University of West London School of Computing & Technology

Student Assignment
Title Module Module Code Module Leader: Set by: Moderated by: Assignment Hand in arrangements Structure of assignment

Computer Security Policy Development Computer Security

CP60028E Colin Beeke Colin Beeke Peter Komisarczuk In-course Assignment 1 This assignment must be handed in to the Faculty Office TC375

This assignment has two elements. Each element has a specific weighting, and its own criteria. The assessments are described below. The learning outcomes of the module are assessed by a successful completion of all the elements. Element 1 2 Type Research and Summarise Investigation and report Weighting 40% 60% Due Date Monday 26th March 2012 Friday 27th April 2012

Extensions will only be granted in exceptional circumstances. Extensions will be for 10 days or less. Documentary evidence will be required. Extensions must be agreed before the deadline. Submissions up to one week late with no extension will be marked with a maximum mark of 40%.

Learning outcomes

1 2 3

Formulate a comprehensive strategic security policy which fulfils the needs of a modern organisation Categorise and prioritise vulnerabilities in a range of network systems and select with appropriate justification, suitable defence strategies and techniques Identify, analyse and critically evaluate possible methods of malicious attack which could compromise network security

Identify and critically appraise non-malicious security issues and devise strategies to reduce the associated risks to an organisation

Element 1
Title Task details
Research and Summarise Research ONE of the following topics and write a concise report to summarise your findings: the built-in security defences of Microsoft Windows 7 (this indicate any issues/updates in past 6 months). the security and risks associated with Mobile Phones (Androids and iPhones). A current computer security topic of student choice with formal agreement with either Assessor.

You are expected to produce your report in the format of a scientific paper including references and citations, abstract, conclusions, etc. Credit will be awarded for evidence of your analysis of the data and demonstration of critical thinking. Ideally your report should be between 1000 and 2000 words, you may use figures and tables for those taken from sources you must cite the source.

Marking Guide

Criteria Research

Issues Have you researched a range of academic sources and checked their provenance? Have you demonstrated intellectual skills of analysis and critical thinking? Have you followed an accepted standard for a published research paper? Have you included appropriate citations and references? Is your report logically structured and written in an appropriate style of English to ensure good communication of your findings?

Mark 10

Marking breakdown where appropriate Breadth of research (5) Quality of research (5) Analysis and critical

Analysis

20

Report

10

Report format (3) Refs and citations (3) Communication and style (4)

Element 2
Title Task details
Security Policy Development Ealing borough council has teamed up with the local chamber of commerces in trying to assist its private and public sector organisations in developing overseas business links to help boost the local economy and thus the prosperity of its residence. Imagine that you have just been appointed as an I.T. security consultant working for an independent computer security systems company appointed to assist in this venture. Your have been tasked with compiling a report that investigates the current computer security threats for such organisations trying to operate within the global economy and developing a generic top-level security policy document which could be utilised by any organisations to form the basis of their main reference source for I.T. managers and staff alike for such organisations. The policy document must identify the current major threats and vulnerabilities and these should indicate how they may need to be prioritised by the organisation to best meet their requirements to support business risks identified by them. The document must be logically structured to ensure quick and easy retrieval of specific information and guidance. You must also encourage internal standards for 'good practice' with these being clearly related to relevant external [United Kingdom, European and International] standards. Please note that a student may identify their country of origin and then formulate their international standards within their development against that country if they wish.

Marking Guide

Criteria

Mark

Marking breakdown where appropriate

Investigation

Have you investigated in sufficient depth the organisation and structure of the current security threat? Have you identified and prioritised the significant threats and vulnerabilities for system(s)? Have you formulated policies to address the major threats and vulnerabilities? Have you followed appropriate security standards and guidelines? Overall policy considerations to form a coherent whole.

50

investigation of current threats (10) identification (10) policies (10) standards (5) coherent (10) creativeness of thinking(5)

Report

10

report structure (4)

Have you presented your findings and recommendations in a clear and logically structured report? Have you written the text using appropriate language style for this policy document?
Richness/Quality of evidence used to support report development. Have you included appropriate citations and references?

refs and citations (3)

communication and style (3)

Grade descriptors
In addition to the assessment criteria above the following table may assist you in understanding how we arrive at your final mark. Indeed your final mark should agree with the following grade descriptors, but note that the assessment criteria are the main means of assessment. Mark 0-39% Descriptor
Some of the individual requirements have not been attempted and the report is missing some of the elements listed above. Limited understanding of the topic. Report poorly structured. Few literature sources and inadequate referencing. Inappropriate argument leading to unreliable and invalid conclusions/recommendations All individual requirements have been attempted and the report contains all the elements listed above. Sufficient attempt to justify the design and evaluation plan. Some confusion in purpose & aims. Some overall structure and conceptual understanding. The grammar and punctuation in the report is sufficient to enable understanding of the content. Sufficient analysis of the results. Report is clear and concise and follows recommended report format. Clear evidence of some research into the topics. Report is near error free. There are very few spelling mistakes or in-correctly used words. Demonstrates accurate knowledge and understanding of the subject presented in a coherent manner. The answer contains evidence of application and interpretation. At the upper end there is evidence of thoughtful and measured critical evaluation. Critical analysis of the results of the investigation and the recommended future approaches to the problem. Evidence of wider reading. Bibliography contains a good range of current source including journal papers.

40-49%

50-59% 60-69%

70-79%

Demonstrates evidence of significant research into the topics. A thorough analysis of the problems of domain and the security techniques used. Report is error free. There are no spelling mistakes or in-correctly used words. There are no long, confused or unwieldy sentences, which distract from legibility. The answer is analytical, critical and authoritative. The assignment demonstrates scholarship through a depth of insight and understanding of relevant material, which is logically structured, accurate and well referenced. Arguments demonstrate originality of thought and conviction.

80% or above