To achieve P1, learners must describe the core cyber security principles and explain their role in protecting systems and information.

Assignment Guidelines (Detailed)

Task 1 – Principles of Cyber Security (LO1)

Format: 1,000-word report
Focus: Principles (CIA, AAA) in Apex University and society

What the examiner wants overall

They want to see that you:

1. Understand key security principles
2. Can link them clearly to Apex University’s situation (ransomware + data breach)
3. Can argue why certain technologies and principles are especially important for Apex and society.

P1 – Describe the role of cyber security principles

Command word: “Describe”
→ Give clear, factual explanations. Not too short, not just definitions.

What to cover

To achieve P1, learners must describe the core cyber security principles and explain their role in protecting systems and information. The key requirement here is description, meaning learners should clearly explain what each principle means in simple terms and why it exists. Learners are expected to cover confidentiality, integrity and availability (CIA), as well as identification, authentication, authorisation and accountability (AAA).

For each principle, learners should explain its purpose and then relate it to Apex University’s context, such as protecting student records, staff data and scholarship information.

Learners must also briefly explain why these principles matter to wider society, for example by supporting trust in online education, protecting personal data and reducing cybercrime.

At this level, learners are not expected to discuss technologies in depth, but they must show clear understanding of the principles and their importance.

Example for Confidentiality (don’t copy this directly, just use as a model):

• Confidentiality means ensuring that sensitive information is only accessed by authorised people. At Apex University, this includes protecting student records and scholarship data from unauthorised staff or hackers. In society, confidentiality helps maintain trust in digital services like online education and banking, because people feel safe sharing personal information.

M1 – Explain how these principles are applied

Command word: “Explain”
→ Go beyond description: show how and why they are used at Apex and in society.

You are now moving from “what it is” → to “how it works in real life at Apex”.

What to add (on top of P1)

To achieve M1, learners must move beyond description and explain how the principles covered in P1 are applied in practice at Apex University and in society. This means learners should show how each principle is implemented using real-world controls and processes.

For example, confidentiality can be applied through encryption of student databases, integrity through checksums or access controls that prevent unauthorised modification, and availability through backups and redundancy of critical systems such as the virtual learning environment.

Learners should explain identification through unique user IDs, authentication through passwords and multi-factor authentication, authorisation through role-based access control, and accountability through logging and auditing.

The explanation should clearly show how these principles work together to reduce risk at Apex and why similar approaches are essential in modern digital society. Merit-level work explains “how and why”, not just “what”.

You’re basically answering:

“How is this principle actually put into practice at Apex, and why does that matter beyond just the campus?”

That level of detail is what gives you Merit (M1).

D1 – Justify the use of principles & technology components

Command word: “Justify”
→ You must give reasons why these are the best choices, not just describe them.

To achieve D1, learners must justify why specific cyber security principles and supporting technologies are appropriate for Apex University and its risks. Justification requires reasoning and argument, not description.

Learners should select key principles and link them to specific technologies, such as confidentiality supported by encryption, accountability supported by logging and SIEM tools, availability supported by backups and failover systems, and authorisation supported by role-based access control. They must explain why these choices are necessary given Apex’s experience of ransomware and data breaches, and why weaker or absent controls would increase risk.

Learners should clearly show how these technologies reduce legal, operational and reputational risks for Apex and also benefit society by protecting personal data and maintaining trust in digital education services.

Strong distinction answers make it clear why these are the best choices for this scenario.

If you clearly explain “we choose X because… and this is better than not using it / using weaker controls”, that’s strong Distinction-level justification.

Task 2 – Security Functionality & Assurance (LO2)

Format: 8–10 slides presentation (~500 words + diagrams)
Audience: Senior/university management (keep it clear and professional)

What the examiner wants overall

They want to see that you:

• Understand key security tools and how they currently impact Apex
• Know what “security assurance methods” are and why they’re needed
• Understand frameworks like NIST / COBIT
• Can recommend and justify them for Apex

P2 – Outline the impact of current technology components

Command word: “Outline”
→ Brief but clear description of key points and their impact.

What your slide should cover and what you need to talk about

To achieve P2, learners must outline the impact of the cyber security technology components currently used by Apex University. This involves briefly explaining what each component does and the effect it has on security.

Learners should focus on firewalls, intrusion detection or prevention systems, and endpoint protection software. They should outline how outdated or poorly configured tools reduce Apex’s ability to prevent, detect and respond to attacks, such as ransomware and phishing.

The learner should explain that outdated firewalls may allow unnecessary network access, outdated endpoint protection may fail to detect modern malware, and a lack of IDS/IPS reduces visibility of attacks. This criterion requires clear but concise explanation rather than deep analysis.

This can be 2–3 slides with short bullet points.

P3 – Describe security assurance methods

Command word: “Describe”
→ Give detail on what they are and how Apex would use them.

To achieve P3, learners must describe common security assurance methods and explain how Apex University could use them. This includes penetration testing, vulnerability scanning, and GDPR or compliance audits.

Learners should describe what each method is, how it works, and what type of security problems it helps identify. For example, penetration testing simulates attacks to test defences, vulnerability scanning identifies known weaknesses in systems, and compliance audits ensure personal data is handled lawfully.

Learners should relate each method to Apex’s environment, such as testing the student portal or ensuring scholarship data is processed correctly. The focus is on understanding assurance activities, not implementing them.

That fully covers P3.

M2 – Explain frameworks & components’ application

Command word: “Explain”
→ Show how a framework is used in practice at Apex.

Frameworks to include

• NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover)
• COBIT (for governance of IT – making sure IT supports business goals)

To achieve M2, learners must explain how recognised cyber security frameworks and technology components can be applied together to improve Apex University’s security.

Learners should explain frameworks such as the NIST Cybersecurity Framework or COBIT and show how these provide structure rather than random security controls.

For example, learners should explain how NIST’s Identify, Protect, Detect, Respond and Recover stages could guide Apex’s security improvements.

Learner should link each stage to relevant tools and processes, such as firewalls and access controls for protection, IDS and logging for detection, incident response plans for response, and backups for recovery. This explanation should show that frameworks help ensure security is organised, measurable and aligned with business needs.

Note: you should focus on explaining how Apex could use the framework to structure their security improvement.

Distinction (D1 again) – Justify components + frameworks

Now bring it all together:

Why does Apex need NIST or COBIT rather than just “random tools”? and Why is upgrading endpoint protection essential?

Try to also cover on How do these reduce real risks (phishing, ransomware, breaches)? And why is this important not only for Apex, but for Students, Parents and Society (trust in online education and data protection)?

Make it clear that having random security tools is not enough; a structured framework + modern tools is what makes the system strong.

Task 3 – Programming & Scripting (LO3)

Format:

• Code file (e.g., Python script)
• ~1,000-word reflective commentary

What the examiner wants overall

They want to see that you can:

1. Write working code that meets a security need (not just toy code)
2. Think about clean, maintainable, secure coding
3. Judge whether your code is good enough and how to improve it 

P4 – Produce program code or script

Command word: “Produce”
→ You must write real, working code.

Choose a clear, focused task such as:

• Login system with:
• Password hashing
• Basic RBAC (student, lecturer, admin)
• Logging login attempts

OR

• Script that:
• Stores hashed passwords
• Generates an OTP (one-time code) as 2FA
• Only lets user in if both password + OTP are correct

Your code should show:

• Some level of security
• Clear handling of end user requirements, such as:
• “Students can log in to see grades”
• “Admins can see more options”

You don’t need a massive system – small but clear and secure is better.

P5 – Explain clean and maintainable code

In your 1,000-word commentary, include a section like:

Section: Clean and Maintainable Code

You need to discuss on:

To achieve P5, learners must explain how their code is clean, maintainable and secure. This explanation should cover coding practices such as using comments, meaningful variable names, modular functions, and avoiding repeated code.

Learners should explain how they handle errors safely and why they avoid insecure practices such as storing passwords in plain text. The focus is on explaining why these practices matter for long-term maintenance, collaboration and security, rather than just stating that they were used.

Some key areas to discuss are:

Commenting and documentation: Why you added comments and How they help future developers

Modular design: cover on Functions or classes used and on Avoiding repeating code

Avoiding hard-coded values: Using config variables, environment variables, or a settings file instead of writing passwords in code

Error handling: use of Try/except blocks and Meaningful error messages for users

Security practices: cover on using hashing instead of storing plain text passwords and Not printing sensitive info to the console

Explain why you made these choices, not just what you did.

M3 – Assess suitability of your code

Command word: “Assess”
→ Weigh pros and cons.

In another section, you might write:

To achieve M3, learners must assess how suitable their code is for its intended purpose. This involves weighing strengths and weaknesses.

Learners should assess whether the code meets basic security requirements, whether it is efficient enough for a small system, and whether it has any limitations.

For example, they may note that the code is suitable as a prototype but lacks advanced features such as rate limiting or database integration. A balanced assessment showing judgement is required at merit level.

Give balanced judgement:

“This is suitable for a prototype, but not yet production-ready because…”

D2 – Evaluate suitability for end users + suggest improvements

Command word: “Evaluate”
→ Deep judgement + clear recommendations.

In your final section, you need to cover on:

To achieve D2, learners must justify why Apex University should adopt structured frameworks and upgraded security components rather than relying on isolated or outdated tools.

Learners should argue that frameworks such as NIST or COBIT help Apex prioritise risks, allocate resources effectively and improve resilience against ransomware and data breaches.

Learners must justify why modern endpoint protection, intrusion detection and monitoring are essential to detect sophisticated attacks. Strong distinction answers explain how frameworks support long-term improvement, legal compliance and trust in digital education, and why this structured approach is more effective than ad-hoc security measures. 

Final reminder:

• Write your own wording
• Add your own examples
• Build your own code
• Reference any tools used