Information Security Management Plan

 
TASK DESCRIPTION
Description: GENEX is a medium sized Software Development company in South Australia which was established in 2015. It is
present in two premises, both of which have their own offices. Their information systems are hosted in a data centre facility
with a service provider. This hosting is the only instance of any/their IT infrastructure. GENEX is providing software solutions and
consulting services to clients all over the world, who fall under small to medium sized businesses. The departmental heads are
mostly the people who were there since first day of the business, except the CISO that is a new role introduced recently. This
explains why heads of department in GENEX have a good knowledge about their business processes but less focussed on formal
documentation.
Ray Morris is the CEO of GENEX. He started the company in partnership with a friend, Brett. Brett is an investor in the company
but has a silent partner role as far as the business operations are concerned. Mr. Morris is an engineer but he has no modern
technical understanding of IT security issues. Ray has had no problems with IT Security until very recently when the Company’s
network was subject to a series of attacks. In the period of 3 days, the company’s website was defaced, a serious virus infected
the company e-mail and large quantities of data were corrupted.
Ray’s IT security risk management concerns are wide ranging. He needs to determine whether the same hackers are likely to
hack the company again. He believes the recent attacks suggest the hackers were interested to disrupt the reputation of the
company through proprietary theft of sensitive information. There is also an evidence of a previous disgruntled employee
planning for revenge against the company.
INFS5055 Information Security Management M
Morris is worried about cyber-crime and is concerned about becoming a victim of that through number of incidents. After
discussing with the Executive committee, he appoints you as a Chief Information Security Officer (CISO) to prepare a Full report
including a recommendation. As a first step, you will review the current threats analyse the impacts, and create necessary
management plans. The CEO has shared the findings of the recent audit report and the shocking results listed are as follows:
INTERNAL AUDIT REPORT:
1. General:
o Improper operating procedures used by employees.
o Lack of security awareness and general security laziness.
o Nil acceptance of security responsibility.
o In-adequate standard operating procedures.
o Unattended machines.
o Failure to take care of media.
o Printing sensitive material.
o Failure to turn off computers at the end of the working day.
o Failure to backup information.
2. Hardware problems:
o Failure to adequately secure the hardware (eg laptops unsecured).
o Effects from the physical environment causing damage.
3. Software concerns:
o Some application software is of inferior quality and untested in the field and therefore not able to be trusted in
the office environment.
o Nil audit logs.
o Lack of adequate access control.
o Lack of secure identification and authentication techniques.
o Limited antivirus software.
o Lack of restrictions to specific files when certain applications are operating.
o Lack of security awareness and general security laziness.
TASK:
1. Based on the above information, please propose the organisation structure of Information Security team, which is
suitable to work for you. Justify your proposal so that you can secure approval from Mr. Ray. (Remember you are the
CISO.)
a. Deliverables:
i. Organisation Chart
ii. Justification for each role
iii. Job description of each role
2. Please propose Information Security processes and procedures which you will like your team to define. You only need
to name those processes and procedures, explain only one process and one procedure in detail. Examples of such
security processes is Information Security Incident Management and Information Security Risk Management. An
example of such a procedure is SOP (Standard Operating Procedures) for TVA (Threats and Vulnerability Assessment).
a. Deliverables:
i. List of Information Security processes for GENEX
ii. List of Information Security procedures for GENEX
iii. Elaborated Information Security process (only one) of your choice from the list above
iv. Elaborated Information Security procedure (only one) of your choice from the list above
3. Based on the findings of the Audit report, discuss the major risks and threats the company is currently facing in the
current scenario as of today. Your discussion can be categorised under the broad categories of people, process and
INFS5055 Information Security Management M
technology. Please also prepare your Risk Register for GENEX (only cover Information Security Risks). The template will
be: {Risk ID, Risk description, Risk Probability, Risk Impact, Proposed Mitigation, Risk Ownership, Risk Triggers}.
a. Notes:
i. Recall that Risk Register is a deliverable of Information Security Risk Management. So it means that you
have to plan risk management, and identify, assess*, mitigate, assign owners and triggers to those risks).
*Decide your strategy for assessment: qualitative or quantitative.
ii. Based on the internal audit report, please identify vulnerabilities of GENEX from Information Security
perspective.
iii. Based on the evaluation of the above threats, prepare a Business Impact Analysis (BIA). It will become an
input to your risk assessment and risk response planning.
iv. You may base your proposal on any (one or more) standards which were discussed in the class.
b. Deliverables:
i. Lists of risks, threats and vulnerabilities
ii. Assessment (qualified and/or quantified) of the risks identified and the BIA
iii. Risk register
4. Provide a suitable Information Security policy for GENEX. Your policy document should include the major sections of the
proposed policy document. Also, please highlight in your policy where you have mitigated the threats that you
identified as response to the questions below.
a. Note: You may base your proposal on any (one or more) standards which were discussed in the class.
b. Deliverable:
i. Information Security Policy document
ii. Highlight the sections as mentioned
5. Finally, illustrate the legal and ethical issues in case data related to one of the South Australian public sector clients of
GENEX are lost or damaged. Also, identify the risks that may arise due to these issues. Details must be provided of how
the broad categories of Federal and South Australian criminal legislations may be used to prosecute hackers and
computer criminals in South Australia.
a. Deliverable:
i. List of legal and ethical issues
ii. Elaboration of those issues
iii. Add your risks arising due to legal and ethical issues to the Risk Register but put a different identifier to
those risks in the Risk Register so that those can be clearly identified.
6. Advise how your organization can be forensically ready for possible actions against intruders to company network.
a. Deliverable:
i. Forensic readiness document
 

Customer Login

Guests Online

We have 18 guests and no members online

 
Now accepting PayPal

100% plagiarism-free papers
Prices starting at $10/page
Writers are native English speakers
100% satisfaction guarantee
Free revisions according to our Revision Policy
Free title and reference pages
Pleasant system of discounts
 

Trusted Site Seal

Timely Delivery

Highest Quality

No Plagiarism

We believe there is a difference in doing what we were hired to do and to deliver super heroic client service

Get in touch

 

About PAW

Professional Academic Writers is  a writing company incorporated in the US and UK with the aim of assisting students in their academic research in essays, research papers, dissertations, thesis and coursework. Driven by the passion to help students succeed in their academics we provide them with custom research services. Our main objective is to create a generation of bright students who understand what they have learnt from their lecturers and teachers and help them excel in their exams.
Phone:  US +1347-560-3972
         UK  +4420 3289-5876
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Web: www.Professionalacademicwriters.com

 

Customer Testimonials

​Whitney Jones, Ny
Thank you for your quality online academic writing services. The writer who did my paper was professional and smart, I really appreaciate the customer support and i will definately buy my next dissertation from Professional Academic Writers. Cheers!  
​Alex Whites, New Jersey
When i fell sick, I never knew what I could do to complete my MBA. A friend referred me to Professional Academic writers and needless to say, I graduated in 2011 with a distinction.Right now am doing my PhD and they are still assisting me. Kudos for having the best custom writing services I have come across Read More
Disclaimer: Professional academic writers limited does not give express consent or permission for the student to copy or reproduce entirely the work of our writers without proper reference. Professional academic Writers Limited will not be responsible to any third party fo unreference or unauthorized use of its product.

 

Terms of Service FAQs Discount Policy Refund Policy  How it Works  Beware  Why Choose Us Other Writing Services
Copyright © Professional Academic Writers Inc. 2014 All rights reserved.

Order Menu