21; 22; 23 2022

MODULE NAME: MODULE CODE:

INFORMATION SECURITY ISEC6311

ASSESSMENT TYPE: TAKE‐HOME ASSESSMENT (PAPER ONLY)

TOTAL MARK ALLOCATION: 60 MARKS
TOTAL TIME: This assessment should take you 1 Hour to complete, however
you have 21 Hours (midnight to 9PM on the same day) to
submit. This additional time has been allocated to allow for the
download, completion and upload of your submission.
By submitting this assessment, you acknowledge that you have read and understood all the rules
as per the terms in the registration contract, in particular the assignment and assessment rules in
The IIE Assessment Strategy and Policy (IIE009), the intellectual integrity and plagiarism rules in
the Intellectual Integrity Policy (IIE023), as well as any rules and regulations published in the
student portal.

INSTRUCTIONS:
1. Please adhere to all instructions. These instructions are different from what is normally
present, so take time to go through these carefully.
2. Independent work is required. Students are not allowed to work together on this
assessment. Any contraventions of this will be handled as per disciplinary procedures in The
IIE policy.
3. No material may be copied from original sources, even if referenced correctly, unless it is
a direct quote indicated with quotation marks.
4. All work must be adequately and correctly referenced.
5. You should paraphrase (use your own words) the concepts that you are referencing, rather
than quoting directly.
6. Marks will be awarded for the quality of your paraphrasing.
7. This is an open‐book assessment.
8. Assessments must be typed unless otherwise specified.
9. Ensure that you save a copy of your responses.
9.1. Complete your responses in a Word document.
9.2. The document name must be your name.student number.Module Code.
9.3. Once you have completed the assessment, upload your document under the
submission link in the correct module in Learn.
Additional instructions:
 Calculators are allowed
 Answer All Questions. .

© The Independent Institute of Education (Pty) Ltd 2022

Page 1 of 4
21; 22; 23 2022

Referencing Rubric

Providing evidence based on valid and referenced academic sources Markers are required to provide feedback to students by indicating
is a fundamental educational principle and the cornerstone of high‐ (circling/underlining) the information that best describes the
quality academic work. Hence, The IIE considers it essential to student’s work.
develop the referencing skills of our students in our commitment to
achieve high academic standards. Part of achieving these high Minor technical referencing errors: 5% deduction from the
standards is referencing in a way that is consistent, technically overall percentage – the student’s work contains five or more
correct and congruent. This is not plagiarism, which is handled errors listed in the minor errors column in the table below.
differently.
Major technical referencing errors: 10% deduction from the
Poor quality formatting in your referencing will result in a penalty of overall percentage – the student’s work contains five or more
a maximum of ten percent being deducted from the percentage errors listed in the major errors column in the table below.
awarded, according to the following guidelines. Please note,
however, that evidence of plagiarism in the form of copied or If both minor and major errors are indicated, then 10% only (and
uncited work (not referenced), absent reference lists, or not 5% or 15%) is deducted from the overall percentage. The
exceptionally poor referencing, may result in action being taken in examples provided below are not exhaustive but are provided to
accordance with The IIE’s Intellectual Integrity Policy (0023). illustrate the error

Required: Minor errors in technical correctness of Major errors in technical correctness of referencing
Technically correct referencing referencing style style
style Deduct 5% from percentage awarded Deduct 10% from percentage awarded
Consistency Minor inconsistencies. Major inconsistencies.
 The referencing style is generally  Poor and inconsistent referencing style used in‐
 The same referencing format consistent, but there are one or two text and/or in the bibliography/ reference list.
has been used for all in‐text changes in the format of in‐text  Multiple formats for the same type of referencing
references and in the referencing and/or in the bibliography. have been used.
bibliography/reference list.  For example, page numbers for direct  For example, the format for direct quotes (in‐text)
quotes (in‐text) have been provided for and/or book chapters (bibliography/ reference
one source, but not in another instance. list) is different across multiple instances.
Two book chapters (bibliography) have
been referenced in the bibliography in
two different formats.
Technical correctness Generally, technically correct with some Technically incorrect.
minor errors.  The referencing format is incorrect.
 Referencing format is  The correct referencing format has been  Concepts and ideas are typically referenced, but a
technically correct throughout consistently used, but there are one or reference is missing from small sections of the
the submission. two errors. work.
 Concepts and ideas are typically  Position of the references: references are only
 Position of the reference: a referenced, but a reference is missing given at the beginning or end of large sections of
reference is directly associated from one small section of the work. work.
with every concept or idea.  Position of the references: references  For example, incorrect author information is
are only given at the beginning or end of provided, no year of publication is provided,
 For example, quotation marks, every paragraph. quotation marks and/or page numbers for direct
page numbers, years, etc. are  For example, the student has incorrectly quotes missing, page numbers are provided for
applied correctly, sources in presented direct quotes (in‐text) and/or paraphrased material, the incorrect punctuation is
the bibliography/reference list book chapters (bibliography/reference used (in‐text); the bibliography/reference list is
are correctly presented. list). not in alphabetical order, the incorrect format for
a book chapter/journal article is used, information
is missing e.g. no place of publication had been
provided (bibliography); repeated sources on the
reference list.
Congruence between in‐text Generally, congruence between the in‐text A lack of congruence between the in‐text referencing
referencing and bibliography/ referencing and the bibliography/ and the bibliography.
reference list reference list with one or two errors.  No relationship/several incongruencies between
 There is largely a match between the the in‐text referencing and the
 All sources are accurately sources presented in‐text and the bibliography/reference list.
reflected and are all accurately bibliography.  For example, sources are included in‐text, but not
included in the bibliography/  For example, a source appears in the in the bibliography and vice versa, a link, rather
reference list. text, but not in the bibliography/ than the actual reference is provided in the
reference list or vice versa. bibliography.
In summary: the recording of In summary, at least 80% of the sources In summary, at least 60% of the sources are
references is accurate and are correctly reflected and included in a incorrectly reflected and/or not included in
complete. reference list. reference list.

Overall Feedback about the consistency, technical correctness and congruence between in‐text referencing and bibliography:
....................................................................................................................................................................................................................................................................................................
.................................................................................................................................................................................................................................................................................................... .

© The Independent Institute of Education (Pty) Ltd 2022

Page 2 of 4
21; 22; 23 2022

Question 1 (Marks: 20)

Q.1.1 Read the scenario below and then answer the question that follows: (9)

A student is required to access her take‐home examination using an online exam

system. Once completed the examination, a copy of the exam must be uploaded or
submitted online. Upon successful submission, a report or receipt of submission is
provided to the student. The student is then ios required to email the report to the
Examination Administrator within 24 hours.

Using the scenario above as an example, describe how each of the C.I.A.
components can ensure the security and protection of the access and storage of
examination files, exam system, sending/ receiving emails, and student identity. In
your answer, you must be clear about which part of the scenario you are using as
an example.

Q.1.2 Discuss why the top‐down approach to information security implementation has a (6)
higher chance of success compared to the bottom‐up approach. Use examples in
your answer.

Q.1.3 Using examples, describe four important functions information security performs (5)
for a tertiary college, for example, an institution where you are studying.

Question 2 (Marks: 20)

Q.2.1 Using suitable examples, differentiate between risk appetite and residual risk. (8)

Q.2.2 Senior management has just learned about security awareness programs. They,
senior management, want to introduce an awareness program but are not
convinced that an awareness program is necessary and so they have turned to
you to educate them.
Q.2.2.1 Justify the need for a security awareness program and briefly explain (4)
the consequences of not actively implementing a security education,
training and awareness program.
Q.2.2.2 Summarise the elements of good security awareness to present to (8)
senior management.

© The Independent Institute of Education (Pty) Ltd 2022

Page 3 of 4
21; 22; 23 2022

Question 3 (Marks: 20)

Q.3.1 Think about the different access controls at a tertiary institution e.g. your college, (4)
give one practical example of discretionary access control and another practical
example of non‐discretionary access control. Support the examples that you
identified with explanations.

Q.3.2 All firewall devices can be configured in several network connection architectures.
Although hundreds of variations exist, three architectural implementations of
firewalls are especially common:

 single bastion host.

 screened host firewalls.
 screened subnet firewalls.
Q.3.2.1 Using suitable examples, describe two different ways in which a single (4)
bastion host can be implemented.
Q.3.2.2 Why must a bastion host be thoroughly secured? (1)

Q.3.3 Besides firewalls, an organisation can use a utility that can help an organization’s
systems from misuse (misuse includes access to material that is not related to
business such as pornography or entertainment) and unintentional denial of
service.
Q.3.3.1 Suggest one such utility and explain your suggestion. (3)
Q.3.3.2 Using an example, explain how the utility you identified in Q.3.3.1 (2)
prevents misuse.

Q.3.4 Scanning tools, also known as port scanners, are typically used as part of an attack (6)
protocol to collect information that an attacker needs to launch a successful
attack.

Using suitable scenarios, discuss why ports should be secured.

END OF PAPER

© The Independent Institute of Education (Pty) Ltd 2022

Page 4 of 4