Assessment 1&2 & Marking Criteria

ISIT201/MTS9201/MCS9301: Information and Communication Security Assessment Guide

Page 1 of 8

SISAT School of Information Systems & Technology

Assessment & Marking Criteria

ISIT201/MTS9201/MCS9301 Information and Communication Security

Spring Session 2013 (Wollongong Campus)

Notes on Assessment This assessment guide has been designed to assist you in the preparation of your assessment for the subject ISIT201/MTS9201/MCS9301. Please ensure that you understand the requirements of each assessment and that your submission matches what is required. It is expected that all assignments are completed independently. Plagiarism may result in a FAIL grade being recorded for that assignment.

Submission of Assessment Items All assessment work is to be submitted online and during your allocated

tutorial unless otherwise noted. Late submission of assessment items MUST be submitted online and to the

subject coordinator. All applications for academic consideration are via SOLS. All hard copy submissions must be accompanied by a SISAT Assignment

Cover Sheet, available from: http://eis.uow.edu.au/current-students/student-support/assignments/index.html

Students must attach a copy of the marking sheet with student details completed to all hard copy submissions.


Page 2 of 8

Mini Presentation

Overview Type of assessment: individual Weighting: 5% Due: Week 4 completed during your allocated tutorial Time: 3 minutes each

Instructions During week 4 of class each student is required to give a three (3) minute talk to the class based on a current (within the last 12 months) online news article on an ICT security issue. A copy of the article and a 300 word critical summary is to be submitted at the completion of the presentation. This presentation is designed to be conducted without any visual aids. The Critical Summary should include eight elements that you must complete for the article.

1) Bibliographic details: Provide the bibliographic reference for the article using Harvard format (see http://www.library.uow.edu.au/referencing/)

2) Short article summary: Provide a 2-sentence summary of the article 3) Main points: List the six (6) main points in the article 4) Purpose: Why did the author write this article? What was their motivation?

How does this influence the way you understand the article? 5) Organisation of material: How is the content arranged? Why is it arranged this

way? How does this influence the way you understand the article? 6) Audience: Who was the intended audience for this article? How do you know?

Did the author make assumptions about the readers of the article? How does this influence the way you understand the article?

7) Language: What type of language is used in this article? Why? 8) Context: When was the article written? What else (historical events, technical

advances) was happening at this time? How did this influence the content and attitudes in the article?

Why have I set this assessment for you? The presentation is to get you to start speaking in front of the class. Outcomes You should be able to describe a current major business ICT security issue Critically analyse the article


Page 3 of 8

Mini Presentation and Critical Summary Student Number

Good Pass Poor Comments (if any)

Sect

ion

1: P

rese

ntat

ion

Introduction - Overview of the ICT security issue Main Points - Discussion of the issue - End users this issue effects - Types of device(s) effected

Conclusion - How to avoid the issue Questions? - From students in the class No Aids - No visual aids should be used

Sect

ion

2: C

ritic

al S

umm

ary

Introduction - Clear Introduction to the article and how it

is an ICT information security issue

Summary - Short article summary - Main points - Purpose - Audience - Context/Developments

Conclusion - Links back to the topic - How to avoid the issue

- Bibliographic details (correct Harvard Style) Satisfactory / Unsatisfactory

Gen

eral

Article Attached - Amount of research conducted Satisfactory / Unsatisfactory Relevance to topic - Article within the last 12 months? - ICT security issue presented? Satisfactory / Unsatisfactory

Expression - Grammar, spelling etc Presentation - Of the presentation - Of the written document

Overall Comment

Final Mark /5


Page 4 of 8

Security Policy Case Study

Overview Type of assessment: individual Weighting: 20% Week 8 (hard copy in tutorial, soft copy to be uploaded to UOW eLearning,

Monday 16th September @ 2359hrs) Word Limit: 2500 words

Instructions Security policies for organizations are vital. However, many businesses have ill-defined, incomplete or no security policies whatsoever. Your task is to evaluate three (3) policies and provide recommendations on the completeness and appropriateness of each. If the policies are incomplete, you may provide a revision; if the policies are lacking, you may add to these. (2500 words, excluding policies)

Why have I set this assessment for you? This task will allow you to gain an awareness of academic writing using critical

analysis of the allocated policies You will learn about security policies in organisations and their inadequate nature This task will allow you to develop your research skills in finding relevant material

on a particular topic and what is needed for these types of organisations and their polices

Outcomes You should be able to critically evaluate the impact of ICT security policies Access information and sources efficiently


Page 5 of 8

Security Policy Case Study

Student Name Number

Criteria Element Good Pass Poor Comments (if any) - Abstract (purpose, method, results and main

findings)

Introduction - Specific policy and topic is introduced and

oriented within an overall policy framework - Problem (identification, how it will be

addressed and key issues to be investigated)

Main Body - Purpose of the policy type you are

investigating and how the policy is used - Ideas are developed and linked in a logical &

rational approach. A person with little subject knowledge could follow

- Information sources are clearly identified, a valid and trustworthy source for others (easy to distinguish authors work from that of others)

- Author suggests new insights and contradictions in the ideas of others

- Cohesive set of guidelines logically developed and presented

Methodology - Author states how the research was carried

out - Materials and processes used to develop the

guidelines

Policy Review, Key Recommendations & Discussion

- Policy 1 - Policy 2 - Policy 3 - Discussion of findings

Conclusion - Clear conclusion that relates back to your

topic (no new material introduced) - Summary of problem, objectives and main

findings

Referencing (Harvard Style) - References used correctly/bibliography - Quality of references (list of journal papers,

books and conference papers used in the paper)

Expression/Presentation - Template followed - Analytical ability/originality - Grammar, spelling etc - Word limit (page limit as per template)

Overall Comment

Final Mark /20


Page 6 of 8

Security Audit (Group Report)

Overview Type of assessment: Group Number of Students per group: 3 - 4 Weighting: 25% Report Due: Week 11 (hardcopy to tutor, softcopy to be uploaded to UOW e-

Learning, Monday 14th October 2359hrs) Word limit: 4,000 words

Instructions You will complete an audit for a business information and communication systems. After the audit has been conducted your group will then need to make recommendations on appropriate security technologies for the business.

Why have I set this assignment for you? I am trying to stimulate your creativity. Whether you are a security specialist or

not you can genuinely contribute your ideas to your group in a way that is beneficial. You need to be able to think beyond just technology solutions for security.

Outcomes You should know what devices and applications are already out there in

operation today. A little research will help you to understand this better. You should be able to determine at a high level what the viability of your

solution is is it feasible and would it really be implemented in real life?


Page 7 of 8

Report Marking Criteria Security Audit

1 2 3 4

Criteria Element Good Pass Poor Comments (if any)- Executive Summary - Title Page & Table of Contents - Introduction

Current ICT Situation- About the organisation - Description of the system and devices - Users (external & internal)

Risk Assessment - Potential security breaches & risk identification - Quantitative risk assessment - Qualitative risk assessment - Options and possible controls for addressing each

risk - Selection of risk control strategies - Key risk control recommendations

ICT Solution - Description of solution including figures - Advantages of solution - Cost benefit analysis - Key recommendations

Conclusion - Summary of the audit; the problem & objectives - Summary of key findings

References (Harvard Style) - Information sources identified throughout - Number, quality & format of references

Expression - Grammar, spelling etc - Paragraphing - Structure & cohesiveness of document

Presentation - Professional template, font, style - Figures, tables, font, style, pagination, numbered

headings

Overall Comment

Is the group checklist signed by all members? YES / NO (if no assessment needs to be referred to Glenn Bewsell)

Final Mark /25


Page 8 of 8

Exam

Overview Type of assessment: Individual Weighting: 50% During exam period

Instructions You will be required to complete a formal written exam during the exam period. It is envisaged that this exam will consist of multiple choice, short answer and extended response questions. The exam will draw knowledge from the lectures, textbook and tutorial activities. More details will be given in the exam at the end of session.

Documents

Assessment 1&2 & Marking Criteria