School of Science
Title: Information Security Assignment 2
Due Date: 11.59 PM (GMT+8) Friday October 16, 2020
Value: 30% of the final mark for the unit
Length: 2000 words, maximum 2500 (excluding cover page, references and appendices)
In this Assignment you will be required to perform an information security analysis for a small pharmaceutical
company located in Perth.
The assignment will rely on concepts covered from week 1 through to week 10. The deliverable is a 2000
(maximum 2500) word information security report detailing information assets owned by the company together with
a recommendation for securing the company’s information assets.
Perm Pharmaceuticals, a small pharmaceutical company, has requested an information security assessment of
their current information assets. The company operates six days per week in the CBD and typically work after
hours. The laboratory is located on the second floor of a three-storey office building and share a common lift.
Access to the second floor is restricted to Perm Pharmaceutical staff only, however all staff employed by the
company have the same swipe card access.
Perm pharmaceuticals employs 10 staff (two senior staff and eight bio chemists) who often undertake sensitive
procedures and operations, for example, vaccine development, testing and drug trials.
In order to collaborate with colleagues overseas, Perm Pharmaceuticals has two networked desktop computers on
site, one printer and are connected to the internet via a modem-router supplied to them by an ISP. Important
paperwork is stored in an unsecured cabinet. One additional computer (SRAT) is used by all staff for entering
sensitive information on projects, conducting trials and processing results. The facility has two dedicated rooms for
testing chemicals that must be locked at all times, currently however, all staff have access on a trust basis.
Information stored on the SRAT (Secure Research and testing) device include:
• Latest virus information
• Testing information pertaining to drug trials
• Blood results
• Secure messaging system
Assessment Task 1
Perm Pharmaceuticals is concerned about the security of information and has requested an information security
assessment. The assessment should provide a recommendation on how to protect the information assets. You are
required to provide
• Asset Identification
• Weighted Factor Analysis to prioritise information assets
• Recommend an appropriate Information Classification schema
• Recommendation pertaining to the protection of information assets, i.e., security controls
CSI2102 Principles of Information Security
CSI2102-Assignment 2 – 202.docx
Assessment Task 2
Provide a Data breach response policy and attach to the appendices of the report.
Note: The assessment and recommendations should be realistic and reflect the case study.
Introduction: introduce your report and what it will cover
Identify and categorise the information assets. This includes both digital and physical assets. Minimum of
20 assets (max 30). Assets should be categorised and spread across the system component categories
Prioritise the information assets using a weighted factor analysis. Consider the critical impact factors and
their associated weightings. The critical impact factors should be documented and discussed. For
example, why these particular factors were chosen and their weightings.
Define an Information Classification Schema suitable for the Pharmaceutical Company
Provide a written recommendation including security controls where necessary, i.e., access control,
physical security. Think of the McCumber cube here, for example; Policy, Education, Technology.
When recommending a technology be specific, for example Access Control, but for Policy and Education
you may simply state policy or education.
Reference ISO27001 / ISO27002 where appropriate.
Write and attach the Data Breach Response Policy. Hint: SANS institute will be very helpful for the
creation of policy documents
CSI2102-Assignment 2 – 202.docx
Cover / Title page:
You do not need to include the ECU cover page. Create your own cover page that includes the Unit Code,
Unit Title and Assignment Title, your name, student number and who the report is prepared for.
Table of Contents:
This must accurately reflect the content of your report and must be generated automatically in Microsoft
Word with page numbers.
Introduce the report, define its scope and state any assumptions. Use in- text references where
appropriate. The introduction should introduce the case study and discuss what the report will cover.
You may include an executive summary if the word count permits but it is not a requirement.
Main report content
• The report must address the task as defined above.
• The report must contain your definition of the problem.
• You must include a weighted factor analysis.
• Critical factors chosen for the weighted factor analysis must be justified in your report, i.e., why
you chose them.
• Recommended controls must be identified.
• Data classification schema defined.
A list of end-text references formatted according to the ECU requirements using APA 6th or 7th formatting
Endnote is a good tool for managing referencing and can be downloaded free of charge from the ECU
Software Download Service. See the Academic Skills canter for help.
Your references should ideally comprise of books, journal articles and conference papers.
• This report should be no more than 2500 words (excluding title page, table of contents,
references and diagrams) and labelled as <CSI2102_your studentid_ lastname_firstname>.docx
in a single file.
• Your assignments must be word-processed. The text must be no smaller than 12pt, font Times
Edith Cowan University Assessment, Examination and Moderation Procedures (Procedure 3.28) for late
submission may be applied.
a) Where the assessment task is submitted not more than 7 calendar days late, the penalty will, for each
calendar day that it is late, be 5% of the maximum marks available for the assessment.
b) Where the assessment task is more than 7 calendar days late, a mark of zero will be awarded.
Academic Misconduct (Including Plagiarism):
Edith Cowan University regards academic misconduct of any form as unacceptable. Academic misconduct, which
includes but is not limited to: plagiarism, unauthorised collaboration, cheating in examinations, theft of others
students work, collusion and inadequate and incorrect referencing will be dealt with in accordance with the ECU
Rule 40 Academic Misconduct (including Plagiarism) Policy.
CSI2102-Assignment 2 – 202.docx
Marking Key Marks
Language and Presentation 3
• Formal language
• Professionally formatted/drawn diagrams
• Keeping to required format
• Logically structured
• Introduction reflects body of report
Asset Identification 5
• Assets identified appropriate to the case study
• Minimum of 20 assets identified and correctly
Weighted Factor Analysis 5
• Critical impact factors appropriate to case
• Critical impact factors justified
• Performed weighted factor analysis on
Information Classification Schema 5
• Information classification schema
recommendation appropriate for case study
• Justified recommended tier system
• Recommended security controls where
• Recommendations adequately reflect the case
• Referenced ISO27001 / ISO27002
Data Breach Response Policy 4
• Outlines purpose, background and scope
• Document owner identified
• Policy adequately addresses data breach in
relation to the case study
• Appropriate use of APA referencing
• Appropriate use of academic references
Such a cheap price for your free time and healthy sleep
All online transactions are done using all major Credit Cards or Electronic Check through PayPal. These are safe, secure, and efficient online payment methods.