Page 1 of 4 SBM4304 IS Security and Risk Management Semester 2, 2018 Assignment 2: Essay Due date: Week 7 Group/individual: Individual assignment Word count: 2000 Weighting: 40% Unit learning...

Page 1 of 4
SBM4304 IS Security and Risk Management
Semester 2, 2018
Assignment 2: Essay
Due date: Week 7
Group/individual: Individual assignment
Word count: 2000
Weighting: 40%
Unit learning outcomes: [ULO3], [ULO5], [ULO6]
Rationale
In the Essay assignment students have to study the different types of IS control. Research
must be conducted to understand and analyse the difference between general management
controls and application controls. The students have also to evaluate the security and risk
management techniques required to ensure the reliability, confidentiality, availability,
integrity and security of digital business processes. Finally, they have to demonstrate how
the auditing can support data quality.
Task Specifications
Students should select an organisation. The organization must provide IS services to the
staff and customers. The students have to write a report to answer the followings related to
the selected organization:
1. Briefly illustrate the services the organization provided and how the use of
information system supports the organization business operations.
2. Any organization use General Management Controls (GMCs) to manage its risks. This
control forms the foundations of internal control system and help provide efficient
defense against threats. Outline and discuss the GMC of the selected organization.
3. Application Controls (ACs) for IS are specific type of control used by organizations to
control computerize applications such as payroll systems, online learning systems
and other business-related applications. Discuss the different types of ACs.
4. Compare general management controls and application controls for IS.
5. Describe and evaluate the risk management techniques adopted by the selected
organization required to ensure the reliability, confidentiality, availability, integrity
and security of digital business processes. Your evaluation of the risk management
must include risk identification, risk assessment and risk control related to the
selected organization.
6. Auditing is the process of reviewing of systems use to determine if misuse has
occu
ed at any bussing process of the organization. Critique the importance of

Page 2 of 4
auditing IS and safeguarding data quality for the selected organization. Illustrate the
audit plan and process used by the organization.
You may need to make some assumptions with the required justifications.

Report Layout
The report should be organised using the following headings and guidelines:
1. A Cover Title Page
2. Introduction
- should clearly define the aims and objectives of the report.
3. A depiction of the services the organization provided and how the use of information
system supports the organization business operations.
4. General Management Controls (GMCs) of the selected organization.
5. Types of Application Controls (ACs).
6. Compare general management controls and application controls for IS.
7. Risk management techniques adopted by the selected organization
a. Reliability, confidentiality, availability, integrity and security.
. Risk identification, risk assessment and risk control.
8. Importance of auditing IS and safeguarding data quality for the selected organization.
- audit plan
- audit process
9. Conclusions and Recommendations
- A summary of your findings and your recommendations regarded the security and
isk management.
10. Reference



















Page 3 of 4
Assessment criteria

SBM4304 IS Security and Risk Management
Semester 1, 2018
Worth 40%
Marking Criteria:
Student ID: XXXXXXXXXXStudent Name:
Assessment
Attributes
Level of Attainment
Fail Pass Credit Distinction High Distinction
Compare
general
management
controls and
application
controls for IS
(30%)
Inadequate
understanding
of general
management
controls and
application
controls for IS;
cannot discuss
concepts in
own words
Basic knowledge
only of general
management
controls and
application
controls for IS;
limited depth of
asic concepts
Exhibits
eadth
and depth of
understanding of
general
management
controls and
application
controls for IS
Exhibits accurate
and detailed
eadth and depth
of understanding
of general
management
controls and
application
controls for IS
Displays exceptional
understanding of
concepts and their
practical application
of general
management
controls and
application controls
for IS
Evaluate the IS-
elated security
and risk
management
techniques
equired to
ensure the
eliability,
confidentiality,
availability,
integrity and
security of
digital business
processes
(30%)
Inadequate
understanding
of IS-related
security and
isk
management
techniques
equired to
ensure the
eliability,
confidentiality
, availability,
integrity and
security of
digital
usiness
processes;
cannot discuss
concepts in
own words
Basic knowledge
only of IS-
elated security
and risk
management
techniques
equired to
ensure the
eliability,
confidentiality,
availability,
integrity and
security of
digital business
processes;
limited depth of
asic concepts
Exhibits
eadth
and depth of
understanding of
IS-related
security and risk
management
techniques
equired to
ensure the
eliability,
confidentiality,
availability,
integrity and
security of digital
usiness
processes
Exhibits accurate
and detailed
eadth and depth
of understanding
of IS-related
security and risk
management
techniques
equired to ensure
the reliability,
confidentiality,
availability,
integrity and
security of digital
usiness processes
Displays exceptional
understanding of
concepts and their
practical application
of IS-related security
and risk
management
techniques required
to ensure the
eliability,
confidentiality,
availability, integrity
and security of
digital business
processes
Critique the Inadequate Basic knowledge Exhibits
eadth Exhibits accurate Displays exceptional

Page 4 of 4
importance of
auditing IS and
safeguarding
data quality
(20%)
understanding
of the
importance of
auditing IS and
safeguarding
data quality;
cannot discuss
concepts in
own words
only of the
importance of
auditing IS and
safeguarding
data quality;
limited depth of
asic concepts
and depth of
understanding of
the importance
of auditing IS and
safeguarding
data quality
and detailed
eadth and depth
of understanding
of the importance
of auditing IS and
safeguarding data
quality
understanding of
concepts and their
practical application
of the importance of
auditing IS and
safeguarding data
quality
Written
Communication
skills (15%)
Proposal lacks
structure.
Most
components
present
Components
present and
mostly well
integrated
All elements are
present and very
well integrated.
All elements are
present and very
well integrated.
Citation of
sources and list
of references
(5%)
Lacks
consistency
with many
e
ors
Sometimes clear
eferencing style
Generally good
eferencing style
Clear referencing
style
Clear styles with
excellent source of
eferences.
TOTAL MARKS: 100% Total Marks Obtained:
Comments:
Lecturer: Location: Date: