Subject: Information Security Management (HT2, 2018)
Assessment Item 1 – Written Assessment
|Due date:||8:00am AEST, Monday, Week 7||ASSESSMENT|
|Length:||2000 words (±500 words)
This assessment task relates to Unit Learning Outcome 2 and can be undertaken in a group of up to 4 students or individually. Distance students can form groups with on-campus students as well. In this assessment task, you will analyse the scenario given on page 3 and develop a report on the guidelines for the specified information security policy for the organisation given in the scenario.
You are required to analyse the scenario given on page 3 and develop a report on the guidelines for a ‘Privacy and Security of Personal Health Information Policy’ for the organisation described in the scenario. You should ensure that you support the guidelines you prepare with references and justify as to why those guidelines are necessary.
Your report on guidelines should include:
- Executive Summary
- Table of Contents
- Discussion (Guidelines)
Check the unit website at least once a week for further information relating to this assessment task. Please ensure that you write your report in your own words to avoid possible plagiarism and copyright violation. You can understand the Plagiarism Procedures by following the corresponding link in the CQUniversity Policies section of the Unit Profile.
You are assessed on your ability to analyse the given scenario and prepare a report on the guidelines for the specified information security policy. The marking criteria for this assessment task are provided on page 4. You need to familiarise yourself with the marking criteria to ensure that you have addressed them when preparing the report for this assessment item.
Each one of you in the group must upload the same report through the COIT20263 Moodle unit website assessment block on or before the due date.
The Scenario for Information Security Management Assessment Tasks
NTN is a newly established private nursing school in Australia. Its main campus is located in Sydney and the satellite campuses are located in Darwin and Cairns. NTN has made agreements with three private hospitals in Sydney, Darwin and Cairns to provide the internship and training to the students of the nursing school. All three private hospitals and the main and satellite campuses of NTN are connected to the Internet.
Lecture, tutorial and laboratory classes are conducted in the campus in Sydney and they are live-video streamed to the satellite campuses forming a virtual classroom. The instructors and the students in the satellite campuses can directly communicate with the lecturer in the Sydney campus when a virtual class is in progress. At any time, there will be at most 200 students in the main campus and a maximum of 100 students in each satellite campus participating in a virtual class. However, these numbers are expected to double within the next couple of years.
NTN provides a telemedicine and healthcare service to the community in a radius of about 200km from each satellite campus by having a small mobile team of doctors and nursing students. The mobile team in Darwin as well as in Cairns provide consultations and services to the needy patients at their homes. These mobile teams travel around in specially equipped vehicles called the home-care vehicles. The mobile teams can scan/photograph and send the reports of the patients immediately to the corresponding private hospital and communicate directly with the medical staff there via the networks in the home-care vehicles.
NTN recently appointed staff for its Information Security Division headed by a Chief Information Security Officer (CISO) to design and launch an information security program.
Note: This scenario was created by Dr Rohan de Silva on 12th December 2014 and no part of this scenario should be reproduced by any individual or organisation without written permission from CQUniversity, Australia.
|Section||HD||D||C||P||F||Max Mark||Mark Obtained|
|Executive summary||Covered all the sections of the report||One or two sections missing..||Three or four sections missing.||Not clear but contained most sections.||Not clear and most sections missing.||4|
|Table of contents||Used decimal notation. Included all headings and page numbers. Used ToC auto-generation.||One or two features missing.||Two or three features missing.||Included only the main headings.||ToC missing.||4|
|Introduction||Set the scene for the report and described the purpose clearly.||Contained all parts but not enough detail.||Had missing parts.||Not clear but contained most parts.||Not clear and most parts missing.||4|
|Discussion||Thorough and detailed discussion supported by references and justifications.||Contained all information but not enough detail.||Had missing information.||Not clear but contained most information.||Not clear and most information missing.||20|
|References||All references are listed according to Harvard reference style.||All references are listed but a few referencing errors.||Not all references are listed but correctly referenced..||Many references missing||No or incorrect reference list.||3|
|Late submission penalty|