6054CEM Security management, Coventry University - Examine

Post New Homework

Security management

Learning Outcome 1: Demonstrate a comprehensive understanding of security concepts, methods and principles

Learning Outcome 2: Critically evaluate the role of a security policy for protecting information assets and be able to effectively design security policies to defend those assets

Learning Outcome 3: Demonstrate understanding of key IT Governance that relates to information security and how it influences the security policy of an organisation

Learning Outcome 4: Carry out a security risk assessment that can be used to identify, assess and implement key security controls in systems

Background:

For this assignment you will be a security consultant reviewing an organisation of your choice within an Industry ALLOCATED to you by the module leader. You will review its activities, infrastructure. resources etc. and its ability to prepare and respond to growing information security threats and vulnerabilities.

You have been requested to carry out a study on the establishment and to impress upon them that they do indeed need your support and expertise.

This will, primarily, be achieved by analysing the current business processes in the company, their products and services along with their ICT situation. You will then follow a procedure that will: review the Information Security Policy and make recommendations and evaluate risk, create a strategy that will re-assure that the company has in place the means to consider and contain viable threats.

Through research via the internet and through research through other legally accessible library resources, you should be able to find an appropriate company. Where information is limited then you can make assumptions concerning the company as you see fit, however, you are to list those assumptions and draw attention to those assumptions in your report.

When researching please find a company that has a high-level Information Security Policy that you can see or obtain.

Professional Report

Create a professional consulting report with front cover, table of content, exec summary, and each section starting on a new page for the following deliverables (b) to (f). Diagrams with supporting narratives are encouraged, examples are very useful and citation of sources are required along with any appendices, assumptions etc. A report of approx. 1500 words approx., with a tolerance of approx.

(b) Insight into establishment
Provide an insight into the establishment's background and size and industry competitor(s), market place etc. In particular describe the products and services it has to offer. It is recommended that you diagrammatically represent your Company with accompanying narratives. Also show a diagrammatical representation of the internal functions (departments) that are in the company.

From this speculate and bullet point a list of the complexities and challenges the company is faced with in regards to a) the supportive IS/IT infrastructure and b) data

Information security mind-map

Provide an overview and understanding to the company of what the subject matter Information Security entails. Through the use of a comprehensive mind map (preferred) or any visual representation, this can be an A3 size electronic document (PowerPoint, word etc) - show what Information security is, the components, topics, frameworks, entities and concepts it affects and is affected by - all the touch points that contribute to and are affected by Information security. As a suggestion consider environmental factors outside the company and then within the company itself. Topics such as big data, new technology, Social Media and others should not be ruled out

d) IT Governance
Discuss what IT Governance is and its relevance and importance to the company in terms of Information security. You can use diagrams to demonstrate your concepts. In what way does IT Governance influence the process of Information security and the policy /(s) thereof.

Critique and develop an encompassing Information Security Policy
You will need to find a ‘poor' or ‘incomplete' or ‘not up to date' Information Security Policy through research from the internet, or other routes. Provide the URL / ref for this policy and include the policy in the appendices.
Identify and list the short comings or what makes it inadequate for your company's purposes.

Now create an outline template of an ideal information Security Policy that could be used in your organisation. Do this by absorbing some of the positive aspects of the Policy you have found and critiqued as well as addressing how suitable it is for a) the current business operating environment and b) any possible foreseeable future environments that could change.

Risk Assessment

Conduct a thorough risk assessment resulting in a risk register. Examine a variety and diverse type of known threats and their likelihood of materialising and how they could impact your company -what is the degree of impact on the company and processes. Identify and list the actions and controls you would put in place for dealing with the risk. The risk register should be in a table format within the body of the report.

Post New Homework
Captcha

Looking tutor’s service for getting help in UK studies or college assignments? Order Now