Assignment Brief (RQF)

Assignment Brief (RQF)

Higher National Certificate/Diploma in Computing

StudentName/ID
Number:

Unit Number and Title: Unit 5: Security

Academic Year: 2022

Unit Assessor: Ms. Chan Myae Aye

Assignment Title: Assignment 1 of 1: Security Hand Book

Issue Date: 08/11/2022

Submission Date: 13/12/2022

Internal Verifier Name: Mrs. Thi Thi Thandar Saw Htay

Date: 02/11/2022

Submission Format:

The submission is in the form of an individual written report. You are required to make
use of headings, paragraphs and subsections as appropriate, and all work must be
supported with research and referenced using the Harvard referencing system. Please
also provide a bibliography using the Harvard referencing system. The recommended
word limit is 2,500–3,000 words, although you will not be penalised for exceeding the
total word limit.
• Your report must be formatted as follow:
• Font Name : Verdana
• Font Size : 12 pt
• Margin : 0.75 inches (round)
• Line Spacing : 1.5 pt

Page 1 of 6
Assignment Brief (RQF)

• Alignment : Justify
• Left Hand Side of Header : Batch Number
• Right Hand Side of Header : Your Name
• Centre of Footer : Page Number
• Complete the title page and sign the statement of authenticity.
• Your assignment must be submitted in pdf format.

Unit Learning Outcomes:

The purpose of this assignment is to:

LO1 Assess risk to IT security
LO2 IT security solutions
LO3 Review mechanisms to control organizational IT Security
LO4 Manage organizational security

Assignment Brief and Guidance:

Scenario
You are working as junior IT Security Analyst in Kernellix computer security
service which is a largest IT security organization. Kernellix is a cyber defense and
response center established in 2014, head quartered in Yangon, Myanmar. They
provide comprehensive cyber defense solutions and services for the organizations to
better management technology risks.
Part 1: Security Handbook
Recently, your company make a cooperation with healthcare provider to improve
in their security procedures. New and emerging technologies have transformed
healthcare in recent years. Hospitals and physician offices large and small have
implemented new IT technologies to respond to a changing regulatory environment
and to improve the overall quality of care for patients.
Your manager assigned you to support the Asia Royal Hospital, a cardiac and
medical care center, in security sector. So, you are required to write a security
handbook for the Hospital. That handbook is to share the audience in line with the
guidelines that address the following key headline:

Page 2 of 6
Assignment Brief (RQF)

1. IT Security and Risk Assessment

In this component, you must discuss types IT security risks for Asia Royal Hospital.
Then, you should propose a method to treat those IT security risks. You must discuss
organizational security procedures and also must discuss risk assessment procedures
for the hospital. You should be summarise the ISO 31000 risk management
methodology and its application in IT security. Moreover, you should evaluate a
minimum of three of physical and virtual security measures that can be employed to
ensure the integrity of Asia Royal Hospital’s IT security.
2. IT Security Solution and Data Protection
In this section, you must Identify the potential impact to IT security of incorrect
configuration of firewall policies and third-party VPNs in Hospital and also must show
how implementing a DMZ, static IP and NAT in a network can improve Network security
by using an example for each. You should also discuss three benefits to implement
network monitoring systems with supporting reasons.
You must explain data protection processes and regulations as applicable to the
hospital.
3. IT security and Organizational Policy
You should discuss possible impacts to organizational security resulting from an
IT security audit. Furthermore, you should discuss how IT security can be aligned
with Hospital’s security policy, detailing the security impact of any misalignment.
Finally, should be evaluating the suitability of the tools used in the security policy.
4. Organizational security and stakeholder involvement
In this component, you must list the main components of an organisational
disaster recovery plan, justifying the reasons for inclusion. And then, should be
discuss the roles of stakeholders in the Asia Royal Hospital to implement security audit
recommendations.
Part 2: Security Policy
You also have a task to design and implement a security policy. So, you must
design and implement a security policy for the Asia Royal Hospital by using a template,
similar to the ones provided in the link.
Security policy template:
https://www.template.net/business/policy/security-policy/

Page 3 of 6
Assignment Brief (RQF)

Learning Outcomes and Assessment Criteria

Pass Merit Distinction
LO1 Assess risk to IT security
P1 Identify types of M1 Propose a method to LO1 & 2
security assess and treat IT D1 Evaluate a minimum of
risks to organizations. security three of physical and virtual
P2 Describe risks. security measures
organizational that can be employed to
security procedures. ensure the integrity of
LO2 Describe IT security solutions organizational IT security.
P3 Identify the potential M2 Discuss three benefits
impact to IT security of to implement network
incorrect configuration of monitoring systems with
firewall policies and third- supporting reasons.
party VPNs.
P4 Show, using an
example for each, how
implementing a DMZ,
static IP and NAT in a
network can improve
Network security.
LO3 Review mechanisms to control organizational IT
Security
P5 Discuss risk M3 Summarize the ISO D2 Consider how IT
assessment procedures. 31000 risk management security can be aligned
P6 Explain data protection methodology and its with organizational policy,

processes and regulations application in IT security. detailing the security impact

as applicable to an M4 Discuss possible of any

organization. impacts to organizational misalignment.
security resulting from an
IT security

Page 4 of 6
Assignment Brief (RQF)

audit.

LO4 Manage organizational security

P7 Design and implement M5 Discuss the roles of
D3 Evaluate the suitability of
a security policy for an stakeholders in the
the tools used in an
organization. organization to implement
organizational policy.
P8 List the main security audit
components of an recommendations.
organizational disaster
recovery plan, justifying
the reasons for inclusion.
Note to Students:
• Check carefully the submission date and the instructions given with the
assignments
• Late assignments will not be accepted, except for valid circumstances with
supporting evidences
• Ensure that you give yourself enough time to complete the assignment by the
due date.
• Do not leave things such as printing to the late minute-excuses of this nature
will not be accepted for failure to hand-in the work on time.
• You must take responsibility for managing your own time effectively.
• If you are unable to hand in your assignment on time and have valid reasons
such as illness, you may apply (in writing) for an extension.
• Take great care that if you use other people’s work or ideas in your assignment,
you properly reference them in your text and any bibliography.
Note: Plagiarism is on offence. Plagiarized work will be differed
Interim Review Session (Formative Assessment)
• 1:15 PM – 2:45 PM On 28/11/2022 (Monday)
• 1:15 PM – 2:45 PM On 29/11/2022 (Tuesday)
Submit the work to moodle.gusto-education.com by
• 11:59 PM on 13/12/2022 (Tuesday)

Page 5 of 6
Assignment Brief (RQF)

This brief has been verified as being fit for purpose

Assessor Signature Ms. Chan Myae Aye Date

Internal Verifier signature Mrs. Thi Thi Thandar Saw Htay Date

Page 6 of 6