Get Cheapest Assignment in Australia, UK, US, UAE, Canada and NZ Order Now

MIS211 – Information Security, Governance and the Cloud


MIS211 – Information Security, Governance and the Cloud

Trimester 2, 2022

Assessment Task 2 – Group Assignment: Business Security Analysis and Review

DUE DATE AND TIME:                        Week 09, Sunday 18th Sept. 2022, 8 PM (AEST) PERCENTAGE OF FINAL GRADE:        Weighting = 40 %

HURDLE DETAILS:                               No Assignment Hurdle

Learning Outcome Details

Unit Learning Outcome (ULO)Graduate     Learning                     Outcome (GLO)
ULO2: Assess and evaluate the information security of a business or organisation.GLO1: Discipline-specific knowledge and capabilities.
GLO5: Problem-solving.
ULO3: Evaluate, develop and present recommendations to business owners to enhance the security status and practices of the business.GLO1: Discipline-specific knowledge and capabilities.
GLO2: Communication.

Assessment Feedback:

Students who submit their work by the due date will receive their Marks and Feedback within 15 Working Days on CloudDeakin.

Assignment Description/Requirements

This is a group assignment and you must be a member of and contribute to the group effort in order to submit your assignment and receive a mark.

You are required to work in groups of three (3) or four (4) students. Your overall task is to review the relevant aspects of information security management of a real-life business organisation, which you will source yourselves. You should present your review findings in the form of a Business Report in the format provided in Section 3.

The maximum word count for the report is 4000 +/- 10% words. (Note that Reference List, Appendices and Tables are not included in the word count)

Team Meetings

Your team is required to meet (virtually or physically) for at least one (1) meeting each week.

Each team member is expected to attend and contribute to each meeting or offer a valid apology if absent.

IMPORTANT: You are required to document (i.e., record meeting minutes) your meeting discussions and decisions and then post a message with relevant details into your team’s specifically dedicated Microsoft Team’s Site. This includes meeting details (e.g. date, time, who was present for the meeting, absentees/apologies, action items and deadlines, allocated team members etc.) including regular inter-team communications.

NOTE: It is mandatory that you use your team’s dedicated Microsoft Teams Site for all comm’s.

The topics that should be covered in these Meetings are as follows:

  • List who is Chairing the meeting, attendees, apologies and non-attendees (why?).
  • Each member is to report back on action items, progress and deliverable outcomes completed.
  • Describe what tasks are you currently working on?
  • Discuss what you plan to do the next?
  • Identify any roadblocks are you facing as a group and as individuals?
  • Discuss and develop possible resolutions, noting assigned/reassigned personnel resources.

It is expected that meetings for each group will go for no longer than 10 minutes and time will be allocated in the weekly Seminars for team meetings and to work on the assignment. Remember the essence of these meetings is that they are short and sharp and let the team know what everyone is working on at any given time, what the potential roadblocks are and if there are any major issues that need to be addressed. These meetings are NOT project meetings, which may go for a lot longer than 10 minutes.

The main requirement is that you all must meet at the same time regularly (physically or virtually)– this is not about each person sending his or her summary in – you MUST conduct the meeting at a set time that is mutually agreed upon. NOTE: Anyone that is not present at team meetings may lose marks for this task.

You need to provide evidence of your team meetings in the final project report documenting team attendance and 2 key outcomes from each meeting. The meeting minutes are be presented in the report Appendix and documentation of each of the meeting minutes is to be posted into your specific group’s CloudDeakin Discussion as threads for transparency purposes.

Selecting a Business Organisation to Investigate

If you are in doubt about the suitability of the organisation which you have chosen, please check with your Tutor as early as possible. The business owner or a manager from the organisation must also approve your review and will need to sign the Letter of Consent (please refer to Section 3 below).

Some suggested types of business organisations for this review are:

  • Family business;
    • Australian small business;
    • Larger business department;
    • Overseas business (this option may suit some Cloud and International students);
    • Supermarket;
    • Local community library.
    • Local sporting association.

Data Sources

Data may be gathered by face-to-face, e-mail or phone interviews with the managing director, business owner or IT manager. This will enable you to conduct interviews from a distance (e.g. with a business located in another country) where necessary. You might also find further useful information at the business organisation’s website and in policy documents collected from the organisation.

Assignment Business Report


Your business report is intended for your group’s client business owner/manager. Therefore, the style and tone of the report should take this into consideration. You should write the report in a professional business style, selecting appropriate fonts and styles and writing in a constructive (non-critical) manner appropriate to be read by the business owner or manager.

We suggest you review this resource at the outset:

Report Structure and Layout Format

Your business report should consist of the following sections.

Title Page


You MUST include the following disclaimer on a separate page (see below).


This report, including any recommendations contained therein, was prepared for the purposes of academic assessment in Deakin University’s unit:

•	MIS211 - Information Security, Governance and the Cloud.

It should not be relied upon, or used in any way as a basis for making any “real-life” commercial decisions.

The assistance of (insert name of organisation) in providing us with access to its staff and records in the course of researching the report is gratefully acknowledged.

Copyright © 2022 (insert names of students) All rights reserved.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the author.

Letter of Consent

You MUST include the following letter of consent on a separate page:

Dept. of Information Systems and Business Analytics Deakin Business School, Faculty of Business and Law Deakin University



Dr Graeme Pye

Dept. of Information Systems and Business Analytics Deakin University

1 Gheringhap Street

Geelong 3220

Phone: (03) 5227 2312


……. / ……. / 2022

Dear Graeme,

I/we hereby give permission for the following students:





to review the IS security Management aspects of our business organisation:


In order to fulfill the Assignment requirements for MIS211.

I/we have read the Assignment requirements, and understand that the students will behave responsibly and professionally in this review at all times.

I/we expect to receive a copy of the final assignment report, containing the results of the review, during the week beginning 19th September 2022.

Yours sincerely,

……………………………………………………….. (signed)

……………………………………………………….. (Please Print Name)

Executive Summary (approximately 100 – 150 words)

Provide an overview of key findings from the review, intended for the business owner.

Table of Contents (separate page)

Introduction (approximately 100 – 150 words)

Provide an overview of the following:

  • Introduction to the IS security management review.
  • The organisation name, industry, location and brief business background.
  • Scope, aims and constraints for the review.

Report Body: Business Background and Context (approximately 300 – 350 words)

Provide a description of the organisational context in terms of potential organisational influences on IS security management, including:

  • Business profile including products and services offered
  • Mission and vision statements
  • Strategic objectives which may influence IS security strategy
  • Organisational resources which may influence IS security strategy

Report Body: IS Security Management Review/Analysis (approximately 2600 words)

Using a range of data sources, please review IS security management at the business. The following items should be included in your review, to provide effective coverage of key issues.

  • Review, does the business have formal or informal IS security policies and/or procedures? Review current IS security standards, frameworks and procedures.
  • Review, does the business have a formal or informal IS security strategy? If so, review the strategy. If there is no strategy, discuss the implications of the lack of such a strategy. Does the business follow a recognised IS security management framework?
  • Review security related measures, training, technologies and processes in place and/or identify any that may be missing.

Discussion analysis of past breaches, threats, existing controls, vulnerabilities, information security risks, including:

  • History of breaches;
  • Specification of information resources (assets) which are liable to information securityrisks;
  • Possible threats to these information resources;
  • Existing controls for the above possible threats;
  • Vulnerabilities of the system to any of the above identified threats due to inadequate existing controls;
  • Risk analysis for threats to which the system is vulnerable;
  • To help prioritise threats in order of risk significance;
  • Final list of prioritised threats.

Analysis of risk management (using ALEs or other risk analysis approaches) that should include how each prioritised threat will be managed (e.g. Ignore the threat? Transfer the loss? Select which suitable controls and justify why?).

Analyse key organisational, technical and social issues influencing the performance of the current IS security management approach.

Data (facts) must be gathered for this review as specified in Section 2. The sources of your facts, as well as your fact-finding techniques, must be clearly stated. Please note that the person who signs the consent form may be contacted by phone to verify that the facts presented in your report were obtained from that particular business.

Report Body: IS Security Management Recommendations (approximately 500 words)

Use your findings from IS Security Management Review/Analysis section to identify and suggest recommendations for improvement. If you believe that an area does not need improvement, your recommendation must still be justified.

Conclusion (approximately 100 words)

Conclude the report, highlighting your main findings and immediate prioritised recommendations.

Reflection (approximately 150 words)

Reflect upon your review undertaken. Discuss any problems encountered during the review and lessons learned regarding conducting a security analysis and strategic assessment.

Appendix A: Reference List

Referencing any documents or frameworks used during or applied in determining the report findings.

Appendix B: Acknowledgments, Team Meeting Minutes

Appendix C: Provide a statement of the contribution made by each group member. This statement should be agreed upon and considered by all respective group members.

Student NameStudent IDContribution (%)

Other Appendices may be attached as needed.

Submission Instructions

When is it Due?

  • Your assignment must be submitted in Week 09 by:

·         8pm on Sunday 18th September 2022 via CloudDeakin.

  • No extensions will be considered for this assignment unless a written request is submitted the CloudDeakin Assessment>> Extension Request tool prior to the submission date.
  • Assignments submitted late without an extension being granted are subject to the university Assessment policy penalties when determining the final mark. See ‘Notes’ below.
  • The assignment is to be submitted to the submission link provided on Cloud Deakin.
  • Note: Printed copies of assignments are not required;
  • Your assignment result and feedback will be returned to you within 15 working days of the due date.

Submission is via your group’s “MIS211 – Task 2 – Group Assignment SUBMISSION” link on CloudDeakin only.

Only one team member needs to submit the assignment. To access the submission link, you must register to a group on CloudDeakin.

You must all keep a backup copy of every assignment you submit, until the marked assignment has been returned to you. In the unlikely event that one of your assignments is misplaced, lost or corrupted, then you may be requested to submit your backup copy.

Any work you submit may be checked by Turnitin (electronic) or other means for the purposes of detecting collusion and/or plagiarism.

When you submit an assignment through your CloudDeakin unit site Assessment link, you will receive an email to your Deakin email address confirming that it has been submitted. You should check that you can see your assignment in the Submissions view of the Assignment submission folder after upload, and check for, and keep, the email receipt for the submission.


  • Penalties for late submission: The following marking penalties will apply if you submit an assessment task after the due date without an approved extension: 5% will be deducted from available marks for each day up to five days, and work that is submitted more than five days after the due date will not be marked. You will receive 0% for the task. ‘Day’ means working day for paper submissions and calendar day for electronic submissions. The Unit Chair may refuse to accept a late submission where it is unreasonable or impracticable to assess the task after the due date.
  • For more information about academic misconduct, special consideration, extensions, and assessment feedback, please refer to the document your rights and responsibilities as a student in this Unit in the first folder next to the Unit Guide of the Resources area in the CloudDeakin unit site.
  • Building evidence of your experiences, skills and knowledge (Portfolio) – Building a portfolio that evidences your skills, knowledge and experience will provide you with a valuable tool to help you prepare for interviews and to showcase to potential employers. There are a number of tools that you can use to build a portfolio. You are provided with cloud space through OneDrive, or through the Portfolio tool in the Cloud Unit Site, but you can use any storage repository system that you like. Remember that a Portfolio is YOUR tool. You should be able to store your assessment work, reflections, achievements and artefacts in YOUR Portfolio. Once you have completed this assessment piece, add it to your personal Portfolio to use and showcase your learning later, when applying for jobs, or further studies. Curate your work by adding meaningful tags to your artefacts that describe what the artefact represents.