Security Audit & Compliance
Requirements
This is a formal piece of work covering all LOs in the Module Descriptor. This is a two-part assessment, consisting a preliminary assessment and a final report. Together they are worth 90% of your mark for the module. The other 10% is made out of your responses to the ten end-of-unit tests.
These courseworks address all of the module Learning Outcomes (LOs):
LO1: Demonstrate an understanding of the roles and responsibilities of the professionals involved, including practical application of codes of practice/ethics.
LO2: Review and critically appraise relevant laws and relevant standards, their interrelationships and international trends in their development.
LO3: Critically appraise the principles of information security management systems and the roles of risk management, controls and audit in supporting IS governance
LO4: Demonstrate an understanding of the role of human and organisational factors in delivering information security
LO5: Research, examine and evaluate relevant academic literature and real-world situations, identify issues and solutions and make recommendations to management
Context
You are a newly recruited information security expert at Napier Partners LLC, an international firm of consultants with offices across the world. Existing and prospective clients include commercial companies, public sector organisations and the third sector.
In the light of many recent high-profile poorly-handled information security incidents, you have been asked to demonstrate your knowledge of industry and current academic research by writing a 3000- word white-paper style report. This should be aimed at senior management of clients and potential clients. The report should research and evaluate the business challenges presented by one of the topics listed below, identifying the information security risks involved, and possible responses.
You should base your report on academic and credible professional sources. Illustrate and analyse the issues using examples from current news stories (from 2018 onwards). It should be clear how you decided the sources used can be considered credible.
Topics
Choose ONE of these topics:
Part A: Preliminary assessment
This coursework will be used to give you feedback on your progress and writing skills. You are required to submit this before you can complete and submit the coursework described in Part B below. This is worth 10% of the module marks.
NB: You are allowed to adapt, reuse or amend the material from Part A to help you complete Part B.
Requirement
You are required to write a brief 500-700-word pitch to your manager which explains which topic you wish to write about, giving an overview of the aim and scope of the white paper you will write, and its intended purpose. It can be sector and country specific if you wish.
It should make use of enough academic and professional sources to demonstrate that you are able to find and explain relevant material. You should therefore base your article around at least 5 (and no more than 10) relevant and good quality sources. You may use any of the module materials, resources or any other relevant materials that you find.
The pitch should be supported by correctly formatted references. It can include one or two diagrams or tables, and include appendices with supplementary information.
Part B: Final report
This is worth 80% of the module marks. You are allowed to adapt, use or amend the material from Part A to help you complete Part B.
In this part, you are required to submit the completed white paper.
Required structure
In more detail, the report should follow the following structure:
Information Security issues are now regularly in the news and well reported, so you should have no problems finding examples to illustrate your report.
Remember, professional presentation and use of diagrams are a key part of getting your message across in this type of report.