Strategic Information Security

This assessment item covers chapters 1-4 of your textbook (Whitman, ME & Mattord, HJ 2014, Management of information security, 4th edn, Thomson Course Technology, Boston (referred to as text throughout the study modules).

·         Chapter-1 Introduction to the management of information security

The main topics in this module are:

o   the definition of information security

o   key concepts of information security (Confidentiality, Integrity, Availability, Privacy, Identification, Authentication, Authorisation, Accountability)

o   characteristics of leadership and management

o   principles of information security management (planning, policy, programs, protection, people, project management)

o   differentiate information security management from general management

o   project management and project management tools and PMBoK

o   applying project management to security

o   apply and differentiate between

o   project management tools

·         Chapter-2 Planning for security

The main topics in this module are:

o   components of organizational planning

o   planning for information security implementation

·         Chapter-3  Planning for contingencies

The main topics in this module are:

o   contingency planning

o   components of contingency planning

o   putting a contingency plan together

o   testing contingency plans

o   a single continuity plan

·         Chapter-4  Information Security Policy 

o   Define information security policy and understand its central role in a successful information security program

o   Describe the three major types of information security policy and discuss the major components of each

o   Discuss the process of developing, implementing, and maintaining, various types of information security policies


Select one organisation of your choice. Investigate and report on the current state of this organisation (as per material covered in these chapters) and make suggestions for improvements that the organisation could adopt to improve their security.  If you are working at this organisation, please make sure NOT to divulge any sensitive information (you may wish to check online what information is made public by the organisation to ensure this). While the scope is reflected by chapters 1-4, you are allowed to use journal articles to support your statements.

Provide the URL, values, vision, and mission statement as an appendix.

Write a research paper and organise it in the following way:

·         Title (you are required to decide your paper’s title)

·         Your name and student number

·         Abstract (about 100 words)

·         Introduction (200 words)

·         Body context (you could divide into several sub-sections if required)

Current security state; (300 words)

description of network usage (300 words)

Differentiation of networks between the two organisations (200 words)


critical evaluation and analysis of the current state of the organisation aligned with chapters 1-4; (300 words)

suggestions of improvements implement the understanding of the current state (300 words)

the solutions provided in the chapters (300 words)


identify key ideas and concept within a real life scenario of issues; (300 words)

 able to explain an issue with the use of key ideas and concepts; (300 words)

able to relate own experience to course material and issue by introducing own perspective (300 words); showing judgement by incorporating objective view of how implementing a concept may not work and providing suggestions on how this could be overcome.


·         Conclusion and Recommendations (250 words)

·         References.

·         Appendix (URL, values, vision, and mission statement)

The word-count limit for the introduction, body and conclusion of this paper is set at about 3100 words. Use two (2) or more resources for your citing and referencing in Harvard style.

Scroll to Top