CMP7241 Information Security Governance PG CWK Assessment Brief 2024-25 | BCU

Published: 01 Sep, 2025
Category Assignment Subject Computer Science
University Birmingham City University (BCU) Module Title CMP7241 Information Security Governance

CMP7241 Information Security Governance PG CWK Assessment Brief

Learning Outcomes: 

Completion of this assessment will address the following learning outcomes:

  1. identify security threats and evaluate associated risks to information assets using appropriate quantitative and qualitative methods.
  2. Critically evaluate the conformance of security management processes of an organisation against ISO 27001, identify gaps and recommend mitigations.
  3. Construct contingency and business continuity plans that are consistent with the organization’s view of associated business risks.

Submission Information

Present any written aspects of the assessment using font size 11 and using 1.5 spacing to allow for comments and annotations to be added by the markers.

Complete the appropriate cover sheet for this assessment and append your work.

This assessment will be marked anonymously and should show your student number only. Submit this coursework assessment task via Moodle.

Late Submission

Assessments must be submitted in the format specified in the assessment task, by the deadline and to the submission point published on Moodle. Failure to submit by the published deadline will result in penalties which are set out in Section 6 of the Academic Regulations, available at: https://icity.bcu.ac.uk/Quality-Enhancement-and-Inclusion/Quality-Assurance-and- Enhancement/Academic-Regulations

Word Count

The maximum word count for this module assessment is shown on Page 1. A +10% margin of tolerance is applied, beyond which nothing further will be marked. Marks cannot be awarded for any learning outcomes addressed outside the word count.
The word count refers to everything in the main body of the text (including headings, tables, citations, quotes, lists etc.). Everything before (i.e. abstract, acknowledgements, contents, executive summaries etc.) and after (i.e. references, bibliographies, appendices etc) is not included in the word count limit.

Academic Integrity Guidance

Academic integrity is the attitude of approaching your academic work honestly, by completing and submitting your own original work, attributing and acknowledging your sources when necessary.

Understanding good academic practice in written and oral work is a key element of academic integrity. It is a positive aspect of joining an academic community, showing familiarity with and acknowledging sources of evidence. The skills you require at higher education may differ from those learned elsewhere such as school or college.

You will be required to follow specific academic conventions which include acknowledging the work of others through appropriate referencing and citation as explicitly as possible. If you include ideas or quotations that have not been appropriately acknowledged, this may be seen as plagiarism which is a form of academic misconduct. If you require support around referencing, please contact the Centre for Academic Success

It is important to recognise that seeking out learning around academic integrity will help reduce the risk of misconduct in your work. Skills such as paraphrasing, referencing and citation are integral to acting with integrity and you can develop and advance these key academic skills through the Centre for Academic Success (CAS).

To learn more about academic integrity and its importance at university, you can access CAS resources on Moodle. Furthermore, you can book on to workshops and request 1-2-1 support around key academic skills.

Task: To perform a security audit on a factitious company.

Style: Report

Rationale: Assess the student’s ability to perform a security audit using industry best practices.

Description: This assignment aims to perform a security audit on a fictitious company. The scenario is as follows:

CyberSafe is a large IT services company that provides cloud solutions and IT consultancy to clients in North America, Europe, the Middle East, and Africa. The company handle extensive client data, which makes cybersecurity a high priority for them, given the current threat landscape. Their IT infrastructure consists of Data Centres, Network Infrastructure, Servers, End User Devices, Software and Applications. This audit aims to assess Cybersafe's current security posture, identify vulnerabilities, and recommend ways to enhance the organisation's cyber defence capabilities. You will perform risk assessments, determine conformance against the ISO 27001 standard, and propose recommendations. You will also evaluate the company's cyber readiness and help them construct contingency and business continuity plans.

Key point to cover includes:

  • Identifying the assets (25) and performing a risk assessment using risk assessment and analysis tools such as risk register, probability & impact matrix, and FAIR methodology.
  • Evaluating the conformance of the security management processes of CyberSafe against ISO 27001, identify gaps, and recommend mitigations. Statement of Applicability (SOA) must be produced to justify control selection
  • Constructing contingency and business continuity plans. Business Impact Analysis (BIA) should be performed to determine critical functions to help you design and construct contingency and business continuity plans

Transferable skills:

  • Communication skills
  • Critical analysis
  • Team working
  • Time management

Knowledge of industry standards and their implementation

Order Custom Answers for CMP7241 CWK Assignment

Request to Buy Answer

Marking Criteria:

Marking Criteria:

 

Table of Assessment Criteria and Associated Grading Criteria

 

Marking Criteria:

 

Table of Assessment Criteria and Associated Grading Criteria

 

 

Learning Outcomes

1

Identify security threats and evaluate associated risks to information assets using appropriate quantitative and qualitative methods.

2

 

Critically evaluate the conformance of security management processes of an organisation against ISO 27001, identify gaps and recommend mitigations.

3

 

Construct contingency and business continuity plans that are consistent with the organization’s view of associated business risks.

 

Assessment Criteria

à

LO1

L02

L03

Weighting:

25%

25%

25%

Grading Criteria

0  20%

Fail

No attempt was made to identify the threats and evaluate the risks and most of the information is out of context

No attempt was made to evaluate the conformance of security management processes against ISO 27001 standards. No gaps were identified.

No attempt was made to evaluate the contingency and business continuity plans.

20  39%

Fail

A minimal attempt was made to identify the threats and evaluate the risks. A substantial mismatch exists between the suggested controls and the proposed risks.

A minimal attempt was made to evaluate the conformance of security management processes against the ISO 27001 standard. No clear gaps were identified, and the countermeasures were either non-existent or out of place. A Statement of Applicability (SOA) was not produced.

Minimal evidence of contingency planning and business continuity plans. Key features such as business impact analysis are missing. Overall, there are lots of inconsistencies.

 

 

40  49%

Limited evaluation of the threats and associated risks to the assets. Some mismatch between the gaps and the countermeasures

Limited attempt was made to evaluate the conformance of the security management processes of the organisation against ISO 27001. The identified gaps and countermeasures were not sufficiently developed and linked to the risk assessment performed in the criterion. The Statement of Applicability was not clearly defined.

Limited evidence of contingency planning and business continuity plans. Key features such as business impact analysis are missing. Overall, there are lots of inconsistencies.

 

 

50  59%

Satisfactory evaluation of the security threats and the associated risks to the assets using appropriate methods

Satisfactory evaluation of the conformance of the security management processes against the ISO 27001 standard. Appropriate countermeasures were recommended to mitigate the risks. A Statement of Applicability was produced to justify the controls selection.

Satisfactory contingency and business continuity plans.

Key features such as business impact analysis and recovery strategies were described.

60  64%

Competent evaluation of the threats and the associated risks using appropriate methods.

A competent evaluation of the conformance of the security management

processes against the ISO 27001 standard. Appropriate countermeasures were recommended to mitigate the risks. A good Statement of Applicability (SOA) was produced to justify the control's selection.

A competent contingency and business continuity plan were constructed. The business impact analysis was performed, and key recovery strategies were covered in detail.

65  69%

Good evaluation of the threats and the associated risks using appropriate methods

A good evaluation of the conformance of the security management

processes against the ISO 27001 standard. Appropriate countermeasures were recommended to mitigate the risks. A good Statement of Applicability (SOA) was produced to justify the control's selection

A detailed contingency and business continuity plan was constructed. The business impact analysis was performed, and key recovery strategies were covered in detail.

 

 

70  79%

A very good evaluation of the threats, associated risks and potential impact using appropriate methods. Threats were ranked according to their severity and impact.

A very good evaluation of the conformance of the security management processes against the ISO 27001 standard. Appropriate countermeasures were recommended to mitigate the risks. A clear and detailed Statement of Applicability was produced to justify the control selection.

A very good contingency and business continuity plan was crafted. An in-depth Business impact analysis was performed to identify time- sensitive and critical business functions. Well-defined recovery strategies were created.

 

 

80  89%

Excellent evaluation of the threats, associated risks and their potential impact. A clear strategy to prioritise higher risks. Use of appropriate tools such as risk registers and risk analysis methods.

Excellent evaluation of the conformance of the security management processes against the ISO 27001 standard. There was evidence of high-level risk analysis.

Appropriate countermeasures were recommended to mitigate the risks. An excellent Statement of Applicability (SOA) was produced. The SOA contained the justification for selecting the controls and whether they were implemented or not.

An excellent and effective business continuity plan was constructed.

A well-planned and detailed business impact analysis was performed to identify all critical functions and processes.

Metrics such as Recovery Point Objectives and Recovery Time Objectives were used and discussed in detail.

90  100%

Outstanding report. The student used innovative techniques to evaluate the threats, associated risks and their potential impact. A clear strategy to prioritise higher risks. A high-level use of appropriate tools, such as risk registers and risk analysis method

Outstanding evaluation of the conformance of the security management processes against the ISO 27001 standard. There was evidence of high-level risk analysis.

Appropriate countermeasures were recommended to mitigate the risks. An outstanding Statement of Applicability (SOA) was produced. The SOA contained the justification for selecting the controls, why others were omitted, and whether they were implemented.

Outstanding and highly innovative and effective business continuity plan was constructed. A comprehensive business impact analysis was performed to identify all critical functions and processes.

Metrics such as Recovery Point Objectives and Recovery Time Objectives were used and covered in detail.

 

Format: upload to the submission link on the Moodle page

Regulations:

  • The minimum pass mark for a module is 50%
  • Re-sit marks are capped at 50%
    Full academic regulations are available for download using the link provided above in the IMPORTANT STATEMENTS section

Late Penalties

If you submit an assessment late at the first attempt, then you will be subject to one of the following penalties:

  • if the submission is made between 1 and 24 hours after the published deadline the original mark awarded will be reduced by 5%. For example, a mark of 60% will be reduced by 3% so that the mark that the student will receive is 57%.
  • if the submission is made between 24 hours and one week (5 working days) after the published deadline the original mark awarded will be reduced by 10%. For example, a mark of 60% will be reduced by 6% so that the mark the student will receive is 54%.
  • if the submission is made after 5 days following the deadline, your work will be deemed as a fail and returned to you unmarked.
    The reduction in the mark will not be applied in the following two cases:
    othe mark is below the pass mark for the assessment. In this case the mark achieved by the student will stand
    owhere a deduction will reduce the mark from a pass to a fail. In this case the mark awarded will be the threshold (i.e., 50%)

Please note:

  • If you submit a re-assessment late then it will be deemed as a fail and returned to you unmarked.

Assessment Checklist:

Run through this simple tick list before submitting your work!

Report

Well prepared materials make your work look more professional and easier to understand.

Item

Action

Done?

1

I have used the spellchecker and proofread the work correcting errors several times.

 

2

I have checked that all material is directly related to the assignment tasks.

 

3

I have checked that all the required information has been included in the work.

 

4

The work is professionally presented using consistent headings, fonts and layout.

 

5

All tables and images are numbered and captioned.

 

6

I have used the structure specified in the assignment.

 

Referencing and Originality

Your work will be subjected to checks to ensure it is not copied. Derivative work may leave you subject to penalties, including in extreme cases, expulsion from the University.

Item

Action

Done?

1

All images and tables are fully referenced.

 

2

I have not copied any material from anywhere else. All sentences have been paraphrased into my own words.

 

3

All references appear in the references section at the end of the presentation.

 

4

All references are cited in the text in the form of (author, year). See https://www.bcu.ac.uk/library/services-and- support/referencing for more details.

 

5

If I have used quotes, these are fully referenced, appear in quotation marks and form only a small part of my work.

 

Content

Is your work complete? Have you included all the required elements?

Content

Is your work complete? Have you included all the required elements?

Item

Action

Done?

1

I have created the asset register, identified the threat and vulnerabilities and overall risks.

 

2

I have chosen the 15 assets with the highest ranking and calculated the overall risk

 

3

I have evaluated the conformance of security management processes against the ISO 27001, recommended mitigating controls and provided a statement of applicability.

 

4

I have completed the business continuity plan including the business impact analysis

 

5

I have completed all the tasks and uploaded the report to Moodle

 

 

Buy Custom Answer Of CMP7241 CWK Assignment & Raise Your Grades

Get A Free Quote

Looking for the solution of the CMP7241 Information Security Governance CWK Assignment? Look no further! There are specialized professionals for all categories of assignments who offer you plagiarism-free and superior content. You are assured that our computer science assignment help service will make you productive and help you achieve high grades in your academic year. A free list of BCU Assignment Samples written by PhD experts is also provided here that can help you boost your study power and check the quality of the assignment. So contact us today and get your top-notch assignment!

Workingment Unique Features

Hire Assignment Helper Today!


Latest Free Samples for University Students

RBP020L063H Leadership and Change Management Assignment Sample

Category: Assignment

Subject: Management

University: University of Roehampton

Module Title: RBP020L063H Leadership and Change Management

View Free Samples

HRMM080 Ethical and Responsible Leadership AS2 Reflective Portfolio Sample

Category: Assignment

Subject: Management

University: University of Northampton

Module Title: HRMM080 Ethical and Responsible Leadership

View Free Samples

ACAD1346 The child’s live Experience Developing Confidence Learners Assignment Sample

Category: Assignment

Subject: Education

University: University of Greenwich (UOG)

Module Title: ACAD1346 The child’s live Experience Developing Confidence Learners

View Free Samples

NUR7011 Developing Healthcare Leaders Assignment Sample | BPP

Category: Assignment

Subject: Nursing

University: BPP University

Module Title: NUR7011 Developing Healthcare Leaders

View Free Samples

Project Management, Leadership and Skills: Planning & Control Portfolio Example

Category: Assignment

Subject: Management

University: University of Salford Manchester

Module Title: Project Management, Leadership and Skills: Planning & Control

View Free Samples
Online Assignment Help in UK