Unit 5: Security

Assignment 2 Brief
Programme Title Pearson BTEC Level 5 Higher National Diploma in
Computing
Student Name/ID
Number

Unit Number and Unit 5 - Security

Title

Academic Year

Unit Tutor

Assignment Title Security – Assignment 2

Issue Date

Submission Date

Submission Format

 The submission is in the form of an individual written report. This should

be written in a concise, formal business style using single spacing and
font size 12. You are required to make use of headings, paragraphs and
subsections as appropriate, and all work must be supported with
research and referenced using the Harvard referencing system. Please
also provide a bibliography using the Harvard referencing system.
 The individual Assignment must be your own work, and not copied by or
from another student.
 If you use ideas, quotes or data (such as diagrams) from books, journals
or other sources, you must reference your sources, using the Harvard
style.
 Make sure that you understand and follow the guidelines to avoid
plagiarism. Failure to comply this requirement will result in a failed
assignment.

Unit Learning Outcomes

LO3 Review mechanisms to control organizational IT security.

LO4 Manage organizational security.
Vocational scenario
Assignment scenario
You work for a security consultancy as an IT Security Specialist.
A manufacturing company “Wheelie good” in Ho Chi Minh City making bicycle
parts for export has called your company to propose a Security Policy for their
organization, after reading stories in the media related to security breaches,
etc. in organizations and their ramifications.
BTEC HN Assignment Brief Template
Issue Date: Jan 2024 Owner: HN QD
DCL1 Public (Unclassified) Version 2.0
 Task 1
In preparation for this task, you will prepare a report considering:
 The security risks faced by the company.
 How data protection regulations and ISO risk management standards
apply to IT security.
 The potential impact that an IT security audit might have on the security
of the organization.
 The responsibilities of employees and stakeholders in relation to
security.
Task 2
Following your report:
 You will now design and implement a security policy
 While considering the components to be included in disaster recovery
plan for Wheelie good, justify why you have included these components
in your plan.
Task 3
In addition to your security policy, you will evaluate the proposed tools used
within the policy and how they align with IT security. You will include sections
on how to administer and implement these policies.

Assignment activity and guidance

General introduction: Main purposes and structure of the work
Task 1 - Review risk assessment procedures in an organisation (P5)
To answer this section, follow each of the steps below:
• Define a security risk and how to do risk assessment
• Define assets, threats and threat identification procedures, and give
examples
• List risk identification steps
• Review risk assessment procedures in an organisation
(Word limit: 500 – 750 words)
Task 2 - Explain data protection processes and regulations as applicable to
an organisation (P6)
To answer this section, follow each of the steps below:
• Define data protection
• Explain data protection process and regulations in an organization
• Why are data protection and security regulation important?
(Word limit: 500 – 750 words)
Task 2.1 - Summarise an appropriate risk management approach or ISO
standard and its application in IT security (M3)
To answer this section, follow each of the steps below:
• Briefly define a risk management approach or ISO standard
• What are its applications in IT security?
• Provide a practical example for each of these applications
(Word limit: 250 – 500 words)
Task 2.2 - Analyse possible impacts to organisational security resulting from

BTEC HN Assignment Brief Template

Issue Date: Jan 2024 Owner: HN QD
DCL1 Public (Unclassified) Version 2.0
 an IT security audit (M4)
To answer this section, follow each of the steps below:
• Define IT security audit
• What possible impacts to organisational security resulting from an IT
security audit
• Provide a practical example with explanation for each of these impacts
(Word limit: 250 – 500 words)
Task 2.2.1 - Recommend how IT security can be aligned with an
organisational policy, detailing the security impact of any misalignment (D2)
To answer this section, follow each of the steps below:
• Define an organisational policy and explain its purposes
• What impacts of an organisational policy on IT security and explain how
they happen if there is any misalignment between the policy and IT
security?
• Provide a practical example with explanation for each of these impacts
(Word limit: 250 – 500 words)
Task 3 - Design a suitable security policy for an organisation, including the
main components of an organisational disaster recovery plan (P7)
To answer this section, follow each of the steps below:
• Define a security policy and discuss about it
• Give an example for each of the policies
• Give the must and should that must exist while creating a policy
• Explain and write down elements of a security policy, including the main
components of an organisational disaster recovery plan
• Give the steps to design a policy
(Word limit: 500 – 750 words)
Task 4 - Discuss the roles of stakeholders in the organisation in
implementing security audits (P8)
To answer this section, follow each of the steps below:
• Define stakeholders
• What are their roles in an organization?
• Define security audit and state why you need it
• Recommend the implementation of security audit to stakeholders in an
organization
(Word limit: 250 – 500 words)
Task 4.1 - Justify the security plan developed giving reasons for the elements
selected (M5)
To answer this section, follow each of the steps below:
• Discuss with explanation about business continuity
• List the components of the organisational disaster recovery plan
• Justify and write down all the steps required in the disaster recovery process

BTEC HN Assignment Brief Template

Issue Date: Jan 2024 Owner: HN QD
DCL1 Public (Unclassified) Version 2.0
 (Word limit: 500 – 750 words)
Task 4.1.1 - Evaluate the suitability of the tools used in the organisational
policy to meet business needs (D3)
To answer this section, follow each of the steps below:
• Define an organisational policy
• What tools can you use in an organisational policy?
• Evaluate the suitability of the tools in the organisational policy
(Word limit: 250 – 500 words)

Learning Outcomes and Assessment Criteria

Pass
LO3 Review mechanisms to control organizational IT security.
P5 Review risk assessment
procedures in an organisation.
P6 Explain data protection
processes and regulations as
applicable to an
organisation.
Merit
M3 Summarise an appropriate
risk-management approach or
ISO standard and its application
in IT security.
M4 Analyse possible impacts to
organisational security
resulting from an IT security
audit.
Distinction
D2 Recommend how IT
security can be aligned
with an organisational
policy, detailing the
security impact of any
misalignment.

LO4 Manage organizational security.

P7 Design a suitable security
policy for an organisation,
including the main components of
an organisational disaster
recovery plan.
P8 Discuss the roles of
stakeholders in the organisation in
implementing security audits.
M5 Justify the security plan
developed giving reasons for
the elements selected.
D3 Evaluate the
suitability of the tools
used in the
organisational policy to
meet business needs.

BTEC HN Assignment Brief Template

Issue Date: Jan 2024 Owner: HN QD
DCL1 Public (Unclassified) Version 2.0