Critical evaluation of Information Systems Security Policies and Procedure (ISSPP) in your chosen organization (Must be an ISO27001 certified and NIST CSF with security maturity level 4) and propose recommendations.

General
Information

This course is
assessed through submission of an individual investigative report. Information Systems Security
Policies and Procedure (ISSPP)
establish guidelines for the
application of information security controls within an organization. It
outlines what relevant stakeholders are expected to comply with while using
company information assets. With the help of strong policies and procedures, organisation
can incorporate actions that are consistent, effective, and efficient. This
helps combat security threats by creating proper awareness. Further. documented
policies and procedures can also define how organisation incorporate and manage
technology in the corporate environment. You are required to investigate Information Systems
Security Policies and Procedure (ISSPP) documentation aligned to corporate
business requirements relating to a company of mid-large size and demonstrate
your information security knowledge.

It is essential to meet below defined
learning outcomes
in your study by understanding and critically
assessing the adequacy of key elements, which is relevant and appropriate for
the course module. You are
expected to submit 4000-word report “introduction to conclusion”.

 

Learning
outcomes addressed in this assignment:

1.      Analyse
information security objectives, risk management strategies, controls designed
and implemented to address security requirements.

2.      Critically
discuss how corporate security objectives are impacted by business, regulatory
and environmental constraints, and by relevant threats and vulnerabilities.

3.      Analyse
the control requirements relating to the processing, transmission and storage
of data and information relating to emerging technologies such as Generative AI
& cloud computing.

4.      Evaluate
elements of best practices in in information security standards (ISO27001) and frameworks (NIST CSF, NIST SP 800-53, NIST SP800-37, NIST RMF).


Expectations
of the assignment.

Address above
learning outcomes of the assignment by demonstrating your knowledge gained,
completing the Information Security module. Use the knowledge gained through
the course (both direct and indirect learning), comprehensive literature survey and your own experience,
analyse concepts/issues relating to the context and produce a research-based
report. You are also expected to develop your own arguments and analysis based
on your knowledge and experience.


Lecturer
Tips:

1.      Chosen
company must have minimum 500 employees and must be certified with ISO27001
with voluntary adoption of some of these NIST frameworks (NIST CSF, NIST SP
800-53, NIST RMF, NIST SP 800-37). Minimum security maturity level of the
organization must be level 4.

2.     Must
carried out Interviews from 3 personnel who drives business such as CISO, CFO,
Head of Information Security or Head of IT, etc to get their opinion on what’s
the current status of ISSPP and how far it satisfies the organizational strategic
objectives. Annual Information Security budget allocations APRX as per CFO.

3.     
Policies
and procedures> ISMS (ISO27001)> Standard Operating Procedures (SOP)> Roles
& Responsibilities (RASI Matrix Table)

4.     
Add
Non-Conformity Records (table) reported during previous years and what measures
that company has taken to reduce it gradually. 

5.     
Measuring
metrics for policies and period: annually, by annually, quarterly. KPIs, KGIs

6.     
Accountability
for key processes (Incident management process, Asset management process,
Change management process, Risk management process, etc)

7.     
Risk
management process, Risk registrar, Residual risks in the organisation.

8.     
Use graphs,
charts and tables to save the word count.

 

Report structure
(Mandatory sections):

1.     
Introduction

Company, Industry background, description relevant to the given area

2.     
Justification
for selecting the company and feasibility of it.

3.     
Identification
of a clear information security strategy/ plan

4.     
Analysis

5.     
Discussion

6.     
Recommendations

7.     
Conclusion

 

Report Formatting

 

§  Paper Size                          : A4

 

§  Word Count                       :
Individual Report – 4000 +/- 10% (Introduction to Conclusion)

 

§  Printing Margins              : LHS; RHS: 1 Inch

 

§  Binding Margin                 : ½ Inch

 

§  Header and
Footer        : 1 Inch

 

§  Printing                               :
Single Sided

§ 
Basic Font Size                   12

 

§  Font Style                           : Arial/Times New Roman

 

§  Presentation                    :
Bound Document

 

 

 

Important Information for Students

§  Please
note that plagiarism is treated as a serious offence and therefore the
work you produce must be individual and original although you may work
in groups in some instances (Please refer to Student Handbook on Plagiarism
& Cheating).

§ 
All sources of information must be referenced using “Harvard referencing where a

reference
listing
should be included at the end of the assignment. References & citations
should be within current 4 year period 2020-2024
.

 




Level
7

80%-100%
(Distinction+)

70%-79%
(Distinction)

60%-79%
(Merit)

50%-59%
(Pass)

40%-49%
(Narrow Fail)

20%-39%
(Clear Fail)

 

Overall Summary

A full and detailed understanding of the set task
and an ability to have met the learning outcomes and address the assessment criteria
at an excellent level (80%-89%) or outstanding and exceptional (90%-100%) and
beyond level 7.

Work is of a standard deemed worthy of publication/
manufacture/ public exhibition/ Public performance

A full and detailed understanding of the set task
and an ability to have met the learning outcomes and address the assessment
criteria at a very good level.

A full understanding of the set task and an ability
to have met the learning outcomes and address the assessment criteria at a
good level

A basic but secure understanding of the set task and
an ability to have met the associated learning outcomes and address the
assessment criteria at a threshold level.

A partial understanding of the set task and an
ability to have met the associated learning outcomes and address the
assessment criteria at a limited and insufficient level. Unsatisfactory
overall. However, attainment is uneven with some learning outcomes not met
and some assessment criteria unaddressed.

Unsatisfactory overall. A minimal understanding of
the set task and ability to have met some of the associated learning outcomes
at a basic level. However, attainment is uneven with many assessment criteria
unaddressed.

Very poor, incomplete and or irrelevant. Demonstrate
a serious lack of comprehension and or engagement with the set task. May have
misunderstood the set task. No learning outcomes are me in full, although
there may be minimum attainment in one of two areas.

 

Are you struggling with your paper? Let us handle it - WE ARE EXPERTS!

Whatever paper you need - we will help you write it

Get started

Starts at $9 /page

How our paper writing service works

It's very simple!

  • Fill out the order form

    Complete the order form by providing as much information as possible, and then click the submit button.

  • Choose writer

    Select your preferred writer for the project, or let us assign the best writer for you.

  • Add funds

    Allocate funds to your wallet. You can release these funds to the writer incrementally, after each section is completed and meets your expected quality.

  • Ready

    Download the finished work. Review the paper and request free edits if needed. Optionally, rate the writer and leave a review.