COIT20263 Information Security Management (HT2, 2019)

1 | 5
COIT20263 Information Security Management (HT2, 2019)
Assessment Item 1 – Written Assessment

Due date: 8:00 AM AEST, Monday, Week 7 ASSESSMENT
Weighting: 35%1
Length: 2000 words (±500 words)

Objectives
This assessment task relates to Unit Learning Outcome 2 and can be undertaken in a group of up to 4
students or individually. Distance students can form groups with on-campus students as well. In this
assessment task, you will analyse the scenario given on page 2 and develop a report on the guidelines
for the specified information security policy for the organisation given in the scenario.
Assessment Task
You are required to analyse the scenario given on page 2 and develop a report on the guidelines for a
‘Privacy and Security of Donor Information Policy’ for the organisation described in the scenario.
You must support the guidelines you prepare with relevant references and justify as to why those
guidelines are necessary.
Your report on guidelines should include:
1. Executive Summary
2. Table of Contents
3. Introduction
4. Discussion (Guidelines)
5. Conclusion
6. References
Note: You must follow the Harvard citation and referencing guidelines when writing your report.
Check the unit website at least once a week for further information relating to this assessment task.
Please ensure that you write your report in your own words to avoid possible plagiarism and copyright
violation. You can understand the Plagiarism Procedures by following the corresponding link in the
CQUniversity Policies section of the Unit Profile.
Assessment Criteria
You are assessed on your ability to analyse the given scenario and prepare a report on the guidelines
for the specified information security policy. The marking criteria for this assessment task are provided
on page 3. You need to familiarise yourself with the marking criteria to ensure that you have addressed
them when preparing the report for this assessment item.
Submission
Each one of you in the group must upload the same report through the COIT20263 Moodle unit website
assessment block on or before the due date. A group member who fails to submit the report will not be
awarded any marks for the assessment. Late submissions will incur the penalty as per university’s
ASSESSMENT POLICY AND PROCEDURE.
2 | 5
The Scenario for Information Security Management Assessment Tasks (COIT20263)
FuturePlus is a newly established, independent charity organisation helping disadvantaged Australian
students to continue their education, giving them a chance to a future full of possibilities. To start with,
the support includes payments for tuition fees and educational supplies, as well as for student
accommodations. However, the organisation plans to develop and offer more programs to help the
disadvantaged students, for example, early intervention and tutoring programs. The costs are covered
through public donations. FuturePlus collects one-off as well as monthly donations through their
website equipped with a secure payment system. They also run special fund-raising drives twice a year
by advertising about the event on national television, on their website, and via SMS and e-mails sent to
donor list extracted from their donor database.
To manage the operations of the organisation, they have recruited both full-time as well as casual staff.
The full-time staff consist of an Operating Manager, an Accountant, a Planning Officer, two Case
Officers, and three support staff. There are three casual staff providing extra support to the Case Officers
with eligibility checks and visits to the candidate students, also providing updates on students who
receive help from FuturePlus. However, the organisation is planned to grow in the number of staff
members, and students they support in the next few years.
FuturePlus operates from Sydney CBD, occupying one floor of a high-rise building. They have got their
network designed and rolled out by your company, with all the servers located in their premise, and
have employed your company to provide them ongoing network support. Their office network site is
connected to the Internet via 5G cellular wireless technology. They require their database servers and
the website to be up and running 24/7. FuturePlus provides their casual staff with portable devices to
take on-site case notes during their site visits and send these to the office via secure communications.
Since they store sensitive information about their donors, students receiving donations, as well as
payment details such as bank account and credit card information, it is of utmost importance that their
servers and communications over the Internet are completely secure.
FuturePlus has requested your company’s service of designing a suitable information security
program for their organisation.
Note: This scenario was created by Dr Jahan Hassan on the 11th of June 2019 and no part of this scenario should be
reproduced by any individual or an organisation without written permission from CQUniversity, Australia.
3 | 5

Marking Criteria
Section HD D C P F Max
Mark
Mark
Obtained
4 3.7 3.4 3.3 3 2.9 2.6 2.5 2 1.5 0
Executive
summary
Summarised all key information of the report. One or two key information
missing.
Three key information
missing.
One or
two key
informat
ion
missing.
Three
key
informati
on
missing.
Most key
information
missing.
No Executive
Summary.
4
Very clear writing
with no mistakes.
A few spelling
or grammar
mistakes.
Several spelling
or grammar
mistakes.
Very clear
writing with
no mistakes.
Several
spelling or
grammar
mistakes.
Very clear
writing
with no
mistakes.
Several
spelling
or
grammar
mistakes.
Not
clear.
Not clear.
HD D C P F
4 3.3 2.9 2.5 1.5 0
Table of
contents
(ToC)
Used decimal notation. Included all headings and page
numbers. Used ToC auto-generation. Used Roman i for
the Executive Summary page. Executive Summary was
before the Introduction. Used a new page.
One feature missing. Two features missing. Three features
missing.
Four or
more
features
missing.
ToC missing. 4
HD D C P F
4 3.7 3.4 3.3 3 2.9 2.6 2.5 2 1.5 0
IntroductionSet the scene for the report and described the purpose
clearly. Explained the research method used. Outlined the
sections of the report. Started from a new page.
Contained all information but
not enough detail.
Some information
missing but enough
detail given.
Some information
missing and not
enough detail.
Most
information
missing.
No
Introduction.
4
Very clear
writing with no
mistakes.
A few spelling
or grammar
mistakes.
Several spelling
or grammar
mistakes.
Very clear
writing with
no mistakes.
Several
spelling or
grammar
mistakes.
Very clear
writing
with no
mistakes.
Several
spelling
or
grammar
mistakes.
Very
clear
writing
with no
mistakes
.
Several
spelling
or
grammar
mistakes.
HD D C P F
20 18.5 17 16 15 14 13 12 10 8 0
DiscussionThorough and detailed discussion supported by in-text
references and justifications.
Contained all information but
not enough detail.
Some information
missing but enough
detail given.
Some information
missing and not
enough detail.
Most
information
missing.
Irrelevant
information.
20
Very clear writing
with no mistakes.
A few spelling
or grammar
mistakes.
Several spelling
or grammar
mistakes.
Very clear
writing with
no mistakes.
Several
spelling or
grammar
mistakes.
Very clear
writing
with no
mistakes.
Several
spelling
or
grammar
mistakes.
Very
clear
writing
with no
mistakes.
Several
spelling
or
grammar
mistakes.
HD D C P F
3 2.5 2.2 1.9 1.45 0

4 | 5

References All references are listed according to Harvard reference
style.
All references are listed but a
few referencing errors.
Not all references are
listed but correctly
referenced.
Many references
missing.
Incorrect
reference
list.
No reference
list.
3
Plagiarism penalty
Late submission penalty
Total 35