SCHOOL OF ENGINEERING, TECHNOLOGY & DESIGN

ASSIGNMENT GUIDELINES

TITLE OF MODULE: MODULE COMPONENT:

P19135 - Information Security Management 50% of Module (2000 words)

MODULE TEAM: ASSIGNMENT CONTACT:

Tim Jackson (Module Lead) Tim Jackson
Merlin Kasirajan
Alfie Garratt
ASSIGNMENT DEADLINE: EXPECTED FEEDBACK DATE: 25th November 2024
Monday 4th November 2024 by 2pm Location of Feedback: Turnitin

ASSESSMENT TYPE:
Critical Review
WHERE TO SUBMIT: via Turnitin by the 2pm deadline on the Module Blackboard page
WHAT TO SUBMIT: a 2000-word critical review of a high professional standard, proofread, and
containing a range of authentic researched references

TITLE(S) OF ASSIGNMENT:
A Critique of Key Legislation, Frameworks, and Standards within Information Security Management
Systems

ASSIGNMENT INSTRUCTIONS

The relationship between legislation, frameworks, and standards is an important one, given their direct
impact on the policies and procedures set out by an organisation to govern their day-to-day operations,
whilst ensuring compliance. This assessment investigates this relationship and looks to establish the
significance of each of these aspects in relation to Information Security Management systems.

Subsequently, in the second assessment, you will be asked to undertake a risk assessment, write a security
policy for an organisation, propose possible planning options for disaster recover and business continuity,
whilst suggesting how and why resilience testing is an important part of this planning process.

But for now, you have been employed as a policy advisor and assigned to a company that wants to ensure
that they are compliant with the necessary UK and key European legislation, frameworks, and standards.
So, in order to demonstrate a profound understanding the information security management
fundamentals, the company have asked you, at this initial stage, to undertake a critique of these three
aspects of governance and compliance by undertaking the following tasks:

• Identify and describe three pieces of legislation (two UK-based and one European),
• Identify and describe three frameworks within which this legislation relates to,
• Identify and describe three standards, which have been defined by international standards bodies,
to use as a basis for organisational policies and procedures
• Consider how these three elements (legislation | frameworks | standards) combine in order to
define key concepts and best practices within Information Security Management systems
Finally, in order to develop proficiency in identifying, assessing, and applying an information security
management system, thus enabling informed decisions on how to safeguard organisational assets, you
have also been asked to provide a critical analysis as to the relevance of the legislation, frameworks, and
standards that you have discussed, within Information Security Management systems. This would include
a discussion on the interdependence between these aspects at a functional level, such as the need to
undertake threats analysis, risk assessments, the creation of organisational policies and procedures, and
the necessity for planning in the event of a significant data breach or network failure.

MARK SCHEME (RUBRIC)

Please see APPENDIX A for a detailed rubric.

FORMATTING OF SUBMISSION:

You are expected to produce a single critical review report of a high professional standard and quality. The
target length of the report should be 2000 words. Any screen shots, tables, figures, charts, illustrations,
etc. will not contribute towards the word count. Your work must be adequately referenced throughout,
using Harvard referencing style. Pears & Shields (2016) give a complete guide to Harvard referencing.
Guidelines on using the Harvard Referencing style are available at: Introduction to referencing.

There are two parts to referencing - how to refer to a material in the text of your assignment (citations)
and secondly, how to reference at the end of your assignment (reference list). The reference list includes
only the sources that you cite in your text, a bibliography includes all material that you read in preparation
for your assignment. Please follow the latest edition of the Harvard referencing system (12th Edition).

The report must be submitted using the dedicated Blackboard grade centre submission bucket on or before
the submission deadline stated.

RESOURCES YOU MAY FIND USEFUL:

Introduction to referencing. (Accessed 13/10/2024)

NSCS https://www.ncsc.gov.uk/cyberessentials/overview (Accessed 13/10/2024)
ISO https://www.iso.org/home.html (Accessed 13/10/2024)
ISf https://www.securityforum.org/ (Accessed 13/10/2024)
FeedSpot https://journalists.feedspot.com/cyber_security_news_websites/ (Accessed 13/10/2024)

International Journal of Information Security – Springer (Accessed 13/10/2024)

Journal of Information Security and Applications – Science Direct (Accessed 13/10/2024)
Information Management & Computer Security -Emerald (Accessed 13/10/2024)
Information Security Journal – Scimago (Accessed 13/10/2024)
LEARNING OUTCOMES (LO) ASSESSED:

LO1 - Demonstrate a profound understanding the information security management fundamentals,

including industry standards, concepts, and best practices.

LO2 - To develop proficiency in identifying, assessing, and applying an information security management
system, enabling informed decisions on how to safeguard organisational assets.

GRADUATE / EMPLOYABILITY SKILLS GAINED:

• Literacy and numeracy

• Time management and organisation.
• Written communication.
• Critical and analytical thinking.
• Ability to apply discipline, knowledge and concepts.

PROGRAMMES OF STUDY:

MSc Cybersecurity Technologies

MSc Data Intelligence
 APPENDIX A: MARK SHEME ( RUBRIC)

CRITERION 100-80 79-70 69-60 59-50 49-40 39-20 19-0

Excellent Very good Good Pass Satisfactory Fail Fail
40% - Summary, Summary, Demonstrates an Shows a Sound descriptive Selection of theory In this assignment In this assignment
Knowledge and Knowledge and extensive, sophisticated knowledge of key is satisfactory, and some there is a lack of
application of understanding of sophisticated, systematic and theories with terminology, facts of the theories relevant subject-
subject and theories theory are accurate, systematic accurate appropriate and concepts are presented are not specific theory.
(Parts A and B) exceptionally theoretical understanding of application; handled accurately, appropriate.
detailed and beyond understanding of key subject-specific sometimes balanced but application Terminology, facts,
what has been the subject and a theories, which are towards the and/or and concepts are
taught. Appreciation wide range of key appropriately descriptive rather understanding is presented
of the limits of theories. integrated within than the critical or generalised. inaccurately and/or
subject-specific Appropriately the context of the analytical. with omissions in
theories selected theoretical assessment task. key areas. The
demonstrated knowledge is application and/or
throughout the synergised into the understanding
work. Approach to overall assessment demonstrated is
assessment task is task with some limited.
clearly, appreciation of the
appropriately, and limits of subject
consistently specific theories.
theoretically
informed.

Pg. 4 of 4
30% - Analysis: Demonstrates Makes excellent use Makes very good Makes consistent, Makes satisfactory The submission This submission
Application and outstanding of a range of use of established albeit conventional, but limited use of includes analysis, does not contain
Critical Evaluation command of relevant analytic techniques of use of established established but the analysis is effective analysis
(Parts A and B) relevant analytic techniques and analysis relevant to techniques of techniques of ineffective and/or and does not yet
techniques, and the applies these to new the discipline. analysis, relevant to analysis, relevant to uninformed by key engage with key
ability to apply these and/or abstract Shows ability to the discipline. the discipline. disciplinary disciplinary
to new and/or information and compare with some techniques. techniques.
abstract information situations. Shows insight alternative
and situations. well developed theories and/or
Shows an ability to compare analytic approaches
exceptional critically alternative (where relevant).
appreciation of the theories and/or
limits and/or analytic approaches
appropriate uses of (where relevant).
analytic
approaches.
10% - Conclusions Outstandingly well- Very well-developed Conclusions show Conclusions are Conclusion is Conclusions are Conclusions are not
(Parts A and B) developed conclusions, which very good drawn which are presented and incomplete and/or included, or
conclusions which show clear development and clearly derived from linked to only partially unsubstantiated
originality. They are original insight and evidence and/or evidence/theory substantiated and and/or invalid
show considerable
thoroughly relate clearly and theory and/or and/or literature but understanding of conclusions drawn.
originality. They grounded in theory logically to evidence literature, with the understanding evidence/theory
form an integrated and/or evidence and/or theory some originality. of these contains and/or literature
part of the overall and/or literature and/or literature. inaccuracies or contains significant
argument and/or and use appropriate omissions. inaccuracies or
discussion, forms of omissions.
reflecting conceptualisation,
forming an
commanding grasp
integrated part of
of theory and/or overall argument
evidence and/or and/or discussion.
literature and They contribute to
the work being of

Pg. 5 of 4
 appropriate forms of potential
conceptualisation. publishable
They contribute to standard.
the work being of
publishable
standard.
10% - Referencing Outstanding use of Excellent use of Very effective use of Effective use of Sources of Some sources of Little or no
(Parts A and B) sources to support sources to support sources to support sources to support information information acknowledgement
discussion and discussion and discussion and discussion and acknowledged but acknowledged but of sources of
personal findings. personal findings. personal findings. integration between links between text information in text
personal findings.
Referencing follows Referencing follows Referencing follows text and reference and reference list and/or reference
the highest Referencing follows the standards of the the standards of the list is inconsistent. unclear. Referencing list.
standards of the highly effectively the discipline very discipline clearly and Attempts to follow a does not follow a
discipline. standards of the clearly and accurately. systematic systematic
discipline. accurately. approach, approach.
appropriate to the
discipline do not
always succeed.
10% - Clarity of Exceptional writing Accomplished Language fluent, Language is clear Understandable and In this piece of work In this piece of work,
expression (incl. control, appropriate writing style nuanced, and and consistent and clear, but accuracy the meaning is often the meaning is
accuracy, spelling, to assignment, appropriate to the expressive. conveys nuances. of spelling, unclear with unclear throughout.
grammar, which enhances the assignment. grammar, spelling, grammar, spelling punctuation, frequent errors in Errors in spelling,
punctuation, and argument. grammar, grammar, spelling, and numeracy and/or numeracy is grammar and grammar, spelling, grammar,
numeracy) spelling, and and numeracy are mainly accurate. mainly accurate numeracy need to and or numeracy. punctuation and/or
(Parts A and B) numeracy are almost always with some errors. be improved. Errors numeracy make
flawlessly accurate. accurate. which detract from interpretation
the argument. challenging for an
assessor.

Pg. 6 of 4