College of Computing and Informatics
Project Report
Deadline: Monday 11/12/2023 @ 11:59
[Total Mark is 14 Marks]
Students Details:
CRN:
Name:
Name:
Name:
ID:
ID:
ID:
Instructions:
• This Project must be submitted on Blackboard via the allocated folder.
• Students must work as groups in which each group has up to 3 students.
• Email submission will not be accepted.
• You are advised to make your work clear and well-presented, marks will be reduced for poor
presentation. (for diagrams it is recommended to add them inside a textbox to achieve a good
management of the document layout)
• You MUST show all your work.
• Late submission will result in ZERO marks being awarded.
• Identical copy from students or other resources will result in ZERO marks for all involved
students.
• Add pages as necessary.
Description and Instructions
Pg. 01
Description and Instructions
Project Description:
This project is an opportunity for you to practice your knowledge and skills by
assessing the actual information security practice in Saudi companies/organizations
based on the information security capability maturity model (ISCMM).
•
Total Marks = 14
Project Report
Presentation
10 marks
4 marks
•
Group Size = 2- 3 members.
•
Each student must visit a chosen company/organization to interview a
cybersecurity representative (i.e., each group should have two or three filled
checklists based on the number of team members).
•
•
You should answer the questions in this research activity as a group.
One group member (group leader) should submit all files: Project Report and
Presentation Slides on Blackboard. Marks will be given based on your submission
and the quality of the content.
Project Report
•
Each Project Report will be evaluated according to the marking criteria in each
question section.
Presentation
Grading Criteria:
Complete content (Introduction, body, and conclusion)
2 mark
Effective use of time (max. 8-10 minutes)
1 mark
Voice projection and loudness/ Eye contact/ Confidence and 1 mark
attitude
Pg. 02
Description and Instructions
Information Security capability maturity (ISCMM) levels
For this project, you will use the following levels of the information security capability
maturity model (ISCMM) as guiding principles for your journey to assess the maturity
of the chosen company/organization regarding information security.
Question One
Pg. 03
Learning
Outcome(s):
4 Marks
Question One
Use the following checklist to fill out during the meeting with the chosen
company/organization cybersecurity representative. Provide the filled
CLO4: Analyze
checklists for each team member.
problems related to the
field of Security and
Information Assurance
ISCMM
Levels
Enhanced
Managed
Indicators
1.
You actively explore opportunities to enhance information
security as part of your continuous improvement program
for security
2.
Information security measures are responsive, adaptable,
efficient, robust, and benefit from strategic intent.
1.
You have mechanisms to assess and manage requirements
for protecting, sharing, and assuring information. These
mechanisms are well understood and updated as required.
2.
You have proportionate measures in place to prevent,
detect, and respond to unauthorized or inappropriate access
to information and ICT systems, including during systems
development and throughout the information lifecycle.
3.
You clearly understand where and how information
and data assets are shared with service providers.
4.
You appropriately archive or otherwise dispose of
information holdings when they are no longer required.
5.
Mobile devices and remote working solutions are managed
securely.
Information or other assets you hold are consistently
classified, marked, accessed, and handled in line with the
Saudi Government Security Classification System.
6.
7.
Your systems ensure access controls are updated when your
people change roles or leave your organization.
8.
You ensure changes made to information management
measures are consistent with your security risk profile and
wider protective security policies. Changes are promptly
communicated
9.
You periodically conduct both scheduled and
unannounced tests and audits of information
security.
10. When appropriate, your access controls enforce
Tick the
applicable
indicators
Question One
Pg. 04
segregation of duties to reduce opportunities for
unauthorized or unintentional access to or misuse of
information assets.
1.
2.
People most directly responsible for protective security
understand the information security lifecycle.
You have a certification and accreditation program in
place for new and existing ICT systems; however, it is
inconsistently followed.
3.
You have simple information security measures in place for
areas holding physical records, ICT equipment, and basic
ICT system access controls.
4.
You have pockets of good information security
awareness and practice, but standards aren’t applied
consistently across your information holdings, and
your overall compliance is poorly understood. This
may be particularly true when external suppliers
hold or manage your information.
5.
You have some security mechanisms in place for
ICT systems development.
6.
You have a limited understanding of where and
how information or data assets are shared with
service providers.
7.
You understand emerging cyber intrusions and threats and
have put in place simple information security measures to
mitigate targeted cyber intrusions.
1.
You have limited understanding of your information assets
and don’t proactively assess the information assets you most
need to protect
You have limited information security measures in place to
protect your information assets and ICT system
development
Basic
2.
3.
You do not have a certification and accreditation program in
place for new or existing ICT systems.
4.
You can’t be confident you would detect
unauthorized access to, or the compromise of,
electronic or physical information holdings
5.
You don’t usually assess whether information or
other assets require a national security
classification. You also can’t be confident that
classified resources are managed correctly
6.
You can’t be confident you implement measures for
information assets that are proportional to their
value, importance, and sensitivity
Informal
Question One
Pg. 05
7.
You have limited information security measures in place for
targeted cyber intrusions and have a reactive approach to
emerging cyber intrusions and threats
8.
You do not understand where and how your information or
data assets are shared with service providers.
Question Two
Pg. 06
Learning
Outcome(s):
CLO2: Apply
effective, proper,
and state-of-the-art
security tools and
technologies.
Question Two
4 Marks
Summarize the key findings of your participating companies/organizations in light
of ISCMM levels. (Maximum 250 words).
Question Three
Pg. 07
Learning
Outcome(s):
CLO3: Develop
security policies and put
in place an effective
security architecture
that comprises modern
hardware and software
technologies and
protocols.
Question Three
2 Marks
From your point of view, what are the main recommendations for participating
companies/organizations to upgrade their level in ISCMM.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.
Read moreEach paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.
Read moreThanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.
Read moreYour email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.
Read moreBy sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.
Read more