As your success in network design an fixing certain security issues has been recognised, the company has asked you to support the preparation of an IT security plan for SS Ltd.
To do this work effectively, you will need to:
- Consider business threats generally,
- Identify specific dangers and risks applying to the organisation,
- Carry out a risk analysis and prioritise potential issues and
- Prepare a draft IT security policy document.
This needs to cover technical measures, staff working arrangements and responsibilities, and how the effectiveness of the plan will be checked (audits). Also, consider how the plan may develop into the future and the things which may require the plan to be updated. To support your recommendations, you will need to identify relevant legislation and the resulting company and individual responsibilities arising from these laws. You must also identify the impact on HR (organisational/contractual) matters, including how your IT security policy will be disseminated within the organisation (training, etc.).
|Task no.||Learning Outcome||Assessment Criteria||In this assessment you will have the opportunity to present evidence that shows you are able to:|
|1||Understand risks to IT security.||1.1||Identify and evaluate types of security risks to organisations.|
|1||1.2||Evaluate organisational security procedures.|
|2||Understand mechanisms to control organisational IT security||2.1||Discuss risk assessment procedures|
|2||2.2||Evaluate data protection processes and regulations as applicable to an organisation|
|2||2.3||Analyse physical security issues for an organisation|
|3||Be able to manage organisational security||3.1||Design and implement a security policy for an organisation.|
|3||3.2||Evaluate the suitability of the tools used in an organisational policy|
|3||3.3||Discuss the human resources issues that have to be considered when carrying out audits.|
|Understand risks to IT security
Identify and evaluate business risks generally and specifically for SS Ltd. (P1.1) Evaluate SS Ltd existing IT security procedures (P1.2)
|2||Understand mechanisms to control organisational security
Explain the process for completing a risk assessment and your findings for SS Ltd. (P2.1)
Explain how Data Protection laws affect SS Ltd. And its IT security policy (P2.2). Consider the physical security issues associated with SS Ltd. IT setup (p2.3).
|3||Be able to manage organisational security
Write up your draft security policy and prepare a presentation explaining it, for training SS Ltd. staff (P3.1)
Consider your draft in detail and identify areas for improvement and further development, based on feedback (P3.2)
Consider how these security policies will affect Human Resources and relate these also to security auditing (P3.3)
|Evidence checklist||Summary of evidence required by student|
|Task 1||Evaluate business risk generally and in relation to SS Ltd. In particular – see SS documents.
Explain SS Ltd. Existing security procedures and security policy, if any.
Approximately 1000 words.
|Task 2||Explain the risk assessment process, giving examples.
Create a risk assessment for SS Ltd. – see SS documents.
Explain how Data Protection law affects SS Ltd. security policy.
Discuss physical security issues associated with SS Ltd. operations.
Approximately 1000-1500 words.
|Task 3||Prepare a presentation for SS Ltd. staff training on the new IT security policy.
Revue your draft policy and consider enhancements or changes to the policy.
Discuss how security policies and security audits affect HR – especially/company/individual responsibilities, work contracts, etc.
Approximately 1000 words.