Soft Etro Ampus: #3, de Fonseka Road, Colombo 04

ESOFT METRO CAMPUS
#3, De Fonseka Road, Colombo 04.
Higher National Diploma in Computing & Systems Development / Business Management
Name Name of Group Members (If

ESOFT Reg. No Applicable)
Edexcel No
Module Name Managing a Successful Computing Project
Name of the Lecturer
Date Due
Date Submitted
Fine
Email-Address
Contact No
Check List () CD Assignment Formatting Sheet Harvard Referencing
Brief
Signature on Signature on Student Declaration
Coversheet
Herewith I agree for the given terms and conditions on plagiarism & Academic dishonesty also I declare the work
submitted doesn’t breach these regulation.
Note: Keep the softcopy of the assignment with you until the official results released by ESOFT. ESOFT has all rights to request the softcopy again
at any time. _________________ ________________________

Signature Date
Higher National Diploma in Computing & Systems Development / Business Management
Assignment Submission Form
Name
Student Reg. No
Edexcel No
Module Name Managing a Successful Computing Project
Name of the Lecturer
Date Due
Date Submitted
Fine
Email-Address
Contact No
Check List () CD Assignment Formatting Sheet Harvard Referencing
Brief
Signature on Signature on Student Declaration
Coversheet
I will keep the copy of this sheet until I receive the Results of my Submitted work
_______________________ ________________________
Signature Date
Higher Nationals
Internal verification of assessment decisions – BTEC (RQF)
INTERNAL VERIFICATION – ASSESSMENT DECISIONS

Programme title BTEC Higher National Diploma in Computing
Assessor Internal Verifier

Unit 6 Managing a Successful Computing Project
Unit(s)
Vulnerability Assessment – Management Information System (MIS) Project
Assignment title
Student’s name
List which assessment Pass Merit Distinction
criteria the Assessor has
awarded.
INTERNAL VERIFIER CHECKLIST
Do the assessment criteria awarded match

those shown in the assignment brief? Y/N
Is the Pass/Merit/Distinction grade awarded

justified by the assessor’s comments on the Y/N
student work?
Has the work been assessed

Y/N
accurately?
Is the feedback to the student:
Give details:
• Constructive?
Y/N
• Linked to relevant assessment
criteria? Y/N
• Identifying opportunities for

improved performance? Y/N
• Agreeing actions? Y/N
Does the assessment decision need

Y/N
amending?
Assessor signature Date
Internal Verifier signature Date

Programme Leader signature(if
Date
required)
Confirm action completed
Remedial action taken
Give details:
Assessor signature Date
Internal Verifier
Date
signature
Programme Leader
Date
signature (if required)
Higher Nationals - Summative Assignment Feedback Form
Student Name/ID
Unit Title Unit 6 Managing a Successful Computing Project
Assignment Number 1 Assessor

Date Received 1st
Submission Date
submission
Date Received 2nd
Re-submission Date
submission
Assessor Feedback:
LO1. Assess risks to IT security
Pass, Merit & Distinction P1 P2 M1 D1

Descripts
LO2. Describe IT security solutions.

Descripts
LO3. Review mechanisms to control organisational IT security.

Pass, Merit & Distinction P5 P6 M3 M4 D2
Descripts
LO4. Create and use a Test Plan to review the performance and design of a multipage website.
Descripts
Grade: Assessor Signature: Date:
Resubmission Feedback:
Grade: Assessor Signature: Date:
Internal Verifier’s Comments:
Signature & Date:

* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and grades decisions have
been agreed at the assessment board.
Pearson
Higher Nationals in
Computing
Unit 6: Managing a Successful Computing Project
General Guidelines
1. A Cover page or title page – You should always attach a title page to your assignment. Use previous page as
your cover sheet and be sure to fill the details correctly.
2. This entire brief should be attached in first before you start answering.
3. All the assignments should prepare using word processing software.
4. All the assignments should print in A4 sized paper, and make sure to only use one side printing.
5. Allow 1” margin on each side of the paper. But on the left side you will need to leave room for binging.
Word Processing Rules

1. Use a font type that will make easy for your examiner to read. The font size should be 12 point, and should
be in the style of Time New Roman.
2. Use 1.5 line word-processing. Left justify all paragraphs.
3. Ensure that all headings are consistent in terms of size and font style.
4. Use footer function on the word processor to insert Your Name, Subject, Assignment No, and Page
Number on each page. This is useful if individual sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to help edit your assignment.
Important Points:
1. Check carefully the hand in date and the instructions given with the assignment. Late submissions will not be
accepted.
2. Ensure that you give yourself enough time to complete the assignment by the due date.
3. Don’t leave things such as printing to the last minute – excuses of this nature will not be accepted for failure
to hand in the work on time.
4. You must take responsibility for managing your own time effectively.
5. If you are unable to hand in your assignment on time and have valid reasons such as illness, you may apply
(in writing) for an extension.
6. Failure to achieve at least a PASS grade will result in a REFERRAL grade being given.
7. Non-submission of work without valid reasons will lead to an automatic REFERRAL. You will then be asked to
complete an alternative assignment.
8. Take great care that if you use other people’s work or ideas in your assignment, you properly reference
them, using the HARVARD referencing system, in you text and any bibliography, otherwise you may be guilty
of plagiarism.
9. If you are caught plagiarising you could have your grade reduced to A REFERRAL or at worst you could be
excluded from the course.
Student Declaration
I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as my own
without attributing the sources in the correct way. I further understand what it means to copy another’s work.
1. I know that plagiarism is a punishable offence because it constitutes theft.

2. I understand the plagiarism and copying policy of the Edexcel UK.
3. I know what the consequences will be if I plagiaries or copy another’s work in any of the assignments for this
program.
4. I declare therefore that all work presented by me for every aspects of my program, will be my own, and
where I have made use of another’s work, I will attribute the source in the correct way.
5. I acknowledge that the attachment of this document signed or not, constitutes a binding agreement
between myself and Edexcel UK.
6. I understand that my assignment will not be considered as submitted if this document is not attached to the
attached.
Student’s Signature: Date:

(Provide E-mail ID) (Provide Submission Date)
Assignment Brief
Student Name /ID Number
Unit Number and Title Unit 6: Managing a Successful Computing Project
Academic Year 2017/2018
Unit Tutor
Assignment Title Vulnerability Assessment - Management Information System Project
Issue Date
Submission Date
IV Name & Date
Submission Format:
The submission is in the form of an individual written report. This should be written in a concise, formal
business style using single spacing and font size 12. You are required to make use of headings, paragraphs
and subsections as appropriate, and all work must be supported with research and referenced using the
Harvard referencing system. Please also provide an end list of references using the Harvard referencing
system.
Unit Learning Outcomes:
LO1 Establish project aims, objectives and timeframes based on the chosen theme.
LO2 Conduct small-scale research, information gathering and data collection to generate knowledge to
support the project.
LO3 Present the project and communicate appropriate recommendations based on meaningful
conclusions drawn from the evidence findings and/or analysis.
LO4 Reflect on the value gained from conducting the project and its usefulness to support sustainable
organizational performance.
Assignment Brief and Guidance:
Vulnerability Assessment - Management Information System (MIS) Project
Management Information Systems (MIS) plays a very important role in today’s organizations; it creates
an impact on the organization’s functions, performance and productivity. A Management Information
System (MIS) ensures that an appropriate data is collected from the various sources, processed and send
further to all the needy destinations. A system is expected to fulfill the information needs of an individual,
a group of individuals, management functionaries, managers and top management to improve efficiency
and productivity.
On contrary, any system can be compromised with vulnerability issues. This is mostly in area of
confidentiality, integrity and availability (security triangle).
You’re advised to provide solutions for improvements for a selected Management Information System’s
in a selected organization in the area of how to improve aspects of confidentiality, integrity and
availability (security triangle) through a vulnerability study assessment.
You should investigate the causes and impacts of vulnerabilities within computing systems and explore
the solutions to the problems presented in order to make recommendations to improve their security for
Management Information System. The expected solution of the project is a vulnerability assessment and
action plan which includes, issues of varying severity.
In general, the vulnerability assessment may focus on a test of security infrastructure devices, network
servers, operational systems (including Windows and Linux), physical security of buildings, and wireless
internet security. You have to mainly focus on how can vulnerabilities in an existing system be identified
and counteracted.
 Discover unknown entry points both physical and electronic – that is threat to the overall
confidentiality, integrity, and availability of network data and resources.
 Problem can be discovered in the areas of installing, configuring, and maintaining servers and
infrastructure equipment as well as practices of different department managers and staff tend to
have different ways of managing their IT.
 Recommendations for standardization of upcoming infrastructure installations, configurations, and
maintenance.
 Educate and increase user awareness on what they could change to improve their security situation
in order to build confidence of using the Management Information System
 An action plan to keep their environment secure.
Your role as a student researcher means that you are not trying to perform a specific solution to any
vulnerability problem case. You have to make expert recommendations on how to tighten security
controls, based on a proven assessment methodology, that are in the best interest of the specific project of
Management Information System which may eliminate unnecessary entry points that would greatly
reduce the threat. Introducing of a set of policies and procedures for the entire Management Information
System help eliminate threats through network entry points and infrastructure. The vulnerability trends
and recurring issues that needed careful attention. The project span 03 months in order to provide an
accurate snapshot of their current security posture.
The benefit of the project is that it provides a greater awareness among the entire staff about how any
vulnerability or weakness in any functional area affects the overall security posture of the Management
Information System at large. You are required to provide a full report on vulnerabilities you found and
how you educate the Management Information System staff on what they could change to improve their
security situation with an action plan to keep their environment secure.
TASK – 01
1.1 Describe aims and objectives for vulnerability assessment project which you’re introducing. Your
explanation should include a brief introduction about the company, the MIS and other relevant
information to the assessment project.
1.2 Produce a comprehensive project management plan, the plan should include milestone schedule
and project schedule for monitoring and completing the aims and objectives of the project that
includes cost, scope, time, quality, communication, and risk and resources management.
1.3 Produce a work breakdown structure and a Gantt chart to provide timeframes and stages for
completion.
TASK – 02
2.1 Explain qualitative and quantitative research methods appropriate for meeting project aims and
objectives which you produced as vulnerability assessment project.
2.2 Evaluate the project’s management process and appropriate research methodologies applied, the
accuracy and reliability of different research methods applied for the small scale research
TASK – 03
3.1 Analyze research data using appropriate tools and techniques.
3.2 Describe appropriate recommendations as a result of research and data analysis to draw valid and
meaningful conclusions.
3.3 Evaluate the selection of appropriate tools and techniques for accuracy and authenticity to support
and justify recommendations.
TASK – 04
4.1. Provide a reflection on the value of undertaking the research to meet stated objectives with your
own learning and performance which includes a discussion of the project outcomes, its
usefulness to support sustainability of the given organization and its’ performance, the decision-
making process and changes or developments of the initial project management plan to support
justification of recommendations and learning during the project.
4.2. Evaluate the value of the project management process and use of quality research to meet stated
objectives and support own learning and performance.
Grading Rubric
Grading Criteria Achieved Feedback
LO1 Establish project aims, objectives and timeframes based on

the chosen theme
P1 Devise project aims and objectives for a chosen scenario.
P2 Produce a project management plan that covers aspects of

cost, scope, time, quality, communication, risk and resources.
P3 Produce a work breakdown structure and a Gantt Chart to
provide timeframes and stages for completion.
M1 Produce a comprehensive project management plan, milestone
schedule and project schedule for monitoring and completing the
aims and objectives of the project.
LO2 Conduct small-scale research, information gathering and data
collection to generate knowledge to support the project
P4 Carry out small-scale research by applying qualitative and

quantitative research methods appropriate for meeting project
aims and objectives.
M2 Evaluate the accuracy and reliability of different research

methods applied.
D1 Critically evaluate the project management process and

appropriate research methodologies applied.
LO3 Present the project and communicate appropriate
recommendations based on meaningful conclusions drawn from
the evidence findings and/or analysis
P5 Analyse research and data using appropriate
tools and techniques.
P6 Communicate appropriate recommendations as a

result of research and data analysis to draw valid and meaningful
conclusions.
M3 Evaluate the selection of appropriate tools and techniques for
accuracy and authenticity to support and justify recommendations.
LO4 Reflect on the value gained from conducting the project and
its usefulness to support sustainable organisational performance
P7 Reflect on the value of undertaking the research to meet

stated objectives and own learning and performance.
M4 Evaluate the value of the project management process and use

of quality research to meet stated objectives and support own
learning and performance.
D2 Critically evaluate and reflect on the project outcomes, the
decision making process and changes or developments of the initial
project management plan to support justification of
recommendations and learning during the project.
Acknowledgment
I would like to express my special thanks of gratitude to my teacher who gave me the excellent opportunity
to do this wonderful network assignment, which also helped me to doing a lot of Research, and I came to
know about so many new things. I am really thankful to them. Secondly, I would also like to thank my
parents and friends who helped me a lot in finalizing this project within the limited period.
V.DINOJAN MSCP Assignment No: 1 ii

Table of Contents
Introduction ..................................................................................................................... 5
TASK – 01 ......................................................................................................................... 6
1.1 Describe vulnerability assessment project aims and objectives with a brief introduction
of company profile. .......................................................................................................... 6
1.2 Produce a comprehensive project management plan, milestone schedule and project
schedule for monitoring and completing the aims and objectives of the project that
includes cost, scope, time, quality, communication, risk and resources management. ....... 9
Introduction to the Risk Management Plan Template ..................................................... 11
Scope ............................................................................................................................. 11
Schedule Management plan ........................................................................................... 12
Risk Management Processes ........................................................................................... 15
1.1 Identify vulnerabilities................................................................................................. 15
1.2 Analyze Risks .............................................................................................................. 16
1.3 Risk Response Planning ................................................................................................... 17
1.3 Risk Monitoring and Control ........................................................................................ 17
Cost Management .......................................................................................................... 18
Communications Management ....................................................................................... 18
Resource Management ................................................................................................... 18
1.3 Produce a work breakdown structure and a Gantt chart to provide timeframes and
stages for completion. .................................................................................................... 20
TASK – 02 ....................................................................................................................... 22
2.1 Explain qualitative and quantitative research methods appropriate for meeting project
aims and objectives. ....................................................................................................... 22
2.2 Evaluate the project management process and appropriate research methodologies
applied, the accuracy and reliability of different research methods applied for the small
scale research................................................................................................................. 30
TASK – 03 ....................................................................................................................... 34
3.1 Analyze research data using appropriate tools and techniques. ................................. 34
3.2 Describe appropriate recommendations as a result of research and data analysis to
draw valid and meaningful conclusions. .......................................................................... 37
3.3 Evaluate the selection of appropriate tools and techniques for accuracy and
authenticity to support and justify recommendations. .................................................... 42
4.1. Provide a reflection on the value of undertaking the research to meet stated
objectives with your own learning and performance which includes a discussion of the
project outcomes, its usefulness to support sustainability of the given organization and its’
performance, the decision-making process and changes or developments of the initial
project management plan to support justification of recommendations and learning
during the project........................................................................................................... 44
V. DINOJAN MSCP Assignment No: 1 iii

References ..................................................................................................................... 48
V. DINOJAN MSCP Assignment No: 1 iv

MSCP Assignment No: 1 iv
Introduction
Risk management is one of the most important aspects in creating information systems. The most frequent
reason for project failure is uncontrolled risk management where risks were not analyzed at all or
insufficiently or counter-measure to reduce or eliminate potential risks was not adopted. The authors
describe the approach that is based on the method of scenarios and the method of structured interviews but
further quantifies the obtained information and, by creating a hierarchy of potential risks based on the
probability of their materialization and the level of their impact, provides a clear instruction as to where to
mostly focus in minimizing such risks. The fundamental precept of information security is to support the
mission of the organization. All organizations are exposed to uncertainties, some of which impact the
organization in a negative manner. In order to support the organization, IT security professionals must be
able to help their organizations’ management understand and manage these uncertainties. Managing
uncertainties is not an easy task. Limited resources and an ever-changing landscape of threats and
vulnerabilities make completely mitigating all risks impossible. Therefore, IT security professionals must
have a toolset to assist them in sharing a commonly understood view with IT and business managers
concerning the potential impact of various IT security related threats to the mission. This toolset needs to be
consistent, repeatable, and cost-effective and reduce risks to a reasonable level. Risk management is nothing
new. There are many tools and techniques available for managing organizational risks. There are even a
number of tools and techniques that focus on managing risks to information systems.
MSCP Assignment No: 1 5

TASK – 01
1.1 Describe vulnerability assessment project aims and objectives with a brief introduction of
company profile.
Vulnerability assessment
Vulnerability assessment it is a security analysis that has the goal of identifying all the potential
vulnerabilities of systems and applications. Highly qualified personnel, in a second moment, integrate and
verify the results through manual activities. The testing process used to identify and assign severity levels to
as many security defects as possible in a given timeframe. This process may involve automated and manual
techniques with varying degrees of rigor and an emphasis on comprehensive coverage. These activities have
the purpose of refining the research highlighting eventual errors during the process. A vulnerability
assessment Using a risk-based approach, vulnerability assessments may target different layers of technology,
the most common being host-, network-, and application-layer assessments. (Swascan, 2017)
About company
Maharaja Food Private Limited Is A Local Food Manufacturer That Serves Local And International
Customers Across Numerous Spheres In Their Lives With Supreme Quality Food Products. In 1958 start at
“Lanka Stores”. Today This Company Take In Pride Offering High Quality And Affordable Products And
Services Specialized Arenas Of Retail, Logistics, Courier Services, Currency Exchange, Business
Consultancy And E-Commerce. This is established in 2005 under the name Maharaja Food with the aim of
food security to the mass consumer. This Company located at Maharaja Foods (Private) limited, 513, Galle
Road, Colombo-06, Sri Lanka.

Project aims and objectives
The impact of security vulnerability could allow an attacker to compromise the integrity, availability, or
confidentiality of an organization. The main objective of this vulnerability assessment project is to examine
the multi dimensions of vulnerabilities in a management Information System from the standpoint of a
student researcher. Also investigate the causes and impacts of vulnerabilities within computing systems and
explore the solutions to the problems presented in order to make recommendations to improve black lily’s
security for management information system.
Following are the aims and objectives of vulnerability assessment project.
 Research about the different kind of Vulnerability and their impact in an organisation.To assesses
vulnerabilities, first should get a well knowledge about the process of the select project area.
 Identifying the problems that can be discovered in the areas of installing, configuring, and
maintaining service and infrastructure equipment
 Identify the problem can be occur during the practice of different Apartment managers and staff tend
to have different ways of managing it
 An action plan to keep black Lilly’s environment secure. Recommend solution for identifying issues
through a document that list what steps must be taken in order to mitigate Vulnerabilities and to
secure for black Lilly’s informational assets

Management Information System
An organized approach to the study of the information needs of an organization's management at every level
in making operational, tactical, and strategic decisions. In a management information system, modern,
computerized systems continuously gather relevant data, both from inside and outside an organization. This
data is then processed, integrated, and stored in a centralized database where it is constantly updated and
made available to all who have the authority to access it, in a form that suits their purpose.
(MyAccountingCourse, 2018)
Security Triangle
Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies
for information security within an organization. The elements of the triad are considered the three most
crucial components of security. These three together are referred to as the security triad, the CIA triad, and
the AIC triad. This article provides an overview of common means to protect against loss of confidentiality,
integrity, and availability. (Gibson, 2011)
Confidentiality
Confidentiality is roughly equivalent to privacy. Measures undertaken to ensure confidentiality are designed
to prevent sensitive information from reaching the wrong people, while making sure that the right people can
in fact get it: Information has value, especially in today’s world. Bank account statements, personal
information, credit card numbers, trade secrets, government documents. Everyone has information they wish
to keep a secret. Protecting such information is a very major part of information security.
Integrity
Integrity of information refers to protecting information from being modified by unauthorized parties. Data
must not be changed in transit, and steps must be taken to ensure that data cannot be altered by unauthorized
people. Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire
life cycle. Backups or redundancies must be available to restore the affected data to its correct state.
Availability
Availability of information refers to ensuring that authorized parties are able to access the information when
needed. It’s also important to keep current with all necessary system upgrades. Providing adequate
communication bandwidth and preventing the occurrence of bottlenecks are equally important.Other factors
that could lead to lack of availability to important information may include accidents such as power outages
or natural disasters such as floods.

1.2 Produce a comprehensive project management plan, milestone schedule and project schedule for
monitoring and completing the aims and objectives of the project that includes cost, scope, time,
quality, communication, risk and resources management.
Managing a Successful Computing

Research
Project Management Plan
Name: - V. Dinojan
ESOFT Reg No: - COL/A 59768
Edexcel Reg No: - KJ86949
Batch No: - 80
Contact No: - 0776869610
Email: - dinodinojan96@gmail.com

TABLE OF CONTENTS
Introduction to the Risk Management Plan Template ..................................................................................... 11
Scope ..................................................................................................................................................................... 11
Schedule Management plan ................................................................................................................................ 12
Risk Management Processes ............................................................................................................................... 15
1.1 Identify vulnerabilities ........................................................................................................................................ 15
1.2 Analyze Risks ....................................................................................................................................................... 16
1.3 Risk Response Planning .......................................................................................................................................... 17
1.3 Risk Monitoring and Control ............................................................................................................................. 17
Cost Management ................................................................................................................................................ 18
Communications Management ........................................................................................................................... 18
Resource Management ........................................................................................................................................ 18

Introduction to the Risk Management Plan Template
Risk management can be defined as the processes and structures that are directed towards realizing potential
opportunities, while simultaneously managing possible adverse impacts. From a project management
perspective, risk management is a continuous activity conducted throughout the life of the project. It seeks to
identify potential risks, evaluate their likely impact, develop mitigation plans, and monitor progress. The
Risk Management Plan is typically created early in the project’s Planning Process Phase. Risk management
planning is the process of defining how to conduct risk management activities for a project. The plan
includes how the organization will identify and address events or occurrences that could negatively or
positively affect the success of a project. The plan outlines a methodology to identify, analyze, track, and
mitigate risks during the project lifecycle. Identifying and managing risk increases the chance of a successful
project completion by reducing uncertainty associated with the project.
This template provides the suggested structure for the Risk Management Plan along with instructions and
descriptions to guide the reader in understanding how to complete it.
Project Aims and Objectives

The objective of security planning is to improve the protection of information system resources. The
protection of a system must be documented in an Information Technology (IT) Security Plan.
Scope
Risk Management Plan consists of the process and timing for identifying Vulnerability, mitigation actions
required, and organizational responsibility for monitoring and managing the Vulnerability throughout the
entire lifecycle.

Schedule Management plan
Work Breakdown Structure

Roles and Responsibilities
Role Responsibilities Participant(s)

 Ultimate decision-maker and tie- Dinojan
Project
breaker
Sponsor
 Provide project oversight and
guidance
 Review/approve some project
elements
Project  Manages project in accordance to Dinojan
Manager the project plan
 Serves as liaison to the Steering
Committee
 Receive guidance from Steering
Committee
 Supervises consultants
 Supervise vendor(s)
 Provide overall project direction
 Direct/lead team members toward
project objectives
 Handle problem resolution
 Manages the project budget
Chief  The Chief Information Officer (CIO) Mr. Tharaka

Information is the agency official responsible for
Officer developing and maintaining an
agency-wide information security
program.
Subject  Lend expertise and guidance as Ms. Sumudu

Matter needed
Experts

Risk Management Processes
In the Risk Management Processes section of Risk Management Plan, describe the method for conducting
risk management that includes: identifying risks, documenting risks, analyzing risks, planning and
implementing risk responses, and controlling risks. Define the Risk Management Process clearly enough to
identify the necessary steps, activities, and responsibilities to manage risk for the entire project lifecycle.
1.1 Identify vulnerabilities
Risk identification is the first step in the risk management process that projects should employ. Risk
identification involves identifying risks, identifying which of those risks are likely to affect the project and
documenting characteristics of those risks. All ‘Project’ team members including Stakeholders, end users,
subject matter experts, customers and sponsors are encouraged to identify and report potential risks to the
project immediately upon detection utilizing a Risk Submittal Form. Identifying risks is an iterative process
because new risks may become known as the project progresses through its project life cycle. Risk
information can initially be gathered from the business case, accumulated Lessons Learned and an initial
Risk Brainstorming Session. There are a number of Risk Identification techniques including reviewing
project documentation, brainstorming, interviewing, root cause analysis, checklist analysis, assumption
analysis, cause and effect diagrams, process flow charts, SWOT analysis, and expert judgment. Crucial to
risk identification is the input of project team members and other Stakeholders to recognize and report risks
as soon as possible. Risks can also be identified during project team meetings and should therefore be
incorporated into the meeting agenda and minutes templates for all project meetings.
1.1 Risk Identification
 Unique identifier for each risk.

 Description of each potential risk event and how it could affect the project.
 Assessment of the likelihood of occurrence and the impact/seriousness if it does.
 Grading of each risk according to a Risk Scoring Matrix.

1.2 Analyze Risks
The main focus of analyzing risks is to examine each identified risk to assess the likelihood of the risk event
occurring, and the probability outcomes associated with the risk event in order to determine its potential
impact on the success of the project. This in turn provides the ability to prioritize each risk to ensure that the
risks with the greatest potential impact to the project are dealt with first. The organization can then improve
upon project performance by focusing on high priority risks.
In the Analyze Risks section, describe the specific approaches the project will take to analyze risks and
establish priorities for development of risk responses. The probability of the risk occurring is assessed and
given a rating. Then using these ratings in conjunction with the Risk Scoring Matrix, the risks can be graded
to provide a measure of the project’s risk exposure for each.
The table below is an example of a simple Risk Scoring Matrix that provides a standard method to calculate
grading based upon combination of probability and impact ratings.
Impact (Seriousness)
Very Low Low Medium High Very High
1 2 4 8 16
Probability Very High 5 10 20 40 80

(Likelihood)
High 4 8 16 32 64
Medium 3 6 12 24 48
Low 2 4 8 16 32
Very Low 1 2 4 8 16

1.3 Risk Response Planning
Negative Risks:
 Avoid: Risk Avoidance involves changing the project management plan to eliminate the threat posed
by the risk. Some risks can be avoided by clarifying requirements, obtaining additional information,
improving communication or acquiring expertise.
 Transfer: Transferring a risk requires moving, shifting or reassigning some or all of the negative
impact and ownership to a third party. This does not eliminate the risk but gives another party the
responsibility to manage it.
 Mitigate: Risk Mitigation implies a reduction in the probability and/or impact of a negative risk.
Reducing the probability and/or impact of a risk occurring is often more effective than dealing with
the risk after it has occurred.
 Accept: This strategy indicates that the project team has decided not to change the project
management plan: schedule, approach or reduce project scope or is unable to identify another
suitable response strategy.
Positive risks or opportunities:
 Exploit: This strategy may be selected for risks with positive impacts where the organization wishes
to ensure that the opportunity is realized. This strategy eliminates the uncertainty associated with a
positive risk by ensuring that the opportunity definitely happens.
 Share: Sharing a positive risk involves allocating some or all of the ownership of the opportunity to
a third party who is best able to capture the opportunity for the benefit of the project.
 Enhance: This strategy is used to increase the probability and or the positive impact of an
opportunity, identifying and maximizing key drivers of positive risks.
 Accept: Accepting a positive risk or opportunity is being willing to take advantage of it should the
opportunity come along.
1.3 Risk Monitoring and Control
Risk Monitoring Activities

 Assess currently defined risks
 Determine actions to be taken
 Evaluate effectiveness of actions taken
 Report on the status of actions to be taken
 Validate previous risk assessment
 Identify new vulnerability
Risk Control Activities
 Validate mitigation strategies and alternatives
 Assess impact on the ‘Project’ of actions taken (scope, cost, time, schedule, & resources)
 Identify new risks resulting from risk mitigation actions
 Ensure that the projects’ Risk Management Plan is maintained
 Revise Risk Response plan

Cost Management
Plan cost management is the process of establishing policies, procedures, and documentation for planning,
managing, expanding and controlling project costs. There will be several project resources in a project and
several different types of materials will be needed, there might be necessary tool and equipment as well.
Plan cost management process aims to plan.
Cost details Cost
Travel charge 2000. 00
Stationery cost 1000.00
print out cost 300.00
Total cost 3300.000
Communications Management
The purpose of the Communications Management Plan is to define the communication requirements for the
project and how information will be distributed to ensure project success. You should give considerable
thought to how you want to manage communications on every project.
Type of Communicatio Communication

Communicatio Initiator Recipient
n Schedule Mechanism
n
Status Report every Monday meeting Project Manager Project teacher
WhatsApp Week days chat Project Manager Friends
web Free times Search about Project Manager Web page
project
Resource Management
Resource management is the process by which businesses manage their various resources effectively. Those
resources can be intangible – people and time – and tangible – equipment, materials, and finances.
Resource management plan
A resource management plan is a tool project managers use to manage their resources. Typically, a resource
management plan is used to manage the most important resource in every project: the human resource. A
project team is comprised of people with assigned roles and responsibilities for a project.

RESOURCE CALENDAR
Resource Calendar is a part of project plan. The resource calendar identifies key resources needed for the
project and the times/durations they'll be needed.

1.3 Produce a work breakdown structure and a Gantt chart to provide timeframes and stages for
completion.
Work breakdown structure

A work breakdown structure (WBS) is a chart in which the critical work elements, called tasks, of a project
are illustrated to portray their relationships to each other and to the project as a whole. The graphical nature
of the WBS can help a project manager predict outcomes based on various scenarios, which can ensure that
optimum decisions are made about whether or not to adopt suggested procedures or changes. (smartsheet,
2018)
Benefits of creating a WBS

 Provides a visual representation of all parts of a project
 Offers an ongoing view for management and team members into how the entire project is progressing
 Defines specific and measurable outcomes
 Breaks the work into manageable chunks
 Provides a way to make successful experiences repeatable
 Sets a foundation for estimating costs and allocating human and other resources
 Ensures no overlap and no gaps in responsibility or resources

Gantt chart
A Gantt chart is a bar chart that shows the tasks of a project. It is a graphical illustration of the duration of
tasks against the progression of time. Gantt charts are useful tools for planning and scheduling projects. A
Gantt chart illustrates the breakdown structure of the project by showing the start and finish dates as well as
various relationships between project activities, and in this way helps you track the tasks against their
scheduled time or predefined milestones.
Benefits of a Gantt chart

 The tool’s ability to boil down.
 Multiple tasks and timelines into a single document.
 Stakeholders throughout an organization can easily understand.
 Teams are in a process while grasping the ways in which independent.

TASK – 02
2.1 Explain qualitative and quantitative research methods appropriate for meeting project aims and
objectives.
Research methods
A research method is a systematic plan for conducting research. Research methods are the strategies,
processes or techniques utilized in the collection of data or evidence for analysis in order to uncover new
information or create better. Research is a systematic inquiry to describe, explain, predict and control the
observed phenomenon. Research involves inductive and deductive methods. Inductive research methods are
used to analyze the observed phenomenon whereas; deductive methods are used to verify the observed
phenomenon. Inductive approaches are associated with qualitative research and deductive methods are more
commonly associated with quantitative research.
Quantitative methods aim to classify features, count them, and create statistical models to test hypotheses
and explain observations. Qualitative methods aim for a complete, detailed description of observations,
including the context of events and circumstances. (LIBRARIES, n.d.)

Qualitative Research
Qualitative research is a methodology which focuses on how people feel. What they think and why they
make certain choices. That kind of research is used for getting the larger, more close-up picture of the issue
in order to understand something deeper and dig the problem until the cause. This is a non- statistical
research method. Qualitative research is heavily dependent on the experience of the researchers and the
questions used to probe the sample. Open-ended questions are asked in a manner that one question leads to
another. The purpose of asking open-ended questions is to gather as much information as possible from the
sample.
Qualitative Research Methods

Qualitative research is a research method that collects data using conversational methods, where participants
involved in the research are asked open-ended questions. The responses collected are essentially non-
numerical. This method not only helps a researcher understand. Following are the methods used for
qualitative research
 One-to-one interview: - This interview technique is systematically planned and as the name
suggests is conducted with one participant at a given point in time. One-to-one interviews need a
researcher to prepare questions in advance and to make sure the researcher asks only the most
important questions to the participant.
 Focus groups: - Focus groups are small groups comprising of around less participants who are
usually experts in the subject matter. A moderator’s experience in conducting focus group plays an
important role.
 Ethnographic Research: - Ethnographic research is an in-depth form of research. This method can
prove to be a bit demanding in terms of a researcher getting adapted to the natural environment.
 Case study research: - Case study research, as the name suggests is used to study an organization or
an entity. This type of research is used in fields like education sector, philosophical and
psychological studies.
In this following methods techniques what I have used for the research is Interviews.

Interviews
Interview is a conversation where questions are asked and answers are given. In common parlance, the word
"interview" refers to a one-on-one conversation between an interviewer and an interviewee. The interviewer
could adopt a formal or informal approach, either letting the interviewee speak freely about a particular issue
or asking specific pre-determined questions. Also, it is difficult to pay attention to the non-verbal aspects of
communication and to remember everything consequently; it can be helpful for the researchers to have some
kind of additional record of the interview such as an audio or video recording. They should of course obtain
permission before recording an interview.
Reasons for using interviews
 Interviews can be useful as follow-up to certain respondents to surveys.
 Investigate issues in an in depth way.
 Discover how individuals think and feel about a topic and why they hold certain opinions.
 Investigate the use, effectiveness and usefulness of particular library collections and services.
 Inform decision making, strategic planning and resource allocation.
 Sensitive topics which people may feel uncomfortable discussing in a focus group.
 Add a human dimension to impersonal data.
 Deepen understanding and explain statistical data.
Advantages of interviews
 They are useful to obtain detailed information about personal feelings, perceptions and opinions.
 They allow more detailed questions to be asked.
 They usually achieve a high response rate.
 Respondents' own words are recorded.
 Ambiguities can be clarified and incomplete answers followed up.
 Precise wording can be tailored to respondent and precise meaning of questions clarified.
 Interviewees are not influenced by others in the group.
 Some interviewees may be less self-conscious in a one-to-one situation.
 Interview questions also give the employer to know what all expectations the respondent has towards
the company.
 The respondent steers the course of the interview in case of structured and unstructured interview.
 Try to ask for clarification and other aspects before and allow the interviewee to steer the direction of
the interview.

Interviews Questions
1. Tell about your company?
2. What is your greatest strength?
3. What is your greatest weakness?
4. Explain your company facing risk, vulnerability and threat?
5. Tell us about your Personal achievements or certifications?
6. How do you govern various security objects?
7. How do you handle Antivirus alerts?
8. Do you use fingerprint readers to Keep track of the attendance and time of your employees?
9. How do you report risks?
10. What is an incident and how do you manage it?

Quantitative Research
Quantitative research is a structured way of collecting and analyzing data obtained from different sources.
Quantitative research involves the use of computational, statistical, and mathematical tools to derive results.
The main purpose of quantitative research and analysis is to quantify the data and assess it from the angle of
numbers and other commonly adopted metrics. This research method uses a computational, statistical and
similar method to collect and analyze data. Quantitative research involves a larger population as more
number of people means more data. In this manner, more data can be analyzed to obtain accurate results.
This type of research method uses close-ended questions because, in quantitative research, the researchers
are typically looking at measuring the extent and gathering foolproof statistical data. Online surveys,
questionnaires, and polls are preferable data collection tools used in quantitative research. Survey
respondents can receive these surveys on mobile phones, emails or can simply use the internet to access
surveys or questionnaires.
Quantitative Research Methods

Quantitative research methods are the methods that deal with numbers and anything that can be dealt with a
measurable form, in a systematic way of investigating the phenomenon. It is used to answer questions in
terms of justifying relationships with measurable variables to explain, predict or control a phenomenon.
There are two methods that are often used by researchers to conduct this type of research, they are.
 Online surveys: - The final goal of survey research is to learn about a large population by deploying
the survey. Gone are the days where a survey was carried out using a pen and a paper. Today, online
surveys are a popular mode of research as they are convenient and can be sent in an email or made
available on the internet. In this method, a researcher designs a survey with most relevant survey
questions and deploys the survey.
 Questionnaires: - A questionnaire is a research instrument consisting of a series of questions for the
purpose of gathering information from respondents.
In this two following methods techniques what I have used for the research is Questionnaires.

Questionnaires
A questionnaire is a research instrument consisting of a series of questions for the purpose of gathering
information from respondents. They can be carried out face to face, by telephone, computer or post.
Questionnaires provide a relatively cheap, quick and efficient way of obtaining large amounts of information
from a large sample of people. Data can be collected relatively quickly because the researcher would not
need to be present when the questionnaires were completed. This is useful for large populations when
interviews would be impractical.
Reasons for using questionnaires
 Patterns, frequency, ease and success of use

 User needs, expectations, perspectives, priorities and preferences
 User satisfaction with collections and services
 Shifts in user attitudes and opinions
 Relevance of collections and services to user needs
Advantages of questionnaires
 Relatively easy to analyses.

 A large sample of the given can be contacted at relatively low cost.
 Simple to administer.
 Simple and quick for the respondent to complete.
 Information is collected in a standardized way.
 They are usually straightforward to analyses.

Client Security Risk Assessment Questionnaire
1. Do employees have a unique log-in ID when accessing data?

Yes
No
2. Does the organization have disaster recovery plans for data processing facilities?
Yes
No
3. Are computer systems backed up according to a regular schedule?
Yes
No
4. Are employees required to use a VPN when accessing the organization's systems from all remote
locations?
Yes
No
5. Is regular network vulnerability scanning performed?
Yes
No
I'm unsure
6. Is antivirus software installed on data processing servers?
Yes
No
7. Will your company be processing credit cards?
Yes
No

8. Does your firm require passwords or pins for mobile devices (mobiles, iPads, etc.) that can access
company email or any other business systems?
Yes
No
Some
I'm unsure
9. Does your computer screen lock after you are away from it for a while?
Yes
No
10. Are your staffs trained in how to identify unusual emails?
Yes
No
11. Can you access any websites from your PC/laptop whilst in the office?
Yes
Some, sites like gambling, violence and pornography are blocked

2.2 Evaluate the project management process and appropriate research methodologies applied, the
accuracy and reliability of different research methods applied for the small scale research.
Project management process
Project management is one of the critical processes of any project. This is due to the fact that project
management is the core process that connects all other project activities and processes together. Defines
project management as the application of knowledge, skills, tools and techniques to a broad range of
activities in order to meet the requirements of a particular project. It also requires the Budget, scope and
schedule to deliver the project objectives under the expected quality. Each one of these elements needs to be
managed in a systematic manner with the development of plans to identify the roles and resources needed.
There is also the complexity of development projects that require a different approach and a new way at
managing the limited resources and the increasing demands from all stakeholders. To manage this
complexity the project needs to be de-constructed into manageable, interrelated parts; or processes, by
separating the project into different management process the project manager has a better chance to control
the outcomes of the project and manage the challenges that can never be fully predicted during its design.
Managing a project requires that organizations take in consideration a system approach to manage the
different elements of a project. A systems approach includes a holistic view of a project environment, and an
understanding that the project is made of a series of interacting components working to meet an objective in
order to obtain the desired benefits. When it comes to the activities of project management, there are plenty.
However, these plenty of project management activities can be categorized into five main processes.
(Smartsheet, 2018)
The process of directing and controlling a project from start to finish may be further divided into 5 basic
phases
1. Project Initiation
This first stage of a project defines the business case, the justification for the project, and the goal of
this phase is to define the project at a broad level. This phase usually begins with a business case.
The value of the project is determined, as well as its feasibility. This is when you will research
whether the project is feasible and if it should be undertaken. If feasibility testing needs to be done,
this is the stage of the project in which that will be completed.

2. Project Planning
This phase is key to successful project management and focuses on developing a roadmap that
everyone will follow. This phase typically begins with setting goals. The project plan includes details
about how the project work will be carried out, how it will be monitored and controlled, how
communication will be facilitated and information about costs and timescales. The project plan will
include what resources are needed, financing and materials. There are many project management
tools available to assist with scheduling, one of the most common being the Gantt chart.
3. Project Execution
This is the phase where deliverables are developed and completed. This project since a lot is
happening during this time, like status reports and meetings, development updates, and performance
reports. The person or group assigned to carry out a task will need to know, in detail, what the task
involves as well as any dependencies and timescales, and will also need to understand the criteria by
which each task is deemed complete. This phase is made up of these detailed processes.
4. Project Monitor and Control
To ensure that the project plan is being actualized, all aspects of the project must be monitored and
adjusted as needed. Project managers will use key performance indicators (KPIs) to determine if the
project is on track. A PM will typically pick two to five of these KPIs to measure project
performance.
5. Project Closing
Once there is an approved end product the project can be formally closed and a final review held to
learn from both the successes and the mistakes and take that experience forward to the next project,
an evaluation is necessary to highlight project success and/or learn from project history.

Accuracy and reliability methods
Data accuracy and reliability are very important concerns in doing good research because inaccurate and
unreliable data lead to spurious or wrong conclusions. The relationship between indicators and measures and
the underlying concepts they are taken to measure is often contested. In effect, the validity of information is
its relevance and appropriateness to your research question and the directness and strength of its association
with the concepts under scrutiny. Reliability is, literally, the extent to which we can rely on the source of the
data and, therefore, the data itself. Reliable data is dependable, trustworthy, unfailing, sure, authentic,
genuine, reputable. Consistency is the main measure of reliability. If the researcher designs an instrument,
accuracy and reliability estimates should be made by the researcher. If an instrument is purchased, the
company from which it is purchased should provide accuracy and reliability information which the
researcher examines prior to purchase. (Blog, 2012)
Accuracy: - The degree to which an instrument measures that which is supposed to be measured. An
estimate of the validity of a measure in the form of a correlation coefficient.
Reliability: -Consistency of measurement. The degree to which an instrument measures the same way each
time it is used under the same conditions with the same subjects. An estimate of the reliability of a measure
usually in the form of a correlation coefficient.
Accuracy and reliability in Qualitative Research

Assessing the reliability of study findings requires researchers and health Qualitative research is frequently
criticized for lacking scientific issue with poor justification of the methods adopted, lack of transparency in
the analytical procedures and the findings being merely a collection of personal opinions subject bias.
Although the tests and measures used to establish the validity and reliability of quantitative research cannot
be applied to qualitative research, there are ongoing debates about whether terms such as validity, reliability
and generalizability are appropriate to evaluate qualitative research.
Accuracy and reliability in Interviews

In interviews, inferences about Accuracy are made too often on the basis of face Accuracy; one way of
validating interview measures is to compare the interview measure with another measure that has already
been shown to be valid. This kind of comparison is known as convergent validity. If the two measures agree,
it can be assumed that the validity of the interview is comparable with the proven validity of the other
measure Perhaps the most practical way of achieving greater Accuracy is to minimize the amount of bias as
much as possible. The sources of bias are the characteristics of the interviewer the characteristics of the
respondent, and the substantive content of the questions.

Accuracy and reliability in Quantitative Research
Evidence-based practice includes, in part, implementation of the ﬁndings of well-conducted quality research
studies. So being able to critique quantitative research is an important skill for nurses. Consideration must be
given not only to the results of the study but also the issue of the research. Issue refers to the extent to which
the researchers worked to enhance the quality of the studies. In quantitative research, this is achieved
through measurement of the Accuracy and reliability.
Accuracy and reliability in questionnaires
Validity of questionnaires can be seen from two viewpoints First, whether respondents who complete
questionnaires do so accurately, honestly and correctly; and second, whether those who fail to return their
questionnaires would have given the same distribution of answers as did the returnees. The question of
accuracy can be checked by means of the intensive interview method, a technique consisting of twelve
principal tactics that include familiarization, temporal reconstruction, probing and challenging the problem
of non-response It involves follow-up contact with non-respondents by means of interviewers trained to
secure interviews with such people. A comparison is then made between the replies of respondents and non-
respondents and, thereby, to increase reliability.
Accuracy and reliability common contrasts between quantitative and qualitative researches, as the
following table shows.
Quantitative Qualitative
 Number  Words
 Point of view of the researcher  Points of view of participants
 Researcher distinct  Researcher close
 Theory testing  Theory emergent
 Static  Process
 Structured  unstructured
 Generalizing  context understanding
 Hard reliable data  Rich in depth
 Macro  Micro
 Artificial settings  Natural setting

TASK – 03
3.1 Analyze research data using appropriate tools and techniques.
Data analysis
Data analysis is the process of evaluating data using analytical and statistical tools to discover useful
information and aid in business decision making. The process of extracting, compiling, and modeling raw
data for purposes of obtaining constructive information that can be applied to formulating conclusions,
predicting outcomes or supporting decisions in business, scientific and social science settings. There are a
variety of specific data analysis method, some of which include data mining, text analytics, business
intelligence, and data visualizations. Organizations and enterprises analyze data from a multitude of sources
using Big Data management solutions and customer experience management solutions that utilize data
analysis to transform data into actionable insights. Data analysis involves asking questions about what
happened, what is happening, and what will happen predictive analytics. There are a several data analysis
methods including data mining, text analytics, business intelligence and data visualization. (Galetto, 2016)
Qualitative data analysis

Qualitative data analysis refers to non-numeric information such as interview transcripts, notes, video and
audio recordings, images and text documents. Is the range of processes and procedures whereby move from
the qualitative data that have been collected, into some form of explanation, understanding or interpretation
of the people and situations investigating. Qualitative Data Analysis is usually based on an interpretative
philosophy. The idea is to the meaningful and symbolic content of qualitative data.
Qualitative data analysis can be divided into the following five categories:
1. Content analysis: - This refers to the process of categorizing verbal or behavioral data to classify,
summarize and tabulate the data.
2. Narrative analysis: - This method involves the reformulation of stories presented by respondents
taking into account context of each case and different experiences of each respondent. Narrative
analysis is the revision of primary qualitative data by researcher.
3. Discourse analysis: - A method of analysis of naturally occurring talk and all types of written text.
4. Framework analysis: -Identifying a thematic framework, coding, charting, mapping and
interpretation.
5. Grounded theory: - This method of qualitative data analysis starts with an analysis of a single case to
formulate a theory.

Qualitative data analysis tools and techniques
Qualitative research is something which is hard to predict, it requires lot of cognitive analysis. Qualitative
Research is also used to uncover trends in thought and opinions, and dive deeper into the problem.
Qualitative data collection methods vary using unstructured or semi-structured techniques. They have two
deferent tools method software tools like NVivo, ATLAS.ti, MAXQDA etc. that you can access - you can
perform Google search from Internet on their websites for more information, how to download a free trial
copy etc. Qualitative data is better analyzed tool manually. Categories data according to themes. It is
advisable to design your questionnaire in such a way that questions are categorized according to themes that
may be derived from the research questions and objectives. After all, the aim of a research project is to
provide answers to the research questions and meet the research objectives.
Here will see some software tools
NVivo: - This software used for both qualitative and mixed-methods research. Is especially used for analysis
of free text, audio, video, and image data from interviews, focus groups, surveys, social media, and journal
articles.
ATLAS: - It is one of the used tools for qualitative analysis of large data. This software comes equipped
with sophisticated features that aid organization and management of large data. Atlas is offers a large variety
of media types including txt, doc, docx, pdf, mp3, mp4, avi and a host of others.
MAXQDA: - Is encompassing software designed to aid and support qualitative, quantitative and mixed
methods research projects. It allows you to import, organize, analyze, visualize and publish all forms of data
as long as they can be collected electronically.
QDA: - Miner is qualitative analysis software that helps you manage documents, and carry out common
qualitative analysis tasks.
Text Analysis: - The system for identifying themes in texts and was designed for use in ethnographic and
discourse research. The researcher can also analyze, extract, and save coded information.

Quantitative data analysis
Quantitative analysis is based on describing and interpreting objects statistically and with numbers.
Quantitative analysis aims to interpret the data collected for the phenomenon through numeric variables and
statistics. Quantitative data analysis may include the calculation of frequencies of variables and differences
between variables. A quantitative approach is usually associated with finding evidence to either support or
reject hypotheses you have formulated at the earlier stages of your research process. Quantitative analysis
includes computational and statistical methods of analysis. Following is a list of commonly used descriptive
statistics.
1. Frequencies: – a count of the number of times a particular score or value is found in the data set.
2. Percentages: – used to express a set of scores or values as a percentage of the whole.
3. Mean: – numerical average of the scores or values for a particular variable.
4. Median: – the numerical midpoint of the scores or values that is at the center of the distribution of the
scores.
5. Mode: – the most common score or value for a particular variable.
6. Minimum and maximum values range: – the highest and lowest values or scores for any variable
Quantitative data analysis tools and techniques

Quantitative data collection and analysis tools are defined as a series of charts, maps, and diagrams designed
to collect, interpret, and present data for a wide range of applications and industries. Various programs and
methodologies have been developed for use in nearly any industry, ranging from manufacturing and quality
assurance to research groups and data collection companies. While you’ll need to understand what to do
with the data, and how to interpret the results, software that is designed for statistical analysis can make this
process as smooth and as easy as possible. A great number of tools are available to carry out statistical
analysis of data, and below we list
Spss: -A general-purpose statistical package widely used in academic research for editing, analyzing and
presenting numerical data. It is compatible with all file formats that are commonly used for structured data
such as Excel, plain text files and relational (SQL) databases.
R: -A free software environment for statistical computing and graphics. It compiles and runs on a wide
variety of UNIX platforms, Windows and MacOS. R provides a wide variety of statistical and graphical
techniques, and is highly extensible.
Microsoft Excel: - While not a cutting-edge solution for statistical analysis, MS Excel does offer a wide
variety of tools for data visualization and simple statistics. It’s simple to generate summary metrics and
customizable graphics and figures, making it a usable tool for many who want to see the basics of their data.

3.2 Describe appropriate recommendations as a result of research and data analysis to draw valid and
meaningful conclusions.
Analysis of qualitative data

Qualitative data analysis can be described as the process of making sense from research participants views
and opinions of situations, corresponding patterns, themes, categories and regular similarities. When he
provides the following definition of qualitative data analysis that serves as a good working definition.
Qualitative data analysis tends to be an ongoing and iterative process, implying that data collection,
processing, analysis and reporting are intertwined, and not necessarily a successive process
Interview analysis
Interviewing as data-gathering method was included to obtain additional data, clarify vague statements,
permit further exploration of research topics, expand on the qualitative findings and yield a more in-depth
experiential account of the extent of company risk management and the views of company managers on the
they needs of company managers for training according to the research aims The recording of the interview
data took place by means of note-taking Verbatim transcripts of the interviews were compiled for analysis
and interpretation. To ensure reliability and validity of data, the transcribed interviews were presented to
respondents to verify and confirm the contents of the interviews However, only one respondent signed and
returned the transcribed text.
Q: -How do you handle Antivirus alerts?

Answer: - usually we every day scan the system and remove the unwanted files.
Conclusions
This not Complete solution my opinion is Check the policy for the AV and then the alert. If the alert is for a
legitimate file then it can be whitelisted and if this is malicious file then it can be deleted. The hash of the
file can be checked for reputation on various websites like virus total, malwares.com. AV needs to be fine-
tuned so that the alerts can be reduced.

Q: -How do you report risks?
Answer: - No, We have not done any such report yet
Conclusions
This is vulnerability risk because Risk can be reported but it needs to be assessed first. Risk assessment can
be done in 2 ways: Quantitative analysis and qualitative analysis. This approach will cater to both technical
and business guys. The business guy can see probable loss in numbers whereas the technical guys will see
the impact and frequency.
Q: - Do you use fingerprint readers to Keep track of the attendance and time of your employees?
Answer: -No, we mark the attendance in book
Conclusions
It is vulnerability issue. In the workplace the need to identify individuals is particularly important, as it’s
often tied to staff attendance, payroll, and workplace security. Ability to quickly identify employees and
verify
Analysis of Quantitative Data

The quantitative data referred to the recorded data of the structured questionnaire and were presented
according to the various sections and subsections of the questionnaires .quantitative data were presented in
either table format or by means of charts and other graphics. That is to present data visually for a quick
understanding. Each presentation of data provided an indication of numerical scores and percentages
according to related categories in order to provide an overview of the particular grouping of data.
Biographical data
In section A of the questionnaire respondents were required to answer questions regarding their gender and
age, which would enable the researcher to compile a profile of the study population as well as to draw
comparisons between different groups relevant to this study. Firstly, the gender of the participants will be
looked at.

Excel chart analyze for interview questions vulnerability rate
In Excel chart this data is in Interview questions vulnerability rate total analysis shown. A total of 56
respondents from company completed the questionnaire of which 45 indicated. Of the respondents, question
7 60% were vulnerability, question 8 56% vulnerability and question 9 40% vulnerability as illustrated in
Excel chart. This could be an indication that the vulnerability within the work industry, and more
particularly, the company sector where the management of information.
Conclusion
Based on the information provided above, this company Risks can be seen by removing these risks
Impairment from company risk can be reduced.

Bar Graphs analyze for Management security rating
As can be seen from the results, the majority of the staff in the Management security rating, that is, employs
1 rating (39% %) employ 2 (65%) employ 3 (75%%) employ 4 (55%) only. Results further show a
relationship with the results of emplye2 and 3 The classification of company was also important to this rate.
Conclusion
According to the above assessment Evaluation from four persons. The assessment of the two employees is
high and the staff's assessment is slightly lower. They can underestimate the impact of companies by
reviewing their opinions.

Pie chart analyze for Does your firm require passwords or pins for mobile devices that can Access
Company email or any other business systems.
From the responses obtained from does your firm require passwords or pins for mobile devices that can
Access Company email or any other business systems? There are 60 percent No and 30 percent are Yes and
10 percent do not know.
Conclusion
According to this data, most people have answered no. The company's biggest impact is because of
responding to 60 percent. Find and edit places to protect the company from this impact.

3.3 Evaluate the selection of appropriate tools and techniques for accuracy and authenticity to support
and justify recommendations.
1. Interview.
The interview constitutes a social situation between two persons; the Psychological process involved
requiring both individuals mutually. In an interview a rapport is established between two people. It is
applicable in survey method, but it is also applicable in historical, experimental, case studies and
clinical studies.
Advantage of Interview:
 Direct research.
 Deep research
 Mutual encouragement is possible.
 Supra-observation is possible.
 Knowledge of historical and emotional causes.
 Examination of the known data.
2. Schedule
When a researcher is using a set of questionnaires for interview purpose it is known as schedule. As a
matter of fact success in the use of schedule is largely determined by the ability and tact of the
interviewer rather than by the quality of the questions posed.
Advantage of Schedule:
 Higher percentage of responses.
 Possible to observe personality factors.
 Through interview personal contact is possible.
 It is possible to give human touch to schedule.
 Removal of doubts is possible because face to face interaction is there.
 It is possible to know about the defects of the interviewee.

Bar chart
A bar graph is a chart that uses either horizontal or vertical bars to show comparisons among categories.
Analyze the project and specify the basic approach to be used.
Advantage of Bar chart

 Show each data category in a frequency distribution
 Display relative numbers or proportions
 Summarize a large data set in visual form
 Clarify trends better than do tables 5. estimate key values at a glance
 Permit a visual check of the accuracy
 Be easily understood
Pie Chart
A pie chart is a two-dimensional circle, at its most basic, divided into a few slices. As a whole, the chart
represents the sum of all its data; an individual slice represents a percentage of the whole. The most
prominent effects such as three-dimensional charting, dragging slices, slice pivoting of charts adds more
visually appealing.
Advantage of pie chart
 A simple and easy-to-understand picture.
 It represents data visually as a fractional part of a whole, which can be an effective communication
tool for the even uninformed audience.
 It enables the audience to see a data comparison at a glance to make an immediate analysis or to
understand information quickly.
 The need for readers to examine or measure underlying numbers themselves can be removed by
using this chart.
 To emphasize points you want to make, you can manipulate pieces of data in the pie chart.

TASK – 04
4.1. Provide a reflection on the value of undertaking the research to meet stated objectives with your
own learning and performance which includes a discussion of the project outcomes, its usefulness to
support sustainability of the given organization and its’ performance, the decision-making process
and changes or developments of the initial project management plan to support justification of
recommendations and learning during the project.
An effective assessment task is one which assesses students' attainment of the learning outcomes. Unit
learning outcomes are what students are expected to know, understand or be able to do in order to be
successful in a unit. They begin with an action verb and describe something observable and measurable. You
can find out more about learning outcomes in other resources on the Learning and Teaching Centre website,
and in the Evaluation Resource: Developing Your Unit - Clear Goals and Standards.
Key to successful learning: aligning assessment with learning outcomes

One of the keys to successful learning is the aligned curriculum this means that learning outcomes are clear,
learning experiences are designed to assist student achievement of those outcomes, and carefully designed
assessment tasks allow to demonstrate achievement of those outcomes.
 The learning outcomes are clear.
 The learning experiences are designed to help achieve those learning outcomes.
 The assessment tasks allow them to demonstrate their achievement of those learning outcomes.
Designing assessments which allow students to demonstrate their achievement of the learning
outcomes
Assessing learning can profoundly shape the educational experiences of. One of the challenges of effective
assessment is to ensure that there is a close alignment between the learning goals, the learning activities
aimed at meeting learning goals and the assessment tasks used to assess whether learning goals have been
met. Current best practice includes assessment which is aligned to learning goals which focus not only on
content knowledge but also on process and capabilities.

Key assessment terms
ASSESSMENT The collection of information about the nature and extent of learning outcomes/any procedure
used to estimate learners learning. The term is derived from the Latin
MEASUREMENT Representation of assessment information by a number or grade on a scale of some kind.

Answers the question, How much?
EVALUATION The making of judgments about the value of a grade and/or the nature and extent of learning
outcomes. Answers the question, How well?
ASSESSMENT An instrument or systematic procedure by which assessment information is collected.

TASK
FORMATIVE Ungraded assessment task used before or during learning to support planning and/or diagnosis
and/or to provide feedback about learning progress/offers advice and feedback which does not
ASSESSMENT contribute grades towards the final result.
SUMMATIVE Graded assessment task used following learning which counts towards the final result.
ASSESSMENT
VALIDITY Degree to which the assessment task measures what it is intended to measure.
RELIABILITY Degree to which the assessment task consistently yields the same result.
NORM- Uses the performance of a group of learners to rank order learners or 'grading on the curve'.
Number of learners who can receive distinctions, credits, passes or fails is set.
REFERENCED
CRITERION- Establishes the criteria for performance and any learner meeting the criteria receives the
associated grade. Every can potentially achieve the highest grade.
REFERENCED
STANDARDS- Establishes the criteria for performance as well as articulates the various levels of quality in
performance that is associated with a grade. Grades are awarded to students based on the level
BASED of performance they have achieved.
AUTHENTIC Assessment tasks which test whether a learner is able to demonstrate their learning outcomes in
a situation which is as close as possible to a real world context.
ASSESSMENT

Evaluation of continuing professional development
Skills Evidence of when and how you have used this skill/
Quality
Self-work The talents within me were identifiable
Co-operation In addition they help to each other’s when they face difficult situation through the
event. Co-operation is an action process of working together to the end
Communication A building block for all co-operation skills. Vital for good meeting. Communication
skills also provide a boost of the day-to-day running.
Problem solving The author always had the curiosity of solving certain problems. Even though the
author is good at problem solving he always has space to improve the skills.
Achieving aims As try to set our final goal in my. Then the overall I try on using our knowledge, skills,
face matters and achieve my target.
Working with Work with others to ability to effetely interact, co-operation collaborate and manage
others conflict with other people in order the complete or achieve goals. As a benefit of
working with others our group increase efficiency and focus different mind on the
some target.
Interpersonal skills Interpersonal skills are the skills by a person to interact with other properly. Identify
job and try to complete that successful. In all part works include those parts in my
individual work.
Written report
The report is a common way of presenting information and recommendations or conclusions related to a
specific purpose. Reports are often used as assessment task because well-developed report writing skills are
important in many professional contexts. Reports are written based on gathering and analyzing information
using a discipline specific methodology and format. They can be used to assess laboratory, field work or
case studies.
Presentation
Presentations are usually made orally to a class on a prepared topic and may include the use of presentation
aids such as PowerPoint, handouts or audiovisuals. This assessment may be undertaken individually or as a
group. Presentations may take different forms such as role plays, facilitating group activities, debating,
presenting a product, question and answer time, and formal speeches

4.2. Evaluate the value of the project management process and use of quality research to meet stated
objectives and support own learning and performance
The process required to assess, document and select the right project management methodology for each
project is detailed, time-consuming and complex initially, but worth it in the end, assuming the most
appropriate PMMs have been selected. It helps solidify successful project outcomes, ultimately determines
best practices, and strengthens the connection between strategic planning and execution. PMI discusses
high-level processes for tailoring PMMs that organizations should carefully evaluate and use to determine
which methodologies work for various projects.
The project management methodology assessment process
 Determine project drivers by identifying and weighing primary goals and priorities of the project.
 After determining project drivers, requirements and goals, identify all the criteria that a methodology
will impact and vice versa.
 Identify all available methodologies that are most relevant for the project.
 Spend time comparing and contrasting each PMM in relation to the project.
 Consider which methodology will yield the best results and offer the least risk.
 Gain feedback and buy-in.
 Document the methodology and rationale.
 Implement the methodology.
 Monitor and modify as required.
Important of project management
 Proper time management, planning beforehand and creating a schedule that works for the team
 Clearly defines the plan of the project before it begins.
 Establishes an agreed schedule and plan.
 Creates a base for teamwork.
 Resources are maximized.
 Helps to manage integration.
 Helps to keep control of costs.
 Quality is continuously managed.
 Strategic structuring of the project

Conclusion
In conclusion, Project Management and the practice of the same have become indispensable to the modern
day project manager and they form the basis of much of what is achieved during the course of a project.
Thus, the idea of a project being managed professionally lends itself to the concepts and processes laid out
for the practitioners of the art of Project Management.
References
Blog,M.,2012.quantitative-vs-qualitative-methods-to-establish-trustworthinessblog.[Online]
Available at: https://cmalakoff.wordpress.com
Galetto,M.,2016.what-is-data-analysis.[Online]
Available at: https://www.ngdata.com
Gibson,D.,2011.articles/article.aspx?p=1708668.[Online]
Available at: http://www.pearsonitcertification.com
LIBRARIES,U.,n.d.researchmethods/design-method.[Online]
Available at: https://guides.lib.vt.edu
MyAccountingCourse,2018.accounting-dictionarymis.[Online]
Available at: https://www.myaccountingcourse.com
Smartsheet,2018.demystifying-5-phases-project-management.[Online]
Available at: https://www.smartsheet.com
smartsheet,2018.getting-started-work-breakdown-structures-wbs.[Online]
Available at: https://www.smartsheet.com
Swascan,2017./swascan-vulnerability-assessment/.[Online]
Available:https://www.swascan.com
[Accessed 20 11 2017].

Soft Etro Ampus: #3, de Fonseka Road, Colombo 04

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Soft Etro Ampus: #3, de Fonseka Road, Colombo 04

Uploaded by

Copyright:

Available Formats

ESOFT METRO CAMPUS

#3, De Fonseka Road, Colombo 04.

Higher National Diploma in Computing & Systems Development / Business Management

Name Name of Group Members (If

at any time. _________________ ________________________

INTERNAL VERIFICATION – ASSESSMENT DECISIONS

Assessor Internal Verifier

Do the assessment criteria awarded match

Is the Pass/Merit/Distinction grade awarded

Has the work been assessed

• Identifying opportunities for

• Agreeing actions? Y/N

Does the assessment decision need

Internal Verifier signature Date

Assessor signature Date

Assignment Number 1 Assessor

LO1. Assess risks to IT security

Pass, Merit & Distinction P1 P2 M1 D1

Pass, Merit & Distinction P3 P4 M2 D1

LO3. Review mechanisms to control organisational IT security.

Grade: Assessor Signature: Date:

Grade: Assessor Signature: Date:

Internal Verifier’s Comments:

Signature & Date:

Word Processing Rules

1. I know that plagiarism is a punishable offence because it constitutes theft.

Student’s Signature: Date:

Unit Number and Title Unit 6: Managing a Successful Computing Project

Academic Year 2017/2018

Assignment Title Vulnerability Assessment - Management Information System Project

IV Name & Date

Unit Learning Outcomes:

Vulnerability Assessment - Management Information System (MIS) Project

LO1 Establish project aims, objectives and timeframes based on

P1 Devise project aims and objectives for a chosen scenario.

P2 Produce a project management plan that covers aspects of

P4 Carry out small-scale research by applying qualitative and

M2 Evaluate the accuracy and reliability of different research

D1 Critically evaluate the project management process and

P6 Communicate appropriate recommendations as a

P7 Reflect on the value of undertaking the research to meet

M4 Evaluate the value of the project management process and use

V.DINOJAN MSCP Assignment No: 1 ii

V. DINOJAN MSCP Assignment No: 1 iii

V. DINOJAN MSCP Assignment No: 1 iv

MSCP Assignment No: 1 5

MSCP Assignment No: 1 6

Following are the aims and objectives of vulnerability assessment project.

MSCP Assignment No: 1 7

MSCP Assignment No: 1 8

Managing a Successful Computing

MSCP Assignment No: 1 9

MSCP Assignment No: 1 10

Project Aims and Objectives

MSCP Assignment No: 1 11

Work Breakdown Structure

MSCP Assignment No: 1 12

Role Responsibilities Participant(s)

Chief  The Chief Information Officer (CIO) Mr. Tharaka

Subject  Lend expertise and guidance as Ms. Sumudu

MSCP Assignment No: 1 14

1.1 Identify vulnerabilities

1.1 Risk Identification

at any time. _ ________