any other relevant matters
all cyber security matters that could impact on the success of any online business
information security policy that maps well with suggested strategy
strategy through appropriately explained communication channels
enhancement tools discussed, with purpose clearly explained in each case
Typically, at least six relevant, and mostly up-to-date references should be included, and cited appropriately
B Explanations including: online trading environment, cyber crime, SME priorities, and public perceptions of who, and what is at risk, and any other relevant matters
Quite detailed strategy identifying all cyber security matters that could impact on the success of any online business
Good information security policy that maps reasonably well with suggested strategy
Good dissemination strategy through appropriately explained communication channels
Good range of security enhancement tools discussed, with purpose clearly identified in each case
Typically, at least four relevant and mostly up-to-date references should be included, and cited appropriately.
C More descriptive accounts of factors including online trading environment, cyber crime, SME priorities, and public perceptions of who, and what is at risk,
Useful strategy identifying most of the cyber security matters that could impact on the success of any online business
Workable information security policy that maps reasonably well with most of the suggested strategy
Workable dissemination strategy through appropriately explained communication channels
Reasonable number of security enhancement tools discussed, with some identification of purpose in each case
Fewer than four relevant and up-to-date references, cited appropriately.
D Highly descriptive, but still useful account of many of
Useful strategy identifying most of the cyber security
Information security policy that loosely fits with some of the suggested strategy
Poorly defined dissemination strategy with
Named security enhancement tools discussed, but
Some referencing in use, but no Harvard and not appropriately cited.
the factors involved matters that could impact on the success of any
somewhat confused communication channels
purposes not explained in sufficient detail
Fail (E-G)
Superficial account naming, describing some factors only
Highly superficial attempt at strategy identifying few cyber security matters that could impact on the business
Superficial policy which doesn’t really address the needs identified in the strategy.
Superficial and ill thought out dissemination strategy with little regard for communication channels
Too few tools/techniques, and not enough attention to purpose of each
Shows a lack of understanding of the purpose of referencing and makes no attempt to use any time of end-of-document linking to external sources