BTEC IT DATA
MODELLING UNIT 5
ASSIGNMENT 2 EXCEL
2023
, ASSIGNMENT FRONT SHEET
Qualification BTEC Level 5 HND Diploma in Computing
Unit number and title Unit 5: Security
Submission date Date Received 1st submission
Re-submission Date Date Received 2nd submission
Student Name Student ID
Class Assessor name
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of
making a false declaration is a form of malpractice.
Student’s signature
Grading grid
P5 P6 P7 P8 M3 M4 M5 D2 D3
, Summative Feedback: Resubmission Feedback:
Grade: Assessor Signature: Date:
Internal Verifier’s Comments:
Signature & Date:
2
, Table of Contents
TABLE OF CONTENTS ............................................................................................................................................................... 3
TABLE OF FIGURES .................................................................................................................................................................. 6
LIST OF TABLES........................................................................................................................................................................ 7
A. INTRODUCTION ............................................................................................................................................................. 8
B. (P1) DISCUSS RISK ASSESSMENT PROCEDURES. ............................................................................................................. 9
I. DEFINE RISK & RISK ASSESSMENT ........................................................................................................................................ 9
1. Define Risk: ........................................................................................................................................................... 9
2. Define risk assessment......................................................................................................................................... 11
II. EXPLAIN ASSET, THREAT AND THREAT IDENTIFICATION PROCEDURE , GIVE EXAMPLE ........................................................................ 12
1. Asset Identification .............................................................................................................................................. 12
2. Threat Identification ............................................................................................................................................ 13
3. Threat Identification Procedure ........................................................................................................................... 15
Example: ...................................................................................................................................................................... 17
III. EXPLAIN THE RISK ASSESSMENT PROCEDURE ........................................................................................................................ 18
IV. List risk identification steps .................................................................................................................................. 22
C. (P6) EXPLAIN DATA PROTECTION PROCESSES AND REGULATIONS AS APPLICABLE TO AN ORGANIZATION. ................ 22
I. DEFINE DATA PROTECTION .............................................................................................................................................. 22
II. DATA PROTECTION PROCESS WITH RELATIONS TO ORGANIZATION .............................................................................................. 24
III. WHY ARE DATA PROTECTION AND REGULATION IMPORTANT ? .................................................................................................. 24
1. Why is data protection important? ...................................................................................................................... 24
2. Why is data regulation important? ...................................................................................................................... 25
D. (P7) DESIGN AND IMPLEMENT A SECURITY POLICY FOR AN ORGANIZATION. .............................................................. 31
I. DEFINE AND DISCUSS WHAT IS SECURITY POLICY .................................................................................................................... 31
II. GIVE EXAMPLES OF POLICIES ............................................................................................................................................ 33
III. GIVE THE MOST & SHOULD THAT MUST EXIST WHILE CREATING POLICY . ...................................................................................... 37
IV. EXPLAIN AND WRITE DOWN THE ELEMENT OF SECURITY POLICY ................................................................................................. 39
1. Purpose ............................................................................................................................................................... 39
2. Information security objectives ............................................................................................................................ 39
3. Subjects............................................................................................................................................................... 40
4. Data classification ............................................................................................................................................... 40
5. Cognition and behavior ....................................................................................................................................... 40
3
MODELLING UNIT 5
ASSIGNMENT 2 EXCEL
2023
, ASSIGNMENT FRONT SHEET
Qualification BTEC Level 5 HND Diploma in Computing
Unit number and title Unit 5: Security
Submission date Date Received 1st submission
Re-submission Date Date Received 2nd submission
Student Name Student ID
Class Assessor name
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of
making a false declaration is a form of malpractice.
Student’s signature
Grading grid
P5 P6 P7 P8 M3 M4 M5 D2 D3
, Summative Feedback: Resubmission Feedback:
Grade: Assessor Signature: Date:
Internal Verifier’s Comments:
Signature & Date:
2
, Table of Contents
TABLE OF CONTENTS ............................................................................................................................................................... 3
TABLE OF FIGURES .................................................................................................................................................................. 6
LIST OF TABLES........................................................................................................................................................................ 7
A. INTRODUCTION ............................................................................................................................................................. 8
B. (P1) DISCUSS RISK ASSESSMENT PROCEDURES. ............................................................................................................. 9
I. DEFINE RISK & RISK ASSESSMENT ........................................................................................................................................ 9
1. Define Risk: ........................................................................................................................................................... 9
2. Define risk assessment......................................................................................................................................... 11
II. EXPLAIN ASSET, THREAT AND THREAT IDENTIFICATION PROCEDURE , GIVE EXAMPLE ........................................................................ 12
1. Asset Identification .............................................................................................................................................. 12
2. Threat Identification ............................................................................................................................................ 13
3. Threat Identification Procedure ........................................................................................................................... 15
Example: ...................................................................................................................................................................... 17
III. EXPLAIN THE RISK ASSESSMENT PROCEDURE ........................................................................................................................ 18
IV. List risk identification steps .................................................................................................................................. 22
C. (P6) EXPLAIN DATA PROTECTION PROCESSES AND REGULATIONS AS APPLICABLE TO AN ORGANIZATION. ................ 22
I. DEFINE DATA PROTECTION .............................................................................................................................................. 22
II. DATA PROTECTION PROCESS WITH RELATIONS TO ORGANIZATION .............................................................................................. 24
III. WHY ARE DATA PROTECTION AND REGULATION IMPORTANT ? .................................................................................................. 24
1. Why is data protection important? ...................................................................................................................... 24
2. Why is data regulation important? ...................................................................................................................... 25
D. (P7) DESIGN AND IMPLEMENT A SECURITY POLICY FOR AN ORGANIZATION. .............................................................. 31
I. DEFINE AND DISCUSS WHAT IS SECURITY POLICY .................................................................................................................... 31
II. GIVE EXAMPLES OF POLICIES ............................................................................................................................................ 33
III. GIVE THE MOST & SHOULD THAT MUST EXIST WHILE CREATING POLICY . ...................................................................................... 37
IV. EXPLAIN AND WRITE DOWN THE ELEMENT OF SECURITY POLICY ................................................................................................. 39
1. Purpose ............................................................................................................................................................... 39
2. Information security objectives ............................................................................................................................ 39
3. Subjects............................................................................................................................................................... 40
4. Data classification ............................................................................................................................................... 40
5. Cognition and behavior ....................................................................................................................................... 40
3
