You should make use of whatever accepted industry or international standards you feel are
appropriate in carrying out this task, but either COBIT 5 or ISO27000 series standards, or a
combination of both are recommended.
If you feel that additional areas need to be addressed in the strategy, then please add them, with a
brief explanation of why.
In selecting an organization to focus on, you may choose a specific organization with which one or
more of your group are familiar, or you may use the University of Salford as an example
organization. In the case where you choose an organization that not all of the group members are
familiar with, you should clearly define the roles that each member of the group will take in the
assignment work, bearing in mind the prior knowledge that each member has.
Individual Assignment (50%)
Deadline: Friday 17th January 2014
This assignment is carried out as an individual.
The task builds on the group assignment, so may be though of as an individual component of the
same assignment. You are asked to:
•
make a critical analysis of the implications of the strategy you have put in place from an
ethical and a legal point of view, identifying key areas where ethical and legal questions
need to be addressed and an analysis of the issues involved, making reference to relevant
laws, regulations and ethical guidelines in order to back up any arguments you make;
•
write a critical analysis of the barriers to implementation of the strategy, and opportunities
for creating a culture of security in the organization;
•
write a reflective report on the process that was employed in the group part of the
assignment, summarizing your own role in the work, indicating areas where you feel you
and the group could have improved on what was done, and reflecting on the lessons you
have learned from the process.
It is recognized that there may not be a “correct” answer in many cases, but marks will be awarded
for demonstrating a clear understanding of the relevant arguments.

Topic: Information Security Management
Order Description
4 book 4 internet and two any article references.
Include in-text references as well.
Executive summary, introduction main body and references.
More details is provided in further documents.

Topic: Information Security Management
Order Description
4 book 4 internet and two any article references.
Include in-text references as well.
Executive summary, introduction main body and references.
More details is provided in further documents.