MANAGEMENT OF INFORMATION SECURITY | ASM655 GROUP PROJE CT

MANAGEMENT OF INFORMATION SECURITY

(ASM655)

SEMESTER OCTOBER 2020 – FEBRUARY 2021

GROUP PROJECT (30%)

DESIGNING AN INFORMATION SECURITY PROGRAM

INSTRUCTIONS:

1. This is a GROUP PROJECT. The project must be done in a group of four to five students.

2. Each group is required to identify and select a real and existing organization for the group
project. However, to ensure no overlapping organizations are selected, each group will
be assigned by the lecturer to choose an organization based on the organization’s nature
of business or industry. Each industry can be selected by one (1) group ONLY.

3. The following are the nature of business or industry to choose from:

3.1 Banking or Finance

3.2 Education
3.3 Network and Telecommunication
3.4 Utility
3.5 Manufacturing
3.6 Malls, Supermarkets or Retails
3.7 Healthcare or Medical
3.8 Hospitality or Tourism
3.9 Government Agency
3.10 Computer and Information Technology
3.11 Constructions
3.12 Real Estate
3.13 Transportations
3.14 Entertainment
3.15 Pharmaceutical
3.16 Agriculture
3.17 Beauty and Fashion

(Attention: One industry for one group ONLY.)

4. Assume that the selected organization is having issues and threats on information security,
students are required to set up an information security program to secure information in
modern organization environments.

5. Students are required to prepare a brief written proposal and must be submitted to the
lecturer on WEEK 9 (Deadline: 11 December 2020 – before 11:59PM). Your proposal must
include the following information:

i. Executive Summary – Create a high-level summary of the project.

ii. Organization’s Background - Corporate profile, mission, vision, and objectives.
iii. Project Background – Highlight the problem and place it within the context of the
information security program.

Semester October 2020 – February 2021 Page 1/3

MANAGEMENT OF INFORMATION SECURITY | ASM655 GROUP PROJE CT
iv. Solution and Approach – Explain your solution, approach, deliverables, and
timeframe. Students must include proposed policy, Risk Management, Life-cycle
planning, Personnel/User Issues, identify resources, develop scenarios, develop
strategies. Use Gantt Chart to show the timeframe.
v. Financials – Give an estimate of the budget and resources required to develop this
project.

6. Once the project proposal is approved, students must identify and select the best solution
and approach for an effective information security (InfoSec) program. Students must
include the following elements:

i. Computer security incident handling – Incident detection, reaction, recovery,

follow-up
ii. Awareness and training – SETA plans, awareness projects
iii. Security considerations in computer support and operations – help desk integration,
defending against social engineering, improving system administration
iv. Physical and environmental security – guards, gates, locks and keys, alarms
v. Identification and authentication – identification, authentication, passwords,
advanced authentication
vi. Logical access control – Access criteria, access control mechanisms
vii. Audit trails – systems log, log review processes, log
viii. Cryptography – TKI, VPN, key management, key recovery

7. Submission date : 17 JANUARY 2021 (SUNDAY) (before 11:59PM)

Late submission will not be entertained and shall affect your grades!

Semester October 2020 – February 2021 Page 2/3

MANAGEMENT OF INFORMATION SECURITY | ASM655 GROUP PROJE CT

GROUP PROJECT REPORT GUIDELINES

Please follow these guidelines when compiling your report for the INFORMATION SECURITY
PROGRAM project:

a) Format: Arial 11, spacing: 1.5 cm and at least 15 pages (excluding appendices).

b) Arrangement of report is as follows:

● Preliminary Materials

i. Cover page
ii. Table of Contents
iii. Acknowledgements
● Body of Report

i. Abstract/Executive Summary
ii. Introduction
▪ Organization’s background – Corporate profile, mission, vision, and objectives.
▪ Project Background – Highlight the problem and place it within the context of
the information security program.
iii. Contents
▪ Solution and Approach – Explain your solution, approach, deliverables, and
timeframe. Students must include proposed policy, Risk Management, Life-
cycle planning, Personnel/User Issues, identify resources, develop scenarios,
develop strategies. Use Gantt Chart to show the timeframe.
▪ Financials – Give an estimate of the budget and resources required to develop
this project.
▪ Computer security incident handling – Incident detection, reaction, recovery,
follow-up
▪ Awareness and training – SETA plans, awareness projects
▪ Security considerations in computer support and operations – help desk
integration, defending against social engineering, improving system
administration
▪ Physical and environmental security – guards, gates, locks and keys, alarms
▪ Identification and authentication – identification, authentication, passwords,
advanced authentication
▪ Logical access control – Access criteria, access control mechanisms
▪ Audit trails – systems log, log review processes, log
▪ Cryptography – TKI, VPN, key management, key recovery
iv. Conclusions
v. Reference (APA style)
● Appendices

i. Relevant Documents.

END OF PROJECT GUIDELINES

Semester October 2020 – February 2021 Page 3/3