COMP9721- Information Security
Assessment 2 – Development of an information security contingency planning document Semester 1, 2022
Title: COMP9721 Assessment 2 – Development of an information security contingency planning document.
Due Date: 09.00AM (ACST), Thursday 5th May 2022.
Value: 30% of the final mark for the topic (late penalty: 5% per 24-hour period).
Length: No specific length requirement.
Purpose of this assignment.
The purpose of this assignment is to support the following topic Learning Outcomes (LO) for this topic:
LO1. Illustrate the importance of cyber security and information security to business and government
LO5. Design industry professional reports on organisational cyber security and information security programs
LO6. Research and critically analyse publications and industry guidelines in the area of computer security
This task builds on Assessment 1.
A large hospital in South Australia has asked you (as the new Information Security Manager) to develop and implement an Information Security Contingency Plan. You have already performed a Security Analysis and Risk Assessment (Assessment 1) and this phase is to create the plan outline. It will be an overview of the elements of the contingency plan and should be a well-researched, supported and logically structured report which can be presented to all the hospital staff.
The report should include an outline of the four components a contingency plan as they relate to the hospital. You should include the basic activities will need to be undertaken and who should be involved in these tasks. The report must include a timeline; contain suggestions for how each task can be completed and what resources will be required. Explicitly indicate the outputs (documentation etc) that will make up the contingency plan.
Do not include technical solutions to specific threats. This report is a conceptual/educational document for the hospital on what should be done. However, it may be helpful to create a list of threat categories and the associated business impact for each.
Please see the Marking Key for this assessment provided on FLO. In general, the report will be assessed for:
• clarity and conciseness,
• readability for the intended audience, and
• completeness of the explanations and instructions.
Report Length No specific length requirement.
Format The report must be word processed and be professional in appearance.
You should make use of appropriate fonts and formatting.
The submission file MUST be a single file in .doc, .docx or .pdf file format, and labelled:
Must Contain Cover/Title Page
This must contain the topic code and title, assignment title, your name and student identification, due date.
Should be approximately 300 words. This should provide a concise snapshot of the entire report.
Table of Content (Table of Figures, Table of Tables)
This must accurately reflect the content of your report and must be generated automatically in Microsoft Word (or similar) with page numbers.
Introduction and Scope
This must provide the scenario, the purpose of the document, the scope of the document, and state any assumptions made. Use in-text references where appropriate.
Main body of the document [DO NOT USE THIS THE SECTION HEADING] As described in the Task section. This must be logically structured and well referenced. Make effective use of headings and subheadings.
This section should draw together the main points raised in the report and identify the next steps in the Contingency Plan development.
Glossary of relevant terms
This should contain original but referenced definitions for appropriate terms. Only security related terms should be included in this glossary, as opposed to general computing terms
A list of end-text references formatted according to the Flinders APA Referencing requirements. https://students.flinders.edu.au/content/dam/student/slc/apareferencing.pdf It is recommended that Endnote is used to manage references. Your references should comprise of books, journal articles, and conference papers.
This should be in the same format as the List of References. It should contain material that has not been specifically used in your report, but which will be of interest to the reader of your report.
Appendices as necessary
There are no marks associated with the appendices. However, they can be used to include material that is important supporting material to your document. You should assume that the reader of your report will only briefly scan the appendices.
As per the penalties in the topic official Statement of Assessments Methods (SAM) 2022, an assessment submitted after the fixed or extended time for submission shall incur a penalty to be calculated as for each day (including weekend days) that it is late, as 5% of the maximum assessment available for the assessment.
Academic Misconduct (Including Plagiarism).
Flinders University regards academic misconduct of any form as unacceptable. Academic misconduct, which includes but is not limited to, plagiarism; unauthorised collaboration; cheating in examinations; theft of others’ students work; collusion; inadequate and incorrect referencing; will be dealt with in accordance with the Flinders Policy on Academic Integrity Policy.
COMP9721- Information Security