ASSESSMENT BRIEF

L7 Cyber Security Management and Compliance: Individual Portfolio, 100%

Module Leader: Stelios Sotiriadis

Key Details and Requirements

Submission deadline: Thursday 18 May 2023, no later than 16:30pm (GMT)

Learning outcomes:

Successful students will typically have a knowledge and understanding of:

1. Advanced and current concepts and issues of information environment risks,

vulnerabilities and threats.
2. Managing an information environment in terms of deterrence, detection, protection
and reaction to incidents.
3. A systematic application of the methods and procedures used within the cyber
security field under the context of risk and threat assessments.

Successful Students will typically be able to:

4. Critically demonstrate self-direction and creativity in managing the security of an

information environment at the strategic, tactical and operational levels, effectively
developing information security policies.
5. Use initiative to autonomously conduct and manage a risk assessment of a
complex and unpredictable environment.

Assessment details: Individual Portfolio (Tasks and activities accumulated over the
semester), 100%

Referencing: Students are expected to use Harvard Referencing throughout their

assignments where required. Please follow the Harvard Referencing Handbook for all
your assignments at the ULBS.

Submission Method: Turnitin - Your work needs to be put through Turnitin. All
submissions will be electronically checked for plagiarism.

You have the option to upload your work ahead of the deadline, ULBS will be reviewing
your last submission only.

Turnitin cannot be used for late submissions. In such case, you should send your work
to [email protected]

If you experience issues when uploading your work, please email it by the deadline to
[email protected]
ASSIGNMENT DETAILS

Task 1 (Units 1-3)

Consider the following use case:

Business Email Compromise is a broad set of attacks that are extremely common
across the enterprise. As a part of your role as a cyber security professional in a
company, you have been requested by the CEO to prepare a report at the next
company townhall on this issue.

Your report must cover the following points:

1. Explain to a non-technical audience – What is a Business Email Compromise

attack?

2. What are the motives behind Business Email Compromise attacks?

3. What are the potential impacts of Business Email Compromise attacks on an

organisation? Remember elements of the “Risk Wheel”.

Task 2 (Unit 3-6)

Consider the learning experiences in enterprise security. Considering the use case of
an e-shop such as a sales outlet which supplies goods or services over the Internet.
Discuss the following:

a) What are the key attack vectors that are applicable from an enterprise security
perspective?

b) Outline the recommended approach to operational processes such as Patch

Management, Vulnerability Management, Change Management.

c) Provide recommendations on any tools that you would recommend facilitating

these processes. Explain how the tool would help!

d) Explain what your approach towards a holistic Risk Management is

Task 3 (Units) (7-9)

Consider the user security of a software development organisation.

e) What are the key attack vectors that are applicable from an employee
perspective?

f) Outline your approach to security awareness trainings that you plan to adopt.

g) Describe technical controls that you propose to deploy to combat the risks of
phishing attacks.
 h) Explain your approach to provisioning user access to the systems.

Report instructions:
• The assignment should be written in font size 11, single spacing.
• All academic and other sources must be cited and included in a reference list
which should be provided at the end of the report. Whenever you use external
sources (pictures, definitions, line of argumentation), clearly state this at the of
the sentence or paragraph by providing a reference to the original article using
Harvard Referencing style.
• The maximum word limit is 3000 words.

Module Assessment Criteria

Class Attributes Marks

Distinction Illustrates an excellent level of understanding of complex issues 70-100%

in the subject. All requirements of the work are dealt with to a
high standard and the work is free from all but isolated minor
errors. The material is wholly relevant to the tasks.
Excellent analysis, synthesis and critical reflection with the ability
to tackle issues and questions not previously encountered.
Evidence of independent and original judgment in relation to the
resolution of the client’s needs and problems. Excellently
presented in terms of structure and professional style

Commendation Illustrates a very good understanding of the issues in the subject, 60 -69%
some of which are likely to be complex with some independent
critical thought appropriate to the tasks. Most of the requirements
of the work are covered with only a few gaps or minor and
inconsequential errors. The material is largely relevant to the tasks
and there is a good attempt at analysis, synthesis and critical
reflection with evidence of some ability to tackle issues not
previously encountered. The work is presented in a clear and well-
organised manner with only minor spelling and grammatical
errors.
Pass The work displays good knowledge and understanding and its 50 – 59%
relevance to the task. The submission exhibits clear analysis and
reasonable use of grammar, spelling and language. It may
contain errors and lack fluency. Limited evidence of the ability to
sustain a relevant argument or logical reasoning.
Fail Exhibits an unsatisfactory grasp of the issues in the subject. 0 - 49%
Primarily descriptive and lacking in independent critical thought
appropriate to the tasks. Weak or no attempt at analysis, synthesis
and critical reflection with little evidence of ability to tackle issues
not previously encountered. Poor spelling or other grammatical
errors.