Coursework Structure – CMP7170

Executive Summary

Section 1: Introduction
• Brief overview of the company you are auditing
• Scope of the assessment
• Organisational structure

Section 2: Risk Assessment and analysis

• Risk assessment team – roles and responsibilities
• Asset Identification and classification
• Vulnerabilities
• Threats, Severity
• Existing controls
• Calculate the overall risk value – FAIR or Probability-impact matrix
• Risk assessment method and why you have chosen it

Section 3: Risk Mitigation – ISO 27001

• Propose mitigating controls based on ISO 27001 controls
• Provide justification for choosing the controls – Statement of Applicability (SOA)
• Determine the effect of your proposed controls – risk reduction
• Risk treatment plans – Risk acceptance, risk treatment, risk transfer and risk avoidance
• Risk Communication Plan
o Create a risk communication plan
§ Create tasks to be communicated – show the sender, target audience and
the timeline, frequency and desired outcome.
Section 4: Business Continuity Plan
• Formulate a business continuity plan
• Perform Business Impact Analysis
o Determine the Recovery Time Objectives (RTO)
o Determine the Recovery Point Objectives (RPO)
• Propose a disaster recovery plan for your critical systems or processes

Section 5: Communicate your finding to the senior management

• Prepare a 10 min video to be presented to the senior management (tutor in your case).
o the video should cover and summarise your key finding. The Video should be
uploaded to Moodle before the submission deadline

Section 6: Conclusion
• Summarise your work with a conclusion

Section 7: References
• All sources must be referenced using Harvard referencing
o There is a guide for Harvard referencing on the module’s Moodle page
• Use the Turnitin to check your work before the final submission. There is a link to Turnitin in
the assessment section of the Module’s Moodle page