Enterprise Information Security Assignment: Contingency Planning

Length: Maximum of 2000 words (excluding cover page and references).

Purpose of this assignment:

The purpose of this assignment is to support the following Learning Outcomes (LO) for this topic:

1: Understand the purpose and context of a range of typical business information systems.

2: Understand the importance of securing the information of an organisation.

3: Recognise the security issues associated with the integration of various information systems within an enterprise.

4: Understand the principles of computer security.

5: Analyse security risks and prepare information and computer security plans. LO6: Prepare and present consultant's reports on aspects of computer security. LO7: Critically analyse publications in the area of computer security.

Case Study:

Megacorp, a subsidiary of Generico Inc., have hired you to undertake a full risk assessment of their current security posture as they prepare to move to operating on a multinational scale. Megacorp currently processes and stores financial and client data in-house, with cloud services for operational usage and productivity.

Staff work on Windows desktops, with an ad hoc patching cycle. There is also a backup system for the legacy in-house Windows servers, although the details of how this is configured is unknown as the System Administrator responsible for this process has recently left the company and did not leave any documentation on this. Megacorp use an old storage room as their server room, as the legacy software sometimes requires easy physical access to the servers running them for maintenance. The office is open-plan, and staff are encouraged to get up and move around during the day. The cloud system is used mainly for document collection, although there is not a mandated service specified by the company.

Task:

Based upon your risk assessment and risk register from Assessment, you must now develop contingency plans to complement the risk assessment. This assessment is designed to demonstrate your ability to assess the potential impact of security incidents on a business and to develop suitable contingency plans for managing the risks to the business.

The contingency planning document, based upon your risk assessment and risk register from Assessment 1 should include:

- Impact Analysis of major threats
- Continuity Planning Measures, with respect to operations at the three organisational levels:

o Strategic
o Tactical
o Operational

Remember that this second assessment forms the basis for the Assessment 3 and therefore should be as complete as possible.

Report Requirements:

Must Contain Cover/Title Page

This must contain the topic code and title, assignment title, your name and student identification, due date.

Table of Contents

This must accurately reflect the content of your report and must be generated automatically in Microsoft Word with page numbers.

Introduction

A brief outline of what the document includes, how it is structured, and how you approached the contingency plan development.
Main content - Impact analysis and broad contingency plan areas

You should structure this under appropriate headings.

References

A list of end-text references formatted according to the Flinders APA Referencing (2017) (PDF 95KB) requirements. It is recommended that Endnote is used to manage references. Your references should comprise of books, journal articles, and conference papers.

Format

This report should be no more than 2,000 words (excluding cover page, references and diagrams) and labelled as .docx and should be in a single file. Your assignments must be word-processed and the diagrams be developed using graphics software (most word-processors provide this facility). The text must be no smaller than 12pt and font Times New Roman.