Professional Documents
Culture Documents
Unit 32 Information Security Management 2-2 Spring 2024
Unit 32 Information Security Management 2-2 Spring 2024
Higher National in
Computing
ASSIGNMENT
BRIEF
Submission Format
The submission should be in the form of a word document, collated into a single PDF. You are
required to read the case study and answer the questions accordingly.
You are required to submit your work for plagiarism checking. No work will be considered if it
contains plagiarism more than the acceptable level defined as per TMUC’s plagiarism policy.
You are part of a company Cryptech which is a Security Consultancy. Cryptech’s sole purpose is
to help companies achieve the level where they can easily get ISO certified by helping a
company maintain their documentation, train their employees, plan and do audit and finally
implement an ISMS in their company. Furthermore, Cryptech also monitors the company after
the ISMS has been implemented and if any improvements are further needed.
A confidential client has approached your company for an independent evaluation of an ISO
27001:2013 audit report (report attached with the brief and may also be downloaded from
“https://www.hcpc-uk.org/globalassets/meetings-attachments3/audit-committee/2018/
june/enc-15---bsi-iso27001-audit-report/”). Client is interested in getting an insight of how
effective the ISMS for an organization is and how effective ISO 27001:2013 is for implementing
ISMS within an organization.
In this regard, you are required to analyse the audit report and develop a report of your own
comprising of following information:
Prioritize these strengths and weaknesses with regards to the organization’s context and
operations. (M3)
Critically examine the strength and weaknesses identified with regards to ISMS and what
potential remedial actions are there to improve its effectiveness for the organization
(D2)
Discuss the purpose of ISO 27000 series and particularly include the key clauses of ISO
27001:2013 such as ISMS scope, leadership commitment, policy, organizational roles,
risk assessment, risk treatment, analysis etc. (P4)
Following internet resource many consulted for more effective understanding of ISO
27001:2013 standard.
https://isoconsultantkuwait.com/2020/01/08/iso-270012013-isms-manual/
https://www.isms.online/iso-27001/iso27001-statement-applicability-simplified/
Please access HN Global for additional resources support and reading for this unit. For
further guidance and support on report writing please refer to the Study Skills Unit on HN
Global. Link to www.highernationals.com