Develop a Security Policy
You are an ICT Security and Risk consultant and you have been approached by Globex Corp to help them recover from a cyber attack. You have successfully isolated the machines affected by the attack and brought the company’s system back into operation.
You have now completed a risk assessment for Globex Corp, and in your discussions with the Director have indicated that they need a policy to protect their data and their Intellectual Property (IP) around their Precision Farming Technology Designs. The Director has indicated that he thinks this is “being a bit excessive” and will “cost more than it’s worth”.
The company is the in process of developing some cutting-edge Precision Farming technology that has attracted considerable interest from some major industrial companies in Australia and overseas. The Sales Manager is concerned about the designs for these new devices being stolen or hacked, but the Director still thinks that the company is too small to attract that sort of attention. However, one of the government organizations that intends to purchase the new Precision Farming Machines has asked the Sales Manager to describe their level of cyber security maturity.
Globex Corp Director is still not entirely convinced that this is necessary, but wants you to develop a proposal for some security policies, just in case they win a government contract.
Tasks:
You have been contracted by Globex Corp to discuss and propose security policies to protect their data and resources in view of their existing risk assessment.
Write a proposal for Globex Corp that discusses:
The need for security policies at Globex Corp. The discussion should include how these policies (as outlined in Q1b.) will enhance Globex Corp security and help to raise their level of cyber security maturity,
Outline the following security policies:
A security policy that would act to preserve the Confidentiality, Integrity and Availability of their data,
A security policy that would act to protect their data center resources, and A security policy that would act to educate Globex Corp in how they can protect the company’s
data and resources.
As part of the outline for each security policy your proposal should discuss:
The intent and rationale and scope of the policy,
The mandatory requirements for the rules or actions that you think are reasonable to place into this policy to meet its intent and rationale, Any exemptions that you think are reasonable to place into this policy to meet its intent and rationale.
Your report should have a word count of 4000 words plus-or-minus10%. The reference list is not counted as part of the word count.
RATIONALE
This assessment task will assess the following learning outcome/s:be able to justify the goals and various key terms used in risk management and assess IT risk in business terms.
Be able to apply both quantitative and qualitative risk management approaches and to compare and contrast the advantages of each approach.
Be able to critically analyze the various approaches for mitigating security risk, including when to use insurance to transfer IT risk.
