Cybersecurity and Information Management Level 7 Assessment Brief 2025-26

Submission deadline date and time

This assessment comprises of two tasks as described below:

1.TASK 1: You are expected to submit one 7-minute podcast and associated artefacts at the final submission point on Blackboard.

The podcast submission deadline is by no later than 18:59 on Friday, the 24th of October 2025. Any submission received after 18:59 of the date (even if only by a few seconds will be considered as late).

2.TASK 2: You are expected to attempt 80 multiple-choice questions (MCQs) spread over 4 weeks (20 questions per week)

During the second hour of your respective timetabled seminar sessions in week 3, 4, 5, and 6, the MCQ segment of the Blackboard site will open and you would be expected to attempt 20 multiple-choice questions, per week, directly associated with the lecture theme from the prior week. The test will be open book styled. 

Students with a Reasonable Adjustment Plan (RAP) or Carer Support Plan should check their plan to see if an extension to this submission date has been agreed.

How to submit

After developing your podcast audio and the associated artefacts (case study document and subtitle file), you would be expected to submit three separate files on Blackboard.

Please ensure to submit by uploading:

1. One Podcast Case Study showing evidence of scholarly research (in .docx file format). Ensure to save the case study Microsoft Word document (.docx) with your student ID and then upload to Turnitin on Blackboard.
2. The Cliphamp Link to One Audio file (rendered in .mp3 or .mp4 file format)
3. One Closed Caption (SubRip Subtitle) file (in .srt file format)

Note: Ensure your podcast audio is NOT LESS than 5 minutes and does NOT EXCEED 7 minutes. Anything beyond the recommended timescale will not be considered in the marking and scores allocation.

You should submit the three items (two files, and one Clipchamp link) to three different allocated areas on Blackboard by the date set on the schedule (i.e., 18:59 on Friday, the 24th of October 2025). You will be shown where to submit at the appropriate time.

As the University will mark assessments anonymously where this is possible, please use your student roll number and not your name on your submission. 

Assessment task details and instructions

The assessment is a digital portfolio, which includes two distinct tasks:

• A podcast comprising three artefacts (submitted as 2 files and 1 audio link) 
• 80 multiple-choice questions

Detailed instructions on the tasks are below: 

TASK 1: PODCAST AND ASSOCIATED ARTEFACTS (60%)

During your respective timetabled seminar sessions in week 2, 3, 4, and 5, you will be supported by the tutor to develop a 7-minute-long podcast involving two speakers discussing a specific cybersecurity breach. You are expected to learn and utilise a combination of various digital applications, including Microsoft Clipchamp and Google NotebookLM, to develop your podcast. Full guidance will be provided in a slide deck and practically at various points during the seminar sessions. For the case study, you can choose to base your podcast on (a) the 2025 cyber-attack on a UK retailer, The Co-Op, OR (b) the 2025 ransomware attack on another UK retailer, Marks and Spencer (M&S). Choose one case study only.

Your 7-minute podcast, involving two speakers, should provide a detailed and engaging discussion on only one of the two provided case studies. 

Your case study document must:

• Include a one-page executive summary: This portion should provide a high-level overview of your podcast's content. It must include a brief synopsis of the chosen case study, key findings from your analysis, and your proposed solution. Think of this as a professional briefing document that someone in a leadership role could read to quickly grasp the essential details of your research. This half-page summary should be concisely written and to the point – and placed at the beginning of the document.
• Introduce the case study: Provide a brief overview of the chosen cyber-attack, including the date it occurred, the type of attack (e.g., ransomware, phishing), and the target organisation.
• Discuss the attack vectors: Explain how the cybercriminals gained access to the system. What vulnerabilities were exploited? This is where you'll demonstrate your understanding of the technical side of the breach.
• Analyse the impacts: Discuss the consequences of the breach. This should cover both financial and reputational damage to the company, as well as the impact on customers and other stakeholders. This is where you'll demonstrate your understanding of the business implications of the breach.
• Critique the response: Evaluate how the affected company responded to the breach. Did they communicate effectively with their customers? Were their mitigation strategies successful? What lessons can be learned from their response?
• Propose a solution: Based on your analysis, suggest a preventative strategy or a robust action plan that could have either prevented the breach or minimised its damage. This should demonstrate your ability to think strategically about risk management and information security. This is where you'll demonstrate your understanding of the managerial side of the breach.
• Include a list of references: This is where you demonstrate the rigour of your research. You must provide a properly formatted list of all the sources you used to inform your podcast and executive summary. This should include academic papers, industry reports, news articles, and any other credible sources. Ensure to adopt APA 7th edition using proper in-text quotation and the actual reference list at the end. Additionally, insert hyperlinks to your referenced journal industry reports or websites, etc., where necessary. This list is essential for ensuring the credibility and academic integrity of your work.
  These segmented portions of the document are designed to enrich your presentation and showcase your analytical, technical, business, managerial, strategy, and research skills. Please restrict your document to five pages, maximum:
• One executive summary page, max. You can include the case study title, date, and you student roll number here too. 
• Three case study research notes pages, max, and
• One reference page, max.

Digital Application Utilisation 

A key component of this task is your ability to effectively use modern digital tools to enhance your workflow and the quality of your output, and to communicate academic language to a lay audience. You are expected to learn and utilise a combination of various digital applications, including Microsoft Clipchamp and Google NotebookLM.

Step 1: Google NotebookLM for Podcast production: Google NotebookLM is a powerful tool you will use to organise and synthesise your research materials. You will upload your chosen source documents, including your well-researched case study document, and relevant news articles, academic papers, and official reports related to your chosen case study into a new notebook. You should then leverage NotebookLM's AI-powered capabilities to generate a two-person 7-minute-long podcast audio by activating the "Audio Overview" feature on the app. Once the audio is ready, preview it by listening from start to finish. If satisfied, download the .mp3 file, which will later be uploaded to Clipchamp. If unsatisfied with the output, tweak your input (i.e., the AI-generated prompt, and uploaded documents, etc.,) and repeat the process until you get a satisfactory podcast audio. This iterative creative process will help you understand the core issues of the breach, including the technical details, the business impact, and the company's response. A step-by-step guide on how to create this audio file will be provided in a slide deck and in-class seminars.

Step 2: Microsoft Clipchamp for Podcast Post-Production: You will use Microsoft Clipchamp to produce and edit your podcast by uploading the .mp3 file downloaded from Google NotebookLM. Podcast production, in this regard, includes arranging segments, inserting background music, adding an introductory and concluding segment (e.g., a short jingle), inserting video or similar multimedia template elements (optional), and ensuring the final podcast is a professional, polished 7-minute podcast file. You will be assessed on the clarity of your audio, the seamlessness of your edits, and the overall quality of the final podcast file. This tool is chosen for its user-friendly interface and accessibility, allowing you to focus on the content and structure of your discussion. 

Remember that your goal is to not only demonstrate your technical and managerial understanding of a significant cybersecurity breach but also to showcase your ability to use modern digital tools for content creation, knowledge synthesis, and effective communication to a lay audience.

TASK 2: MULTIPLE-CHOICE QUESTIONS (40%)

During week 3, 4, 5, and 6, the respective MCQ segment of the Blackboard site for each week will open and you would be expected to attempt 20 multiple-choice questions, per week, directly drawn from the lecture theme discussed the prior week. Each question will be worth 0.5 marks. In other words, you can score up to a maximum of 10 marks per week if you get all the answers correctly. At the end of week 6, you must have completed all 80 questions as the segment will automatically close by 18:59 on Friday, the 24th of October 2025.

Furthermore, this segment of the assessment is practice based and directly aligned to key learnings from the British Computer Society’s Certificate in Information Security Management Principles (CISMP) and is particularly aimed at helping you prepare for the certification. 

Assessment Criteria

How Your Digital Portfolio Will Be Marked

Your digital portfolio will be assessed based on several key criteria for both the podcast and the multiple-choice questions. We are looking for scholarly rigour, critical thinking, and the effective application of digital tools.

Marks Will Be Awarded For:

• Integration of a Wide Range of Knowledge: You'll be marked on your ability to synthesise knowledge from various sources, including academic papers, industry reports, and reputable news sites. We expect you to go beyond the provided case study materials and discussions in the lectures and seminars to demonstrate a deep understanding of the topic
• Critical Analysis and Synthesis of a Theme: Your work should not be merely descriptive. We want to see you critically analyse the chosen cyber-attack, exploring its causes, impacts, and the response from the organisation. Your ability to show original thinking and connect different aspects of the breach is required.
• Appropriate Use of AI and Multi-media Elements: For the podcast, we are assessing how well you've used tools like Google NotebookLM and Microsoft Clipchamp to create a professional and engaging audio file.

This includes the quality of your audio, the seamlessness of your edits, and the inclusion of any optional multimedia elements. The submission of a professional-looking and functioning closed caption (.srt) file is also a key part of this criterion.

• Professional Academic Referencing: All claims in your case study document must be supported with evidence from a wide range of credible sources. You are expected to use APA 7th edition for both in-text citations and your final reference list, with active hyperlinks included for digital sources.
• Well-Structured and Professional Writing: Your podcast case study document should be well-organised, clear, and professional in its presentation. The one-page executive summary must be concise and to the point, while the 3-page main body of the document should flow logically from one section to the next.
• Understanding and Application of Concepts: Your work will be marked on how well you've understood and applied key concepts related to cybersecurity and information management, as aligned to the BCS Certificate in Information Security Management Principles, and covered in the lectures, seminars, and readings. This will be assessed in both your podcast and your performance in the weekly MCQs.

Marks May Be Deducted For:

• Plagiarism: Any unreferenced work copied from other sources will be penalised.
• Incomplete Tasks: Failing to submit all three required podcast artefacts (the case study document, the Clipchamp audio link, and the subtitle file) or not completing the weekly MCQs.
• Misunderstanding of Concepts: Submitting work that demonstrates a lack of understanding of the key concepts discussed in the module.
• Lack of Criticality or Imagination: Your work must be reflective and critical, not just a simple description of events. We are looking for originality and insight.
• Poor Effort: The quality of your submissions should reflect the effort expected of a master's level student.
• Exceeding Time/Page Limits: Podcast audio files that are not within the 5- to 7-minute range and case study documents exceeding the 5-page limit may be penalised.

Please see the Assessment Marking Rubric at the end of this document for more details about mark allocations and your obligations.

Knowledge and Understanding

Assessed Intended Learning Outcomes

On successful completion of this assessment, you will be able to:

• Apply knowledge of core information security management concepts—including confidentiality, integrity, availability, vulnerability, threats, risks, and countermeasures – to real-world business and organisational scenarios (ILO 1).
• Develop strategic solutions for managing information and cybersecurity, encompassing risk management, threat analysis, security policies, and incident response, while considering legal, ethical, and regulatory requirements within a global and AI-reliant context (ILO 2).
• Critically evaluate various digital and AI-enabled architectural solutions and provide informed recommendations to ensure their safety and security (ILO 3).
• Mitigate the human factor in cybersecurity by applying knowledge and guidance to address the potential threats posed by user behaviour and human error (ILO 4).

Practical, Professional or Subject Specific Skills

• Information Security Management & Governance: You will be able to apply your knowledge of relevant current legislation and regulations (e.g., GDPR, NIS 2 Directive), as well as national and international standards and frameworks (e.g., ISO 27001, NIST Cybersecurity Framework). This practical skill is essential for ensuring an organisation's compliance and for developing robust governance policies in a global, AI-reliant environment (ILO 2).
• Strategic & Critical Thinking: You will learn to diagnose the complexities of information security management. This involves assessing the intricate interplay of technology, human factors, and business strategy to understand where vulnerabilities and risks exist within an organisation's information environment (ILO 1, 2, & 4).
• Digital Skills & Tools Proficiency: This module requires you to demonstrate proficiency with a variety of digital tools. You will have developed your skills in using Microsoft Clipchamp for professional multimedia production and Google NotebookLM for advanced research and knowledge synthesis. This practical experience bridges the gap between academic theory and the digital competencies required in today's workplace (ILO 1, 2, 3, & 4
• Professional Certification Preparation: The knowledge and skills you acquire will directly prepare you to sit for and undertake the BCS Certificate in Information Security Management Principles. This demonstrates your readiness to enter the professional world with a recognised industry certification (ILO 1, 2, 3, & 4).

Assessment Marking Rubric

Please see the Assessment Rubric below for more clarity on what we expect from you and how various segments of the assessment will be scored.