Information Security Management

You should make use of whatever accepted industry or international standards you feel are appropriate in carrying out this task, but either COBIT 5 or ISO27000 series standards, or a combination of both are recommended. If you feel that additional areas need to be addressed in the strategy, then please add them, with a brief explanation of why. In selecting an organization to focus on, you may choose a specific organization with which one or more of your group are familiar, or you may use the University of Salford as an example organization. In the case where you choose an organization that not all of the group members are familiar with, you should clearly define the roles that each member of the group will take in the assignment work, bearing in mind the prior knowledge that each member has. Individual Assignment (50%) Deadline: Friday 17th January 2014 This assignment is carried out as an individual. The task builds on the group assignment, so may be though of as an individual component of the same assignment. You are asked to: make a critical analysis of the implications of the strategy you have put in place from an ethical and a legal point of view, identifying key areas where ethical and legal questions need to be addressed and an analysis of the issues involved, making reference to relevant laws, regulations and ethical guidelines in order to back up any arguments you make; write a critical analysis of the barriers to implementation of the strategy, and opportunities for creating a culture of security in the organization; write a reflective report on the process that was employed in the group part of the assignment, summarizing your own role in the work, indicating areas where you feel you and the group could have improved on what was done, and reflecting on the lessons you have learned from the process. It is recognized that there may not be a œcorrect answer in many cases, but marks will be awarded for demonstrating a clear understanding of the relevant arguments.