Assignment Brief

Website Design and Development

Student Name
ID Number

Unit Number and Title Unit 05: Security

Academic Year 2024-25

Unit Tutor Syeda Iqra Gilani

Assignment Title Risk Assessment and Control Mechanisms in IT

Infrastructure
Issue Date 25 October 2024

Submission Date 22 November 2024

Submission Format

The assignment submission should be in the following format;

Presentation: Ten minute presentation consist of 10 –15 slides and five minutes for questions.

Written Report: The submission is in the form of an individual written report. This should be written in
an Arial, font size12, and using line spacing 1.5. You are required to make use of headings, paragraphs
and subsections as appropriate, and all work must be supported with research and referenced using the
Harvard referencing system. The recommended word limit for the factsheets is 1,500–2,000 words,
although you will not be penalized for going under or exceeding the limit.

Learning Outcomes

LO1 Assess risks to IT Security.

LO2 Describe IT Security Solutions.

LO3 Review mechanisms to control organisational IT security.

Transferable Skills and Competencies Developed.

 Ability to identify, evaluate, and prioritize IT security risks and develop strategies to mitigate them.

 Skills in creating and executing incident response plans, including identifying, managing, and
recovering from security incidents.

 Ability to effectively communicate complex IT security concepts and collaborate with stakeholders,
including technical teams and non-technical personnel.
Assignment Activity and Guidance

You have recently joined “Nayatel” a leading telecom company in Pakistan, as a “Trainee IT Security
Specialist” and currently you are associated with the IT Security Unit of the company which is responsible
for protecting the confidentiality, integrity, and availability of computer systems, networks and data,
against cyber-attacks or unauthorized access.

In this regard;

 Your team leadership has assigned you the responsibility to come up with a list of known potential
security threats and the best possible mitigation procedures used by such organizations. Assess the
organization against these potential risks using an appropriate risk assessment methodology of your
choice, such as ISO 31000, and integrate it with the ISO 27001 framework where relevant.

 How the Risk assessment procedures defined in ISO 31000 risk management methodology
are effective in assessing organizational risks and how this standard plays an effective role in the IT
security?

 Data Protection processes needs to be applied to ensure compliance with the relevant regulations i.e.
Data Protection Act.

 Security Policy and Organizational Policy, sometimes contradict with each other and in this regard,
how an organization can align its security policy with its organizational policy and managing any
misalignment through IT Security Audits?

 You team lead has assigned you the responsibility to identify the stakeholders and assign them the
roles, and finalizing the security policy and detailed disaster recovery plans, so that the same can be
discusses, agreed and implemented along with the suitable tools that will ensure security of the
organization.

PLAGIARISM is the act of incorporating one's own work or ideas from another source, with or without
the consent of the original author, into another's work without full acknowledgment. This is a type of
cheating that should be avoided at all costs and students who break this rule, even if they are innocent,
may be punished. It is your responsibility to ensure that you understand the correct referencing methods.
As a student, you are expected to use appropriate references throughout your work, including any
material downloaded from the Internet. Please consult your course tutor if you require further advice.

STUDENT DECLARATION: I certify that the work submitted for this assignment is my own. I have
clearly cited any sources used in my work. I confirm that I have clearly indicated, through Harvard
referencing, where I have used someone else's graphics or data, concepts, words, regardless of whether
I have cited, or I have Described in your own words. I believe that false declaration is a form of
malpractice/ fraud.

Student Digital Signature: Date of Submission: