This assessment task should be undertaken in a group of up to 4 members. Distance students are also required to form groups.
Each student will analyse the scenario given on page 2and discuss the given issues in relation to the
Unit Learning Outcome 3 by contributing to the Group Discussion II of Moodle Discussion Forum during weeks 8, 9 and 10.
The students are assessed against their ability to make meaningful contributions to the Group Discussion IIof Moodle Discussion Forum in the specified weeks. The marking criteria for Assessment Item 3are provided on page 3.Students need to familiarise themselves with the marking criteria to ensure that they contribute to this assessment task timely and properly.
You are required to analyse the scenario given on page 2and discuss the following issues in the specified weeks in relation to the Unit Learning Outcome 3.
Identification of information assets of A4A. (Due in week 8).
Identification of InfoSec risks associated with the information assets. (Due in week 9).
Can these risks be different depending on the member institution where a member works? (Duein week 10).
The Group Discussion II Forum in Moodleshould be used for weekly discussions
Each student should copy/paste their weekly discussions to a Word document and upload it to Moodle in Week 10. The Scenario for Information Security Management Assessment Tasks Academics for Academics (A4A) is a Non-Governmental Organisation (NGO) that has its head office and the branch office in Sydney and Singapore respectively.Being a NGO, A4A funds all of its projects and activities from public donations. A4A has a team of 10 staff members, and 6 of them are located in Sydney office and the remaining four are located in the Singapore office.
A4A was established to help small public and private universities and colleges in Australia and Southeast Asia. The private universities and colleges that are interested in receiving the service of A4A need to register with A4A and become its member institutions. The academics and experienced professionals who like to provide a voluntary service such as teaching a subject,supervising a research project or development of curricula for a member institution, can register their interests with A4A. After are cruiting process, they can become members of A4A. A4A then recruit them to short term assignments at its member institutions. The members that are recruited to various projects will be provided with accommodation, meals, medical and travel expenses.
Once recruited to a project, the A4A member will work at the member institution but the information produced by the member, except the emails, marked assignments and exams will remain the property of A4A and the member. As such, all those information should be handled and stored by the information system of A4A irrespective of the location where the member works. A4A needs the guarantee that the various data and information in their information system are secured.
As A4A was established last year, the information security policies have not yet been developed. It is now in the process of developing a comprehensive set of information security policies for its information system.
|Discussion Week||Mark Allocation Criteria||Max. Mark
|Week8||Very relevant discussion.||Relevant but could be improved.||Not relevant discussion.||Not attempted.||3|
|Week9||Very relevant discussion.||Relevant but could be improved.||Not relevant discussion.||Not attempted.||3|
|Week10||Very relevant discussion.||Relevant but could be improved.||Not relevant discussion.||Not attempted.||4|
|Late Submission penalty|
|Executive summary||Covered all the sections of the report||Contained all sections but not enough detail.||Had too brief or missing sections.||Not clear but contained most sections.||Not clear and most sections missing.||5|
|Table of contents||Used decimal notation. Included all headings and page numbers. Used ToC auto-generation.||One feature was missing.||A few features missing.||Included only the main headings.||ToC missing.||5|
|Introduction||Set the scene for the report and described the purpose clearly.||Contained all parts but not enough detail.||Had too brief or missing parts.||Not clear but contained most parts.||Not clear and most parts missing.||5|
|Discussion||Discussed the guidelinesfor managing information security risks based on the standard, including any issues.||Contained all information but not enough detail.||Had too brief or missing information.||Not clear but contained most information.||Not clear and most information missing.||15|
|Assumptions||Correct list of assumptions.||A few assumptions missing||Several assumptions missing.||Many assumptions missing.||Not clear or not relevant..||5|
|References||All references are listed according to Harvard reference style.||A few referencing errors.||Not all references are listed but correctly referenced..||Many references missing||No or incorrect reference list.||5|
|Late submission penalty|