Module Code :- UFCFWN-15-M
Module Title :- Information Risk Management
Total number of assessments for this Module :- 1 Coursework + 1 Presentation
Weighting :- 100%
Total Assignment Time :- 25 hours
Element Description :- Written Report (3000 words) Weighting – 75% 10 Minute PowerPoint Presentation (videoed) – Weighting 25%
UFCFWN-15-M Information Risk Management Assignment – UK

Section 1: Overview of Assessment

This assignment assesses the following module learning outcomes:

1. Form deep and systematic under standing of relevant standards such as ISO27001 in the context of Information Security Management.
2. Analyse a broad range of issues related to real world security issues that face commercial organisations and other institutions.
3. Evaluate and critique the short comings of real world security incidents and provide clear justification and innovation solutions for how ISMS could help mitigate future incidents.
4. Assess and evaluate the appropriateness of security laws and regulations.
5. Reflect on personal capabilities for the proposal of an ISMS, providing a strong rationale for the methods adopted.

The assignment part 1 and part 2 is worth 100% of the overall mark for the module.

Broadly speaking the assignment requires you to produce a 3000 word report that provides a critical reflection on a real world security scenario provided in the case study with evidence of risk assessment using suit able methodologies and how this can inform mitigation of future incidents.

The assignment also requires the delivery of a 10 minute
presentation to dis seminate the findings reported in your report to address the role 0 of Information Risk Management to the wider organisation.

The assignment is described in more detail in section 2. This is an individual assignment.

UFCFWN-15-M Information Risk Management Assignment – UK

Working on this assignment will help you to develop your knowledge and under standing of applying risk methodologies to resolve real world security incidents.

It will also help to develop your critical thinking skills for identifying appropriate mitigation strategies to avoid future security incidents. If you have questions about this assignment please post them to the discussion board Information Risk Management Assignment on Blackboard.

Section 2: Task Specification

Part 1 (worth 75% towards the final grade):

Produce a 3000 word report to address a case study of information risk management informed by a real world security incident and demonstrating concepts of IRM.

For this assignment you are provided with the following case study built around a real world security incident

Case study :-
Imagine you are in charge of an organisational risk management strategy across three distinct departments of the organisation.

The organisation envisions risk as potential vulner abilities present across our security landscape leads to exposure which enables a cyber incident against the infrastructure capability services and applications which leads to an impact upon Confidentiality Integrity and or Availability resulting in reduced resilience reduced safety ineffective capabilities loss of business services financial impact and reputational damage to UK Government.

The risk applies to three main business domains:
1. IT & Infrastructure
2. Equipment
3. Logistics & Support services

Each business domain is managed by a separate Director but collectively they all three own the risk.
There is a separate Director who is accountable for the risk and they report the status to the Executive Board throughout the year.

Given the complexity of the risk and its significant breadth and depth its difficult to establish a baseline level of risk exposure a pre mitigation level which represents the whole business all three domains. Defining the Risk Appetite RA is also challenging given the differences across the domains the views from each Director the level of resources available etc.

Considering all of the above, answer the following questions

1.How would a baseline risk level be established?
How ISMS and FAIR can be applicable to organisation.

2. What approach could be taken to define a risk assessment and can a single approach work or it will be more appropriate to individually assess for each domain?
Along with risk analysis and treatment strategies.

3.How would the effectiveness of controls (risk response) be measured? What can be
risk quantification measures and metrics? How to monitor ongoing residual risk?

You are expected to use risk assessment methodologies as covered in this module with critical reflection on your choice of risk methodology and its strengths and limitations. You have the free dom to select the risk assessment approach.

The report should be written as a technical report for the board of directors.
The report is expected to be no more than 3000 words please refer to the UWE word count policy:

UFCFWN-15-M Information Risk Management Assignment – UK

Part 2 :-

Prepare an individual videoed Power Point presentation for the board of directors
pitch that reports your findings

The presentation should be considered as a pitch to the board of directors to impress the importance and relevance of information risk management in context of the three questions focussed in the report.

You should expand beyond what is included in the report to provide greater detail if deemed necessary. The presentation should be delivered as a recorded Power Point presentation. The presentation should be designed so that it can be delivered with in a time of 10 minutes. This contributes towards 25% of the module’s assessment.

Section 3: Deliverables
Part 1: A written report is to be submitted via Blackboard in either DOC or PDF format.
Part 2: A 10 minute videoed Power Point presentation is to be prepared.
This should be submitted via Black board.

ORDER This UFCFWN-15-M Information Risk Management Assignment NOW And Get Instant Discount