The submission is in the form of two documents/files:
1. A ten-minute Microsoft® PowerPoint® style presentation to be presented to your colleagues. The presentation can include links to performance data with additional speaker notes and a bibliography using the Harvard referencing system. The presentation slides for the findings should be submitted with speaker notes as one copy.
2. An extended guidebook or detailed report that provides more thorough, evaluated or critically reviewed technical information on all of the topics covered in the presentation.
You are required to make use of headings, paragraphs, subsections and illustrations as appropriate, and all work must be supported with research and referenced using the Harvard referencing system.
a. Part 1: The submission is in the form of an individual written report. This should be written in a concise, formal business style using single spacing and font size 12. You are required to make use of headings, paragraphs, subsections and illustrations as appropriate, and all work must be supported with research and referenced using the Harvard referencing system. Please also provide a bibliography using the Harvard referencing system. The recommended word limit is 2,000–2,500 words, although you will not be penalised for exceeding the total word limit.
b. Part 2: The submission is in the form of a policy document (please see details in Part 1 above).
c. Part 3: The submission is in the form of an individual written reflection. This should be written in a concise, formal business style using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as appropriate, and all work must be supported with research and referenced using the Harvard referencing system. Please also provide a bibliography using the Harvard referencing system. The recommended word limit is 250–500 words, although you will not be penalised for exceeding the total word limit.
Unit Learning Outcomes:
LO1 Assess risks to IT security.
LO2 Describe IT security solutions.
LO3 Review mechanisms to control organisational IT security
LO4 Manage organisational security
Assignment Brief and Guidance:
You work as a trainee IT Security Specialist for Beaumont and Delta Technical College. As part of your role, your manager has asked you to create an engaging presentation to help train junior staff members on the tools and techniques associated with identifying and assessing IT security risks together with the organisational policies to protect business critical data and equipment.
In addition to your presentation you should also provide an extended guidebook containing further information for junior staff members or a detailed report containing a technical review of the topics covered in the presentation.
Your presentation should include:
1. Security legislation, technology solutions and the management associated with operating effective IT security procedures.
2. A review of different security technologies supported with the tools and software used to develop effective IT security practice in an organisation.
Your extended guidebook or detailed report should include a summary of your presentation as well as additional, evaluated or critically reviewed technical notes on all of the expected topics.
The Security consultancy you work for has also asked you, in your capacity as an IT Security Specialist, to propose a Security Policy for the organisation.
In preparation for this task you will prepare a report considering:
1. The security risks faced by the company.
2. How data protection regulations and ISO risk management standards apply to IT security.
3. The potential impact that an IT security audit might have on the security of the organisation.
4. The responsibilities of employees and stakeholders in relation to security.
Following your report, you will now design and implement a security policy, while considering the components to be included and a justification for their inclusion.
In addition to your security policy, you will evaluate the proposed tools used within the policy and how they align with IT security.
Please review the subsequent grading criteria for more details on the expected elements and topics that need to be included.
*Please access HN Global for additional resources support and reading for this unit. For further guidance and support on report writing please refer to the Study Skills Unit on HN Global. Link to www.highernationals.com
Learning Outcomes and Assessment Criteria
Pass Merit Distinction
LO1 Assess risks to IT security
D1 Investigate how a ‘trusted network’ may be part of an IT security solution.
P1 Identify types of security risks to organisations.
P2 Describe organisational security procedures. M1 Propose a method to assess and treat IT security risks.
LO2 Describe IT security solutions
P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and third-party VPNs.
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security. M2 Discuss three benefits to implement network monitoring systems with supporting reasons.
LO3 Review mechanisms to control organisational IT security D2 Consider how IT security can be aligned with organisational policy, detailing the security impact of any misalignment.
P5 Discuss risk assessment procedures.
P6 Explain data protection processes and regulations as applicable to an organisation. M3 Summarise the ISO 31000 risk management methodology and its application in IT security.
M4 Discuss possible impacts to organisational security resulting from an IT security audit.
LO4 Manage organisational security D3 Evaluate the suitability of the tools used in an organisational policy.
P7 Design and implement a security policy for an organisation.
M5 Discuss the roles of stakeholders in the organisation to implement security audit recommendations.
P8 List the main components of an organisational disaster recovery plan, justifying the reasons for inclusion.