IA
SEP2602 ASSIGNMENT 2
FOR SEMESTER 2 2025
DUE: 19 SEPTEMBER 2025
FEND TUTORIALS
, QUESTION 1
The Minimum Information Security Standards (MISS) document is designed to provide a
comprehensive framework to safeguard information assets within an organisation. The
key areas covered by the MISS document typically include:
1. Governance and Policy:
Establishes the information security governance framework, including roles,
responsibilities, and accountability for protecting information assets. It defines
security policies, procedures, and standards that must be adhered to.
2. Risk Management:
Addresses the identification, assessment, and management of risks to
information assets. This includes conducting risk assessments and implementing
appropriate controls to mitigate identified risks.
3. Access Control:
Defines mechanisms to ensure that only authorised personnel have access to
information systems and data. This includes user authentication, authorisation,
and physical access controls.
4. Information Classification and Handling:
Outlines how information should be classified based on sensitivity (e.g.,
confidential, restricted, public) and the handling requirements for each
classification to protect its confidentiality, integrity, and availability.
5. Security Awareness and Training:
Emphasises the importance of educating employees and stakeholders about
information security policies, potential threats, and best practices to maintain a
secure environment.
6. Incident Management:
Provides guidelines for detecting, reporting, and responding to security incidents,
including breaches, to minimise damage and recover normal operations.
7. Compliance and Monitoring:
Ensures ongoing monitoring of security controls and compliance with legal,
regulatory, and organisational requirements. This includes regular audits and
reviews to verify adherence to the standards.
QUESTION 2
2.1 What are the two types of baselines used in security budgeting? (2 marks)
Answer:
The two types of baselines used in security budgeting are:
Income Baseline: This refers to the financial resources or revenue allocated to
the security department. It represents the starting financial point for budgeting.
Threat Baseline: This represents the assessment of potential security risks,
vulnerabilities, and threats that the organisation faces. It is used to determine the
necessary security measures and budget priorities.
SEP2602 ASSIGNMENT 2
FOR SEMESTER 2 2025
DUE: 19 SEPTEMBER 2025
FEND TUTORIALS
, QUESTION 1
The Minimum Information Security Standards (MISS) document is designed to provide a
comprehensive framework to safeguard information assets within an organisation. The
key areas covered by the MISS document typically include:
1. Governance and Policy:
Establishes the information security governance framework, including roles,
responsibilities, and accountability for protecting information assets. It defines
security policies, procedures, and standards that must be adhered to.
2. Risk Management:
Addresses the identification, assessment, and management of risks to
information assets. This includes conducting risk assessments and implementing
appropriate controls to mitigate identified risks.
3. Access Control:
Defines mechanisms to ensure that only authorised personnel have access to
information systems and data. This includes user authentication, authorisation,
and physical access controls.
4. Information Classification and Handling:
Outlines how information should be classified based on sensitivity (e.g.,
confidential, restricted, public) and the handling requirements for each
classification to protect its confidentiality, integrity, and availability.
5. Security Awareness and Training:
Emphasises the importance of educating employees and stakeholders about
information security policies, potential threats, and best practices to maintain a
secure environment.
6. Incident Management:
Provides guidelines for detecting, reporting, and responding to security incidents,
including breaches, to minimise damage and recover normal operations.
7. Compliance and Monitoring:
Ensures ongoing monitoring of security controls and compliance with legal,
regulatory, and organisational requirements. This includes regular audits and
reviews to verify adherence to the standards.
QUESTION 2
2.1 What are the two types of baselines used in security budgeting? (2 marks)
Answer:
The two types of baselines used in security budgeting are:
Income Baseline: This refers to the financial resources or revenue allocated to
the security department. It represents the starting financial point for budgeting.
Threat Baseline: This represents the assessment of potential security risks,
vulnerabilities, and threats that the organisation faces. It is used to determine the
necessary security measures and budget priorities.
