Cyber Security Management

Assignment
Autumn 2024
Words: 1600
Weighting: 40%
Learning Outcomes assessed: 1, 2 and 3
Submission date: 25 October 2024 (11:59pm UK time)
Module Leader: Chitra Balakrishna
Instructions to candidates:

• Please refer to the Assignment Presentation Requirements for advice on how

to set out your assignment.

• You must familiarise yourself with the Academic Dishonesty and

Plagiarism Policy relating to this programme and ensure that you
acknowledge all the sources which you use in your work. The policy is
available to access through your programme handbook.

• You must complete the Statement and Confirmation of Own Work, which
is available in the Additional Materials section of the VLE and at the end of
this assignment.

• Please make a note of the recommended word count. You could lose marks
if you write 10% more or less than this.

• You must submit a digital copy of this online examination through the VLE
virtual learning environment. Media containing viruses, corrupted media, or
media which cannot be run directly, will result in a fail grade being awarded
for this module.

• Diagrams may be word processed or drawn by hand and then uploaded

using a scanner or a clear photograph if necessary.

• Manipulating the word count through hiding text in diagrams could be

penalised.

• All electronic media will be checked for plagiarism.

Assignment Guidance
The learning outcomes assessed in this assignment are as follows:

Module Description
Learning
Outcome
LO 1 Evaluate the key concepts and techniques of cyber security and information
security management
LO 2 Critically analyse the security threats facing networked computer systems
LO 3 Evaluate appropriate countermeasure techniques for the management of
cyber security risks

• It is the student’s responsibility to familiarise themselves with the Academic Dishonesty

and Plagiarism policy contained in the Programme Handbook.

• Any assignment submitted after the submission deadline, without prior approval, will be
given 0% and the student will be referred.

• The late assignment submission may be marked as a referral attempt, but only a
maximum mark of 40% can be awarded for that particular assessment.

• If a student requests an extension to the official submission date this must be done in
writing to the Programme Manager at [email protected] at least five full UK working
days before the official submission date. This request must be accompanied by
supporting evidence.

• This assignment is worth 40% of the overall final mark for the module.

• Students should write no more than 1600 words (+/- 10%) for this assignment.

• Students are encouraged to read widely in preparing for the assignment, making
reference to articles in academic journals and other relevant sources.

• All references should be cited in text and included in a reference section at the end of
the report using the Harvard Referencing Scheme.

• The Statement and Confirmation of Own Work must be completed and submitted with
the assignment.

• This assignment must be submitted by the due date and time as given on the front of
this assignment.

• Please refer to the Assessment Criteria contained in the Programme Handbook which
shows how the level of marking relates to your standard of work.

Submission Requirements
You must read and understand UCLan’s Assessment Handbook.
You must complete the attached form ‘Statement and Confirmation of Own Work’.
You must attach the completed form to your assignment.

Page 2 of 8
Cyber Security Management © NCC Education Limited 2024
Scenario

You are a well-known and reputed cyber security consultant who provides guidance to
organisations to ensure that their security infrastructure and countermeasures are current,
effective, and establish an organisational security posture that is appropriate to the
business of the organisation.

Healthcare and You Ltd.(HaY) is a company registered in England and Wales. They are a
team of innovators in the healthcare and wellness automation space. They design and
prototype various healthcare and wellness related products, which are devices that use
various types of sensors to provide real-time information to the carers and the patients/end
users.

Healthcare and You Ltd.(HaY), currently comprising of a small team of scientists and
researchers (termed the Core Team), have won a £10 million funding from a private
innovation fund. The funding has been provided to HaY to develop THREE (3) of their
healthcare prototypes into field-tested and full-fledged products that are both functionally
certified as well as security certified. While the development, testing, and field trials are
expected to take 18 months, 6 months are allocated to set up the basic infrastructure and
gather the manpower required.

The field trials will be conducted nationwide and involve test groups comprising 15 people
in each of the 70 counties in England and Wales (48 in England, 22 in Wales). The
analysis that follows will include the personal and medical health information of the test
group participants from the counties, as well as the data gathered from the use of the new
devices.

HaY currently has a minimal internal infrastructure that is managed by themselves and has
grown somewhat organically with their own internal growth over the last four years. As
part of this funding, they intend to grow further by investing in additional manpower, adding
the necessary infrastructure required for communications between the employees, the
internal labs, physical workbenches, and software development and testing platforms
necessary for their innovations.

They are keen to ensure that their intellectual property which comprises various functional
prototype designs as well as technology inventions remain within the premises of their
physical office. This is currently a single floor with a capacity of fifteen people and rented
from a business premises.

HaY has decided that the staff they intend to hire, shall only work from home
(WFH)/remotely. A regular face-to-face interaction will be scheduled every month at a pre-
decided venue. All teams will meet there to interact and discuss their work-related
activities.

Page 3 of 8
Cyber Security Management © NCC Education Limited 2024
Tasks
You are expected to provide them with two specific inputs that are laid out in the
assignment tasks below. The first input is a broad list of work items that you suggest,
overall. This is to be followed by a Security Policy – a top-level draft document. With these
inputs, HaY intends that you work with the rest of the infrastructure team/third parties for a
detailed policy document.

Your role as their consultant will involve advising them on various aspects that include:

• An overall recommendation for the investment in infrastructure services – captive

infrastructure or third-party services.
• Safeguarding the intellectual property and revisions of the existing minimal internal
infrastructure.
• Ensuring a secure and safe interaction between the end users and the core team.
• Ensuring a secure and safe set of routine practices across the organisation, both for
end users and for the administration of infrastructure and services.
• Providing guidelines for standards conformance requirements.
• Providing a broad estimate for the cost of your services with a breakup so that HaY
can schedule their expenditure from the funds – HaY has to provide an estimated
breakup of funds required for infrastructure and services over six months.

Guidelines for addressing the tasks:

• The company has not provided you with any specific inputs in terms of their network
diagrams, functional schematics, etc. Therefore, make assumptions appropriately
and state the list of assumptions made.
• Similarly, you have not received any specific details about their suite of services.
Make appropriate assumptions, stating them clearly, and upfront.
• When presenting schematics or network diagrams, use landscape orientation on
your pages.
• Attempt to illustrate wherever possible. That could contribute to reducing word
count while increasing the information content.
• Package information into tables to make it comprehensive and structured. Note that
text within the tables contributes to the word count!
• Research real-world costs for all network devices and provider services and provide
a web link to the sources used.
• Refer to the slides and exercises where required.
• Feel free to use resources on the Internet. You must cite the sources and include
them in the list of references in the Harvard format.

Your specific tasks are set out on the following pages.

Page 4 of 8
Cyber Security Management © NCC Education Limited 2024
Assignment

General (20 marks)

Your submission will be evaluated for these general tasks – Research (sources of
information), references (referencing format and in-text citations), the standard of report
writing (language, continuity, comprehensiveness), its structure (Sections, subsections,
Table of contents, Reference List) and presentation (formatting, captions, and illustrations)

Task 1 (LO1) (20 marks)

a) Given the brief scenario of HaY, list five overall tasks you intend to address for HaY,
as an organisation. They must be high-level work items which must be appropriately
sequenced from an implementation perspective.

Your response must cover the following aspects

• design aspects of the infrastructure and services and its suitability to the
services required
• the security and privacy requirements and other operational security
requirements.
• In a sense, the set of tasks you mention would represent a list of work items
that you would charge HaY for.
• As a guidance your response should a maximum of 450 words in length.
This is only a guidance and not a requirement.

For each task, justify the factors you intend to consider for each of the tasks
including those that impact the organisation’s cyber security posture. Make it a point
to list any statutory conformances, if applicable. Any assumptions you make must
be clearly stated.

Please see the following pages for tasks, 2, 3 and 4.

Page 5 of 8
Cyber Security Management © NCC Education Limited 2024
Task 2 (LO2) (20 marks)

Now that you have a full understanding of the business, its operations and the traffic flows
around it, you should appraise HaY of the current threat landscape for their business
including associated risks. This may seem a very generic and large task so, break it down
into the following steps:

a) A comprehensive update on the current threat landscape, relevant to the context of

HaY. Include a risk matrix indicating the risk of the top three threats to the assets.

b) Following task 2a, create a list of any security specific devices and/or services that
you recommend to enhance the overall security. Include a cost (sourced from the
Internet) and mention the source for each such component.
c) As a guidance, your response should be maximum 450 words in length. Note that
this is a guidance only and not a requirement

Note that the option you propose will be further evaluated for the specific requirements of
the organisation, by the network services providers. There is no need to mention details
such as link bandwidth, etc. Your focus on the architecture is from a security perspective

General approach: For the task above, discuss each architecture option and its
strengths/limitations. Provide suitable supporting topology diagrams, firm evidence that
you have researched those technical options (fully cited using the Harvard referencing
system) and, most important of all, provide a sound rationale and business justification
for/against each option.

Task 3 (LO3) (20 marks)

Having proposed a connectivity architecture, you will now propose a broad security routine
for the organisation after the services become operational. The routine must specify the
activities proposed to maintain the security of the infrastructure and services and
periodically review the security implementation. Towards this, the following must be
specified:

• Security standards: applicability and conformance – Enterprise security, business-

specific security (if applicable).
• Security management – Functional lifecycle components that need to be
implemented for conformance.
• Operational Security – List of functions that require to be implemented.
• Security Checks – Periodicity, list of activities as part of the check routine.

Please see the following page for task 4.

Page 6 of 8
Cyber Security Management © NCC Education Limited 2024
Task 4 (LO2, LO3) (20 marks)

Your final task is to provide the company with two specific things:

• A structure for their security policy document that is applicable across the enterprise
with one-line explanations for the major policy structure elements.
• A guideline for handling any security event – Incident Response plan.

You may take a note that there will be specific data protection and privacy guidelines,
given that HaY would be handling the personal information and health records of the test
group participants.

Total marks for the assignment = 100 marks.

Your report should be 1600 words (+/- 10%) plus diagrams.

References do not count towards this word limit. For your prices you need to show
via references where the prices have come from so that these figures can be
validated. If you use any work which is not yours (for example a picture or a piece of
text which helps you to explain your argument) then this must be correctly and fully
referenced using the Harvard referencing system.

Page 7 of 8
Cyber Security Management © NCC Education Limited 2024
Statement and Confirmation of Own Work

Programme/Qualification name: __________________________________

All NCC Education/UCLan assessed assignments submitted by students must have this
statement as the cover page or it will not be accepted for marking. Please ensure that this
statement is either firmly attached to the cover of the assignment or electronically inserted
into the front of the assignment.

Student declaration

I have read and understood both UCLan’s Assessment Handbook and NCC
Education’s Referencing and Bibliographies document (available on the main course
page of the VLE). To the best of my knowledge my work has been accurately referenced
and all sources cited correctly.

I can confirm the following details:

Student ID/Registration number:

Name:

Centre Name:

Module Name:

Module Leader:

Number of words:

I confirm that this is my own work and that I have not colluded or plagiarised any part of it.

Due Date:

Student Signature:

Submitted Date:

Page 8 of 8
Cyber Security Management © NCC Education Limited 2024