ASSESSMENT BRIEF

L7 Cyber Security Management and Compliance

Module Leader: Hewa Balisane

Key Details and Requirements

Submission deadline: Thursday 12 June 2025, no later than 16:30pm (UK local
time)

Learning outcomes:

Successful students will typically have a knowledge and understanding of:

1. Advanced and current concepts and issues of information environment risks,

vulnerabilities and threats.
2. Managing an information environment in terms of deterrence, detection, protection
and reaction to incidents.
3. A systematic application of the methods and procedures used within the cyber
security field under the context of risk and threat assessments.

Successful Students will typically be able to:

4. Critically demonstrate self-direction and creativity in managing the security of an

information environment at the strategic, tactical and operational levels, effectively
developing information security policies.
5. Use initiative to autonomously conduct and manage a risk assessment of a
complex and unpredictable environment.

Assessment details: Individual Portfolio (Tasks and activities accumulated over the
semester; equivalent to 2,500 words), 100%

Referencing: Students are expected to use Harvard Referencing throughout their

assignments where required. Please follow the Harvard Referencing Handbook for all
your assignments at the ULBS.

Submission Method: Turnitin - Your work will be put through Turnitin. All
submissions will be electronically checked for plagiarism and the use of AI software.

You have the option to upload your work ahead of the deadline, more than once. ULBS
will be reviewing your last submission only. You can only upload one file. For example
if your work contains a word document and power point slides/Excel spreadsheet you
will need to copy your slides/spreadsheet into the word document.

Note: Keep in mind that self-plagiarism (when you reuse your own specific wording
and ideas from work that you have previously submitted without referencing yourself)
is also a form of plagiarism and is not allowed.
ASSIGNMENT DETAILS

In responding to all the tasks below you are required to use frameworks and
concepts which have been covered in the delivery of this module.

Task 1 (LO 1, 4, and 5)

Consider the following use case:

Business Email Compromise is a broad set of attacks that are extremely common
across the enterprise. As part of your role as a cyber security professional in a Energy
Sector company, you have been requested by the CEO to prepare a report at the next
company townhall on this issue.

Your report must cover the following points:

1. What could be the possible motives behind Business Email Compromise

attacks within the Energy Sector?

2. What are the potential impacts of Business Email Compromise attacks on an

organisation within the Energy Sector? Apply the "Risk Wheel" elements to
discuss risks related to operational disruptions, compromised safety systems,
and financial losses.

Task 2 (LO 2, 4, and 5)

Consider the learning experiences in enterprise security, specifically within the energy
sector. Picking a company within the Energy Sector (a provider or distributor), discuss
the following:

a) Identify and discuss the key attack vectors that are applicable from an enterprise
security perspective, in the context of the Energy Sector.

b) Outline the recommended approach to operational processes such as Patch

Management, Vulnerability Management, Change Management, in the context
of the Energy Sector

c) Provide recommendations on any tools that you would recommend facilitating

these processes. Use your chosen company/organisation to give your response
the necessary context.

Task 3 (LO 3, 4, and 5)

Consider the user security of a software development for the Energy Sector.
 d) Identify and discuss the key attack vectors that are applicable from an employee
perspective, in the context of your chosen organisation, linking this to the
discussions in class?

e) Outline your approach to security awareness training that you plan to adopt for
the employees of your chosen company/organisation? Which employee-groups
would you prioritise, if any in particular, and why/why not? You are encouraged
to link the discussion to themes and topics discussed in class.

f) Identify and discuss technical controls that you propose to deploy to combat the
risks of phishing attacks, in the context of your chosen organisation, linking it to
the various models discussed in class.

Task 4 – Summary Report

Once you have completed individual tasks, you should write a summary report
(maximum approx. 1,000 words – keep in mind you have already written a brief
analysis per entry). In this report you would bring all your tasks together to summarise
your overall take on the cyber security management and compliance of your chosen
company/organisation, along with a summary of your recommendations. As before,
these need to be grounded in academic and non-academic sources, evidenced
through in-text citations and inclusion of these sources in a List of References,
according to Harvard Style of Referencing.

Portfolio instructions:
• Any write-up in the Portfolio should be written in font size 11, single spacing.
• With each entry (item/artefact) you put in your portfolio, you should write a brief
summary of why you have chosen this particular item/artefact and how it touch
on them of that particular section. You should then analyse it in accordance
with the tasks as they are laid out in the instructions above.
• Proper citations are essential. All tasks require referencing academic and other
sources, listed in a Harvard Referencing style, present a reference list at the
end of the Portfolio. Whenever you use external sources (pictures, definitions,
line of argumentation), clearly state this at the of the sentence or paragraph by
providing a reference to the original article using Harvard Referencing style.

Please refer to the marking criteria (below) for a breakdown of how the tasks will
be marked.
 Assessment Criteria
FAIL
(0 - 49%)
Exhibits an unsatisfactory
GRADE DESCRIPTORS
grasp of the issues.
Primarily descriptive and
Mark lacking in independent
Weight critical thought. Weak or
no attempt at analysis,
synthesis and critical
MARKING CRITERIA
reflection. Little evidence
of ability to tackle the
issues. Poor
structure/grammar/
Knowledge & Understanding: Critical analysis and reflection on the
extent of the issue across use cases, using appropriate literature. 15
PASS
(50 – 59%)
Satisfactory grasp of the
issues, with limited
independent critical thought
appropriate to the tasks.
Material is largely relevant to
the tasks. Some evidence of
analysis, synthesis and critical
reflection. Work is presented
in acceptable manner, with
some minor errors.
COMMENDATION
(60 – 69%)
Good/very good understanding
of the issue with some
independent critical thought and
approach to the tasks. Good
attempt at analysis, synthesis
and critical reflection, with
evidence of some ability to
tackle issues. Work is clearly
presented in a fairly well
organised manner.
DISTINCTION
(70-100%)
Excellent level of
understanding.
All requirements are dealt with
to a high standard. Excellent
analysis, synthesis and critical
reflection. Evidence of
independent and original
judgement in relation to
resolution of problems
Excellently presented.

Task 1: Thoroughly presenting and conducting a detailed analysis of

the concepts outlined in Task 1, supported by appropriate literature. 20

Task 2: Thoroughly presenting and conducting a detailed analysis of

the concepts outlined in Task 2, supported by appropriate literature. 20
.
Task 3: Thoroughly presenting and conducting a detailed analysis of
the concepts outlined in Task 3, supported by appropriate literature. 20

Conclusions: Conclude the report by providing an overall reflection

and critical analysis of data security principles using appropriate
15
references specific to each of the three tasks.

Structure & Organisation: Overall structure and cohesiveness of the

Portfolio and the summary report is excellent, with a good and logical
10
flow.