• An introduction. Why have you selected this organisation and what methods will you use to carry out the assessment ?
• A characterisation of the organisation what it does where is active. Its risk-exposed areas in relation to information.
• A concise analysis of risks resulting from threats, their probability and impact, what are the threats and again where talking cyber or information security with threats we are looking at deliberate act by a line actor or adversaries, then probability is influenced by the degree of vulnerability and the impact would be what would happen if those information accessed were lost. To enable you to do this you need assess the current information security controls in place because that will influence the probability. What the vulnerabilities are, what can explore those vulnerabilities how likely for that terms or influence by current control in place. Don’t forget those controls from 2004 Orange Book, you looking at preventative , corrective, detective and directive controls. That might include the equipment is being in used, the personnel that is using it and technology that is being used, the operational procedures, policies, legality and legislation.
• The description of the Information Management and Security Plan.
• A summarising conclusion.
ISO 2700 family my be very useful when it come to looking at information security management plans
As a consultant, your clients will expect work to be of the highest standards including grammar, spelling, and conformity with their specifications. So, read this brief carefully and ensure that you understand what is asked of you. If unsure, please ask, but do not attempt to produce an assignment to fit what you want to write about – you must answer the specified requirements.
You should use the course materials, external resources and the various activities that you have conducted throughout the module to help to shape this assignment. All will be relevant to the report in some way.
Use your spelling and grammar checker; spacing, alignment, presentation and layout – there is no reason to present work that is not checked. Ask a trusted colleague or critical friend to proofread before submission, if this is not possible then proofread yourself using a technique discussed in the
virtual tutorials.
Word limit is 2,000 words
In a report the use of tables, charts, photographs, maps and diagrams is expected. These are NOT included in the word count. Neither are an executive summary, contents list, the reference list nor any appendices included.
This assignment has been designed to provide you with an opportunity to demonstrate your achievement of the following module learning outcomes:
Learning outcomes
LO 1. Identify the reasons why information is a critical asset for all organisations (this could be bringing on very earlier in this report)
LO 2. Describe the various types of information which exist and can be exploited within the organisation
LO 3. Explain the various loss routes for information from an organisation
LO 4. Define cyber in relation to information and interpret the differences – information security and cyber security are not necessarily the same thing.
