Assignment Task:

On 8 August 2023, the names of police officers and staff in Northern Ireland, where they were based and their roles were published on the internet. The data was made public, in error, by police as they responded to a routine freedom of information (FOI) request.

Data leakage prevention can be supported by standard security controls. Your task is to research and draft a Secure Access and Document Management Policy along the lines of the ISO27000 family for the Police Service of Northern Ireland (PSNI). You are advised to create a clear set of policy statements with controls and examples. You may wish to refer to ‘ISO 27002’ 5.1 Policies for Information Security, 5.12 Classification Information and 5.15 Access control and 8.12 Data leakage prevention to ensure that the policy aligns requirements for ISO compliance.

You should take into consideration any confidentiality, integrity, and availability (CIA) issues of the information assets for the PSNI and assess all relevant risks, taking into account the PSNI’s overall organisational strategy and objectives. This can be facilitated or supported through an information security-specific risk assessment. This should result in the determination of the controls necessary to ensure that the residual risk to the organisation meets its risk acceptance criteria.

You should also research the General Data Protection Regulation (GDPR) and any other relevant legal, statutory, regulatory and contractual requirements that PSNI and its interested parties (government, public, media, partners, service providers, etc.) have to comply with and their sociocultural environment;

Brief relevant description of the PSNI will help to set a personalised case study scenario of the assessment. You may also research publicly available information on the principles, objectives and organisational requirements of PSNI and make assumptions for the "life cycle of information" it may have to support its operations. You may also have to identify information classification where relevant you may make assumptions/fictitious data (but indicate it).

Submission Requirements:

The final report is expected to have the following structure:

• Cover Page

  • Module code
  • Module title
  • ID number (the submission MUST be anonymous)
  • Month and year, e.g. March 2022

• Context Establishment

  • Research into the organisation, its environment and threat landscape goes here. You may also include your list of assumptions here (maximum 2 pages/1000 words)

• Risk assessment

  • Produce an asset-based risk register (maximum 2 pages/1000 words) - The results of the risk assessment should help prioritise implementing controls of managing information security risks including appropriate policy statements necessary to protect against the residual risks.

• Secure Access and Document Management Policy - Title page of your policy and your developed policy goes here (Maximum 3 pages/1500 words)

• References

• Appendix (Optional) - will not offer any marks for this section, but you could include evidence of any additional work you may have in here.

You are expected to use appropriate peer-reviewed sources for developing your arguments and use Harvard-style referencing.

This is an individual assessment and it is essential that you develop your context, risk assessment and policy based on your own research and analysis. You should also avoid the direct use of publicly available policies and statements from the standards.

You are strongly encouraged to make use of Turnitin prior to submitting your policy.

The report should be prepared as follows:

• The same font should be used throughout. We would prefer you to use 12-point Times, though any reasonable alternative (such as Arial) will be accepted.
• Lines should be single-spaced, with between 1/2 a line and a whole line of extra space after each paragraph.
• Margins: at least 20mm left and right; 25mm top and bottom.

You are required to submit the final report as a single document via StudyNet in a .doc or .docx format using your student number as the filename.

Module leader reserve the right to conduct an oral examination with the student about the subject matter in his/her assessment submission.

Marks Awarded For: