Detailed development of a professional

COMP9721 Information Security GE, Assessment 3, S1-2022 Page 1 of 4
COMP9721 Information Security
Assessment 3 – Detailed development of a professional information security
Contingency Plan, including research on compliance to regulations and
standards
Semester 1, 2022
Details.

Title: COMP9721 Assessment 3 – Detailed development of a professional
information security Contingency Plan, including research on compliance to
regulations and standards.
Due Date: 09.00AM (ACST), Thursday 2nd June 2022.
Value:
Length:
40% of the final mark for the topic (late penalty: 5% per 24-hour period).
No specific length requirement.

Purpose of this assignment.
The purpose of this assignment is to support the following topic Learning Outcomes (LO) for
this topic:
LO1. Illustrate the importance of cyber security and information security to business
and government
LO2. Analyse the threats and common attacks faced by organisations
LO3. Examine the security issues associated with the integration of information
systems
LO4. Analyse security risks and select appropriate security controls
LO5. Design industry professional reports on organisational cyber security and
information security programs
LO6. Research and critically analyse publications and industry guidelines in the area
of computer security.
Task.
This task builds on Assessment 1 and Assessment 2.
COMP9721 Information Security GE, Assessment 3, S1-2022 Page 2 of 4
A large hospital in South Australia has asked you (as the new Information Security Manager)
to develop and implement an Information Security Contingency Plan. You have already
performed a
Security Analysis and Risk Assessment (Assessment 1) and the Development of
an information security contingency planning document
(Assessment 2). The report must be
practically oriented to the scenario and must not be a mere discussion of theory. This is to
demonstrate how you have applied theory to the given scenario.
The final phase is to select and complete
one aspect of the contingency plan as listed below:
1. Incident Response Planning
2. Disaster Recovery Planning
3. Business Continuity Planning
The section must make reference to
compliance to regulations and standards that apply to
the hospital/healthcare context
. Where appropriate you can make use of Appendices for
forms and other documentation that may be required and examples of it. You must ensure
that the report makes appropriate reference to these. The target audience for this report is
Senior Management, the IT and Security Department, and Senior Clinical Leads.
Assumptions.
Any assumptions that you make should be clarified in your report, either as part of the
introduction or in a separate section. Assumptions must be justifiable and commercially
sound. If students are unsure about the validity of their assumptions, they should seek
clarification from their tutor.
Assessment Criteria.
Please see the Marking Key for this assessment provided on FLO. In general, the report will
be assessed for:
clarity and conciseness,
readability for the intended audience, and
completeness of the explanations and instructions, including research of regulation
and standards.
Submission Requirements.

Report Length No specific length requirement.
Format The report must be word processed and be professional in appearance.
You should make use of appropriate fonts and formatting.
The submission file MUST be a single file in .doc, .docx or .pdf file format,
and labelled:
COMP9721_your FAN_lastname_firstname
Must Contain Cover/Title Page
This must contain the topic code and title, assignment title, your name
and student identification, due date.

COMP9721 Information Security GE, Assessment 3, S1-2022 Page 3 of 4

Executive Summary
Should be approximately 500 words. This should provide a concise
snapshot of the entire report.
Table of Content (table of Figures, Table of Tables)
This must accurately reflect the content of your report and must be
generated automatically in Microsoft Word (or similar) with page
numbers.
Introduction and Scope
This must provide the scenario, the purpose of the document, the scope
of the document, and state any assumptions made. Use in-text references
where appropriate. Identify what the focus of the section of the
Contingency Plan you have developed and where it fits in a full
contingency plan.
Your chosen contingency plan section
As described in the Task section. This must be logically structured and
well referenced. Make effective use of headings and subheadings.
Conclusion
This section should draw together the main points of your report and
identify the next steps to implementation of the Contingency Plan.
Glossary of relevant terms
This should contain original but referenced definitions for appropriate
terms. Only security related terms should be included in this glossary, as
opposed to general computing terms
References
A list of end-text references formatted according to the Flinders APA
Referencing requirements.
https://students.flinders.edu.au/content/dam/student/slc/apa
referencing.pdf
It is recommended that Endnote is used to manage
references. Your references should comprise of books, journal articles,
and conference papers
.
Bibliography
This should be in the same format as the List of References. It should
contain material that has not been specifically used in your report, but
which will be of interest to the reader of your report.
Appendices as necessary
There are no marks associated with the appendices. However, they can
be used to include material that is important supporting material to
your document. You should assume that the reader of your report will
only briefly scan the appendices.

COMP9721 Information Security GE, Assessment 3, S1-2022 Page 4 of 4
Late submission.
As per the penalties in the topic official Statement of Assessments Methods (SAM) 2022, an
assessment submitted after the fixed or extended time for submission shall incur a penalty to
be calculated as for each day (including weekend days) that it is late, as 5% of the maximum
assessment available for the assessment.
Academic Misconduct (Including Plagiarism).
Flinders University regards academic misconduct of any form as unacceptable. Academic
misconduct, which includes but is not limited to, plagiarism; unauthorised collaboration;
cheating in examinations; theft of others’ students work; collusion; inadequate and incorrect
referencing; will be dealt with in accordance with the Flinders Policy on Academic Integrity
Policy.
http://www.flinders.edu.au/academicintegrity/