questions attached

Page 1 of 6

[1514]

COM7005

Information Security Strategy Development

Assignment: Part 2

Date for Submission: Please refer to the timetable on ilearn

(The submission portal on ilearn will close at 14.00 UK time on the date

of submission)

Page 2 of 6
[1514]

Assignment Brief

As part of the formal assessment for the programme you are required to submit an

Information Security Strategy Development assignment. Please refer to your Student

Handbook for full details of the programme assessment scheme and general information on

preparing and submitting assignments.

Learning Outcomes:

After completing the module, you should be able to:

1) Evaluate the basic external and internal threats to electronic assets and

countermeasures to thwart such threats by utilising relevant standards and best

practice guidelines.

2) Analyse the legalities of computer forensics phases and the impact of the legal

requirements on the overall information security policy.

3) Critically assess the boundaries between the different service models (SaaS, PaaS,

IaaS) and operational translations (i.e. cloud computing) and to identify the associated

risks.

4) Critically investigate a company information security strategy to provide consultation

and coaching through reporting and communication.

5) Assess, compare and judge computer media for evidentiary purposes and/or root

cause analysis.

6) Apply relevant standards, best practices and legal requirements for information security

to develop information security policies.

7) Lifelong Learning: Manage employability, utilising the skills of personal development

and planning in different contexts to contribute to society and the workplace.

Your assignment should include: a title page containing your student number, the module

name, the word count; the appendices if relevant; and a reference list in Arden University

(AU) Harvard format. You should address all the elements of the assignment task listed

below. Please note that tutors will use the assessment criteria set out below in assessing

your work.

Maximum word count: 2,500 words

Page 3 of 6
[1514]

Please note that exceeding the word count by over 10% will result in a reduction in grade by

the same percentage that the word count is exceeded.

You must not include your name in your submission because Arden University operates

anonymous marking, which means that markers should not be aware of the identity of the

student. However, please do not forget to include your STU number.

Page 4 of 6
[1514]

Assignment Task: Part 2

This assignment is worth 50% of the total marks for the module.

1) A Denial of Service attack (DoS) represents one of the most widespread types of

cyber-threats to businesses of all sizes. DoS prevents users of an online IT system

from accessing vital services for an extended period of time, creating both financial and

reputational losses for the affected company. Many DoS attacks have blocked websites

of private, public and government organisations from serving their clients, customers

and partners for hours or even days. Addressing corporate vulnerability to DoS attacks

is now becoming more and more critical due to the growing adoption of cloud-based

architectures and information sharing platforms. As such, a consideration of DoS

related risks should be placed at the core of any information security strategy.

Critically analyse the most typical scenarios leading to the increased exposure to DoS

attacks. Suggest specific counter-measures which could be incorporated to the

corporate information security strategy. These should include:

a) infrastructures to minimise the likelihood of the occurrence of such an event

(preventive approach)

b) mechanisms to mitigate the issues created by the occurrence of such an event

(the reactive approach)

c) policies which recognise this threat as an overall business risk rather than merely

technical risk.

(70 marks)

(LOs 1, 4, 5, 6 & 7)

2) Using WinHex or a similar tool, try to load your operating system swap file for digital

forensics investigation. Report your findings about:

a) Recovered deleted files

b) Extracting used passwords

(30 marks)

(LO2)

Page 5 of 6
[1514]

Formative Feedback

You have the opportunity to submit your answer draft to receive formative feedback.

The feedback is designed to help you develop areas of your work and it helps you develop

your skills as an independent learner.

Your work must be submitted to your tutor at least two weeks prior to the assessment

submission date. This is to allow time for you to reflect on the feedback and draft your final

submission.

Formative feedback will not be given to work submitted after the above date.

Guidelines:

You MUST underpin your analysis and evaluation of the key issues with appropriate and

wide ranging academic research and ensure this is referenced using the AU Harvard system.

The My Study Skills Area on iLearn contains useful resources relating to referencing.

You must use the AU Harvard Referencing method in your assignment.

Additional notes:

Students are required to indicate the exact word count on the title page of the assessment.

The word count excludes the title page, tables, figures, diagrams, footnotes, reference
list and appendices. Where assessment questions have been reprinted from the
assessment brief these will also be excluded from the word count. ALL other printed words
ARE included in the word count See ‘Word Count Policy’ on the homepage of this module
for more information.

Submission Guidance

Assignments submitted late will not be accepted and will be marked as a 0% fail.

Your assessment should be submitted as a single Word (MS Word) or PDF file. For more

information please see the “Guide to Submitting an Assignment” document available on the

module page on iLearn.

You must ensure that the submitted assignment is all your own work and that all sources

used are correctly attributed. Penalties apply to assignments which show evidence of

academic unfair practice. (See the Student Handbook which is on the homepage of your

module and also in the Induction Area).

Page 6 of 6

Assessment Criteria (Learning objectives covered – all)

Level 7 is characterised by an expectation of students’ expertise in their specialism. Students are semi-autonomous, demonstrating independence in the negotiation of assessment

tasks (including the major project) and the ability to evaluate, challenge, modify and develop theory and practice. Students are expected to demonstrate an ability to isolate and

focus on the significant features of problems and to offer synthetic and coherent solutions, with some students producing original or innovative work in their specialism that is

potentially worthy of publication by Arden University. A clear appreciation of ethical considerations (as appropriate) is also a prerequisite.

Grade
Mark

Bands
Generic Assessment Criteria

Distinction 70%+

Excellent analysis of key issues and concepts/. Excellent development of conceptual structures and argument, making consistent use of scholarly

conventions. Excellent research skills, independence of thought, an extremely high level of intellectual rigour and consistency, exceptional expressive /

professional skills, and substantial creativity and originality. Excellent academic/intellectual skills. Work pushes the boundaries of the discipline and

demonstrates an awareness of relevant ethical considerations. Work may be considered for publication by Arden university

Merit 60-69%

Very good level of competence demonstrated. High level of theory application. Very good analysis of key issues and concepts. Development of

conceptual structures and argument making consistent use of scholarly conventions. Some evidence of original thought and a general awareness of

relevant ethical considerations

Pass 50-59%

A satisfactory to good performance. Basic knowledge of key issues and concepts. Generally descriptive, with restricted analysis of existing scholarly

material and little argument development. Use of scholarly conventions inconsistent. The work lacks original thought. Some awareness of relevant

ethical considerations. Satisfactory professional skills (where appropriate).

Marginal

Fail
40-49%

Limited research skills impede use of learning resources and problem solving.

Significant problems with structure/accuracy in expression. Very weak academic / intellectual / professional skills. Limited use of scholarly conventions.

Errors in expression and the work may lack structure overall.

Fail
39% and

below

A poor performance in which there are substantial gaps in knowledge and understanding, underpinning theory and ethical considerations.

Little evidence of research skills, use of learning resources and problem solving. Major problems with structure/ accuracy in expression.

Professional skills not present. Very weak academic / intellectual / professional skills. No evidence of use of scholarly conventions

Page 1 of 6

[377]

COM7005D

Information Security Strategy

Development

Assignment: Part 1

Date for Submission: Please refer to the timetable on ilearn

(The submission portal on ilearn will close at 14.00 UK time on the date

of submission)

Page 2 of 6
[377]

Assignment Brief

As part of the formal assessment for the programme you are required to submit an

Information Security Strategy Development assignment. Please refer to your Student

Handbook for full details of the programme assessment scheme and general information on

preparing and submitting assignments.

Learning Outcomes:

After completing the module, you should be able to:

1) Evaluate the basic external and internal threats to electronic assets and

countermeasures to thwart such threats by utilising relevant standards and best

practice guidelines.

2) Analyse the legalities of computer forensics phases and the impact of the legal

requirements on the overall information security policy.

3) Critically assess the boundaries between the different service models (SaaS, PaaS,

IaaS) and operational translations (i.e. cloud computing) and to identify the associated

risks.

4) Critically investigate a company information security strategy to provide consultation

and coaching through reporting and communication.

5) Assess, compare and judge computer media for evidentiary purposes and/or root

cause analysis.

6) Apply relevant standards, best practices and legal requirements for information security

to develop information security policies.

7) Lifelong Learning: Manage employability, utilising the skills of personal development

and planning in different contexts to contribute to society and the workplace.

Your assignment should include: a title page containing your student number, the module

name, the submission deadline and a word count; the appendices if relevant; and a

reference list in Arden University (AU) Harvard format. You should address all the elements

of the assignment task listed below. Please note that tutors will use the assessment criteria

set out below in assessing your work.

Maximum word count: 2,500 words

Please note that exceeding the word count will result in a reduction in grade proportionate to

the number of words used in excess of the permitted limit.

You must not include your name in your submission because Arden University operates

anonymous marking, which means that markers should not be aware of the identity of the

student. However, please do not forget to include your STU number.

Page 3 of 6
[377]

Assignment Task: Part 1

This assignment is worth 50% of the total marks for the module.

Using your current or previous workplace1 as the case study, please answer the

following:

1) Critically analyse the different types of software acquisition models and try to relate that

to those systems you are using at your workplace. [LO3]

(10 marks)

2) Do you have a handbook that describes the policies, processes, and procedures in

place? Evaluate the security strategy in that handbook for network activity monitoring,

for instance? What are the issues missing in the handbook? You need to discuss the

legal issues raised by this handbook as many companies consider a handbook as part

of the contract. [LO4]

(20 marks)

3) What is the information security strategic plan in place and how it is implemented?

[LO4, LO6]

(10 marks)

4) Analyse the external and internal threats to information systems in your workplace and

show how your security strategy should protect against those threats. Report your risk

assessment methodology in a flowchart-like figure. You can have a look at Stoneburner

(2002) work to understand how you should relate all the activities together. Please do

not copy the work from (Stoneburner, 2002) as you need to compile your own risk

assessment methodology as part of your security strategy plan. You also need to

discuss how you are going to manage the identified risks. [LO1, LO5]

(20 marks)

5) Critically analyse the access control strategy? If you are to rewrite that part of your

security plan, what would you change? Why? What sort of a strategy you will use here?

proactive or reactive? Justify your answer. [LO4, LO6]

(20 marks)

6) What do you recommend for a proper incident management strategy? How would you

implement it? Hint: Stakeholders and role responsibilities. [LO4, LO6, LO7]

(10 marks)

7) Compile a brief security strategy that suits the business requirements as well as the

security requirements of this workplace. [LO4, LO6, LO7]

(10 marks)

1 If you don’t have one, please relate your answers to any other contexts such as your previous university, school, etc.

Page 4 of 6
[377]

References:

Stoneburner, G., Goguen, A.Y. and Feringa, A., 2002. Sp 800-30. risk management guide for

information technology systems.

Formative Feedback

You have the opportunity to submit your answer draft to receive formative feedback.

The feedback is designed to help you develop areas of your work and it helps you develop

your skills as an independent learner.

If you are a distance learning student, you should submit your work, by email, to your tutor,

no later than 2 weeks before the actual submission deadline. If you are a blended learning

student, your tutor will give you a deadline for formative feedback and further details.

Formative feedback will not be given to work submitted after the above date or the date

specified by your tutor – if a blended learning student.

Guidelines:

You MUST underpin your analysis and evaluation of the key issues with appropriate and
wide ranging academic research and ensure this is referenced using the AU Harvard system.
The My Study Skills Area contains the following useful resources:

Guide to Harvard Referencing

http://moodle.bl.rdi.co.uk/guides/HarvardRef/AU_Harvard_Quick_Ref_Guide

Guide to Harvard Citation

http://moodle.bl.rdi.co.uk/guides/HarvardRef/AU_Guide_to_Harvard_Citation

You must use the AU Harvard Referencing method in your assignment.

http://moodle.bl.rdi.co.uk/guides/HarvardRef/AU_Harvard_Quick_Ref_Guide

http://moodle.bl.rdi.co.uk/guides/HarvardRef/AU_Harvard_Quick_Ref_Guide

http://moodle.bl.rdi.co.uk/guides/HarvardRef/AU_Guide_to_Harvard_Citation

http://moodle.bl.rdi.co.uk/guides/HarvardRef/AU_Guide_to_Harvard_Citation

Page 5 of 6
[377]

Additional notes:

Students are required to indicate the exact word count on the title page of the assessment.

The word count excludes the title page, tables, figures, diagrams, footnotes, reference

list and appendices. Where assessment questions have been reprinted from the

assessment brief these will also be excluded from the word count. ALL other printed words

ARE included in the word count See ‘Word Count Policy’ on the homepage of this module

for more information

Assignments submitted late will not be accepted and will be marked as a 0% fail.

Your assessment should be submitted as a single Word (MS Word) or PDF file. For more
information please see the “Guide to Submitting an Assignment” document available on the
module page on iLearn.

You must ensure that the submitted assignment is all your own work and that all sources
used are correctly attributed. Penalties apply to assignments which show evidence of
academic unfair practice. (See the Student Handbook which is on the homepage of your
module and also in the Induction Area).

Page 6 of 6

Assessment Criteria (Learning objectives covered – all)

Level 7 is characterised by an expectation of students’ expertise in their specialism. Students are semi-autonomous, demonstrating independence in the negotiation
of assessment tasks (including the major project) and the ability to evaluate, challenge, modify and develop theory and practice. Students are expected to
demonstrate an ability to isolate and focus on the significant features of problems and to offer synthetic and coherent solutions, with some students producing original
or innovative work in their specialism that is potentially worthy of publication by Arden University. A clear appreciation of ethical considerations (as appropriate) is also
a prerequisite.

Grade
Mark
Bands

Generic Assessment Criteria

Distinction 70%+

Excellent analysis of key issues and concepts/. Excellent development of conceptual structures and argument, making consistent use of
scholarly conventions. Excellent research skills, independence of thought, an extremely high level of intellectual rigour and consistency,
exceptional expressive / professional skills, and substantial creativity and originality.
Excellent academic/intellectual skills. Work pushes the boundaries of the discipline and demonstrates an awareness of relevant ethical
considerations. Work may be considered for publication by Arden university

Merit 60-69%
Very good level of competence demonstrated. High level of theory application. Very good analysis of key issues and concepts.
Development of conceptual structures and argument making consistent use of scholarly conventions. Some evidence of original thought
and a general awareness of relevant ethical considerations

Pass 50-59%

A satisfactory to good performance. Basic knowledge of key issues and concepts. Generally descriptive, with restricted analysis of existing
scholarly material and little argument development. Use of scholarly conventions inconsistent. The work lacks original thought. Some
awareness of relevant ethical considerations.
Satisfactory professional skills (where appropriate).

Marginal
Fail

40-49%

Limited research skills impede use of learning resources and problem solving.
Significant problems with structure/accuracy in expression. Very weak academic / intellectual / professional skills.
Limited use of scholarly conventions.
Errors in expression and the work may lack structure overall.

Fail
39% and
below

A poor performance in which there are substantial gaps in knowledge and understanding, underpinning theory and ethical considerations.
Little evidence of research skills, use of learning resources and problem solving.
Major problems with structure/ accuracy in expression.
Professional skills not present. Very weak academic / intellectual / professional skills. No evidence of use of scholarly conventions