Reference no: EM132495958

CIS7028 Information Security - Cardiff Metropolitan University

Learning Outcome 1: Critically discuss the threats to information storage within a system and appreciate the main types of computer crime
Learning Outcome 2: Appraise approaches to information security and forensic investigation of prominent cyber offences;
Learning Outcome 3: Analyse the technical issues relating to the transmission and storage of data and information relating to Cloud Computing and Big Data
Learning Outcome 4: Discriminate between data management policies associated with Data Protection and the Regulation of Investigatory Powers.

Assessment Requirements

Task 1 (2000 words):Choose one of the activities described below.

Activity 1

Assume you have been hired as a security consultant by a large scale enterprise to provide them below information and recommendations. The enterprise's Chief Information Officer (CIO) has recently come to know about ISO27001 and wants to know your opinion about alternative standards, its wider benefits to the organization, how to implement the critical elements of ISO27001 and auditing and certification process. Prepare a report covering below details.
Task 1.1 (750 words):
• Alternative standards (Cyber essentials) and wider benefits of ISO27001 to the organization
Task 1.2 (1000 words):
• Main clauses need to implement under ISO27001 (750 words)
• Security control objectives applicable for the chosen company (250 words)
Task 1.3 (250 words):
• Auditing and certification process of ISO27001

OR

Activity 2 (2000 words)
Data protection by design/default: Compile a report explaining how you would implement Data protection by design and defaultfor a chosen company. The company can be any size which holds personal data of customers, clients, suppliers and employees.
Task 2.1 (1000 words):
• The implementation of Data Protection by Design and Default for the chosen company
Task 2.2 (1000 words):
• The use of below mechanisms for the chosen company to implement data protection by design and default: Data discovery, Data classification, Data Processing Impact Assessment (DPIA), Data Loss Prevention (DLP) mechanisms and Privacy Enhancing Technologies (PETs)

Task 2 (1500 words):Write a report about a recent information security attack/breach (which took place recently, January 2019 onwards). Thedescription should contain a brief description of the attack, loss to the organization, details of the vulnerability exposed by the attack (e.g.; CVE), how the attack was manifested (e.g. illustration), the tools used by the attackers and prevention mechanisms which could have stopped the threat or the vulnerability. Sample References:

Task 3 (Continuous assessment using 8 Cisco Cyber Essential labs and immersive labs): Security awareness (Cisco Cyber security essentials training). Students has to complete 8 Chapters of above training (both theoretical and practical aspects) during tutorials and average mark of chapter Quizzes will be taken into account. Students has to complete the final quiz as well. In addition, immersive labs has to be completed by the students.

Attachment:- Information Security.rar