Learning outcomes assessed in this assessment (numbered)
1. Compare and contrast various approaches to information risk management and select the most appropriate for a given scenario.
2. Compare and contrast various approaches to information risk governance and select the most appropriate for a given scenario.
3. Develop appropriate approaches to business continuity and resilience.
A good report generally requires you to answer the question and to include…
1. A title, with your student number, module, lecturers name and any other documentation required by the university
2. A contents page and if appropriate, an abstract.
3. An introduction which acts as a ‘map’ to the rest of the document, describing the aim or purpose of the work and explaining how this aim is achieved. At this point it is usually helpful to paraphrase your conclusion.
4. Evidence of an appropriate level of background reading of relevant texts
5. Evidence of systematic and clear thinking, indicative of good planning and organisation
6. Writing which makes sense, is clearly and carefully presented (proof read and grammar checked)
7. A critical style of writing which compares and contrasts the main theories, concepts and arguments with conclusions that are based in evidence presented.
8. High levels of accurate academic referencing.
9. A logical and well-defined structure with headings and subheadings.
10. Clearly labelled and well-presented diagrams and other graphics that are discussed in the text
11. Adherence to usual academic standards including length and a timely submission
12. A reference section in which every source that is cited in the text is listed.
Submission format. The submission must be a PDF document.
Word count. The total word count is 4,000 words. A margin of ±10% will be allowed on the word count. If your submission exceeds this, you may be penalised. Tables, the references section and the appendices are not included in the word count.
Formatting. All figures and tables must be properly labelled and captioned. All pages must be numbered. Formatting must be consistently applied throughout the submission. Submissions that stray from this guidance may be penalised.
Referencing. You are strongly advised to use a reference management system such as Endnote Web. You must follow the Harvard referencing standard. Please study the guidance provided by the University Library . Citation and referencing errors may be penalised.
Coherence. A poorly worded report will hide excellent content. The narrative should be easy to read, and arguments should be presented coherently and convincingly. Ensure that you spell check the submission, use a grammar checker and ensure that you proofread your work prior to submission. Spell/grammar checkers must be set to UK English, do not use ‘Americanised’ spellings.
1 Assignment Case Study Background:
Bloxham Consulting Ltd. (BC) works within an intensely competitive market wherein there are a significant number of IT consulting companies fighting for a relatively small share of the market. The company offers services in 3 main areas:
a. Cybersecurity, including cybersecurity assessments, programme development and maintenance and education of company executives
b. Security of Assets and People, including comprehensive security evaluations, integrated risk, vulnerability and threat assessments and equipment and technical infrastructure evaluation; and
c. Business Intelligence, including strategic intelligence, enhanced due diligence and world-wide asset tracing.
BC reported a turnover of £6 million in the financial year 2019-2020.
There are 5 departments (Consulting – by far the largest, sales, marketing, HR and IT) each led by a director. These departments are located in two offices in the UK, one in Oxford and another in Liverpool. Consulting staff along with Sales are based in Oxford. The Liverpool office houses the human resources, finance/purchasing and marketing departments. BC outsources its IT to DigiHelm, an IT firm out of North London.
You are the Chief Information Officer (CIO) of BC. You report directly to the CEO. You have also been assigned to appoint a new Chief Information Security Officer, currently interviewing candidates.
The COVID-19 pandemic and the requirement for most organisations to change their modus operanti to remote working has led to a spike of high-profile cyber incidents, resulting in digital services outages which have attracted media attention. BC also has to comply with UK requirement to gain the Cyber Essentials Plus Certification in order to participate in Department of Defence projects. These two issues have led BC’s board of directors to take a highly radical approach to security.
There is now an overwhelming need to assess the risk for these two issues; risks of remote working and risks related to the activities required to be undertaken in order to achieve the Cyber Essential + accreditation. The board has suggested that the company should establish an information risk management strategy, commencing from a thorough risk assessment.
The members of the board have heard that capability maturity models provide holistic, enterprise level risk assessments. The CEO has asked you to review existing capability maturity models and provide a report outlining the model you believe is more applicable to BC while analysing how it should be applied within the company.
1.1 Executive Summary (10%)
The report is intended for the consumption of the board members of BC. Thus, an Executive Summary, of no more than 2 pages must be included at the beginning of the Report.
1.2 Part A: Review (20%)
Capability maturity models for Information or Cyber Security, such as the Cybersecurity Capability Maturity Model , are tools for evaluating an organisation’s cyber/information security posture while illustrating organisational progression.
In the first part of the report you are required to provide a literature review of existing capability maturity models (this may include summarising the features of each model, the business areas it addresses and the assessment methodology it uses) and explain which model you recommend should be applied within BC.
1.3 Part B: Organisational Risk Landscape (20%)
Write a section which:
1. Identifies the risks related to remote working of staff for your corporate environment
2. Identifies the risks related to the activities required to be undertaken in order to achieve the Cyber Essential Plus certification.
1.4 Part C: Implementing a Capability Maturity Model (40%)
Write a section which:
1. Lays out the specifics of the recommended model, including but not limited to:
a. Model Scope
b. Maturity Domains
c. Maturity Levels
2. Describes the process for the implementation of the model within BC
3. Explains why the recommended model is suitable to address the risks identified in the previous section.
1.5 Presentation (10%)
Your submission will be marked for presentation. It will be explicitly penalised for presentation errors. Your submission must be professionally presented and must follow a consistent formatting/presentation scheme. Ensure that you follow the guidance outlined below. This guidance is not intended to be conclusive.
Such a cheap price for your free time and healthy sleep
All online transactions are done using all major Credit Cards or Electronic Check through PayPal. These are safe, secure, and efficient online payment methods.