Review and analyse the existing information security policy

Reference no: EM132202967 , Length: word count:1500

THE ASSIGNMENT TASK:

Task 1 - The CISO memo

Assume you are a newly employed chief information security officer (CISO) for the Department of Computer Science at the University of Hertfordshire. You decide to review and analyse the existing Information Security Policy of the University of Hertfordshire. Then, you want to produce a memo report for your first meeting with your team as a CISO.

You have been provided with the UH Information Security Policy V.04.0, UPR IM03 (UH ISP) and a copy of the General Data Protection Regulation (GDPR).

You should focus on the topics covered in class and analyse the status of the UH ISP. The report should critically evaluate the Information Security Policy in relation to GDPR. You should highlight strengths and weaknesses of the UH ISP in relation to GDPR and recommend modifications to areas that need improvement. It should not exceed 1000 words and follow an appropriate Memo template.

A scheduled formative feedback session with your tutor in the week commencing 15.10.2018 will give you the opportunity to reflect on your activities and improve your work where necessary. You are strongly advised to have a complete draft by then.

Task 2 - Information Security Policy

After the completion of Task 1 you decided your second task as a CISO is to draft an Acceptable Use Policy (AUP) along the lines of the ISO27000 family for the Department of Computer Science at the University of Hertfordshire. You should additionally link a Bring Your Own Device Policy (BYOD) to your AUP.

You should take into consideration any confidentiality, integrity, and availability (CIA) issues of the information assets at the Department of Computer Science and assess all relevant risks to the Department.

Please note that you will NOT be producing an academic report, but a policy document. There is no word limit for this task as long as you are concise and precise.

You are expected to use appropriate peer reviewed sources for developing your arguments and the Harvard referencing style as per the University regulations.

A review session is planned for the week commencing 12.11.2018. You must bring a printed complete draft of your work to your tutorial session to participate and receive feedback on this task. A group discussion on the task will follow.

Task 3 - Business Continuity and Incident Response

Because of your role as the CISO for the Department of Computer Science at the University of Hertfordshire you have been contacted by a government agency to inform you they have strong indications a data breach that involves critical data for the Department of Computer Science has occurred. They provide you with specific details about the incident and you decide to initialise incident response and investigation procedures, only to realise your team is not well prepared. You know this will cause delays in the process and important information might get lost in the meantime.

Your next team meeting is approaching and you decide to prepare and give a presentation to your team. You want to cover the risk a data breach exposes the Department of Computer Science and the importance of an incidence response plan that clearly identifies the groups that are involved in an incident response. Additionally, you want to discuss how you can turn intelligence information into actionable leads in the future. You will need approximately 15-20 slides for your presentation. It needs to be professional, brief and informative.

You are expected to use appropriate peer reviewed sources for developing your arguments and the Harvard referencing style as per the University regulations.

A scheduled formative feedback session with your tutor the week commencing 26.11.2018 will give you the opportunity to reflect on your activities and improve your work where necessary. You are strongly advised to have worked on a complete draft by then.

Overall Portfolio Conclusion and Reflection
You are requested to submit a final version of the three tasks as a portfolio for your first annual appraisal as the CISO for the Department of Computer Science at the University of Hertfordshire. Your portfolio should have a professional presentation.

Attachment:- Information Security Policy.rar

Reference no: EM132202967

Questions Cloud

How the sla helps the it business unit relationship : List the minimum required elements of a service level agreement SLA and explain how the SLA helps the IT business unit relationship.

Shaping the ethics and culture of organization : What role does top leadership play in shaping the ethics and culture of their organization?

What role does corporate social responsibility play : What role does Corporate Social Responsibility play in today's business world? How is this different than the past (say 20-30 years ago).

Create cards that correctly execute themes : You now need research to help your card designers create cards that correctly execute those themes. What research should you do now?

Review and analyse the existing information security policy : 7COM1066 - ISMC Portfolio - Information Security Management & Compliance - review and analyse the existing Information Security Policy

Have you ever heard a speaker use a logical fallacy : Have you ever heard a speaker use a logical fallacy? What was your reaction to his/her statement? What was your overall impression of the speaker?

Discuss the contraceptive methods : Discuss the contraceptive methods using the latest evidence-based guidelines that Karen would be medically eligible for

What skills you would like identify : What skills you would like identify? What are your values, and what is your mental outlook?

Communications plan in a multicultural workplace : As a manager, what steps would you take to ensure that your organization is prepared for a crisis communications plan in a multicultural workplace, city

Reviews

len2202967

12/26/2018 9:24:37 PM

Task 3 No slides submitted or presentation is unable to illustrate / discuss key concepts. Slides fail to address the topic, do not show full understanding of what is required. Significant errors. Most requirements of assigned topic covered, but underdeveloped. Slides are overloaded with text. Some errors. Slides cover basic concepts. All requirements of the assigned topic covered. Good design. Good balance of text, media, graphs. Some errors. Slides cover all basic concepts in an informative manner. The slides cover all requirements relating to the topic. A clear degree of original thinking. Very good design. Very good balance of text, media, graphs. Contains a few errors. Clear outline of all key issues. The slides cover all requirements relating to the topic. Highly appropriate selection of key material demonstrating an excellent understanding of the assigned topic. Professional design and presentation. An excellent exposition of relevant issues. No errors or very few minor errors. Clear illustrative explanation of key issues.

len2202967

12/26/2018 9:24:31 PM

Task 2 The student had not submitted the task or the task is incomplete. Not sufficient material is provided. Limited in breadth and depth demonstrated. Very weak policy organisation. Poor structure. The student has made a reasonable effort to develop the security policy. Most sections are appropriate. Policy organisation is appropriate. Some planning but completion is rushed. Satisfactory structure. The student has demonstrated a clear understanding of developing a security policy. Solutions are appropriate to task. Good use of subject material and planning processes. A theme is present, but underdeveloped. Good structure. Very good level of knowledge and understanding demonstrated. Very good breadth & depth demonstrated appropriate to topic. Policy relates directly to task. Strong engagement with subject material and processes, evaluation of alternatives. Very good and clear structure. Excellent breadth & depth demonstrated. Excellent level of knowledge and understanding demonstrated. Covers all relevant points and issues. Considerable depth of engagement in the task and material is clearly documented. Excellent structure.

len2202967

12/26/2018 9:24:22 PM

Criteria Fail (< 50) Pass (50 – 59) Reasonable (60 – 69) Good (70 – 79) Excellent (>80) Task 1 Superficial discussion of the topics. No critical thought. Lack of originality. No memo style is followed. Reasonable evidence of some understanding. Some comparison is included in the arguments. Very limited discussion that does not demonstrate critical thought. Memo style is unclear. Clear definitions of the relevant issues. Ideas presented with some issues in clarity. Some of the proposed solutions are not supported or justified. Report may contain some errors. Memo style is adequately used. The report demonstrates an excellent understanding of the topic, covering all key issues, demonstrating critical opinion. The proposed solutions are justified and of very good standard. No errors. High academic learning ability achieved. Detailed planning and clear rationale for decisions. Exceptional quality of output demonstrating professionalism, reasoning, and methodological thinking.

len2202967

12/26/2018 9:24:03 PM

Task 3, Assessment Criteria Mark Available Contents and subject area 8 Development of topic 7 Layout/ Design and references 5 Total 20

len2202967

12/26/2018 9:23:57 PM

Task 2, Assessment Criteria Mark Available Organisation of policy 15 Quality/ Clarity of arguments 14 Consideration of issues/ Risk assessment 13 Presentation and design 8 Total 50

len2202967

12/26/2018 9:23:50 PM

Task 1, Assessment Criteria Mark Available Outline of the identified problems 10 Description of proposed solutions 10 Style and references 5 Total 25

len2202967

12/26/2018 9:23:42 PM

You are expected to demonstrate an insight into the implications of the problem introduced in each task by using clear and concise arguments. The reports should be well written (and word-processed), showing good skills in creativity and design. Sentences should be of an appropriate length and the writing style should be brief but informative. During the teaching weeks you will have the opportunity to submit draft copies of your portfolio activities. The module team will provide feedback based on your draft copies and advice regarding your progress (if it is deemed necessary).

len2202967

12/26/2018 9:23:33 PM

This is an individual assessment comprised of three tasks. Task 1 carries 25%, task 2 carries 50% and task 3 carries 20% of the overall portfolio mark. An extra 5% is carried for the overall portfolio conclusion and reflection. Task 1 will assess essential facts, concepts and principles of security controls and IT security development and management and exercise critical evaluation of information sources. Task 2 will assess your understanding on national and international information security standards, government policies, and compliance legislation. Also, it will enable you to demonstrate detailed knowledge and understanding of information risk assessment and security management as well as confidence and flexibility in security standards, managing security incidents and related IT security problems in systems development and implementation. Task 3 will assess a range of current security management techniques and how the principles of information risk assessment, incident management and information assurance methods are embodied therein.

len2202967

12/26/2018 9:23:23 PM

1. For undergraduate modules, a score of 40% or above represents a pass mark. 2. For postgraduate modules, a score of 50% or above represents a pass mark. 3. For work submitted up to 5 working days late marked is capped to a bare pass (40% for undergraduate and 50% for postgraduate). 4. For work submitted more than 5 working days a mark of zero will be awarded for the assignment.

Write a Review

Required(*) Message

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

User Account

All Pages