project ..

Project ReportDeadline: Monday 11/12/2023 @ 11:59
[Total Mark is 14 Marks]
Students Details:
CRN:
Name:
Name:
Name:
ID:
ID:
ID:
Instructions:
• This Project must be submitted on Blackboard via the allocated folder.
• Students must work as groups in which each group has up to 3 students.
• Email submission will not be accepted.
• You are advised to make your work clear and well-presented, marks will be reduced for poor
presentation. (for diagrams it is recommended to add them inside a textbox to achieve a good
management of the document layout)
• You MUST show all your work.
• Late submission will result in ZERO marks being awarded.
• Identical copy from students or other resources will result in ZERO marks for all involved
students.
• Add pages as necessary.
Pg. 01
Description and Instructions
Project Description:
This project is an opportunity for you to practice your knowledge and skills by
assessing the actual information security practice in Saudi companies/organizations
based on the information security capability maturity model (ISCMM).
•
Total Marks = 14
Project Report
Presentation
10 marks
4 marks
•
Group Size = 2- 3 members.
•
Each student must visit a chosen company/organization to interview a
cybersecurity representative (i.e., each group should have two or three filled
checklists based on the number of team members).
•
•
You should answer the questions in this research activity as a group.
One group member (group leader) should submit all files: Project Report and
Presentation Slides on Blackboard. Marks will be given based on your submission
and the quality of the content.
Project Report
•
Each Project Report will be evaluated according to the marking criteria in each
question section.
Presentation
Grading Criteria:
Complete content (Introduction, body, and conclusion)
2 mark
Effective use of time (max. 8-10 minutes)
1 mark
Voice projection and loudness/ Eye contact/ Confidence and 1 mark
attitude
Pg. 02
Information Security capability maturity (ISCMM) levels
For this project, you will use the following levels of the information security capability
maturity model (ISCMM) as guiding principles for your journey to assess the maturity
of the chosen company/organization regarding information security.
Pg. 03
Learning
Outcome(s):
4 Marks
Question One
Use the following checklist to fill out during the meeting with the chosen
company/organization cybersecurity representative. Provide the filled
CLO4: Analyze
checklists for each team member.
problems related to the
field of Security and
Information Assurance
ISCMM
Levels
Enhanced
Managed
Indicators
1.
You actively explore opportunities to enhance information
security as part of your continuous improvement program
for security
2.
Information security measures are responsive, adaptable,
efficient, robust, and benefit from strategic intent.
1.
You have mechanisms to assess and manage requirements
for protecting, sharing, and assuring information. These
mechanisms are well understood and updated as required.
2.
You have proportionate measures in place to prevent,
detect, and respond to unauthorized or inappropriate access
to information and ICT systems, including during systems
development and throughout the information lifecycle.
3.
You clearly understand where and how information
and data assets are shared with service providers.
4.
You appropriately archive or otherwise dispose of
information holdings when they are no longer required.
5.
Mobile devices and remote working solutions are managed
securely.
Information or other assets you hold are consistently
classified, marked, accessed, and handled in line with the
Saudi Government Security Classification System.
6.
7.
Your systems ensure access controls are updated when your
people change roles or leave your organization.
8.
You ensure changes made to information management
measures are consistent with your security risk profile and
wider protective security policies. Changes are promptly
communicated
9.
You periodically conduct both scheduled and
unannounced tests and audits of information
security.
10. When appropriate, your access controls enforce
Tick the
applicable
indicators
Pg. 04
segregation of duties to reduce opportunities for
unauthorized or unintentional access to or misuse of
information assets.
1.
2.
People most directly responsible for protective security
understand the information security lifecycle.
You have a certification and accreditation program in
place for new and existing ICT systems; however, it is
inconsistently followed.
3.
You have simple information security measures in place for
areas holding physical records, ICT equipment, and basic
ICT system access controls.
4.
You have pockets of good information security
awareness and practice, but standards aren’t applied
consistently across your information holdings, and
your overall compliance is poorly understood. This
may be particularly true when external suppliers
hold or manage your information.
5.
You have some security mechanisms in place for
ICT systems development.
6.
You have a limited understanding of where and
how information or data assets are shared with
service providers.
7.
You understand emerging cyber intrusions and threats and
have put in place simple information security measures to
mitigate targeted cyber intrusions.
1.
You have limited understanding of your information assets
and don’t proactively assess the information assets you most
need to protect
You have limited information security measures in place to
protect your information assets and ICT system
development
Basic
2.
3.
You do not have a certification and accreditation program in
place for new or existing ICT systems.
4.
You can’t be confident you would detect
unauthorized access to, or the compromise of,
electronic or physical information holdings
5.
You don’t usually assess whether information or
other assets require a national security
classification. You also can’t be confident that
classified resources are managed correctly
6.
You can’t be confident you implement measures for
information assets that are proportional to their
value, importance, and sensitivity
Informal
Pg. 05
7.
You have limited information security measures in place for
targeted cyber intrusions and have a reactive approach to
emerging cyber intrusions and threats
8.
You do not understand where and how your information or
data assets are shared with service providers.
Pg. 06
Learning
Outcome(s):
CLO2: Apply
effective, proper,
and state-of-the-art
security tools and
technologies.
Question Two
4 Marks
Summarize the key findings of your participating companies/organizations in light
of ISCMM levels. (Maximum 250 words).
Pg. 07
Learning
Outcome(s):
CLO3: Develop
security policies and put
in place an effective
security architecture
that comprises modern
hardware and software
technologies and
protocols.
Question Three
2 Marks
From your point of view, what are the main recommendations for participating
companies/organizations to upgrade their level in ISCMM.
Project
Deadline: Tuesday 05/12/2023 @ 23:59
[Total Mark for this Project is 14]
Group Details:
CRN:
Name:
ID:
Name:
ID:
Name:
ID:
Instructions:
• You must submit two separate copies (one Word file and one PDF file) using the Assignment Template on
Blackboard via the allocated folder. These files must not be in compressed format.
• It is your responsibility to check and make sure that you have uploaded both the correct files.
• Zero mark will be given if you try to bypass the SafeAssign (e.g., misspell words, remove spaces between
words, hide characters, use different character sets, convert text into image or languages other than English
or any kind of manipulation).
• Email submission will not be accepted.
• You are advised to make your work clear and well-presented. This includes filling your information on the cover
page.
• You must use this template, failing which will result in zero mark.
• You MUST show all your work, and text must not be converted into an image, unless specified otherwise by
the question.
• Late submission will result in ZERO mark.
• The work should be your own, copying from students or other resources will result in ZERO mark.
• Use Times New Roman font for all your answers.
Project
Pg. 01
Learning Outcome(s):
CLO 1, 2, 5
1, Demonstrate an
understanding of the
concepts of decision
analysis and decision
support systems (DSS)
including probability,
modelling, decisions under
uncertainty, and real-world
problems.
2, Describe advanced
Business Intelligence,
Business Analytics, Data
Visualization, and
Dashboards.
5, Improve hands-on skills
using Excel, and Orange
for building Decision
Support Systems.
Project
14 Marks
Students can form groups consisting of three students and send their names to their
instructors before 5th October 2023. Otherwise, the instructors will form the groups
randomly and assign any datasets to the groups.
Select one dataset from the datasets provided in the bellow link.
For 28 Data Analysis Projects to Boost Your Skills [2023 Guide]:
https://www.springboard.com/blog/data-analytics/data-analysis-projects/
For more free public datasets for EDA:
https://www.tableau.com/learn/articles/free-public-data-sets
✓
After the dataset is selected (or assigned), analyze the data using Microsoft Excel
to discover the structure of data, trends, patterns, or any anomalies in the data based on
your own hypothesis.
✓
Perform the following six tasks.
✓
You should use visualization to aid your answers.
Your project will include two main parts:
1.
The final project report which must incorporate all the following 6 tasks and
written using the provided template. (10 marks distributed among the below tasks).
2.
A presentation that illustrates your 6 tasks completed in the project. (4 marks)
==========================================================
Task 1: Understand and describe the nature and structure of the selected dataset. (2
marks)
•
Describe the dataset. Your description should answer the following questions:
is it reliable? how was it collected? What its size?
Project
Pg. 02
•
Identify the features of dataset.
•
Propose hypothesis / assumptions (between 2 numerical variables) to validate.
Task 2: Check if your selected features have any of the following issues. Describe how you
conducted the tests and how you addressed the issues. Support your answers with screenshots of
the issues before and after the fixes. (1 mark)
•
Missing values (0.25 for the test, fix and screenshot)
•
Duplicate values (0.25)
•
Data outliers (0.25)
•
Any noise or irregularities (0.25)
Task 3: Provide descriptive statistics for the selected features using statistical method to
understand the dataset more and answer the following analysis questions: (2 marks)
•
Include any of the measure of central tendency such as the mean, median, and mode.
•
Describe the spread of your data. This may include the measure of variance, standard
deviation, skewness, and kurtosis.
(You are encouraged to impose other analysis questions based on any trend you notice in
the dataset).
Task 4: Validate the hypothesis in Task 1 by investigating the relationship between two
quantitative variables you have chosen using correlation, regression and R-squared with possible
conclusions. (2 marks)
Task 5: Show visual representation of your analysis (hint: use the right chart/graph for your data
analysis). (1 mark)
Task 6: Build an active Dashboard which summarizes the most crucial factors (variables) that
will help in decision-making process, and then demonstrate the effectiveness of your selection
of those factors in the decision-making process. (2 marks)
Project
Pg. 03
Project Report