COMP3721 Information Security, Assessment 2, S1-2022 Page 1 of 3 COMP3721- Information Security Assessment 2 – Development of an information security contingency planning document Semester 1, 2022 Details. Title: COMP3721 Assessment 2 – Development of an information security contingency planning document. Due Date: 09.00AM (ACST), Thursday 5th May 2022. Value: 30% of the final mark for the topic (late penalty: 5% per 24-hour period). Length: No specific length requirement. Purpose of this assignment. The purpose of this assignment is to support the following topic Learning Outcomes (LO) for this topic: LO1. Explain the importance of cyber security and information security to business and organisations LO5. Develop a business report on an organisations’ cyber security and information security program Task. This task builds on Assessment 1. A large hospital in South Australia has asked you (as the new Information Security Manager) to develop and implement an Information Security Contingency Plan. You have already performed a Security Analysis and Risk Assessment (Assessment 1) and this phase is to create the plan outline. It will be an overview of the elements of the contingency plan and should be a well-researched, supported and logically structured report which can be presented to all the hospital staff. The report should include an outline of the four components a contingency plan as they relate to the hospital. You should include the basic activities will need to be undertaken and who should be involved in these tasks. The report must include a timeline; contain suggestions for how each task can be completed and what resources will be required. Explicitly indicate the outputs (documentation etc) that will make up the contingency plan. COMP3721 Information Security, Assessment 2, S1-2022 Page 2 of 3 Do not include technical solutions to specific threats. This report is a conceptual/educational document for the hospital on what should be done. However, it may be helpful to create a list of threat categories and the associated business impact for each. Assessment Criteria. Please see the Marking Key for this assessment provided on FLO. In general, the report will be assessed for: clarity and conciseness, readability for the intended audience, and completeness of the explanations and instructions. Submission Requirements. Report Length No specific length requirement. Format The report must be word processed and be professional in appearance. You should make use of appropriate fonts and formatting. The submission file MUST be a single file in .doc, .docx or .pdf file format, and labelled: COMP3721_your FAN_lastname_firstname Must Contain Cover/Title Page This must contain the topic code and title, assignment title, your name and student identification, due date. Executive Summary Should be approximately 300 words. This should provide a concise snapshot of the entire report. Table of Content (Table of Figures, Table of Tables) This must accurately reflect the content of your report and must be generated automatically in Microsoft Word (or similar) with page numbers. Introduction and Scope This must provide the scenario, the purpose of the document, the scope of the document, and state any assumptions made. Use in-text references where appropriate. Main body of the document [DO NOT USE THIS THE SECTION HEADING] As described in the Task section. This must be logically structured and well referenced. Make effective use of headings and subheadings. Conclusion This section should draw together the main points raised in the report and identify the next steps in the Contingency Plan development. COMP3721 Information Security, Assessment 2, S1-2022 Page 3 of 3 Glossary of relevant terms This should contain original but referenced definitions for appropriate terms. Only security related terms should be included in this glossary, as opposed to general computing terms References A list of end-text references formatted according to the Flinders APA Referencing requirements. https://students.flinders.edu.au/content/dam/student/slc/apa- referencing.pdf It is recommended that Endnote is used to manage references. Your references should comprise of books, journal articles, and conference papers. Bibliography This should be in the same format as the List of References. It should contain material that has not been specifically used in your report, but which will be of interest to the reader of your report. Appendices as necessary There are no marks associated with the appendices. However, they can be used to include material that is important supporting material to your document. You should assume that the reader of your report will only briefly scan the appendices. Late submission. As per the penalties in the topic official Statement of Assessments Methods (SAM) 2022, an assessment submitted after the fixed or extended time for submission shall incur a penalty to be calculated as for each day (including weekend days) that it is late, as 5% of the maximum assessment available for the assessment. Academic Misconduct (Including Plagiarism). Flinders University regards academic misconduct of any form as unacceptable. Academic misconduct, which includes but is not limited to, plagiarism; unauthorised collaboration; cheating in examinations; theft of others’ students work; collusion; inadequate and incorrect referencing; will be dealt with in accordance with the Flinders Policy on Academic Integrity Policy. http://www.flinders.edu.au/academicintegrity/
