Scribd
Upload
175 views3 pages

1 - Unit 5 - Assignment 2 Guidance

This document provides guidance for an assignment with multiple tasks. Task 1 involves discussing risk assessment procedures including defining risk, assets, threats, and the risk assessment process. Task 2 covers explaining data protection processes, regulations, and their importance for organizations. Task 2.1 summarizes the ISO 31000 risk management methodology and its applications in IT security. Task 2.2 discusses the possible impacts of an IT security audit on organizational security. The document provides guidance on the steps to follow and word limits for answering each task.

Uploaded by

Tran Quang Thang FGW DN
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
175 views3 pages

1 - Unit 5 - Assignment 2 Guidance

This document provides guidance for an assignment with multiple tasks. Task 1 involves discussing risk assessment procedures including defining risk, assets, threats, and the risk assessment process. Task 2 covers explaining data protection processes, regulations, and their importance for organizations. Task 2.1 summarizes the ISO 31000 risk management methodology and its applications in IT security. Task 2.2 discusses the possible impacts of an IT security audit on organizational security. The document provides guidance on the steps to follow and word limits for answering each task.

Uploaded by

Tran Quang Thang FGW DN
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Assignment 2 Guidance

Task 1 - Discuss risk assessment procedures


(P5)
To answer this section, follow each of the steps below:
 Define a security risk and how to do risk assessment
 Define assets, threats and threat identification procedures, and give examples
 Explain the risk assessment procedure
 List risk identification steps
(Word limit: 500 – 750 words)

Task 2 - Explain data protection processes


and regulations as applicable to an
organisation (P6)
To answer this section, follow each of the steps below:
 Define data protection
 Explain data protection process in an organization
 Why are data protection and security regulation important?
(Word limit: 500 – 750 words)

Task 2.1 - Summarise the ISO 31000 risk


management methodology and its application
in IT security (M3)
To answer this section, follow each of the steps below:
 Briefly define ISO 31000 management methodology
 What are its applications in IT security?
 Provide a practical example for each of these applications
(Word limit: 250 – 500 words)

1
Task 2.2 - Discuss possible impacts to
organisational security resulting from an IT
security audit (M4)
To answer this section, follow each of the steps below:
 Define IT security audit
 What possible impacts to organisational security resulting from an IT security audit
 Provide a practical example for each of these impacts
(Word limit: 250 – 500 words)

Task 2.2.1 - Consider how IT security can be


aligned with organisational policy, detailing
the security impact of any misalignment (D2)
To answer this section, follow each of the steps below:
 Define an organisational policy and what it is used for
 What impacts of an organisational policy on IT security if there is any misalignment
between the policy and IT security?
 Provide a practical example for each of these impacts
(Word limit: 250 – 500 words)

Task 3 - Design and implement a security


policy for an organisation (P7)
To answer this section, follow each of the steps below:
 Define a security policy and discuss about it
 Give an example for each of the policies
 Give the most and should that must exist while creating a policy
 Explain and write down elements of a security policy
 Give the steps to design a policy
(Word limit: 500 – 750 words)

2
Task 4 - List the main components of an
organisational disaster recovery plan,
justifying the reasons for inclusion (P8)
To answer this section, follow each of the steps below:
 Discuss with explanation about business continuity
 List the components of recovery plan
 Write down all the steps required in disaster recovery process
 Explain some of the policies and procedures that are required for business
continuity
(Word limit: 500 – 750 words)

Task 4.1 - Discuss the roles of stakeholders


in the organisation to implement security
audit recommendations (M5)
To answer this section, follow each of the steps below:
 Define stakeholders
 What are their roles in an organization?
 Define security audit and state why you need it
 Recommend the implementation of security audit to stakeholders in an organization
(Word limit: 250 – 500 words)

Task 4.1.1 - Evaluate the suitability of the


tools used in an organisational policy (D3)
To answer this section, follow each of the steps below:
 Define an organisational policy
 What tools can you use in an organisational policy?
 Evaluate the suitability of the tools in the organisational policy
(Word limit: 250 – 500 words)

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy