Recent Question/Assignment

COIT20263 Information Security Management (Term 2, 2017)
Assessment Item 2—Practical and Written Assessment
Due date: 11:30pm AEST, Friday, Week 7 ASSESSMENT
Weighting: 35% 2
Length: 2000 words (±500 words)

Objectives
This assessment task can be undertaken in a group of up to 4 members or individually. Each group/student will analyse the scenario given on page 3, and develop and document the specified Issue Specific Security Policy (ISSP) for the organisation.
Assessment criteria
The students are assessed against their ability to analyse the given scenario and develop the specified ISSP.
The marking criteria for Assessment Item 2 are provided on page 4. Students need to familiarise themselves with the marking criteria to ensure that they have addressed them when preparing the document for this assessment item.
Assessment Task
Each group/student is required to analyse the scenario given on page 3 and develop a ‘Copyright Compliance Policy’ for the organisation described in the scenario.
The ISSP should include:
1. Statement of Purpose
2. Authorised Uses
3. Prohibited Uses
4. Systems Management
5. Violations of Policy
6. Policy Review and Modification
7. Limitations of Liability
You also need to include a section containing the justification of the contents of your policy as well as any assumptions that you have made.
Note: Each student in the group needs to upload the ISSP document of their group to Moodle. You must follow the Harvard citation and referencing guidelines when writing the ISSP document and include a reference list.
Please do not include an executive summary, a table of contents, an introduction or a conclusion. Please use the ‘Template for Your Answers’ Section of this document and upload only that template.
Check the unit website at least once a week for further information relating to this assessment task. Please ensure that you write your answers in your own words to avoid possible plagiarism and copyright violation. You can understand the Plagiarism Procedures by following the corresponding link in the CQUniversity Policies section of the Unit Profile.
Submission
To be submitted online through the COIT20263 Moodle unit website assessment block on or before the due date.

The Scenario for Information Security Management Assessment Tasks
Academics for Academics (A4A) is a Non-Governmental Organisation (NGO) that has its head office and the branch office in Sydney and Singapore respectively. Being a NGO, A4A funds all of its projects and activities from public donations. A4A has a team of 10 staff members, and 6 of them are located in Sydney office and the remaining four are located in the Singapore office.
A4A was established to help small public and private universities and colleges in Australia and Southeast Asia. The private universities and colleges that are interested in receiving the service of A4A need to register with A4A and become its member institutions. The academics and experienced professionals who like to provide a voluntary service such as teaching a subject, supervising a research project or development of curricula for a member institution, can register their interests with A4A. After a recruiting process, they can become members of A4A. A4A then recruit them to short term assignments at its member institutions. The members that are recruited to various projects will be provided with accommodation, meals, medical and travel expenses.
Once recruited to a project, the A4A member will work at the member institution but the information produced by the member, except the emails, marked assignments and exams will remain the property of A4A and the member. As such, all those information should be handled and stored by the information system of A4A irrespective of the location where the member works. A4A needs the guarantee that the various data and information in their information system are secured.
As A4A was established last year, the information security policies have not yet been developed. It is now in the process of developing a comprehensive set of information security policies for its information system.
Note: This scenario was created by Dr Rohan de Silva on 3rd June 2017 and no part of this scenario should be reproduced by any individual or an organisation without written permission from CQUniversity, Australia.

Marking Criteria

Section HD D C P F Max Mark Mark
6 5.1 4.8 4.5 4.2 3.9 3.6 3 2.7 0
Assumptions Listed all assumptions. Some assumptions missing. Most assumptions missing. Not clear and most assumptions missing. All assumptions missing. 6
Section HD D C P F
3 2.55 2.4 2.25 2.1 1.95 1.8 1.5 1.35 0
Statement of Purpose Contained all information in detail. Contained all information but not enough detail. Had too brief or missing information. Not clear but contained most information. Not clear and most information missing. 3
Authorised Uses Contained all information in detail. Contained all information but not enough detail. Had too brief or missing information. Not clear but contained most information. Not clear and most information missing. 3
Prohibited Uses Contained all information in detail. Contained all information but not enough detail. Had too brief or missing information. Not clear but contained most information. Not clear and most information missing. 3
Systems Management Contained all information in detail. Contained all information but not enough detail. Had too brief or missing information. Not clear but contained most information. Not clear and most information missing. 3
Violations of Policy Contained all information in detail. Contained all information but not enough detail. Had too brief or missing information. Not clear but contained most information. Not clear and most information missing. 3
Policy Review and Modification Contained all information in detail. Contained all information but not enough detail. Had too brief or missing information. Not clear but contained most information. Not clear and most information missing. 3
Limitations and Liability Contained all information in detail. Contained all information but not enough detail. Had too brief or missing information. Not clear but contained most information. Not clear and most information missing. 3
Section HD D C P F
6 5.1 4.8 4.5 4.2 3.9 3.6 3 2.7 0
Justification Focussed and contained all information in detail. Focussed and contained but not enough detail. Focussed but some information missing. Not clear but contained most information. Not clear and most information missing. 6
Section HD D C P F
2 1.7 1.6 1.5 1.4 1.3 1.2 1 0.9 0
References All references are listed according to Harvard reference style. A few referencing errors. Not all references are listed but correctly referenced.. Many references missing No or incorrect reference list.. 2
TEMPLATE FOR YOUR ANSWERS
COIT20263 Information Security Management - Assessment Item 2 (Term 1, 2017)
Names and student numbers of group members:
Copyright Compliance Policy Mark
allocated Mark earned
Assumptions 6
1 Statement of Purpose
3
2 Authorised Uses
3
3 Prohibited Uses
3
4 Systems Management
3
5 Violations of Policy
3
6 Policy Review and Modification
3
7 Limitations of Liability
3
Justification 6
References 2
Late submission penalty
Plagiarism penalty
Total 35

Looking for answers ?