Get Cheapest Assignment in Australia, UK, US, UAE, Canada and NZ Order Now

CIS7028 Information Security


CIS7028 -Information Security- 20 Credits

Term 2

Module Leader: Dr. Chaminda Hewage

Assessment Brief

Assessment Title: Information SecurityFinal Assessment


HAND-OUT DATE:17th February 2020

HAND-IN DATE:27th April 2020


Learning Outcomes. 3


Assessment Requirements / Tasks (include all guidance notes) 3

Assessment Criteria. 4

Submission Details. 4

Feedback. 4

Marking Criteria. 5

Additional Information. 5

Referencing Requirements (Harvard) 5

Mitigating Circumstances. 5

Unfair Practice. 6

Learning Outcomes

This assessment is designed to demonstrate a student’s completion of the following Learning Outcomes:

  • Critically discuss the threats to information storage within a system and appreciate the main types of computer crime
  • Appraise approaches to information security and forensic investigation of prominent cyber offences;
  • Analyse the technical issues relating to the transmission and storage of data and information relating to Cloud Computing and Big Data
  • Discriminate between data management policies associated with Data Protection and the Regulation of Investigatory Powers.


The Cardiff Met EDGE supports students in graduating with the knowledge, skills, and attributes that allow them to contribute positively and effectively to the communities in which they live and work.

This module assessment provides opportunities for students to demonstrate development of the following EDGE Competencies:

ETHICAL Knowledge of ethical practices in cyber defences
DIGITAL The usage of state of the art digital security controls
GLOBAL Exposure to International standards such as ISO27001
ENTREPRENEURIAL The opportunities and risks with data and information

Assessment Requirements / Tasks (include all guidance notes)

Task 1 (2000 words): Choose one of the activities described below:-

Activity 1

Assume you have been hired as a security consultant by a large scale enterprise to provide them below information and recommendations. The enterprise’s Chief Information Officer (CIO) has recently come to know about ISO27001 and wants to know your opinion about alternative standards, its wider benefits to the organization, how to implement the critical elements of ISO27001 and auditing and certification process. Prepare a report covering below details.

Task 1.1 (750 words):

  • Alternative standards (Cyber essentials) and wider benefits of ISO27001 to the organization

Task 1.2 (1000 words):

  • Main clauses need to implement under ISO27001 (750 words)
  • Security control objectives applicable for the chosen company (250 words)

Task 1.3 (250 words):

  • Auditing and certification process of ISO27001


Activity 2 (2000 words)

Data protection by design/default: Compile a report explaining how you would implement Data protection by design and defaultfor a chosen company. The company can be any size which holds personal data of customers, clients, suppliers and employees.

Task 2.1 (1000 words):

  • The implementation of Data Protection by Design and Default for the chosen company

Task 2.2 (1000 words):

  • The use of below mechanisms for the chosen company to implement data protection by design and default: Data discovery, Data classification, Data Processing Impact Assessment (DPIA), Data Loss Prevention (DLP) mechanisms and  Privacy Enhancing Technologies (PETs)

Task 2 (1500 words):Write a report about a recent information security attack/breach (which took place recently, January 2019 onwards). Thedescription should contain a brief description of the attack, loss to the organization, details of the vulnerability exposed by the attack (e.g.; CVE), how the attack was manifested (e.g. illustration), the tools used by the attackers and prevention mechanisms which could have stopped the threat or the vulnerability. Sample References:

Task 3 (Continuous assessment using 8 Cisco Cyber Essential labs and immersive labs): Security awareness (Cisco Cyber security essentials training). Students have to complete 8 Chapters of above training (both theoretical and practical aspects) during tutorials and average mark of chapter Quizzes will be taken into account. Students has to complete the final quiz as well. In addition, immersive labs has to be completed by the students.

Assessment Criteria

Task 1: (Activity 1 or 2) 40%
Activity 1: 40%
Activity 1.1 15%
Activity 1.2 20%
Activity 1.3 5%
Activity 2: 40%
Activity 2.1 20%
Activity 2.2 20%
Task 2: 35%
Task 2.1: Description of the attack and loss to the organization 10%
Task 2.2: Description of the Vulnerability 5%
Task 2.3: Illustration of the attack, tools used by the attackers 10%
Task 2.4: Prevention mechanisms 10%
Task 3: Cyber security essentials training 25%
Task 3.1 Cisco Cyber Essentials chapter quizzes and packet tracer activities 15%
Task 3.2 Cisco Cyber Essentials final quiz 5%
Task 3.3 Immersive labs 5%

Submission Details

Please see Moodle for confirmation of the Assessment submission date.

Submission will be by 4:00pm on the deadline day.

Any assessments submitted after the deadline will not be marked and will be recorded as a Non-Attempt.

The assessment must be submittedas a zip file / pdf / word document through the Turnitin submission point in Moodle

Your assessment should be titled with your Student ID Number, module code and assessment id, e.g. st12345678 CIS4000 WRIT1


Feedback for the assessment will be provided electronically via Moodle, and will normally be available 4working weeks after initial submission. The feedback return date will be confirmed on Moodle.

Feedback will be provided in the form of a rubric and supported with comments on your strengths and the areas which you improve.

All marks are preliminary and are subject to quality assurance processes and confirmation at the Examination Board.

Further information on the Academic and Feedback Policy in available in the Academic Handbook (Vol 1, Section 4.0)

Marking Criteria

70 – 100% (1st)   A very comprehensive technically correct submission. All major aspects of the assignment covered. Clear expression of ideas. A very high standard of presentation. All problems identified and solutions are feasible and within the restrictions of the assignment. All sources acknowledged and referenced to a high standard.
60-69% (2:1)   Most major aspects of the assignment covered with supporting explanation and discussion of their roles. Some minor technical errors and misconceptions. Good identification of problems and good solutions. Good presentation and standard of referencing.
50-59% (2:2)   Fair identification of problems and reasonable solutions provided. Some technical errors and misunderstandings. Fair standard of presentation. Good referencing with minor omissions.
40-49% (Narrow Fail)   Limited identification of problems and solutions provided are of limited practicality. Technical errors and misunderstandings present. Poor or incomplete referencing of information. Basic standard of presentation.
35-39% (Marginal Fail) Poor identification of problems and solutions provided are of very limited practicality. A number of technical errors and misunderstandings present. Poor or incomplete referencing of information. Basic standard of presentation.
<35% (Fail)   No identification of problems and solutions provided are of very limited practicality. Many technical errors and misunderstandings present. Very poor or incomplete referencing of information. Very basic standard of presentation.

Additional Information

Referencing Requirements (Harvard)

The Harvard (or author-date) format should be used for all references (including images).

Further information on Referencing can be found at Cardiff Met’s Academic Skills website.

Mitigating Circumstances

If you have experienced changes or events which have adversely affected your academic performance on the assessment, you may be eligible for Mitigating Circumstances (MCs). You should contact your Module Leader, Personal Tutor or Year Tutor in the first instance.

An application for MCs, along with appropriate supporting evidence, can be submitted via the following link to the MCs Dashboard

Applications for MCs should ideally be submitted as soon as possible after circumstances occur & at the time of the assessment. Applications must be submitted before the relevant Examination Board.

Further information on the Mitigating Circumstances procedure is available in the Academic Handbook (Volume 1, Section 5)

Unfair Practice

Cardiff Metropolitan University takes issues of unfair practice extremely seriously. The University has distinct procedures and penalties for dealing with unfair practice in examination or non-examination conditions. These are explained in full in the University’s Unfair Practice Procedure (Academic Handbook: Vol 1, Section 8)

Types of Unfair Practice, include:

Plagiarism, which can be defined as using without acknowledgement another person’s words or ideas and submitting them for assessment as though it were one’s own work, for instance by copying, translating from one language to another or unacknowledged paraphrasing. Further examples include:

  • Use of any quotation(s) from the published or unpublished work of other persons, whether published in textbooks, articles, the Web, or in any other format, which quotations have not been clearly identified as such by being placed in quotation marks and acknowledged.
  • Use of another person’s words or ideas that have been slightly changed or paraphrased to make it look different from the original.
  • Summarising another person’s ideas, judgments, diagrams, figures, or computer programmes without reference to that person in the text and the source in a bibliography or reference list.
  • Use of services of essay banks and/or any other agencies.
  • Use of unacknowledged material downloaded from the Internet.
  • Re-use of one’s own material except as authorised by the department.

Collusion, which can be defined as when work that that has been undertaken with others is submitted and passed off as solely the work of one person. An example of this would be where several students work together on an assessment and individually submit work which contains sections which are the same. Assessments briefs will clearly identify where joint preparation and joint submission is specifically permitted, in all other cases it is not.

Fabrication of data, making false claims to have carried out experiments, observations, interviews or other forms of data collection and analysis, or acting dishonestly in any other way.

Check our other posts