School of Science and Technology

COURSEWORK ASSESSMENT SPECIFICATION

MODULE CODE COMP40491
MODULE TITLE Information Security Management
MODULE LEADER Dr. Funminiyi Olajide
TUTOR(S) Dr. Funminiyi Olajide
COMPONENT TITLE Info-Sec-Mgt Tutorial Projects+Technical Security Report (Case Study)
LEARNING Learning outcomes describe what you should know and be able to do by the
OUTCOMES
end of the module.
ASSESSED
•Knowledge and understanding. After studying this module,
you should be able to:
K1. Demonstrate a critical understanding of the needs for information
security.
K2. Critically appraise the main issues involved in information security
management.
K3. Demonstrate an in-depth understanding of key information security
technologies, standards and management procedures to provide a secure
environment within an organisation.
•
Skills, qualities and attributes. After studying this module,
you should be able to:
S1. Conduct an effective risk assessment for IT security solutions.
S2. Critically evaluate the technical aspects of information security
management practices.
CONTRIBUTION TO 100% of the total coursework mark for both (Completed Tutorial
ELEMENT Security Projects PLUS Technical Report of a Security Event).
DATE SET Start of Year | 29 September 2021
DATE OF 50% Completed Tutorial Security Projects 08 December 2021
SUBMISSIION:(FINA
L ASSIGNMENTAND by 11.30pm & Technical Security Assignment of not more than
TUTORIAL 4000 words, 10 January 2022 by 11:30pm
METHOD OF ONLINE via Dropbox on NOW Systems.
SUBMISSION
DATE OF FEEDBACK 50% CWK1: 29-12-2021 & 50% CWK2 31-01-2022
METHOD OF NOW Dropbox and/or via Email [Personalised].
FEEDBACK

NOTE:
Work handed in up to five working days late will be given a maximum Grade of Low Third whilst work that
arrives more than five working days will be given a mark of zero.
Work will only be accepted beyond the five working day deadline if satisfactory evidence, for example, an
NEC is provided. Any issues requiring NEC:
https://ntu.ac.uk/current_students/resources/student_handbook/appeals/index.html
• The University views plagiarism and collusion as serious academic irregularities and there are a
number of different penalties which may be applied to such offences.
The Student Handbook has a section on Academic Irregularities, which outlines the penalties and states
that plagiarism includes:
'The incorporation of material (including text, graph, diagrams, videos etc.) derived from the work
(published or unpublished) of another, by unacknowledged quotation, paraphrased imitation or other device
in any work submitted for progression towards or for the completion of an award, which in any way suggests
that it is the student's own original work. Such work may include printed material in textbooks, journals and
material accessible electronically for example from web pages.' Whereas collusion includes:
• “Unauthorised and unacknowledged copying or use of material prepared by another person for use in
submitted work. This may be with or without their consent or agreement to the copying or use of their
work.” If copied with the agreement of the other candidate both parties are considered guilty of
Academic Irregularity.

Prepared By: Dr Funminiyi Olajide | COMP40491 | Information Security Management | Coursework Assessment | 2021-2022 1
Penalties for Academic irregularities range from capped marks and zero marks to dismissal from the
course and termination of studies.
▪ To help you avoid plagiarism and collusion, you are permitted to submit your work once to a separate
drop box entitled “Draft report” to view both the matching score and look at what areas are affected. It
is then down to you to make any changes needed.
Turnitin cannot say if something has been plagiarised or not. Instead it highlights matches between your text
and other Turnitin content. There is no Good or Bad score, it depends on the piece of work. If you find your text
matching there may be a problem, see the examples below:
1) The reference section is highlighted. This may mean you have referenced correctly and this has been
matched with other well referenced documents online.
2) A table containing class data is highlighted. This is acceptable as long as any text accompanying the
table is not similar picked up as identical
3) Paragraphs of text in the introduction or conclusion sections are highlighted. This may mean they have
been copied exactly from another source. Even if this source is referenced this is bad practice, see advice
below
4) A sentence, or part of a sentence is highlighted. Sometimes there are few ways to write a sentence,
especially straightforward ones. As long as this does not occur throughout a paragraph this may be
acceptable. There will be occasions where a few words within a sentence produce a match. This is
acceptable but ensure that this not a common occurrence or a patchwork of copied statements from
different sources.
Overall when you look at the work, put yourself in the place of the marker. Is a lot of the work highlighted so it
does not really look like the author’s work? If so, then you need to work on it some more.
• For help, do not contact the setter of the work, but use these links (Plagiarism
Support and Turnitin support) to book time with staff and students to help with

I. Assessment Requirements
(Five Tutorial Security Projects and Technical Security Report)
This assignment allows you to build your knowledge and understanding of the
threats to information security, management and practices, the technologies
used to detect security violation and with the required skills to combat them.
▪ You will get familiar with the relevance of the corporate security technologies within
the context of total Information Security Management and practice.
▪ To pass the coursework you must demonstrate your understanding of security-
related articles news/stories and in addition, security news of your own choice.
▪ You will suggest ways in which organisations identified security threats in the
chosen article news and stories.
▪ Knowledge must focus on security event and incident responses, security policy
development based on how organisations may have been prevented, and/or may
have improved security planning, policies, and strategies implementation, to avoid
cyberattack or reoccurrence of security attack in the future.
▪ To fulfil your task, you should conduct extensive research into issues raised by
security news, article/stories, relevant to the new trends of security technologies,
but your argument should be related to issues in information security management
and practice.
NB: You should make use of relevant academic references during your research such as
conferences and journals papers.
Note that this is an individual coursework!

II. Assessment Scenario/Problem

With the interconnected nature of technology today, securing our information against
attack is a major concern for users and for business organisations alike.
▪ Therefore, there is need for good understanding of how security attacks on our systems
or business organisation systems, enables us to put in place proper security policies
and countermeasures, as well as, planning for the secured future of our individual user
systems and in business organisations systems.
You are to complete tutorial tasks and produce a case study final report, critically
analysing news article and as related to a security event.
▪ The news article must be from a credible source, such as a UK national media company
or specialist IT news organisations.
▪ Your report should provide a detailed analysis of the security issue, detailed in the

Prepared By: Dr Funminiyi Olajide | COMP40491 | Information Security Management | Coursework Assessment | 2021-2022 2
 article, for example, highlighting the areas of security to which it relates, why this is an
issue of note, and with other relevant information that elucidates the article within a
security context.
▪ Following on from this analysis, you are to evaluate what the organisations or users did
in reaction to the security issue at hand, and why this issue was resulted into a major
security issue of note.
In addition, you are to make recommendations for the prevention of the issue
highlighted in the article, affecting similar users or organisations, and how they
should structure their security effort to prevent such incidents in the future.
▪ Finally, you are to write an outline of a security planning document that you would
clearly suggest to the organisation for security control, proposing security monitoring
systems, and to mitigate the security issue highlighted in the article and thereby,
incorporating your recommendations.
Your individual report should not exceed 4000 words (excluding references and
appendices).
▪ You are encouraged to link the news article with related academic literatures and
theories. Therefore, in particular care, you should be made to ensure that the report
contains correct Harvard APA 6TH Edition references to all cited work in an appropriate
style, for example, the Harvard Referencing System.
INSTRUCTION:
Student must submit assignment on or before deadline date of the assignment:
▪ Softcopy on MODULE DROPBOX on NOW Systems

III. Assessment Guidelines and Information

Assessment of your performance in this module will be by the following method:
1. There will be five tutorial security projects assignments to be completed.
These are related projects of information security management and practice.
All assignments must be completed and submitted individually as scheduled on
Module NOW Systems
a. Completed five tutorial projects assignments and with related questions
b. Completed assignment should be submitted individually, on Dropbox in
Week 11, Wednesday 08 December 2021 by 11:30pm.
2. The final written report assignment of 4000 words on security events or
articles, including policy planning/development, and with incident response:
a. Must include practice of information security management and practice,
security planning policy documentation of security incident solutions, based
on specific security problems and with many more, to mention just a few.
b. Assignment to be submitted in Term 2, 10 Jan 2022 11:30pm.
Please read relevant information of the CWK assignment and as detailed on
Module Handbook document uploaded on Module NOW Systems.

IV. Assessment Criteria

The assessment criteria for tutorial assignment and technical case study security report
on cyber event and analysis are as follows:
(a). Security Tutorial projects on related information security topics (50%)
• Completion of the five security tutorial projects and tasks on corporate information security
management and practice (50%). The selected five security tutorial projects are:
1. Security Project 1: Business organisation and threat environment (10%).
2. Security Project 2: Secure Network & DOS/DDoS, Security Firms at Risk (10%).
3. Security Project 3: Access Control and Password: Security in Practice (10%).
4. Security Project 4: Security Policies and Management (10%).
5. Security Project 5: Security Incident Response and Management-HRMS (10%).

(b). Technical Security Analysis Report on (Case Study/articles/news) (50%)

• General description of the security issue identified in the news article (5%)
• Contextualization of case study within the Information Security field (10%)
• Evaluation of the response to the security incident (10%)
• Recommendations for securing systems against incident identified (10%)
• Outline security policy planning for the organisation (10%)
• English and writing style (5%)

Assessment (a+b) = 100%

Prepared By: Dr Funminiyi Olajide | COMP40491 | Information Security Management | Coursework Assessment | 2021-2022 3
 V. Feedback Opportunities
Formative (Whilst you’re working on the coursework)
▪ You will be given the opportunity to receive informal verbal feedback from your
tutor regarding your coursework development during the seminar sessions.
Please note that I am not prepared to proof read your individual report before
they are handed in for the feedback.
Summative (After you’ve submitted the coursework)
▪ You will receive specific feedback regarding your coursework submission together
with your awarded mark when it is returned to you. Clearly, feedback provided with
your coursework is only for developmental purposes so that you can improve for
the next assessment or subject-related module.

VI. Resources that may be useful

• Referencing styles please use Harvard as detailed here
• Guide to planning your time here and an automated planner here
• Writing and Maths support can be found here
• Remember to use Outlook or physical calendars to block out time between lectures,
seminars, tutorials and to work on this coursework and for submission deadline date

VII. Moderation
All assessments are subject to a two-stage moderation process.
▪ Firstly, any details related to the assessment (e.g., clarity of information and the
assessment criteria) are considered by an independent person (usually a member
of the module team).
▪ Secondly, the grades awarded are considered by the module team to check for
consistency and fairness across the cohort for the piece of work submitted.

VIII. Aspects for Professional Development

Portfolio skills relevant to this assignment include:
• Production of a formal tutorial task and seminar presentation
• Preparation of series of questions and answers session during tutorial seminars
• Be prepared for relevant questions on tutorial and seminar topic to ask the class
• Be prepared to get a brief verbal feedback on tutorial and seminar presentation

NB: Sample Marking Grid for the Assessment Report

Class Scale General Characteristics
Exceptional breadth and depth of knowledge and understanding of the security
incident identified; exceptional demonstration of related security issues from
academic research and how this research relates to the issues identified by the
news story and the Information Security field in general; evidence of extensive
and appropriate analysis of the news story and securely places it within the
context of academic research and wider issues within Information Security;
Exceptional exceptional critical evaluation and focused reading/research beyond the
Distinction prescribed range, in both breadth and depth, to advance work/direct
arguments; exceptional understanding and analysis of the response taken by
the organisation/individuals, clearly demonstrating the decisions that they took
Distinction
and reasons why; recommendations to secure systems from related incidents
(Excellent) in the future are flawless in breadth, focus, evaluation and critical analysis and
are extremely well supported by reference to the wider literature; excellent
security plan highly relevant to the organisation and others with exceptional
insight and providing depth and breadth of coverage; exceptional written
language and presentation of arguments. Work may achieve or be close to
publishable or commercial standard; flawless.
High Excellent knowledge and understanding of the security incident identified as
Distinction the student is typically able to go beyond what has been taught (particularly
for a mid/high Distinction); excellent demonstration of related security issues
from academic research and demonstrates how this research relates to the
issues identified by the news story and the Information Security field in
general; extensive and appropriate analysis of the news story and securely
Mid Distinction places it within the context of academic research and wider issues within
Information Security with very minor omissions; demonstrates excellent critical
analysis and reading/research beyond the prescribed range, in both breadth
and depth, to advance work/direct arguments; critical evaluation and analysis
Distinction
of the response taken by the organisation/ individuals, demonstrating the
decisions that they took and reasons why; recommendations to secure systems
from related incidents in the future have breadth, focus, evaluation and critical

Prepared By: Dr Funminiyi Olajide | COMP40491 | Information Security Management | Coursework Assessment | 2021-2022 4
 analysis and are well supported by reference to the wider literature with few
minor omissions; excellent security plan highly relevant to the organisation
providing depth and breadth of coverage; excellent written language and
presentation of arguments with few very minor structural or typographical
errors. Performance deemed beyond expectation of the level.
Very good knowledge and understanding of the security incident identified as
the student is typically able to relate facts/concepts together with some ability
to apply known/taught or researched contexts to the case study; demonstrates
Commendation High
(Very Good) Commendation
well related security issues from academic research and how this research
relates to the issues identified by the news story and the Information Security
field in general with some omissions or lack of focus on the topic; evidence of
appropriate analysis of the news story and places it within the context of
Mid academic research and wider issues within Information Security with some
Commendation omissions; evidence of appropriate critical evaluation of reading/research,
some beyond the prescribed range, but may rely on set sources to advance
work/direct arguments; focused evaluation and analysis of the response taken
Commendation
by the organisation/ individuals, providing good critical analysis of the decisions
that they took and reasons why; recommendations to secure systems from
related incidents in the future have elements of breadth, focus, evaluation and
critical analysis with some omissions or minor error and are supported by
reference to the wider literature with minor omissions; very good security plan
relevant to the organisation providing some depth and breadth of coverage,
perhaps with some errors or omissions; very good written language and
presentation of arguments with some minor structural or typographical errors.
Overall, the performance is at a high standard for the level.
High pass Good knowledge and understanding of the security incident identified, balanced
towards the descriptive rather than critical or analytical; the student is typically
able to relate some facts/concepts together with the ability to apply
Pass
(Good)
known/taught or researched contexts to the case study but lacks critical
Mid pass analysis or evaluation; demonstrates related security issues from academic
research but relies more on work that has not been peer reviewed, such as
Web sites or personal views; demonstrates to some degree how research or
citations identified relates to the issues identified by the news story and the
Information Security field in general with omissions or lack of focus on the
topic; attempts to provide analysis of the news story and place it within the
context of the Information Security field with some omissions or
misunderstanding; attempts to analyse reading/research but may rely on some
set or inappropriate sources to advance work/direct arguments; evaluation and
analysis of the response taken by the organisation/ individuals attempts to
Pass provide critical analysis of the decisions that they took and reasons why;
recommendations to secure systems from related incidents in the future lack
wide breadth, focus, evaluation and critical analysis with omissions or error
and/or are not well supported by references to the appropriate literature; a
competent security plan with some areas relevant to the organisation or related
to the incident with some errors or omissions and requiring depth and breadth
of coverage; communication shows some clarity with acceptable written
language, e.g. some errors in punctuation, spelling, and sentence construction.
Overall, the performance is at a fair standard for the level.
relates to Information Security in general; the student is typically unable to
relate relevant facts/concepts or apply known/taught or researched contexts to
the case study; relies predominantly on work that has not been peer-reviewed,
such as Web sites or personal views; poorly demonstrates how the research or
citations identified relate to the issues identified by the news story and the
Fail Information Security field in general or provides a lack of focus on the topic;
(Insufficient) Marginal fail uses limited sources to advance work with resulting in poorly constructed
arguments or construction; evaluation and analysis of the response taken by
the organisation/ individuals provide little critical analysis of the decisions that
they took and reasons why; recommendations to secure systems from related
incidents in the future lack breadth, focus, evaluation and analysis with major
omissions or errors and/or are not (well) supported by references or references
to inappropriate literature; a security plan with few areas relevant to the
organisation or related to the incident with errors or omissions and requiring
wider coverage; communication shows little clarity with some acceptable
written language, e.g. major errors in punctuation, spelling, and sentence
construction. Overall, the performance is marginally below the standard for the
level
Highly insufficient knowledge or understanding of the security incident or how
Mid fail it relates to the Information Security field in general; understanding is typically
at the word level with facts being reproduced in a disjointed or decontextualized
manner; fails to address the outcomes addressed by the brief; typically ignores
important sources in development of work and data/evidence inappropriately
Low fail used; weak technical and practical competence hampers ability to
demonstrate/communicate achievement of outcomes; information only
vaguely understandable due to very poor use of language.
Zero Zero Work of no merit OR absent, work not submitted, penalty in some misconduct
cases.

Prepared By: Dr Funminiyi Olajide | COMP40491 | Information Security Management | Coursework Assessment | 2021-2022 5