COM7005D: Critically Analyze the Different Types of Software Acquisition Models: Information Security Strategy Development Assignment, AU, Singapore

Assignment Brief

As part of the formal assessment for the program, you are required to submit an Information Security Strategy Development assignment. Please refer to your Student Handbook for full details of the program assessment scheme and general information on preparing and submitting assignments.

Learning Outcomes:

After completing the module, you should be able to:

1) Evaluate the basic external and internal threats to electronic assets and
countermeasures to thwart such threats by utilizing relevant standards and best practice guidelines.

2) Analyze the legalities of computer forensics phases and the impact of the legal requirements on the overall information security policy.

3) Critically assess the boundaries between the different service models (SaaS, PaaS, IaaS) and operational translations (i.e. cloud computing) and to identify the associated risks.

4) Critically investigate a company information security strategy to provide consultation and coaching through reporting and communication.

5) Assess, compare, and judge computer media for evidentiary purposes and/or root cause analysis.

6) Apply relevant standards, best practices, and legal requirements for information security to develop information security policies.

7) Lifelong Learning: Manage employability, utilizing the skills of personal development, and planning in different contexts to contribute to society and the workplace.

Assignment Task:

This assignment is worth 50% of the total marks for the module. Using your current or previous workplace1 as the case study, please answer the following:

1) Critically analyze the different types of software acquisition models and try to relate that to those systems you are using at your workplace. [LO3]

2) Do you have a handbook that describes the policies, processes, and procedures in place? Evaluate the security strategy in that handbook for network activity monitoring, for instance? What are the issues missing in the handbook? You need to discuss the legal issues raised by this handbook as many companies consider a handbook as part of the contract. [LO4]

3) What is the information security strategic plan in place and how it is implemented? [LO4, LO6]

4) Analyze the external and internal threats to information systems in your workplace and show how your security strategy should protect against those threats. Report your risk assessment methodology in a flowchart-like figure. You can have a look at Stoneburner (2002) work to understand how you should relate all the activities together. Please do not copy the work from (Stoneburner, 2002) as you need to compile your own risk assessment methodology as part of your security strategy plan. You also need to
discuss how you are going to manage the identified risks. [LO1, LO5]

5) Critically analyze the access control strategy? If you are to rewrite that part of your security plan, what would you change? Why? What sort of strategy you will use here? proactive or reactive? Justify your answer. [LO4, LO6]

6) What do you recommend for a proper incident management strategy? How would you implement it? Hint: Stakeholders and role responsibilities. [LO4, LO6, LO7]

7) Compile a brief security strategy that suits the business requirements as well as the security requirements of this workplace. [LO4, LO6, LO7]