|
Programme:
|
BSc Computing with Cyber Security
|
|
Module Code:
|
LD6054
|
|
Module Title:
|
Cyber Security Assurance and Governance
|
|
Distributed on:
|
Via Blackboard; briefing in lecture.
|
|
Submission Time and Date:
|
To be submitted by 16:00 on [ 15 May 2025 ]
|
|
Word Limit:
|
3000
|
|
Weighting
|
BSc Computing with Cyber Security
|
|
Submission of Assessment
|
Electronic Management of Assessment (EMA): Please note if your assignment is submitted electronically, it will be submitted online via Turnitin by the given deadline. You will find a Turnitin link on the module’s eLP site.
It is your responsibility to ensure that your assignment arrives before the submission deadline stated above. See the University policy on late submission of work.
Please note that assignments are subject to anonymous marking.
|
Instructions on Assessment:
In the modern digital era, data is one of the most valuable assets for any organization. Companies operating in technology-driven sectors, such as artificial intelligence (AI) and cybersecurity, are particularly vulnerable to data breaches, information mismanagement, and regulatory non-compliance. To mitigate these risks and ensure operational efficiency, businesses must adopt robust Information Governance (IG) frameworks.
This case study focuses on TechNova AI Solutions, a rapidly growing AI and cybersecurity consultancy firm based in Manchester, UK. The company specializes in machine learning, cybersecurity solutions, data engineering, digital risk assessment, and AI-driven automation for various industries, including finance, healthcare, and government agencies.
As TechNova AI Solutions expands its operations and gains more high-profile clients, it faces increasing challenges in handling sensitive information. With over 100 enterprise clients and an increasing amount of classified data from government and private sector partners, the company requires a structured IG policy to safeguard its data assets. The aim of Information Governance is not only to provide data confidentiality and protection assurance to TechNova management but to also help individual staff members to understand the importance of data handling procedures. This will assist them to adhere to information assurance, corporate information assurance, information security assurance procedures and perform. their duties ethically to demonstrate duty of care as well as respecting data subject rights while processing their personal data and also to avoid any escalation privileges.
Your task is to develop an information governance policy for TechNova AI Solutions and write an accompanying report, which provides justification of policy contents, chosen framework, risk assessment methodologies and strategy to implement strong information governance for the given organisation. The report should outline the need for an effective information governance framework tailored to the organization’s needs, focusing on regulatory compliance, data security, and risk management.
Mapping to Programme Goals and Objectives
This assignment will assess the following learning outcomes:
Knowledge & Understanding:
1. Critically appraise principles of Information security in the context of Governance, Risk and Compliance.
Intellectual / Professional Skills & Abilities:
2. Develop a comprehensive Information Security Management System (ISMS) for the given problem context to support business objectives.
Personal Values Attributes (Global / Cultural awareness, Ethics, Curiosity) (PVA):
3. Evaluate social, ethical, and legal requirements for an auditor to comply with in a profession manner.
Module Specific Assessment Criteria and Grading
|
Description
|
Marks
|
|
Task 1: Introduction
|
|
The information security policies should include Introduction, purpose, scope. In addition, you need to make a strong case on the significance of information governance in context to the risks the organization has to address.
|
15
|
|
Task 2: Policy Structure and Contents
|
|
Identification and allocation of roles and responsibilities, accountable for ensuring legal, regulatory, and contractual obligations in the context of given scenario.
|
20
|
|
Task 3: Framework
|
|
Information Governance Policy Framework with recommendations of minimum 8 controls to establish Information Security Management System for given context.
|
35
|
|
Task 4: Implementation & Monitoring
|
|
Implementation plan and monitoring mechanisms to address security threats and mitigate security vulnerabilities in the context of given scenario
|
20
|
|
Task 5: Professional Presentation and Structure
|
|
|
Presentation should include appropriate language, referencing, clarity of expression style, format and length.
|
10
|
|
Total
|
100
|
Grading Guidance
Distinction (70 and above):
Excellent in-depth understanding of the risk assessment process, critical appraisal of different Information Governance frameworks and contemporary cyber threats to information assets in the context of given scenario. A robust policy detailing assurance, governance and responsibilities in the context of given scenario, mentioning best practices to adhere with ethical standards. Thorough critical analysis is made to deliver successful implementation of all tasks and justification of choices are made.
Commendation (60-69):
Very good application and synthesis of successful implementation of all tasks is delivered. Report contents are relevant and original but lack excellence in explanation and would need more academic rigour. The robustness and correctness of the risk assessment is not through.
Pass (40-59):
Provide basic understanding of the deliverables. Some deliverables are incomplete. There are number of inconsistencies in each task. Inadequate evaluation and incomplete justification of the choices made. Report shows some errors and not detailed. There is limited consideration to implement design and implementation strategies.
Fail (less than 40):
Provide little or no understanding of the risk process. Incomplete attempt or lacks substantial parts of the deliverables. Fail to demonstrate understanding of the concepts required to implement deliverables. Work lacks serious clarity and detail relevant to the assignment. There are several errors in the submitted report.
ASSESSMENT REGULATIONS
You are advised to read the guidance for students regarding assessment policies.
Academic Misconduct
The Assessment Regulations for Taught Awards (ARTA) contain the Regulations and procedures applying to cheating, plagiarism, the use of Artificial Intelligence (AI) Systems, and other forms of academic misconduct.
You are reminded that plagiarism, collusion, the use of Artificial Intelligence (AI) Systems, and other forms of academic misconduct, as referred to in the Academic Misconduct procedure of the assessment regulations, are taken very seriously. Assignments in which evidence of plagiarism or other forms of academic misconduct is found may receive a mark of zero.
Late submission of work
Where coursework is submitted without approval, after the published hand-in deadline, the following penalties will apply. For coursework submitted up to 1 working day (24 hours) after the published hand-in deadline without approval, 10% of the total marks available for the assessment (i.e.100%) shall be deducted from the assessment mark.
For clarity: a late piece of work that would have scored 65%, 55% or 45% had it been handed in on time will be awarded 55%, 45% or 35% respectively as 10% of the total available marks will have been deducted.
The Penalty does not apply to Pass/Fail Modules, i.e. there will be no penalty for late submission if assessments on Pass/Fail are submitted up to 1 working day (24 hours) after the published hand-in deadline.
Coursework submitted more than 1 day (24 hours) after the published hand-in deadline without approval will be marked as zero but will be eligible for referral. The reassessment should where appropriate, and as determined by the Module Leader, be the same method (e.g. essay) but maybe with a different task (e.g. different essay title) or with the same task (e.g. the same essay title) as indicated in the Module handbook.
In modules where there is more than one assessment component, Students are not required to complete all assessment components if an overall Pass Mark (40% UG, 50% PGT) has been achieved.
The only permitted exception will be in cases where the University is prevented from doing so by a PSRB requirement. In the case of PSRB requirements, a variation order will be required from the regulations.
In modules, where there is more than one assessment component and an overall pass mark has not been achieved, Students will be eligible for a referral* in the individual failed module and/or not attempted component(s) of assessment.
These provisions apply to all assessments, including those assessed on a Pass/Fail basis.
Word limits
The word count is to be declared on the front page of your assignment and the assignment cover sheet. The word count does not include:
e.g. appendices, glossary, footnotes, tables
Please note, in text citations [e.g. (Smith, 2011)] and direct secondary quotations [e.g. “dib-dab nonsense analysis” (Smith, 2011 p.123)] are INCLUDED in the word count.
If this word count is falsified, students are reminded that under ARTA this will be regarded as academic misconduct.
For those assessments where students are required to keep to the word limit, it is proposed that they should be informed that the marker will stop reading at the point when they judge that the word limit exceeds the recommended word count by more than 10%. The marker will indicate the point at which they stop reading on the text.
Students must retain an electronic copy of this assignment (including ALL appendices) and it must be made available within 24hours of them requesting it be submitted.