You have been employed as an information security management consultant and have been tasked in analysing a small company (of your choice) with regard to the company’s’ security posture.

Arrangements for submission

Please submit one document online via Moodle:

1. Your report as a word document.

The requirements for the assessment

You have been employed as an information security management consultant and have been tasked in analysing a small company (of your choice) with regard to the company’s’ security posture.Specifically, you need to prepare a report (of 4000 words) which includes the following

components:

1.  An introduction to the company which highlights what the company does, and considers the main security threats faced by the sector the company is in.

2.  An analysis of the threats to and vulnerabilities of the organisations information systems.

3.  An analysis of their governance mechanisms, policies, and procedures in place, and organisational responsibilities for information security management (e.g. stakeholder analysis, RACI matrix).

4. A risk analysis framework or methodology which is used to evaluate the company’s key security risks.Depending on what framework or methodology is used, this may be embedded within components 2 or 3 above.However, justification for the use of the chosen framework must be provided either way.

5.  Based on the analysis and findings of parts 1, 2, 3 and 4 above, provide recommendations for security controls which should be adopted within the organisation. This can include security controls that are Procedural/People, Technical, or Physical and Environmental, or a combination. Focus only on those that are the most important. Justification must be provided for each recommendation.

6.  A (brief) business continuity and disaster recovery plan for the organisation which focuses on one or two of the key risks identified for the organisation. This should also be fully justified and relate to the previous analysis and findings.

7.  References.

8.  Appendix documentation (if applicable).

It is recommended that you choose a small organisation where it may be possible to conduct interviews with employees of the company to help aid your analysis and make your report as real as possible (although this is not compulsory). Where information is not available in the public domain or through contacting the company, you may make some assumptions (but assumptions should be stated in your report in the appendix).The report should be in detail rather than a general discussion about information security management.

You have been employed as an information security management consultant and have been tasked in analysing a small company (of your choice) with regard to the company’s’ security posture.

Assessment Criteria

Marks will be awarded for each element as required in the above specified report. Higher marks are awarded where there is greater justification of points made, greater relevancy of points to the chosen business case , and where limitations and alternatives are also discussed. Furthermore, greater marks are awarded for your recommendations and disaster recovery plan if they are relevant solutions that link to the prior analysis and organisational profile provided, and for providing a non-generic but specific discussion that is critical of the recommendations being provided.

An introduction to the company which highlights what the company does, and considers the main security threats faced by the sector the company is in.

100% Plagiarism Free & Custom Written, Tailored to your instructions