Critical Analysis Report Assignment:
Information Assurance and
Risk Management White Paper
100% of Module Mark
1. Identify and evaluate the principles and concepts of information assurance and risk management.
2. Critically discuss information assurance from a combined, managerial, organisational and technical perspective.
3. Critically discuss the scope for risk management in an organisational context.
4. Undertake a detailed analysis of relevant information assurance and risk management issues from a theoretical and practice perspective.
5. Identify and evaluate fundamental research issues in information assurance and risk management.
Following extensive critical analysis and research of their expected operational needs at present and over the next five years (i.e. what might be considered typical for this type of organisation), they have requested that you produce a white paper to act as detailed and critical guide that will inform the Cerious Cybernetics Corp. executive about every aspect of information assurance (from a combined, managerial, organisational and technical perspective) and risk management (from an organisational context). The white paper should aim to aid Cerious Cybernetics Corp.’s understanding and ultimately, ability to make a decision on which policies, procedures need developing and implementing within the organisation and also ensure any associated resource implications can be successfully supported.
The Cerious Cybernetics Corp. executive has further requested that you produce a sample Service Improvement Plan (SIP) within your white paper as part of the wider review (although this would normally be a discrete document, please integrate it for the purposes of this assessment); specifically, they want the detailed explanation to focus on the scenario of ransomware (please see the following article for an example https://www.theguardian.com/technology/2016/feb/17/los-angeles-hospital-hacked-ransom-bitcoin-hollywood-presbyterian-medical-center. Cerious Cybernetics Corp. is keen to establish improvements or initiatives which will ensure their IT function including infrastructure and data is kept secure.
Help and resources
Please note, there are various types of white paper but what is required here is a standard white paper not a technical white paper. If you’re unsure what a white paper is, guidance will be provided in class but you should also see the following (note; please focus on guidance relating to presenting solutions rather than marketing a specific product of service which can often be the purpose of white papers):
White Paper Structure
Although the structure can be more comprehensive, for the purposes of this assessment, your white paper should contain as a minimum the following:
Title page and table of contents.
o The nature of the brief/commission and the topic should be briefly outlined and defined alongside details of how the paper is organised.
o This section will contain the main body of the white paper. The presentation of topic and the proposals/solutions established from your research and analysis should provide the structure of the main body; sub headings should be used so it is clear to the reader what each section covers. A logical flow and structure appropriate for a white paper should be evident throughout.
o This section will also include the sample Service Improvement Plan (SIP) pertaining to the scenario given.
o A brief summary of the key findings established from your research and analysis in the main body should be provided along with any final recommendations.
o A full list of references used within the paper should be provided. The Harvard style of referencing should be applied throughout the assignment. See the online resource called Cite them Right for further details of Harvard referencing techniques (note; you will need your University username and password to access this resource which can be found at http://www.citethemrightonline.com).
o Carefully consider what you include in the appendices (if you choose to include them); ensure the contents are relevant and presented as concisely as possible.
It is expected that you will use quality sources to justify and support points being made in addition to evidencing wider reading and understanding. There are marks available specifically for this (see below). The criteria for assessing the quality of the report will focus on:
Relevance, appropriateness, accuracy, completeness and cohesive presentation of the topic and proposals/solutions: the white paper (including the sample SIP) should present up-to-date and current information which is directly appropriate and relevant to the Cerious Cybernetics Corp. commission/brief described above. All information contained within the paper should be accurate and unambiguous. The scope and proposals/solutions should be entirely relevant to the request (both overall and for the SIP) and shouldn’t contain elements which are either unrelated or only loosely related. Exploration of the area concerned and proposals/solutions are cohesive and the subtopics presented have a logical flow.
Evidence of information assurance, risk management and professional understanding: the white paper (including the sample SIP) should cover information assurance, risk management and professional factors relevant to the commission/brief. Information
assurance, risk management and professional factors have been fully understood, with no evidence of confusion or lack of important detail/depth.
Use of high-quality information sources: extensive use should be made of information sources which are not-outdated, are reputable and established as being reliable, valid and accurate.
Effective communication: the paper should be well written, easily understood with good flow and clarity. The content should be explained in a way that can be easily understood by the reader given Cerious Cybernetics Corp. executives may have limited subject knowledge or professional understanding.
Report writing style: the paper should be professionally presented with all expected components/formatting specified below and expected from a white paper. It should make good use of English language with an appropriate writing style and formal, professional tone. It should be error free with no grammatical, spelling mistakes or typo mistakes.