>> Computer Network Security
1. The learning objectives of the Security Plan Assignment are for you to recognise the threats to information assets that exist in your current or future work place. The complacent and lackadaisical approach many organisations have towards the security of their information holdings is common. You have, through your research essay and ongoing inquiry, the opportunity to identify the threats, outline security guidelines and develop a robust and pragmatic training programme. You should develop a plan that you would regard as helpful to you, the information user, as well as protecting your organisation's information environment. Use your imagination in combination with a wide-range of material you glean from your research - have fun!
2. You are required to complete and submit a security plan based on the following scenario:
a) You are the recently appointed head of a security team responsible for protecting the information holdings of a business organisation of some 60 staff. The organisation is housed in a detached, multi-storeyed building located in the central business district of an Australian city.
b) The security team is responsible for overseeing the security of information from deliberate and accidental threats. A recent audit of the information security management system found it to be deficient in some key areas, notably incident response, disaster recovery and business continuity, social engineering exploitation of personnel, an apparent lack of personnel awareness of the various threats to information, and poor password security. These issues were identified as needing urgent remedy.
c) Technical systems were found to be reasonably effective in maintaining database and document management security, and were well serviced by the IT team.
3. Management has directed you to undertake some security analysis and planning to improve the organisation's security of information. You are tasked to:
a) Identify and describe the organisation's physical, human, and electronic information holdings that may be at risk.
b) Identify and describe the actual and potential physical, human, and electronic threats to the organisation's information holdings.
c) Design a security plan that describes counter-measures that will manage the threats that put the organisation's information holdings at risk and disaster recovery processes.
d) Develop a comprehensive information security education and awareness programme for use by management, staff members and contractors).
4. Use the marking sheet as a possible template to prepare your security plan.
5. The assignment must include the following to enhance your grade:
a) Include a title page containing the topic, number of words, unit name, student name, student number and trimester/semester year or study period, complete, and attach a coversheet as part of the same assignment document.
b) Identify and describe what is at risk and the potential threats that may exploit the vulnerability of the organisation's physical, human and electronic information assets - you should read the topic notes AND from the recommended readings and URLs provided in the Unit Learning Guide AND from your OWN research in order to define these threats.
c) Design a security plan that describes counter-measures that will manage the threats that put the organisation's information assets at risk. The security plan should cover a full range of protection measures - please refer to your topic notes for leads and the marking guide and then undertake your own research.
d) Detail the steps you consider necessary to enhance information security through a security education, training awareness (SEATA) programme and include a description of the specific objectives you hope to achieve and the measures you would use to test the efficacy of your plan, i.e., to monitor and sample staff awareness of the SEATA programme.
e) INCLUDE REFERENCES OF ALL THE WORK OF OTHER AUTHORS YOU HAVE USED IN THE BODY OF THE ASSIGNMENT. WHILE YOU HAVE SOME LICENCE TO BE IMAGINATIVE IN DESCRIBING THE ORGANISATION'S ENVIRONMENT, MUCH OF YOUR ASSIGNMENT WILL CONTAIN WORKS YOU HAVE RESEARCHED OR ARE AWARE OF. CONSEQUENTLY, MARKS WILL ONLY BE AWARDED WHERE IT IS CLEARLY INDICATED (REFERENCED) THAT YOUR TEXTS ARE BASED ON CREDITDABLE SOURCES. PLEASE AVOID PLAGIARISING THE WORKS OF OTHERS!!!
f) Include appropriate headings and sub-headings.
6. The quality and breadth of references used will be taken into account and credit will be given for evidence of wide reading on the topic and use of material from a variety of sources (i.e., books, journals, websites, newspapers, etc).
7. You will also be assessed on the presentation of your Security Plan, as well as the contents. Marks will not be awarded where correct referencing is not used. Marks will not be awarded where the above instructions are not followed.
8. If you are presently working for an organisation, please do NOT include any information or reference to its security plans or policies in your assignment, if this contravenes or potentially jeopardises the organisation's interests. IF IN DOUBT - LEAVE IT OUT. If you are uncertain about this issue, please consult the Unit Coordinator for further advice.
Preview Container content
Information technology has obviously created a new world and has made the life of the common many very simple. The growth of information technology in the recent years has been unprecedented, and the overall amount of people connected through this new phenomenon is growing like anything. Information technology has certainly proved to be one of the best gifts which the mankind has received from the advent of the science and technology.
People are developing new and better means of connecting to each other and are getting more and more benefitted with the usage of this information technology. The importance of information technology can be determined from the very fact that this has found relevance in almost each and every field in which the people operate in today’s time. We can consider any situation or any alternative, and we shall found the presence of information technology in those areas.
If we put our special attention to the corporate world, we find that this sector is one such sector which has put the highest amount of focus on the implementation of information technology in their area of operations. The amount of contribution which information technology has done in this sector is unmatched to any other area.
We find various measures and tools which are now automated, and the same has happened mainly because of the usage of Information Technology in the business environment (Agarwal Kumar, 2012). One such implementation is ERP. ERP or Enterprise Resource Planning is a software or business process solution which helps the organisation in numerous forms and manner, and has actually automated the entire process and manner in which the business functions.