Information Security Management

Information Security Management Information Security Management Assignments Group Assignment (50%) Deadline: Thursday 5th December 2013 This task is to be carried out in groups of 3 students (ideally). The task is to carry out an information security risk assessment for an organization and develop an Information Security Strategy for that organization. This should include, at least: a prioritized list of the risks identified, a definition of the control objectives that need to be met in order to secure the organization, a list of specific controls that should be put in place, and any relevant guidance on how the controls should be implemented, along with clear rationales, in terms of costs and benefits, for the choices that have been made, an outline of the information security policies that should be established, an audit strategy for the controls that have been proposed, a suitable incident response plan. You should make use of whatever accepted industry or international standards you feel are appropriate in carrying out this task, but either COBIT 5 or ISO27000 series standards, or a combination of both are recommended. If you feel that additional areas need to be addressed in the strategy, then please add them, with a brief explanation of why. In selecting an organization to focus on, you may choose a specific organization with which one or more of your group are familiar, or you may use the University of Salford as an example organization. In the case where you choose an organization that not all of the group members are familiar with, you should clearly define the roles that each member of the group will take in the assignment work, bearing in mind the prior knowledge that each member has. Individual Assignment (50%) Deadline: Friday 17th January 2014 This assignment is carried out as an individual. The task builds on the group assignment, so may be though of as an individual component of the same assignment. You are asked to: make a critical analysis of the implications of the strategy you have put in place from an ethical and a legal point of view, identifying key areas where ethical and legal questions need to be addressed and an analysis of the issues involved, making reference to relevant laws, regulations and ethical guidelines in order to back up any arguments you make; write a critical analysis of the barriers to implementation of the strategy, and opportunities for creating a culture of security in the organization; write a reflective report on the process that was employed in the group part of the assignment, summarizing your own role in the work, indicating areas where you feel you and the group could have improved on what was done, and reflecting on the lessons you have learned from the process. It is recognized that there may not be a œcorrect answer in many cases, but marks will be awarded for demonstrating a clear understanding of the relevant arguments.