Security Management Program for KORI BIT361
- Subject Code :
BIT361
-
BIT361 Security Management and Governance
Assessment Report One
Prepare a report that that outlines a Security Management Program which includes a suggested management structure, governance procedures, and organisational roles for a business. (1500 words)
Due Dates:
- Outline: Week 2 , See Moodle for Submission Date and Requirements
- Draft Week 3 , See Moodle for Submission Date and Requirements
- Final Week 4 , See Moodle for Submission Date and Requirements
This assessment must be completed individually. You may discuss the assignment with other students, but your submitted work must be your own work.
The Assignment Case Study KORI
Complete this assessment using the KORI case study scenario provided in Moodle
The organisation in the case study has asked you to present a formal report to the CEO. The report must outline the need for an Information Security Program, propose an appropriate management structure for the case study, and describe the roles of each position in your proposed structure. The report must be presented as a professional document.
- Outline the need for an Information Security Program at KORI
- Describe the purpose and benefits for KORI derived from having Information Security Program.
- Identify and describe the major elements of an Information Security Program at KORI.
- Suggest an information security (InfoSec) staffing structure for the business described in the KORI Case Study. Include a chart showing the structure.
- Justify your suggested staffing structure for the provided in the KORI Case Study
- For each security position/role you have defined in your suggested staffing structure at KORI, prepare a description of its functions, tasks, and responsibilities
- Discuss the importance of including governance and Integrated Risk Management within the Information Security Program at KORI.
- Suggest the different governance responsibilities that need to be assigned to the positions you have identified in your staffing structure for KORI.
For further information and clarification refer to the Marking Rubric.
The required report must be completed using MS word.
To coordinate the development of the report with your client (the organisation in the case study), you will organise two meetings to discuss the developing report. After the second meeting, the final report will be presented.
Meeting 1 Report Outline Due Week 4
This document will demonstrate the proposed layout of the final document. It will include, in outline form, all major parts: cover/title page, executive summary, table of comments, major headings, some minor headings named to match the case study. The introduction must include a complete statement of purpose. To help with this, take note of the description below of the requirements for the final document. This will be marked separately but included in the final report marks.
Report cover
Includes the report title, the date, who it has been prepared for, and the authors
name (and Student ID, subject group)
Executive summary One (1) paragraph:
(Who the report is for, scope/purpose of report; action required. Page numbering starts at roman numeral i).
Table of contents (page ii). Body of report:
Introduction (new page, numbering restarted at 1) that must include a
description of the purpose, scope, and structure of the document.
Separate sections that address the clients requests. These sections need to cover
the assessment criteria outlined below.
References
A list of works used in the document. Use the Harvard referencing style. (Every reference must have at least 1 in-text citation).
Meeting 2 Report Draft Due Week 6
The draft will extend the outline should include the main headings for each part of the final document. The executive summary and introduction must be complete. The major sections of the body must include either completed sections or bullet points or comments that provide information on the content of each section. References must be listed. (Note each reference must have at least one in-text citation.) This will be marked separately but included in the final report marks. (Robinson, 2022)
Final Report Due Week 8
The final report must follow layout described in the outline section above.:
The final document must be a complete document that is directed to the organisation outlined in the case study. The report must be correctly structured and be appropriate for the clients needs. Prior to submission, students should make sure that the report addresses all criteria listed in the marking guideline.
Submission Instructions
This assessment must be completed individually. You may discuss the assignment with other students, but your submitted work must be your own work.
The Submissions is in 3 parts.
Submitted files must be compatible with the software in Melbourne Polytechnics computer Laboratories/Classrooms. Your submission must be a .docx file.
Each file must be named using the format: S9999999_Surname_Report1_ClassGroup.docx Where S9999999 is replaced with your student ID, and the class group with 1A, 1B, 2A, 2B, SS (ask your tutor which code applies to you). E.g., S22000_Robinson_Report1_SS.docx
You are to complete the assignment parts using MS Word.
Each part of the assessment must be submitted via the TurnItIn links provided in Moodle.
Meeting 1 Report Outline Due Week 2
[This will be marked separately but included in the final report marks
Meeting 2 Report Draft Due Week 3
[This will be marked separately but included in the final report marks.
Finished Report Due Week 4
The assignment must be submitted using the Moodle links provided.
Plagiarism, Collusion, and Copying
All used sources must be properly acknowledged with references and citations. Quotations and paraphrasing are allowed but the sources must be acknowledged. Failure to do so is regarded as plagiarism and the penalty for plagiarism is failure for the assignment. The act of giving your assignment to another student is classified as an offence. Copying substantial portions of text from other sources will result in zero marks as you have insufficient contribution to the report.
Penalties: Academic misconduct such as cheating, and plagiarism incur penalties ranging from a zero result to program exclusion.
Late submission of assignments
Assessment items that are submitted after the due date without an approved request for extension will be penalised at the rate of 5% of the mark awarded per day for a total of ten working days . If the assessment item is received after this time or not submitted, the item will not be marked and attract a fail grade.
Higher Education Request for Assessment Extension Form is available through the Policies and Procedures webpage or your Course Administration Office.
See Subject outline for formal Assessment overview and feedback
Marking Criteria
Criteria
Excellent
Very Good
Good
Acceptable
Unsatisfactory
N
HD - 80%
D - 70% - 79%
CR > 60% - 69%
P 50% - 59%
Fail < 50>
Executive Summary Elements: The summary accurately and succinctly summarizes contents of report. (5 marks)
Executive Summary has no omissions and provides an accurate and complete picture of the report or deliverables. Reader is clear as to projects goals, methods, or status. No Inconsistencies evident.
Executive Summary may omit a fact or provide a minor incomplete picture of the report or deliverables. Reader may be slightly unclear as to projects goals, methods, or
status. Inconsistencies may be evident.
Executive Summary may omit a few facts or provide an incomplete picture of the report or deliverables. Reader may be unclear as to projects goals, methods, or status.
Some inconsistencies evident
Brief Executive Summary, Executive Summary is incomplete, leaving reader puzzled about what the team is providing in its larger report. Goals, methods, and status are unclear or insufficiently described. Some significant inconsistencies or poor details
Very brief Executive Summary, Executive Summary is incomplete or missing, leaving reader puzzled about what the team is providing in its larger report. Goals, methods, and status are unclear or insufficiently described. Significant inconsistencies or poor details
Not completed
Introduction Elements: The introduction states the purpose of the report and describes the report structure. (5 marks)
Introduction has no omissions and states the purpose of the report and describes the report structure. Reader is clear as to projects goals, methods, or status. No Inconsistencies evident.
Introduction may omit a fact or provide a minor inconsistency in the purpose of the report and describes the report structure. Reader may be slightly unclear as to projects goals, methods, or
status. Inconsistencies may be evident.
Introduction may omit a few facts or provide an incomplete picture the purpose of the report or have an incomplete report structure. Reader may be unclear as to projects goals, methods, or status. Some inconsistencies evident
Brief Introduction, Introduction is incomplete, leaving reader puzzled about the purpose of the report or have an incomplete report structure. Goals, methods, and status are unclear or insufficiently described. Some significant inconsistencies or
poor details
Very brief Introduction, Introduction is incomplete or missing, leaving reader unable to determine the purpose of the larger report. Report Structure is unclear or insufficiently described.
Significant inconsistencies or poor details
Not completed
InfoSec Purpose/Benefits Elements: Describe the purpose and benefits derived from having an InfoSec Program as applied to the Case Study (10 marks)
Clear and detailed description of the purpose and benefits derived from having an InfoSec Program with reference to the case study. No Inconsistencies evident.
Clear and detailed description of the purpose and benefits derived from having an InfoSec Program with little reference to the case study. Inconsistencies may be evident.
Some description of the purpose and benefits derived from having an InfoSec Program with little reference to the case study. Some inconsistencies evident
Brief description of the purpose and benefits derived from having an InfoSec Program with little or no reference to the case study. Some significant inconsistencies or poor details
Very brief description or no description of the purpose and benefits derived from having an InfoSec Program with little or no reference to the case study. Some significant inconsistencies or
poor details
Not completed
InfoSec Program Major Elements: Describe the major elements of an InfoSec Program as applied to the Case Study (10 marks)
Clear and detailed description of the major elements of an InfoSec Program with reference to the case study. No Inconsistencies evident.
Clear and detailed description of the major elements of an InfoSec Program with some reference to the case study. Inconsistencies may be evident.
Some description of the major elements of an InfoSec Program with little reference to the case study. Some inconsistencies evident
Brief description of the major elements of an InfoSec Program with little or no reference to the case study. Some significant inconsistencies or poor details
Very brief description or no description of the major elements of an InfoSec Program with little or no reference to the case study. Some significant
inconsistencies or poor details
Not completed
Criteria
Excellent
Very Good
Good
Acceptable
Unsatisfactory
N
HD - 80%
D - 70% - 79%
CR > 60% - 69%
P 50% - 59%
Fail < 50>
InfoSec Staffing Structure Element: Suggest a relevant InfoSec staffing structure for the business described in the case study including a chart as applied to the Case Study (10 marks)
Clear and detailed InfoSec staffing structure for the business described including an appropriate chart as applied to the Case Study. No Inconsistencies evident.
Clear and detailed InfoSec staffing structure for the business described including a chart as generally may be applied to the Case Study.
Inconsistencies may be evident.
Some description of the InfoSec staffing structure for the business described including a chart with little reference to the case study. Some inconsistencies evident
Brief description InfoSec staffing structure for the business with little or no relevance to the case study. Some significant inconsistencies or poor details
Very brief description or no description of the major elements of an InfoSec staffing structure for the business with little or no reference to the case study. Some significant
inconsistencies or poor details
Not completed
Justification of InfoSec Staffing Structure Element: Clear justification of the
InfoSec staffing structure for the business. (10 marks)
Clear and detailed justification of the InfoSec staffing structure for the
business. No Inconsistencies evident.
Clear justification of the InfoSec staffing structure for the business. Inconsistencies may be evident.
Some justification of the InfoSec staffing structure for the business. Some inconsistencies evident
Brief justification of the InfoSec staffing structure for the business. Some significant inconsistencies or poor details
Very brief justification or no justification of the InfoSec staffing structure for the
business. Some significant inconsistencies or poor details
Not completed
Staffing Structure Descriptions Elements: Descriptions of the functions, tasks, and responsibilities for each security position defined in the suggested structure as
applied to the Case Study (10 marks)
Clear and detailed descriptions of the functions, tasks, and responsibilities for each security position defined in the suggested structure as applied to the Case Study. No Inconsistencies evident.
Clear descriptions of the functions, tasks, and responsibilities for each security position defined in the suggested structure as applied to the Case Study.
Inconsistencies may be evident.
Some descriptions of the functions, tasks, and responsibilities for each security position defined in the suggested structure as applied to the Case Study. Some inconsistencies evident
Brief descriptions of the functions, tasks, and responsibilities for each security position defined in the suggested structure with little or no reference to the
case study. Some significant inconsistencies or poor details
Very brief descriptions of the functions, tasks, and responsibilities for each security position defined in the suggested structure with little or no reference to the
case study. Some significant inconsistencies or poor details
Not completed
Governance Elements: Discuss the importance of including governance within the InfoSec Program (10 marks)
Clear and detailed discussion the importance of including governance within the InfoSec Program. No Inconsistencies evident.
Clear discussion the importance of including governance within the InfoSec Program.
Inconsistencies may be evident.
Some discussion the importance of including governance within the InfoSec Program. Some inconsistencies evident
Brief discussion the importance of including governance within the InfoSec Program. Some significant inconsistencies or
poor details
Very brief discussion the importance of including governance within the InfoSec Program. Some significant inconsistencies or
poor details
Not completed
Governance Application Elements: Describe the governance responsibilities that need to be assigned to the positions you have
identified in your staffing structure (10 marks)
Clear and detailed description of the governance responsibilities that need to be assigned to the positions you have identified in your
staffing structure. No Inconsistencies evident.
Clear description of the governance responsibilities that need to be assigned to the positions you have identified in your staffing
structure. Inconsistencies may be evident.
Some description of the governance responsibilities that need to be assigned to the positions you have identified in your staffing
structure. Some inconsistencies evident
Brief description of the governance responsibilities that need to be assigned to the positions you have identified in your staffing
structure. Some significant inconsistencies or poor details
Very brief description of the governance responsibilities that need to be assigned to the positions you have identified in your staffing
structure. Some significant inconsistencies or poor details
Not completed
Criteria
Excellent
Very Good
Good
Acceptable
Unsatisfactory
N
HD - 80%
D - 70% - 79%
CR > 60% - 69%
P 50% - 59%
Fail < 50>
Report Format Elements: The Report Draft/outline is delivered with the required report format; cover/title page, executive summary, table of comments, major headings, with minor headings named to match the case study, page numbering, references in the correct style. (5 marks)
The Report has all the required format elements. No Inconsistencies evident.
The Report has most of the required format elements. Inconsistencies may be evident.
The Report has many of the required format elements. Some inconsistencies evident
The Report has some of the required format elements. Some significant inconsistencies or poor details
The Report has few of the required format elements. Some significant inconsistencies or poor details
Not completed
Referencing Elements: The Report is delivered with correct and adequate referencing in the Harvard style, appropriate in text use of referencing and Reference List. (5 marks)
The Report is delivered with sufficient referencing in the Harvard style, appropriate in text use of referencing and Reference List. No Inconsistencies evident.
The Report is delivered with sufficient referencing in the Harvard style, appropriate in text use of referencing and Reference List.
Inconsistencies may be evident.
The Report is delivered with referencing in the Harvard style, some in text use of referencing and Reference List. Some inconsistencies evident
The Report is delivered with insufficient referencing in the Harvard style, and inadequate in text use of referencing and Reference List. Some significant inconsistencies or poor details
The Report is delivered with insufficient referencing in the Harvard style, and inadequate or inappropriate in text use of referencing and Reference List. Some significant inconsistencies or poor details
Not completed
Report naming Format Elements: The Report is delivered with correct naming format. (5 marks)
The Report is delivered with correct naming format. No Inconsistencies evident.
The Report is delivered with good naming format.
Inconsistencies may be evident.
The Report is delivered with some naming format. Some inconsistencies evident
The Report is delivered with little naming format. Some significant inconsistencies or poor details
The Report is delivered with little or no naming format. Some significant inconsistencies or poor details
Not completed
Grammar and Expression Evidence: Has been proof- read for structure, consistency and vocabulary, spell and grammar checked. (5 marks)
Free of any grammatical errors; use correct sentence structure and range of vocabulary.
Well organized and the logic is easy to follow. There are very few spelling or grammatical errors. The terminology is clearly defined.
Generally, well organized and most of the logic is easy to follow. There are only a few minor spelling or grammatical errors, or terms are not clearly defined. Writing is mostly clear.
Shows some organization. There are some spellings and/or grammatical errors; technical terms are generally poorly defined. Writing is mostly clear but is confusing in parts.
Is poorly organized and difficult to read does not flow logically from one part to another. There are several spelling and/or grammatical errors; technical terms are not clear. Writing lacks clarity
Not completed
