Alright Medical Group (AMG) is a large regional hospital with over 500 staff, 300 inpatient beds, and more than 8,000 active patient records.
2026-02-20 16:36:23
Assignment Brief
Session: January 2026
|
Programme title
|
NCFE Level 4 Diploma: Cyber Security Engineer (603/7748/3)
|
|
Unit number and title
|
5
|
Risk assessment in cyber security (J/651/0937)
|
|
Assignment number & title
|
5- Risk assessment in cyber security
|
Unit Credit: 15
|
|
Unit Leader
|
|
|
Assessor (s)
|
|
|
Issue Date
|
19-Jan-2026
|
|
Final assignment submission deadline
|
06-Apr-2026
|
|
Late submission deadline
|
The learners are required to follow the strict deadline set by the
College for submissions of assignments in accordance with the NCFE level 4 submission guidelines and College policy on submissions. They should also refer to Merit and Distinction criteria that require evidence of meeting agreed timelines and ability to plan and organise time effectively without which the learner may not expect to receive a higher grade.
13-Apr-2026
|
|
Resubmission deadline
|
11-May-2026
|
|
Feedback
|
Formative feedback will be available in class during the semester after 5 weeks. Final feedback will be available within 2 - 3 weeks of the assignment submission date.
|
|
Internal verifier
|
|
|
Signature (IV of the brief) *
|
MAI
|
Date: 05-Jan-2026
|
Caspian School of Academics
NCFE Level 4 Diploma: Cyber Security Engineer
(603/7748/3)
Unit 05 Risk assessment in cyber security (J/651/0937) (L4)
Session: Jan 2026
Coursework
Recommended words 2500
You are strongly advised to read “Preparation guidelines of the Coursework Document” before answering your assignment.
|
General
Guidelines
|
●You should write the assignment in your own words. You are required to cite the source of any quotes or illustrations you utilise.
●At the conclusion of your document, include a list of Harvard references. You must list all of your informational sources.
●Ensure that the English you use is easily understood and that your work is presented clearly.
●Use a word processor`s "spell-checker" whenever possible.
|
|
Unit number, title and learning outcomes (LOs)
|
Unit 5: Risk assessment in cyber security (J/651/0937)
LO1: Examine operating system security features
LO2: Assess risk management in cyber security
|
|
Assignment title
|
Risk management in cyber security
|
|
Scenario
|
|
Alright Medical Group (AMG) is a large regional hospital with over 500 staff, 300 inpatient beds, and more than 8,000 active patient records. The hospital relies heavily on digital systems for clinical operations, research, diagnostics, and administration.
AMG uses a mixture of operating systems across departments:
●Windows 11 workstations for administration and HR
●Linux Ubuntu servers supporting research and laboratory environments
●Windows Server 2019 hosting the Electronic Health Record (EHR) system and Active Directory
The hospital also operates over 150 medical IoT devices, including infusion pumps, patient monitors, and lab testing equipment. Many of these devices use outdated firmware or proprietary OS versions that cannot be easily patched.
Recent Cyber Incidents
AMG recently suffered a series of serious incidents:
- Ransomware attack
- Triggered by a phishing email
- Encrypted the EHR system
- Shutdown access for 48 hours, delaying surgeries and clinical workflows
- Phishing credential breach
- 27 staff members submitted their login details
- Attackers gained access to internal systems and confidential emails
- Legacy laboratory PCs
- Windows 7 machines with no encryption
- Stored sensitive diagnostic data at risk of leakage
- IoT exploitation attempt
- Several medical devices found using default credentials
- Potential lateral movement risk inside the hospital network
AMG’s leadership now requires a full cyber security risk assessment, including operating system security evaluation, risk register, risk matrix, and a risk treatment plan based on a recognised standard (ISO 27005 or NIST 800-30).
|
|
Tasks
|
|
Task 1: Examination of Operating system security features
1.Describe the fundamental security features of Windows, Linux, and Windows Server, focusing on authentication, encryption, monitoring/logging, and patch management. (P1)
For higher grade:
- Explain how the choice of operating system affects AMG’s overall security posture, highlighting their strengths and weaknesses in a healthcare setting. (M1)
Recommended Word Count: 1000 words
Deliverables:
●A written report detailing the security features and impact analysis.
●Include diagrams or tables if necessary to support your analysis.
Task 2:
- Define the scope of the risk assessment (assets, threats, vulnerabilities, locations, users). Identify a method (e.g., ISO/IEC 27005 or NIST SP 800-30) you will use. (P2)
- Apply a basic risk assessment to AMG: list key risks & vulnerabilities (e.g., phishing, ransomware, insider data leak, IoT exploitation, weak passwords, unpatched systems). (P3)
For higher grade:
- Explain how your documentation (risk register + matrix) supports treatment decisions. Suggest appropriate treatments (technical + organisational) for several risks. (M2)
- Analyse and prioritise risks by likelihood and impact using a risk matrix. Clearly show which are Critical/High/Medium/Low and why. (M3)
- Design a comprehensive risk assessment plan, tailored to a recognised standard (e.g., ISO/IEC 27005 or NIST CSF/800-30). Include: scope, roles/responsibilities, asset inventory approach, risk criteria & scoring method, data sources, review frequency, reporting/approval path, and how findings feed into treatment. (D1)
- Justify proactive risk treatment strategies for the top risks (e.g., ransomware, phishing, IoT). Cover both technical controls (EDR, network segmentation, MFA, encryption, patching) and organisational measures (policies, staff training, supplier controls, incident response drills). Explain why these reduce risk and how you will measure effectiveness (KPIs). (D2)
Recommended Word Count: 1500 words
Deliverables:
●Scope & Method (P2) → Define assets, threats, vulnerabilities, users, locations + name chosen method (ISO 27005 / NIST).
●Risk Assessment Table (P3) → List key risks & vulnerabilities (phishing, ransomware, insider, IoT, weak passwords).
●Risk Register (M2) → Full table with owner, likelihood, impact, rating, controls + suggested treatments.
●Risk Matrix (M3) → Visual chart showing risks by likelihood vs impact + prioritisation.
●Risk Assessment Plan (D1) → Structured plan (scope, roles, inventory, scoring, sources, review cycle, reporting path).
●Risk Treatment Justification (D2) → Top risks explained with technical + organisational controls + KPIs for effectiveness.
|
|
Evidence Requirements
|
|
You must provide a written report covering the tasks indicated above. The work will be submitted to Turnitin for academic integrity check.
Additional Guidelines:
a.All submissions should be properly referenced, and any external sources should be cited in Harvard’s Referencing format.
b.Use professional language and ensure clarity in your explanations.
c.Diagrams, charts, and code snippets should be well-labelled and explained within the context of your discussion.
d.Font size must be within the range of 10 point to 14 points including the headings and body text (preferred font size is 11) in Arial. Standard and commonly used type face, such as Arial and Times New Roman, should be used.
e.Material taken from external sources must be properly referred and cited within the text using Harvard system
f.Submit all documents either in doc or pdf format through the designated submission portal by the given deadline.
|
Appendices
Note: You should attach all the supporting documents as a separate file in the appendix section of your assignment.
Relevant Information
To gain a Pass in a NCFE Level 4 Diploma: Cyber Security Engineer modules, you must meet ALL the Pass criteria; to gain a Merit, you must meet ALL the Merit and Pass criteria; and to gain a Distinction, you must meet ALL the Distinction, Merit and Pass criteria.
Plagiarism and Collusion
Any plagiarism or collusion will be taken very seriously in accordance with the policies of the college. Below are the definitions and parameters of plagiarism and collaboration in this context:
Presenting someone else`s work as your own is plagiarism. It involves turning in collaborative homework as a solo project and copying information verbatim from books or the Internet without citing the source.
Plagiarism refers to the practice of taking another person`s assignments and turning them in as your own. If plagiarism or collusion is suspected, it will be investigated and dealt with in accordance with college policy (please refer to the student handbook for further information on plagiarism and collusion).
AI Use Policy for This Assignment
To support academic integrity, learners must follow the guidance below regarding the use of Artificial Intelligence (AI), including tools such as ChatGPT, Copilot, Bard, and other generative AI systems.
Permitted Use
Students may use AI tools for:
●Researching background concepts
●Generating ideas during early planning
●Checking spelling, grammar, structure, and formatting
●Clarifying understanding of terminology
●Practising or testing knowledge
●Creating datasets only if anonymised and checked for accuracy
●Producing non-assessed drafts for inspiration
Not Permitted
Students must not use AI tools to:
●Generate full answers, explanations, or solutions that are directly submitted as their own
●Write entire sections of the assignment
●Produce analysis or evaluation without meaningful human input
●Create polished final content that the student only copies and pastes
●Bypass learning activities by submitting AI-generated work
●Fabricate citations, references, or invented facts
Student Responsibilities
Learners must:
●Ensure all submitted work is their own, original, and written in their own words
●If AI is used in any way, this must be declared in your references.
●Clearly reference any AI assistance following the college’s academic integrity policy
●Keep drafts to demonstrate development of work if requested
●Verify all information for accuracy and relevance
●Use AI as a support tool, not a writing substitute
Consequences of Misuse
Improper use of AI may be treated as academic misconduct and may result in:
● Work being rejected
● No grade being awarded
● Requirement to resubmit
● Further disciplinary action in serious cases
Submission
a.Initial submission of coursework to the tutors is compulsory in each unit of the course.
b.The student must check their assignments on Caspian School of Academics (CSA) VLE with plagiarism software Turnitin to make sure the similarity index for their assignment stays within the College approved level. A student can check the similarity index of their assignment up to five times in the Draft Assignment submission point located in the home page of the CSA VLE.
c.All Final coursework must be submitted to the Final submission point into the Unit (not to the Tutor). The student would be allowed to submit only once and that is the final submission.
d.Any computer files generated such as program code (software), graphic files that form part of the coursework must be submitted as an attachment to the assignment with all documentation.
e.Any portfolio for a Unit must be submitted as an attachment in the assignment
Extension and Late Submission
f.You must use an Exceptional Extenuating Circumstances (EEC) form, which is accessible at the Examination Office and CSA VLE, to request an extension if you require one for a legitimate cause. Do not request a coursework extension from the tutors as they do not possess the authority to extend the deadlines for coursework. The completed form must be turned into the Examination Office with supporting documentation, such as a medical certificate if you are ill.
g.Late entries will be accepted and graded in accordance with college policy. Please be aware that late submissions might not receive Merit and Distinction grades.
h.All late coursework must be submitted to the Late submission point into the unit (not to the Tutor) in the CSA VLE. A student is allowed to submit only once and that is also treated as the final submission.
i.If you fail in the Final or Late submission, you can resubmit in the Resubmission window.
Submission deadlines
|
Formative feedback
|
After Week 5
|
|
Final Submission
|
06-Apr-2026
|
Submit to: Online to the CSA VLE only
Explanation of Terms:
|
Analyse
|
Break the subject or complex situations into separate parts and examine
each part in detail. Identify the main issues and show how the main ideas
are related to practice and why they are important. Reference to current
research or theory may support the analysis.
|
|
Critically analyse
|
This is a development of ‘analyse’ which explores limitations as well as
positive aspects of the main ideas in order to form a reasoned opinion.
|
|
Clarify
|
Explain the information in a clear, concise way showing depth of
understanding.
|
|
Classify
|
Organise accurately according to specific criteria.
|
|
Collate
|
Collect and present information arranged in sequence or logical order that is
suitable for purpose.
|
|
Compare
|
Examine the subjects in detail, consider and contrast similarities and
differences.
|
|
Critically compare
|
This is a development of ‘compare’ where the learner considers and
contrasts the positive aspects and limitations of the subject.
|
|
Consider
|
Think carefully and write about a problem, action or decision showing how
views and opinions have been developed.
|
|
Demonstrate
|
Practical application of an element/content to show that you understand
theories/concepts in a practical sense.
|
|
Describe
|
Provide a broad range of detailed information about the subject or item in a
logical way.
|
|
Discuss
|
Write a detailed account that includes contrasting perspectives.
|
|
Draw conclusions
(which...)
|
Make a final decision or judgement based on reasons.
|
|
Evaluate
|
Examine strengths and weaknesses, arguments for and against and/or
similarities and differences. Judge the evidence from the different
perspectives and make a valid conclusion or reasoned judgement. Apply
current research or theories to support the evaluation.
|
|
Critically evaluate
|
This is a development of ‘evaluate’ where the learner debates the validity of
claims from the opposing views and produces a convincing argument to
support the conclusion or judgement.
|
|
Examine
|
Look closely at something. Think and write about the detail, and question it
where appropriate.
|
|
Explain
|
Apply reasoning to account for how something is or to show understanding
of underpinning concepts. Responses could include examples to support
these reasons.
|
|
Explore
|
Consider an idea or topic broadly, searching out related and/or particularly
relevant, interesting or debatable points.
|
|
Identify
|
Apply an in-depth knowledge to give the main points accurately (a
description may also be necessary to gain higher marks when using
compensatory marking).
|
|
Investigate
|
To inquire into (a situation or problem) to explore solutions.
|
|
Justify
|
Give a detailed explanation of the reasons for actions or decisions.
|
|
Perform
|
Present/enact/demonstrate practically.
|
|
Reflect
|
Learners should consider their actions, experiences or learning and the
implications of these in order to suggest significant developments for
practice and professional development.
|
|
Review and revise
|
Look back over the subject and make corrections or changes based on
additional knowledge or experience.
|
|
Summarise
|
Give the main ideas or facts in a concise way to develop key issues.
|
100% Plagiarism Free & Custom Written, Tailored to your instructions
