SEC 320 Week 2 Case Study # 1: Security Assessment - Graded An A

Document Content and Description Below

SEC 320 Week 2 Case Study # 1: Security Assessment Assessment 1 –Security Analysis and Risk Assessment Case Study Semester 1, 2022 Purpose of this assignment. The purpose of this assi... gnment is to support the following topic Learning Outcomes (LO) for this topic: LO1. Illustrate the importance of cyber security and information security to business and government LO2. Analyse the threats and common attacks faced by organisations LO3. Examine the security issues associated with the integration of information systems LO4. Analyse security risks and select appropriate security controls LO5. Design industry professional reports on organisational cyber security and information security programs Background. This assessment is designed to demonstrate your knowledge of security and ability to apply this basic knowledge to a specific context. Context: A large hospital in South Australia has asked you (as the new Information Security Manager) to develop and implement an Information Security Contingency Plan. The person previously in the role was an IT Systems Administrator where the information security was a secondary role. As such, some of the core areas of information security have been neglected and will need to be assessed and improved to ensure the hospital meets legislative and best This study soCurOceMwPas9d7o2w1nloInadfeodrbmy 1a0t0io00n08S6e75c5u2r2i7t1yfGroEm,CAosusrseeHssemro.econmt o1n,0S71-2-02-2002223 05:25:41 GMT -05:00 Page 1 of 4 practice protections. Currently, there is NO information security risk register for the organisation. Task. You are to create a Security Analysis and Risk Assessment Case Study. This is the first part of developing the Information Security Contingency Plan and is an essential element of the Business Impact Analysis in a Contingency Plan. You must use an established Information Security Risk Management Process to guide your analysis and assessment process and to present a structured approach to the task. Information on the following processes is included in the materials to support Assessment 1. You can choose to use any of these methods. • Any method discussed in recommended textbook (Chapter 4) • OCTAVE Allegro • ENISA IT Business Continuity Management • ISO 27005 (access through the library) • NIST SP 800-37 REV. 2 Where possible you should make use of annotated diagrams and tables rather than long sections of text. It is accepted that you will not be able to conduct an actual risk assessment, however, you should include who needs to be involved, what information assets need protecting, that are the threats to these assets, what are the vulnerabilities in the context of a modern hospital, and the potential impacts. SUGGESTION: It will be helpful for you to start by investigating at what a Contingency Plan includes, although you do not have to create this yet, just to get an idea of what is in a contingency plan. You will develop the actual contingency plan in Assessment 2 and Assessment 3. You do not include this in your Assessment 1 Case Study, but you can provide a brief overview of where this Risk Assessment fits into the overall Contingency Plan and why it is necessary to undertake it. This study soCurOceMwPas9d7o2w1nloInadfeodrbmy 1a0t0io00n08S6e75c5u2r2i7t1yfGroEm,CAosusrseeHssemro.econmt o1n,0S71-2-02-2002223 05:25:41 GMT -05:00 Page 2 of 4 Submission Requirements. Report Length No specific length requirement. Format The report must be word processed and be professional in appearance. You should make use of appropriate fonts and formatting. The submission file MUST be a single file in .doc, .docx or .pdf file format, and labelled: COMP9721_your FAN_lastname_firstname Must Contain Cover/Title Page This must contain the topic code and title, assignment title, your name and student identification, due date. Executive Summary Should be approximately 300 words. This should provide a concise snapshot of the entire report. Table of Content (Table of Figures, Table of Tables) This must accurately reflect the content of your report and must be generated automatically in Microsoft Word (or similar) with page numbers. Introduction and Scope This must provide the scenario, the purpose of the document, the scope of the document, and state any assumptions made. Use in-text references where appropriate. This should include the selection of Risk Assessment method chosen and a brief overview of this method. Main body of the document [DO NOT USE THIS THE SECTION HEADING] As described in the Task section. This must be logically structured and well referenced. Make effective use of headings and subheadings. Diagram and tables are recommended. Conclusion This section should draw together content of the report together and identify what would also need to be done. Glossary of relevant terms This should contain original but referenced definitions for appropriate terms. Only security related terms should be included in this glossary, as opposed to general computing terms This study soCurOceMwPas9d7o2w1nloInadfeodrbmy 1a0t0io00n08S6e75c5u2r2i7t1yfGroEm,CAosusrseeHssemro.econmt o1n,0S71-2-02-2002223 05:25:41 GMT -05:00 Page 3 of 4 References A list of end-text references formatted according to the Flinders APA Referencing requirements. https://students.flinders.edu.au/content/dam/student/slc/apa- referencing.pdf It is recommended that Endnote is used to manage references. Your references should comprise of books, journal articles, and conference papers. Bibliography This should be in the same format as the List of References. It should contain material that has not been specifically used in your report, but which will be of interest to the reader of your report. Appendices as necessary There are no marks associated with the appendices. However, they can be used to include material that is important supporting material to your document. You should assume that the reader of your report will only briefly scan the appendices. Late submission: As per the penalties in the topic official Statement of Assessments Methods (SAM) 2022, an assessment submitted after the fixed or extended time for submission shall incur a penalty to be calculated as for each day (including weekend days) that it is late, as 5% of the maximum assessment mark available for the assessment. Academic Misconduct (Including Plagiarism): Flinders University regards academic misconduct of any form as unacceptable. Academic misconduct, which includes but is not limited to, plagiarism; unauthorised collaboration; cheating in examinations; theft of others’ students work; collusion; inadequate and incorrect referencing; will be dealt with in accordance with the Flinders Policy on Academic Integrity Policy. http://www.flinders.edu.au/academicintegrity/ [Show More]

Last updated: 9 months ago

Preview 1 out of 4 pages