Keys to Assignment Success:

Assignment 2: Information Security (basic

risk assessment, All Stars Dance)
This assignment’s goal is to get you to use the tools and techniques to perform a basic
risk assessment. Your goal is to identify assets, evaluate and communicate risks, risk
control strategies. As part of this you will also need to quantify risks using a weighted
factor analysis, classify data, and propose recommendations.

Assignment Brief
In this Assignment you will be required to perform a basic risk assessment and
apply concepts covered from weeks 1 through 10. The deliverable is a (maximum
2500) word report detailing information security recommendations associated
with a small dance club.

 Introduction, introduce your report and what you will cover

 Identify and categorise information assets. This includes both digital
and physical assets. Minimum of 20 assets (max 30). Assets should
be categorised
 Prioritise the information assets using a weighted factor analysis
 Identify threats and vulnerabilities to the information assets. Given
the amount of threats a threat category may suffice, i.e., for the CMS
you may simply use the threat category software attacks
 Create a risk rating for each asset. You may use the simple method
(likelihood * impact)
 Include with your risk assessment table a control strategy, i.e.,
mitigate, defend, accept
 Recommend an appropriate data classification schema and justify
why you chose a particular classification system.
 Recommend security controls where necessary, i.e., access control
 Reference ISO27001 / ISO27002 where appropriate

PRO TIP
Always address the assignment instructions.

Some keys to understanding the assignment instructions have been highlighted above.

For example (from the Assignment Brief):

 “Introduce your report and what you will cover”
o If you don’t write an appropriate introduction for your assignment you will not have
completed one of the assignment requirements.
 “Identify and categorise information assets. This includes both digital and physical
assets. Minimum of 20 assets (max 30). Assets should be categorised”
 Marking guide
This assignment is worth a total of 30 marks, which are distributed as shown below

Item Marks
Language and Presentation 4
 Formal language
 Professionally
formatted/drawn diagrams
 Keeping to required format
 Logically structured
 Introduction reflects body of
report
Asset Identification 5
 Assets identified appropriate
to the case study
 Minimum of 20 identified and
categorized correctly
Weighted Factor Analysis 5
 Critical impact factors
appropriate to case study
 Critical impact factors justified
 Performed weighted factor
analysis on information assets
Risk 5
 Risk rating calculated
(likelihood / impact matrices)
 Appropriate threats /
vulnerability identified to
asses risk
 Control strategy identified for
threats to assets
Data Classification 4
 Data classification schema
recommendation appropriate
for case study
 Justified chosen tier system
Recommendations 4
 Recommended security
controls where necessary
 Referenced ISO27001 /
ISO27002
Referencing 3
 Appropriate use of in-text
references
 Appropriate use of academic
references

PRO TIP
Know how marks can be allocated.
Assignment Example
Following is a silly example. But, the writing style, research and analysis are
appropriate. This example mirrors the assessable components of your CSI2102
Principles of Information Security Assignment 2.

You should apply your own rigorous research in order to develop an appropriate risk
assessment.

Example Assignment Brief

In this Example Assignment we will perform a basic risk assessment and
prepare report detailing risk management recommendations associated
with operation of a small hardware store, “Box-o-hammers Hardware”
(BH).

The hardware store has 10-20 employees, holds a typical hardware store
range of stock from sticky tape to chainsaws. Each staff member has an
area of expertise, with one senior supervisor being rostered on for each
section.

The hardware store offers services from key cutting to gas bottle refills.
Many of the services are offered as a convenience to customers to ensure
they return frequently. For example, the gas refill service is time
consuming and dangerous as small consumer gas bottles are manually
refilled from a larger gas tank. A small bottle refill is approximately $7 and
is done while the customer waits, and the entire process takes three to five
minutes.

The hardware store operations are run by 5 people in which is generally

referred to as the “back office” team. These staff are responsible for
payroll, accounting, stock management (ordering and stocktake), pricing
and marketing.

The hardware store has requested a risk management plan to help them
avoid critical incidents that could put them out of business or cost them a
lot of money.
 Business Risk Assessment and Recommendations
for
Box-o-Hammers Hardware

Unit: Hardware Store Management (HSM-8002-2019)

Assessment: Assignment 1
Word count: 1370 (excluding citations, references and tables)
Prepared by: H. SOLO
Student ID: 1337
Tutor: Dr Vader

Title page – with an appropriate title,

student information, unit and assignment
details.

1
Page
Table of Contents

Introduction....................................................................................................................3
........................................................................................................................................3
Asset Identification........................................................................................................3
Justification for criteria and criterion weights...........................................................4
Impact on safety (criterion weight 50%)................................................................4
Impact on sales (criterion weight 25%).................................................................4
Impact on brand (criterion weight 15%)................................................................4
Impact on theft (criterion weight 10%)..................................................................4
Information classification recommendation ..................................................................5
Asset Identification Table..............................................................................................6
Risk Rating and Control Strategy..................................................................................7
Risk management recommendations..............................................................................9
Recommendation 1 – Manage risk of fire during gas bottle refilling....................9
Recommendation 2 – Outsource management of operations.................................9
Conclusion....................................................................................................................10

2
Page