Reference no: EM132929123 , Length: 4000 Words

Assessment item - Develop a Security Policy

TASK

Read the DR Alarms case study document before attempting this assignment.

You are an ICT Security and Risk consultant and you have been approached by DR Alarms to help them recover from a cyber-attack. You have successfully isolated the machines affected by the attack and brought the company's system back into operation.

You have now completed a risk assessment for DR Alarms, and in your discussions with the Managing Director (MD) have indicated that they need a policy to protect their data and their Intellectual Property (IP) around their ICS and IoT monitoring systems. The MD has indicated that he thinks this is "being a bit excessive" and will "cost more than it's worth".

The company is the in process of developing some new IoT monitoring systems that have attracted considerable interest from some major industrial companies in Australia and overseas. The Engineering Manager is concerned about the designs for these new devices being stolen or hacked, but the MD still thinks that the company is too small to attract that sort of attention. However, one of the government organisations that intends to purchase the new IoT devices has asked the Engineering Manager to describe their level of cyber security maturity.

The DR Alarms MD is still not entirely convinced that this is necessary, but wants you to develop a proposal for some security policies, just in case they win a government contract.

Tasks:

You have been contracted by DR Alarms to discuss and propose security policies to protect their data and resources in view of their existing risk assessment.

1. Write a proposal for DR alarms that discusses:
a. The need for security policies at DR Alarms. The discussion should include how these policies (as outlined in Q1b.) will enhance DR Alarms security and help to raise their level of cyber security maturity,
b. Outline the following security policies:
1. A security policy that would act to preserve the Confidentiality,
Integrity and Availability of their data,
2. A security policy that would act to protect their data centre resources, and
3. A security policy that would act to educate DR Alarms staff in how they can protect the company's data and resources.
As part of the outline for each security policy your proposal should discuss:
a. The intent and rationale and scope of the policy,
b. The mandatory requirements for the rules or actions that you think are reasonable to place into this policy to meet its intent and rationale,
c. Any exemptions that you think are reasonable to place into this policy to meet its intent and rationale.
The reference list is not counted as part of the word count.

RATIONALE
This assessment task will assess the following learning outcome/s:
• be able to justify the goals and various key terms used in risk management and assess
IT risk in business terms.
• be able to apply both quantitative and qualitative risk management approaches and to compare and contrast the advantages of each approach.
• be able to critically analyse the various approaches for mitigating security risk, including when to use insurance to transfer IT risk.

PRESENTATION
When submitting your assignment be sure to meet the following presentation requirements:
• Assignments are required to be submitted in either Word format (.doc, or .docx), Open
Office format (.odf), or Rich Text File format (.rtf) format. Each assignment must be submitted as a single document.
• Assignments should be typed using a 12 point font.
• This assignment should be referenced using the APA 7th format.
• The reference list is not counted as part of the word count.

Word Count: 4000 words