COIT20263 Information Security Management (Term 1, 2016) Assessment Item 2—Practical and Written Assessment Due date: 11:30pm AEST, Friday, Week 11 ASSESSMENT Weighting: 40% 2 Length: 3000 words (±500 words) Objectives Each student will analyse the given scenario of an organisation, and write a report. The report should discuss the guidelines for managing the information security risks of the organisation. Assessment criteria Students are assessed against their ability to analyse the given scenario and discuss the guidelines for managing the information security risks of the organisation. The marking criteria for Assessment Item 2 are provided on page 3. Students need to familiarise themselves with the marking criteria to ensure that they have addressed them when preparing this assessment item. Assessment Task You are required to analyse the scenario given on page 2 and produce a report that discusses the guidelines for managing the information security risks of the organisation. Your report should have the Executive Summary, Table of Contents, Introduction, Discussion (the guidelines), Assumptions and References sections. Note: You need to upload your report to Moodle. You must follow the Harvard citation and referencing guidelines. Check the course website at least once a week for further information relating to this assessment task. Please ensure that you write your answers in your own words to avoid possible plagiarism and copyright violation. You can understand the Plagiarism Procedures by following the corresponding link in the CQUniversity Policies section of the Course Profile. Late assessments will be penalised as per the university policies and guidelines. Submission Your report should be submitted online through the COIT20263 Moodle course website assessment block on or before the due date.   The Scenario for Information Security Management Assessment Tasks A private company in Australia plans to establish a private nursing school. The main campus of the nursing school is located in a suburb of Sydney and the satellite campuses are located in the suburbs of capital cities of three South East Asian countries. The company has made agreements with a private hospital in each of these locations to provide the internship and training to the students of the nursing school. The main and satellite campuses that are currently being constructed will have modern communication networks suitable for the business. The lectures, tutorials and laboratory classes conducted in the main campus will form virtual classrooms with the satellite campuses. The students can participate in the virtual classes from within the campus premises or from their homes. More than 100 students are expected to enrol in each location in the first year. The management of the company plans to help out the wider community by providing a telemedicine and homecare service to the needy patients at their homes. This service covers a radius of about 200km from the main and satellite campuses and will be provided with the help of a mobile team of health personnel. The mobile team will be able to receive medical advice directly from the medical staff of the hospital in their country as well as the private hospital in Sydney via a virtual consultation room. The hospitals should be able to locate and contact all registered homecare patients. The nursing school should know the location of all their students and staff when they are on duty. As the company is newly established, the information security policies are yet to be developed. Marking Criteria Section HD D C P F Max Mark Mark 5 4.5 4.25 4 3.75 3.5 3.25 3 2.5 2.4 1.2 0 Executive summary Covered all the sections of the report Contained all sections but not enough detail. Had too brief or missing sections. Not clear but contained most sections. Not clear and most sections missing. 5 Table of contents Used decimal notation. Included all headings and page numbers. Used ToC auto-generation. One feature was missing. A few features missing. Included only the main headings. ToC missing. 5 Introduction Set the scene for the report and described the purpose clearly. Contained all parts but not enough detail. Had too brief or missing parts. Not clear but contained most parts. Not clear and most parts missing. 5 HD D C P F 15 14 13 12 11 10.5 9.5 9 7.5 7 3.5 0 Discussion Discussed the guidelines for managing information security risks based on the standard, including any issues. Contained all information but not enough detail. Had too brief or missing information. Not clear but contained most information. Not clear and most information missing. 15 HD D C P F 5 4.5 4.25 4 3.75 3.5 3.25 3 2.5 2.4 1.2 0 Assumptions Correct list of assumptions. A few assumptions missing Several assumptions missing. Many assumptions missing. Not clear or not relevant.. 5 References All references are listed according to Harvard reference style. A few referencing errors. Not all references are listed but correctly referenced.. Many references missing No or incorrect reference list. 5 Plagiarism penalty Late submission penalty Total 40