The learning objectives of the Security Plan Assignment are for you to recognise the threats to information assets that exist in your current or future work place. The complacent and lackadaisical approach many organisations have towards the security of their information holdings is common. You have, through your research essay and ongoing inquiry, the opportunity to identify the threats, outline security guidelines and develop a robust and pragmatic training programme. You should develop a plan that you would regard as helpful to you, the information user, as well as protecting your organisation's information environment.
You are required to complete and submit a security plan based on the following scenario:
a) You are the recently appointed head of a security team responsible for protecting the information holdings of a business organisation of some 60 staff. The organisation is housed in a detached, multi-storeyed building located in the central business district of an Australian city.
b) The security team is responsible for overseeing the security of information from deliberate and accidental threats. A recent audit of the information security management system found it to be deficient in some key areas, notably incident response, disaster recovery and business continuity, social engineering exploitation of personnel, an apparent lack of personnel awareness of the various threats to information, and poor password security. These issues were identified as needing urgent remedy.
c) Technical systems were found to be reasonably effective in maintaining database and document management security, and were well serviced by the IT team.
Management has directed you to undertake some security analysis and planning to improve the organisation's security of information. You are tasked to:
a) Identify and describe the organisation's physical, human, and electronic information holdings that may be at risk.
b) Identify and describe the actual and potential physical, human, and electronic threats to the organisation's information holdings.
c) Design a security plan that describes counter-measures that will manage the threats that put the organisation's information holdings at risk and disaster recovery processes.
d) Develop a comprehensive information security education and awareness programme for use by management, staff members and contractors).
5. Use the marking sheet as a possible template to prepare your security plan.
6. The assignment must include the following to enhance your grade:
a) Include a title page containing the topic, number of words, unit name, student name, student number and trimester/semester year or study period, complete, and attach a coversheet as part of the same assignment document.
b) Identify and describe what is at risk and the potential threats that may exploit the vulnerability of the organisation's physical, human and electronic information assets - you should read the topic notes AND from the recommended readings and URLs provided in the Unit Learning Guide AND from your OWN research in order to define these threats.
c) Design a security plan that describes counter-measures that will manage the threats that put the organisation's information assets at risk. The security plan should cover a full range of protection measures - please refer to your topic notes for leads and the marking guide and then undertake your own research.
d) Detail the steps you consider necessary to enhance information security through a security education, training awareness (SEATA) programme and include a description of the specific objectives you hope to achieve and the measures you would use to test the efficacy of your plan, i.e., to monitor and sample staff awareness of the SEATA programme.
The quality and breadth of references used will be taken into account and credit will be given for evidence of wide reading on the topic and use of material from a variety of sources (i.e., books, journals, websites, newspapers, etc).
You will also be assessed on the presentation of your Security Plan, as well as the contents. Marks will not be awarded where correct referencing is not used. Marks will not be awarded where the above instructions are not followed.
If you are presently working for an organisation, please do NOT include any information or reference to its security plans or policies in your assignment, if this contravenes or potentially jeopardises the organisation's interests.