Security Risk Management – Week 12 – End of Module Assignment – E-Portfolio Submission
Individual Project E – Portfolio Submission
Individual Project E – Portfolio Submission
In the final week (12) of the SRM module, students were expected to submit the final assignment, an E-Portfolio submission in which all evidence of the work throughout the module was to be collated, with a word count total of 2000 words, with 1000 of those being used for the reflective section only. The reflection also covered a variety of learning outcomes.
Introduction to Reflection
Throughout the Security Risk Management Module students have had the opportunity to gain an enhanced understanding of risk management, supply chain concepts and various methodologies surrounding them. The first 3 weeks of SRM introduced the first collaborative team discussion and case study based on risks of digitalization of business models, by Kovaite & Stankeviciene (2019) where students had to describe the term ‘Industry 4.0’ and what is meant by that term, and providing real time examples. This followed by observing other peer’s contributions to the case study and providing at least two responses, either agreeing or disagreeing to those contributions. Week 2 also introduced the first seminar case study based on user participation in the risk management process, by Spears & Barki (2010) where the study described how the authors used both Qualitative and Quantitative assessment approaches, which ultimately provided preparation to assignments in weeks 6 & 11. This ended by the conclusion of the first collaborative discussion, where students had to provide a summary post on the case study, including the content from the initial post in week 1, peer responses in week 2 and providing a summary.
As the module progressed, weeks 4 and week 5 introduced various threat modeling techniques and exercises, were in seminar 3, students were introduced to Spears & Barki (2010), Shostack (2018) and Spring et al (2021) where discussions were held on STRIDE, Attack Trees and Attack Libraries as well as failings surrounding CVSS. Based on this, students prepared a threat model based on a chosen scenario. This model spilled into week 5, where further security frameworks were introduced as well as a different perspective on risk assessment, covering the legal compliance aspects, for example the GDPR. This introduced a GDPR case study which opened up new horizons for the upcoming assignment in week 6.
As the middle of the module appeared, introducing week 6, this brought in the first assessed assignment, slightly different from the previous assignments, as it was a team collaboration effort, where students were separated and placed together into team 1 and team 2. Team 1 used OCTAVE-S methodology to provide a risk report as well as recommendations and research on the best way to grow the business, Pampered Pets. This was completed in one submission for the team along with individual peer reviews.
Moving forward into the second part of the module, this introduced week 7, week 8 and week 9, where a second Collaborative Learning Discussion forum was opened as well as various methods used as part of Quantitative risk modeling, some of which use probabilistic approaches such as Monte Carlo simulations and Bayes theorem-based methods, as well as multi-criteria decision analysis techniques such as TOPSIS, AHP and ANP. This methodology was later used for the final assignment in week 11.
As part of the Collaborative Learning Discussion 2, students were advised to read Spring et al (2021) and answer various questions on CVSS, in form of an Initial Post. This followed by observing other peer’s contributions to the case study and providing at least two responses. This ended by the conclusion of the first collaborative discussion, where students had to provide a summary post on the case study, including the content from the initial post in week 1, peer responses in week 2 and providing a summary.
As the end of the module approached, in week 10, students were introduced to Business Continuity and Disaster Recovery solutions, which also introduced different components and events to consider when planning and preparing these solutions, such as the Recovery Time Objective (RTO) and Recovery Point Objective (RPO), which focus on time; how long it takes to resume business operations following an unforeseen event, and recovery; how much data can a business tolerate losing and be able to recover from a disaster.
At the end of the module, in week 11 and week 12, arrived the two final assignments, the ‘Executive Summary’ in which students were required to enumerate the potential risks to the quality and supply chain for Pampered Pets enterprise, having decided to go fully digitalized, expanding the operations worldwide. Included in this were recommendations of the likelihood and unlikelihood of certain events occurring, by applying the Monte Carlo simulation, and recommending a BCDR plan.
Reflection
The final week 12 assignment, presents an E-Portfolio submission, containing a self-reflective piece, which begins here, using the Rolfe et al. (N.D) reflection framework. ‘What’, the first stage identifying and describing the situation/circumstance of what happened, and how it can be used/taken forward for the benefit of learning. ‘So What’, which identifies what the experience means, and ‘Now What’, identifying which steps can be taken in order to improve the practice and learn from the initial experience. (Brown, N. 2001)
Reflecting on the above 12 weeks, one of the highlights of the module were the two sets of Collaborative Learning Discussions. During these collaborative discussions, a deeper understanding was obtained of the term ‘Industry 4.0’ and ‘Challenges surrounding CVSS with introduction to SSVC’, proving to be a transformative, yet challenging learning experience, due to the lack of exposure and knowledge of SSVC. Looking back on the previous learning discussions in the Network Security module, one of the main self-identifying issues was the eagerness to complete a task, without fully grasping the concept of research materials. This was mainly due to the fact that the module was only 6 weeks long, and time-to-content ratio did not appear in sync. However, in SRM, having 12 weeks identified a new concept, the difference between ‘time management’ and ‘having more time’. This concept now proved to be important as one identified the importance of effectively using the time to achieve goals whilst maintaining a balanced work and personal life. Whilst identifying and prioritizing tasks that are most important is beneficial, such as making sure peer responses were posted within the designated week, having the additional time available beyond immediate commitments or obligations can induce delays and distractions. Whilst having more time can be advantageous, effective time management skills are essential for utilizing available time efficiently to achieve desirable outcomes. This has highlighted a significant lesson, that time management overall is about making intentional choices and applying those choices to maximize productivity, regardless of the quantity of time available. After grasping this new concept and embracing a growth mindset, which has benefited and developed emotional intelligence, the additional time was used to engage more with fellow students and invest into research. Having come from an era of disconnecting the phone line to connect to the internet (dial up connection), the industry was much different 25 years ago. This contributed to a vast interest to learn more about the ‘Industry 4.0’ and vulnerability scoring systems that surround it. Having previously been aware of CVSS and its use for assessing and scoring the severity of vulnerabilities in computer systems and networks, the lack of knowledge was mainly surrounding the issues around it and alternatives. This introduced SSVC which is a set of security criteria used to evaluate and verify the security features and capabilities of information technology products and systems. Both of these frameworks play important roles in the overall security of organizations. This knowledge will definitely be carried closely moving forward, and hopefully used one day during day to day tasks.
During the middle of the module, came a personal highlight when Pampered Pets business was introduced to the students in a form of the first assignment. Being a pet owner and having interest and admiration towards animals, I was able to use adaptability and creative skills to visualize the risk assessment concept of Pampered Pets, as one’s own business. This contributed significantly towards emotional intelligence by assessing one’s ability to recognize, understand and manage emotions, whilst maintaining and visualizing a common goal with fellow students. Another contributing factor was that the assignment was a team project, consisting of 4 students, who each had specific roles and responsibilities. Two of the students provided a significant amount of research, whilst the other two reviewed it and edited the document, finalizing the final product. Throughout this process, and upon finalizing the final document, the team engaged in multiple teams calls where the process was discussed in detail. The team dynamic which was displayed was truly inspiring and instrumental for professional development, proving that no amount of distance or time difference can have an effect on a common goal. A fellow student created a share file in which other students could upload documents and make edits, giving the freedom to others to view upon their availability, and not be constrained to global time differences. Looking back on my contributions, although satisfied with the input and outcome, there is always rooms for improvement. Another key factor which still remains present is better time management. This factor has been added to the personal development plan for areas to focus more on. The risk assessment conducted for Pampered Pets in the above-mentioned assignment created a basis for the second assignment in week 11, which was an individual project. This assignment was the most challenging task experienced since beginning the education journey with the university. This was due to the fact that it contained mathematical and enumeration components, a subject which has always been an intellectual challenge throughout life. This came to light once the Monte Carlo simulation was introduced. Although the concept of the final assignment for Pampered Pets was fully grasped, and the personal attachment still present, challenges were identified once confronted with complex mathematical problems, requiring advanced concepts and techniques, such as Excel formula uses for WhaiIf Data Table analysis for Monte Carlo. Although other methodologies were available, the challenge was present and it was taken. This raised moments of uncertainty and self-doubt, which resulted in a peak-breakthrough within self, learning to break down these complex problems into smaller, manageable components, learning to take on a step-by-step approach to finding solutions. With the help of videos, textbooks, online resources and discussions with peers, a clearer approach was on the horizon. After many weekends of constant research and study, the Monte Carlo simulation was finalized, opening the door for remainder of the assignment completion. Reflecting on this experience, it has brought on a level of confidence and resilience knowing that if faced with another mathematical challenge, the dedication that exists within to lifelong learning is unwavering. The newly developed skillset in Excel is something that will be used more throughout the current work landscape.
Throughout this educational journey, developing a personal development plan has been instrumental in guiding professional growth and enhancing skillsets, aligned with current career aspirations. This growth and skillset are something that can also be aligned with the current IT and Digital threat landscape. Although difficult to choose content for study which is already pre-set, developing other development areas has been achievable. By using the SMART method, specific, measurable, achievable, relevant and timely goals have been aligned for the upcoming modules, which will be aligned with current career aspirations. (ArtsMidwest, 2022). One of the aspects of this is outlining actionable steps and milestones to achieve certain objectives, mostly on a weekly basis, to ensure this habit is created and maintained, to prevent large workloads and catching up with material when deadlines are approaching.
References:
Kovaite, K. & Stankeviciene, J. (2019). Risks of Digitalization of Business Models. Available at: https://www.researchgate.net/publication/333063956_Risks_of_digitalisation_of_business_models. [Accessed 17 April 2024].
Spears, J.L and Barki, H. (2010). User Participation in Information systems Security Risk Management. [online] Available at: https://www-jstor-org.uniessexlib.idm.oclc.org/stable/25750689?seq=3 [Accessed 17 April 2024].
Brown, N. (2001). Reflective model according to Rolfe et al. [online] Dr Nicole Brown. Available at: https://www.nicole-brown.co.uk/reflective-model-according-to-rolfe/. [Accessed 17 April 2024].
Arts Midwest. (2022). SMART Goals for Arts Organizations. [online] Available at: https://artsmidwest.org/resources/ideas/smart-goals-for-arts-organizations/?gad_source=1. [Accessed 19 April 2024].