Information Security Audit (COMP 0392)-Fall-16-CW2(assignment)-QP COMP 0392 (CW3) Page 1 of 7 OBJECTIVES This assignment is designed to assess students' ability to:  Produce a concise detailed report about the importance of information security audit policy and its components  To have excellent understanding relating to information security audit policy and its components  To develop skills in manipulating and performing an information security audit  To be able to define components of information security audit policy according to corporate requirements  To be able to manage metrics, statistics, and facts about security audit policy effectively.  Use of CU Harvard referencing system to cite and reference academic resources OUTCOME Student must have understanding of the following points  Develop Information Security audit baseline(s).  Perform an audit to identify events and corrective actions.  Produce an audit-letter (report) to the organization's senior management. In Semester Assignment Module: Information Security Audit (COMP 0392) ID NUMBER Level: 3 Max. Marks: 100 Submission Date: 31st December 2016Information Security Audit (COMP 0392)-Fall-16-CW2(assignment)-QP COMP 0392 (CW3) Page 2 of 7 Tasks: These days, most of organizations are considering information security audit as a high priority due to the above said reasons. Hence, An information security audit is an audit on the level of information security in an organization. The organization's IT environment has to be controlled to meet the business requirements. For that purpose, an effective risk-based Information Security audit program with generally accepted audit standards and guidelines should be developed. Critically analyze and provide your findings on the following four aspects of information security audit Task 1: Assignment work proposal submission (10 Marks) Task 2: The auditor should have a sufficient knowledge about the company and its critical business activities before starting an audit review. Critically analyze the part of an Information Security auditor towards audit planning and preparation. (20 Marks) Task 3: The auditor should consider various criteria the auditing approach. Analyze one of information security auditing frameworks or approaches that an auditor should establish over starting the auditing process. (20 Marks) Task 4: The technical auditing is consider main phase of IS auditing. Therefore, as IS auditor evaluate the different types of controls and their use in Information Security audit. (10Marks) Task 5: As an Information Security Auditor, conduct an audit on network security tools of any organization (of your choice) and provide a comprehensive report to its senior management. The auditing report should include the auditor's (in this case your) inquiries and procedures followed during audit in detail. (40 Marks)Information Security Audit (COMP 0392)-Fall-16-CW2(assignment)-QP COMP 0392 (CW3) Page 3 of 7 DELIVERABLE(S):  Prepare a report in MS-Word format not exceeding 25 pages describing the tasks 1 to 4 and upload it to Moodle.  Prepare a PowerPoint presentation to explain your findings and actions on the tasks 1 to 4 and upload it to Moodle. This will be used during viva exam. TASKS DESCRIPTION AND MARKS DISTRIBUTION Marks will be awarded on each task based on the fulfilled following expectation TASK1: Work Proposal Submit a work proposal for this assignment on or before, which must include: Understanding of deliverables – a detail description of deliverables, General overview of proposed plan - initial understanding of solution to all the tasks, Resources identified, Work proposal should be submitted in the form of word document in Moodle TASK 2: Audit planning and preparation Expected topics – meeting with management, review current/existing reports, review job descriptions, review organization's IT policies and procedures, Evaluate the company's IT budget and systems planning documentation, etc. TASK 3: Auditor's established frameworks for an audit process Expected topics - Analyze one of information security auditing frameworks or approaches that an auditor should establish over starting the auditing process. Include definitions, process, phases, advantages, versions and diagrams TASK 4: Analyze the type of controls Expected topics – detailed description on various possible control types TASK 5: Perform audit and generate report Expected topics – report on proper format as close to an audit charter, evidence on findings, description of inquiries and procedures followed, use of risk assessment, corporate governance applied, audit planning, etc.Information Security Audit (COMP 0392)-Fall-16-CW2(assignment)-QP COMP 0392 (CW3) Page 4 of 7 Note: A viva exam will be conducted on 1st of Jun 2016 in which technical questions about your submitted report will be asked. Students need to be well aware about report and relevant answers about all questions. GUIDELINES Follow the guidelines mentioned below for your assignment.  Assignment should be submitted through Moodle (Turnitin).  Handwritten assignments will not be accepted  Assignment should have a Title Page. Title Page should contain the following information.  College logo  Module Name & code  Semester details  Student name  Student ID  It should have Table of Contents  Use page numbers  Assignment should be typed in your own words using Times New Roman font size 12.  Heading should be with Font Size 14, Bold, Underline  Use Diagrams and Examples to explain your topic.  Copy paste from the Internet is strictly not acceptable.  In-text citation and referencing using Harvard Coventry style RULES & REGULATION If two assignments/essays are similar in all aspects then marks will be deducted from both assignments.Information Security Audit (COMP 0392)-Fall-16-CW2(assignment)-QP COMP 0392 (CW3) Page 5 of 7 Your source of information should be mentioned in the reference page clearly. (For example: If it's from book, you have to mention the full details of the book with title, author name, and edition and publishers name. or if it is from internet you have to mention the correct complete URL) LATE SUBMISSION POLICY Penalty for late submission - 5% of the maximum mark specified for the assessment will be deducted for each working day. Assessment documents submitted beyond a period of one week after the last date of submission will not be accepted and will be marked as zero for that assessment. Note: Must follow assignments guidelines. PLAGIARISM POLICY: Plagiarized documents, in parts or whole, submitted by the students will be rejected. For the first offence of plagiarism, a student enrolled in undergraduate programme is penalized with a deduction of 25% of the maximum marks on the assessment as per the plagiarism policy statement and is allowed to re-submit the work once, within a week's period. The student has the right to appeal against the decision made, to the respective Programme Coordinator. Further appeal on decision taken may be made to the Head of the concerned department. If the student is not satisfied by the decisions taken by the department, s/he can appeal to the Plagiarism Appeals Committee. For the second offence of plagiarism against the student, (committed in any semester after the semester of the student's first offence of plagiarism in the tenure of the student in the undergraduate programme), the student is awarded zero in the assessment where plagiarized content was found. The student is not allowed to re-submit the assessment. The student has the right to appeal against the decision made to the respective Programme Coordinator. Further appeal on decision taken may be made to the Head of the concerned department. If the student is not satisfied by the decisions taken by the department, s/he can appeal to the Plagiarism Appeals Committee. Repeated offences of plagiarism by the student (more than two times) are dealt with as per the college policy on Academic Dishonesty as mentioned in the Student Handbook (6.2).Information Security Audit (COMP 0392)-Fall-16-CW2(assignment)-QP COMP 0392 (CW3) Page 6 of 7 All decisions on plagiarism related offences will be communicated to the student by the respective module instructors, using routine channels of communication with students, currently used by the college, preferably on the same day the charges are confirmed or the very next working day. The student has the right to appeal against the decision informed by the module instructor to the respective Programme Coordinator. Further appeal on decision taken may be made to the Head of the concerned department. If the student is not satisfied by the decisions taken by the department, s/he can appeal to the Plagiarism Appeals Committee. In certain cases, the student may be required to appear for an interview with the module instructor, if deemed necessary. The maximum time limit given to a student to raise appeal against the charges of plagiarism is two working days including the day on which the matter is informed to the student. It is preferable that the appeals are made on the same day of the college on which the student is informed of the issue. All appeals must be made during regular working hours of the college. FEEDBACK TO STUDENTS Feedback, on proposal will be given one week after submission of proposal through Moodle. Feedback on assignment, will be provided to the students (through Moodle/emails/oral).Information Security Audit (COMP 0392)-Fall-16-CW2(assignment)-QP COMP 0392 (CW3) Page 7 of 7 Information Security Audit – COMP 0392 Assignment – Spring 2016 Evaluation Sheet Student Name: ___ __________ Student ID: __________________ Session: __________ Sl. no. Task Poor Not Attempt ed/ Plagiariz ed Report Average Report with partially correct details Good Complete report with few references Excellent Excellent work with complete and accurate details and appropriate references Marks Obtained 1 Task 1: Proposal submission 0 1-2 3-4 5 2 Task 2: Audit planning and preparation 1-2 3-5 5-8 10 3 Task 3: frameworks 1-2 3-5 5-8 10 4 Task 4: Types of controls 0 1-2 3-4 5 5 Task 5: Perform audit and generate report 1-3 4-8 9-16 20 Total Marks Comments:-