Reference no: EM133188514 , Length: 3000 words
COIT20263 Information Security Management - Central Queensland University
Objectives
In this assessment task, you will analyse the scenario given on page 3 and develop a report on the guidelines for the specified policy for the organisation given in the scenario.
Assessment Task
You are required to analyse the scenario given on page 3 and develop a report on the guidelines for a ‘Privacy and Security of data and information Policy' for the organisation described in the scenario. You should ensure that you support the guidelines you prepare with references and justify as to why those guidelines are necessary.
Part A: Your report on the guidelines should include:
1. Executive Summary
2. Table of Contents
3. Discussion
a Statement of Purpose (introducing the topics of the policy) b Scope
c Acceptable usage of resources d Prohibited usage of resources e Violations of Policy
f Policy Review and Modification g Limitations of Liability
4. References
Please note that you might need to make some assumptions about the organisation in order to write this report. These assumptions should match the information in the case study and not contradict with the objectives of the report. They should be incorporated in your report. To avoid loss of marks, do not make assumptions that are not relevant or contradictory, or will not be used in your report discussion.
Part B: Your reflection on completing this assessment may include (word limit for part B is 500 words):
• how you attempted the task, method used,
• any hurdle faced and how those were solved
• what you have learnt
• if you are asked to do this again, would you take a different approach? Support your answer with justification.
The Scenario for Information Security Management Assessment Tasks
Elegant and Simple (EnS) is one of the renowned clothing retailers in the world that sells men, women, and kid's products. EnS's products include clothing, footwear, accessories, beauty, and perfumes. EnS's headquarter is in Sydney with offices throughout the world, including London, Paris, New York and Singapore, and the business is ever growing. Currently EnS is considering a confidential business offer.
EnS has around 40,000 employees who work in stores, home offices, distribution centres, and international locations. EnS uses latest software tools and technologies for their product design and development, communications, and day-to day operation. Latest technologies including IoT, machine learning etc. are also used in their store operation and supply chain.
EnS has a large customer base and have both in-store and online shopping facilities for their customers in all countries that they are operating. The in-store outlets are equipped with modern technologies including in-store Wi-Fi facilities for customers.
Recently, EnS has become a victim of ransomware attack where the attacker sent a ransom email from an unknown source saying that they know about the confidential business offer and have personal details of 200,000 customers. A sample of personal details of some of their customers was also attached in the ransom email as "evidence". The attacker threatened that unless the specified amount of ransom was paid, they would leak all the confidential information to EnS's competitors. As per the company's incidence response plan, this incident has immediately been notified to the senior management and the legal department. Senior management also engaged forensic computer specialists to assess and contain the threat.
With this recent ransomware attack incident and the current rise in security attacks all around the world EnS believes that now it is of highest importance for the business to improve the security of its system, network, information, data, and devices.
You have been hired in the information security team that is responsible for all cybersecurity, compliance, information security, governance, and risk management functions. The team is now evaluating the security risks and reviewing their security policies and upgrade their security management practices.
Attachment:- Information Security Management.rar