SBM4304 IS Security and Risk Management 

Rationale In the Essay assignment students have to prepare a report to investigate how IS security can be enforced in a selected organisation. This should be undertaken in relation to the main content of an IS security policy and how they are determined.

Task Specifications Students should select an organisation. The organization must provide IS services to the staff and customers. The students have to write a report to answer the followings related to the selected organization:

1. Briefly illustrate the services the organization provided and how the use of information system supports the organization business operations.

2. Any organization use General Management Controls (GMCs) to manage its risks. This control forms the foundations of internal control system and help provide efficient defense against threats. Outline and discuss the GMC of the selected organization.

3. Application Controls (ACs) for IS are specific type of control used by organizations to control computerize applications such as payroll systems, online learning systems and other business-related applications. Discuss the different types of ACs.

4. Compare general management controls and application controls for IS.

5. Describe and evaluate the risk management techniques adopted by the selected organization required to ensure the reliability, confidentiality, availability, integrity and security of digital business processes. Your evaluation of the risk management must include risk identification, risk assessment and risk control related to the selected organization.

6. Auditing is the process of reviewing of systems use to determine if misuse has occurred at any bussing process of the organization. Critique the importance of auditing IS and safeguarding data quality for the selected organization. Illustrate the audit plan and process used by the organization.

You may need to make some assumptions with the required justifications.

Report Layout The report should be organised using the following headings and guidelines:

1. A Cover Title Page

2. Introduction - should clearly define the aims and objectives of the report.

3. A depiction of the services the organization provided and how the use of information system supports the organization business operations.

4. General Management Controls (GMCs) of the selected organization.

5. Types of Application Controls (ACs). 6. Compare general management controls and application controls for IS.

7. Risk management techniques adopted by the selected organization a. Reliability, confidentiality, availability, integrity and security. b. Risk identification, risk assessment and risk control.

8. Importance of auditing IS and safeguarding data quality for the selected organization. - audit plan - audit process

9. Conclusions and Recommendations - A summary of your findings and your recommendations regarded the security and risk management.

10. Reference