College of Computing and Informatics
Assignment 1
Deadline: Thursday 05/10/2023 @ 23:59
[Total Mark for this Assignment is 8]
Student Details:
Name: ###
ID: ###
CRN: ###
Instructions:
• You must submit two separate copies (one Word file and one PDF file) using the Assignment Template on
Blackboard via the allocated folder. These files must not be in compressed format.
• It is your responsibility to check and make sure that you have uploaded both the correct files.
• Zero mark will be given if you try to bypass the SafeAssign (e.g. misspell words, remove spaces between
words, hide characters, use different character sets, convert text into image or languages other than English
or any kind of manipulation).
• Email submission will not be accepted.
• You are advised to make your work clear and well-presented. This includes filling your information on the cover
page.
• You must use this template, failing which will result in zero mark.
• You MUST show all your work, and text must not be converted into an image, unless specified otherwise by
the question.
• Late submission will result in ZERO mark.
• The work should be your own, copying from students or other resources will result in ZERO mark.
• Use Times New Roman font for all your answers.
Question One
Pg. 01
Learning
Outcome(s):
Explain
networking and
security, security
issues, trends, and
security resource.
Apply effective,
proper, and stateof-the-art security
tools and
technologies.
Question One
1.5 Marks
Define the security term “availability.” Provide an example of a business
situation in which availability is more important than confidentiality.
Question Two
Pg. 02
Learning
Outcome(s):
Explain
networking and
security, security
issues, trends, and
security resource.
Question Two
1.5 Marks
ISO 27002 Supplier Relationships (Section 15) was added in the 2013 version. Discuss
your opinion with real example of why this section was added?
Question Three
Pg. 03
Learning
Outcome(s):
Apply the most
appropriate
solutions to
Question Three
2.5 Marks
Information Security Policies provide a framework that guides the organization and
protects the assets of that organization. Consider the SEU privacy policy discussed in
Question One, the policy goal is to ensure the privacy of sensitive information. This
sensitive information may be vulnerable to some information security threats.
problems related
to the field of
1. Choose at least one SEU information asset and identify the information
Security and
sensitivity level based on SEU privacy policy (i.e., Low, or Middle, or Highly
sensitive information).
Information
Assurance
2. List at least two security threats to the chosen sensitive information asset, two
vulnerabilities that might allow a threat to occur, and two risks resulting from the
threats and vulnerabilities.
Note: Write your answer in the table below.
Information
Assets
Information
Sensitivity
Level
Threats
Vulnerabilities
Risks
Pg. 04
Question Three
Question Four
Pg. 05
Learning
Outcome(s):
Question Four
1.5 Marks
Discuss the importance of asset inventory in terms of security perspective.
Analyze problems
related to the field
of Security and
Information
Assurance
Question Five
Pg. 06
Learning
Outcome(s):
Analyze problems
related to the field
Question Five
1 Mark
A smartphone is an information system. As with any information system, data
ownership and custodianship must be assigned. If a company allows an employee to
use a personally owned device for work-related communications:
of Security and
Information
Assurance
a. Who would you consider the information system owner? Why?
b. Who would you consider the information system custodian? Why?
c. In regard to protecting data, should there be a distinction between company data and
personal data?
