Reference no: EM132444975

ISMC Portfolio Assignment -

Task 1 will assess essential facts, concepts and principles of security controls and IT security development and management and exercise critical evaluation of information sources.

Task 2 will assess your understanding on national and international information security standards, government policies, and compliance legislation. Also, it will enable you to demonstrate detailed knowledge and understanding of information risk assessment and security management as well as confidence and flexibility in security standards, managing security incidents and related IT security problems in systems development and implementation.

Task 3 will assess a range of current security management techniques and how the principles of information risk assessment, incident management and information assurance methods are embodied therein.

Task 2 - Information Security Policy

Scenario - You work for a high-tech company with approximately 550 employees. Your firm recently won a large UK Government contract, which will add 30% to the revenue of your organization. It is a high-priority, high-visibility project. You will be allowed to make your own budget, project timeline, and tollgate decisions.

You have been assigned as the group leader to develop the proper security policies required to meet UK Government standards for delivery of technology services as part of the National Cyber Security Centre (NCSC). In order to achieve this, you must develop a framework of UK Government-approved policies and standards for your IT infrastructure (see below).

Your firm's computing environment includes the following:

12 servers running Microsoft Server 2016, providing the following:

- Active Directory (AD)

- Domain Name System (DNS)

- Dynamic Host Configuration Protocol (DHCP)

- Enterprise Resource Planning (ERP) application (Oracle)

- A Research and Development (R&D) Engineering network segment for testing, separate from the production environment

- Microsoft Exchange Server for e-mail

- Symantec e-mail filter

- Websense for Internet use

Two Linux servers running Apache Server to host your Web site.

420 PCs/laptops running Microsoft Windows 10, Microsoft Office 2016, Microsoft Visio, Microsoft Project, and Adobe Reader.

Task - As part of your role you should create a framework of policies in the format of one (1) page table that are UK Government compliant for the organisation's IT infrastructure. The framework of policies you create must pass UK Government -based requirements. Currently, your organisation does not have any UK Government contracts and thus has no UK Government-compliant security policies or controls in place. You should identify 3 high-priority security controls for your organisation.

You should write an executive report of no more than two (2) pages that discusses the elements of the framework, what elements are essential, and which elements could be optional. It is imperative that the executive report should have a professional look and should be precise. After all it will be submitted to the company's executive team as the result of your work. Also, it should include your rationale behind your decisions.

In order to complete the task, you should work on and consider the following:

Any compliance laws required for UK Government contracts.

Any controls placed on domains in the IT infrastructure.

Any required standards for all your devices, based on IT domain.

A deployment plan for implementation of these polices, standards, and controls.

All applicable UK Government frameworks

Any notes of your work must be submitted as an appendix to your portfolio.

Task 3 - Business Continuity and Incident Response

You were recently employed as the CISO for the University of New and you have been contacted by a government agency to inform you they have strong indications a data breach that involves critical data has occurred.

Later that day, you met with a National Crime Agency agent along with the University's legal department to discuss the activity. The National Crime Agency has been investigating activity involving online purchases made with several stolen credit card numbers. More than 30 of the transactions during the past week had been traced to one of the University's IP addresses. The National Crime Agency agent asked for the University's assistance, and in turn, you asked for the incident response team's assistance in acquiring evidences, only to realise your team is not well prepared. You know this will cause delays in the process and important information might get lost in the meantime. It is vitally important that this matter be kept confidential.

Your next team meeting is approaching, and you decide to prepare and give a presentation to your team. Your slides should address the following items:

1. The severity level of the above-mentioned incident.

2. Who or what groups will be involved in the situation?

3. Suggest measures to contain and recover from the incident.

4. Suggest measures to prevent similar incidents from occurring in the future.

5. Suggest actions to improve the detection of similar events.

You will need approximately 12 slides for your presentation. It needs to be professional, brief and informative. Any additional material can be communicated as slide notes.

You must include a title slide in the beginning and a summary slide in the end.

You are expected to use appropriate peer reviewed sources for developing your arguments and the Harvard referencing style as per the University regulations.

The final portfolio report is an academic report and as such the following report structure is expected:

Cover Page

Task 2

Task 3

References

Appendixes.