Objectives
This assessment task can be undertaken in a group of up to 4 members or individually. You will analyse the scenario given on page 3, and develop and document the specified Issue Specific Security Policy (ISSP) for the organisation.
Assessment criteria
You are assessed against your ability to analyse the given scenario and develop the specified ISSP.
The marking criteria for Assessment Item 2 are provided on page 4. You need to familiarise yourself with the marking criteria to ensure that you have addressed them when preparing the document for this assessment item.
Assessment Task
You are required to analyse the scenario given on page 3 and develop a ‘Confidential Information Policy’ for the organisation described in the scenario.
The ISSP should include:
- Statement of Purpose
- Authorised Uses
- Prohibited Uses
- Systems Management
- Violations of Policy
- Policy Review and Modification
- Limitations of Liability
You also need to include a section containing the justification of the contents of your policy as well as any assumptions that you have made.
Note: Each one of you need to upload the ISSP document of your group to Moodle. You must follow the Harvard citation and referencing guidelines when writing the ISSP document and include a reference list.
Please do not include an executive summary, a table of contents, an introduction or a conclusion. Please use the ‘Template for Your Answers’ Section of this document and upload only that template.
Check the unit website at least once a week for further information relating to this assessment task. Please ensure that you write your answers in your own words to avoid possible plagiarism and copyright violation. You can understand the Plagiarism Procedures by following the corresponding link in the CQUniversity Policies section of the Unit Profile.
Submission
The Scenario for Information Security Management Assessment Tasks
Cosmos is an online newspaper publishing company located in Sydney, Australia. Cosmos has a global network of freelance reporters who report news from every corner of the world. Customers who are interested in reading the online newspapers and watching live video feeds have to register with Cosmos and pay a small fee online. The major income generator of Cosmos is the advertisements which contain live and playback videos in some instances. Cosmos accepts any type of advertisement from companies and individuals as long as it complies with the media codes, guidelines and regulations in Australia. It is estimated that 100,000 people will access the newspapers of Cosmos every day at the beginning and it will increase to 500,000 within 3 years.
Cosmos has provided the freelance reporters with suitable telecommunication devices for live reporting from areas where the Internet connectivity is poor or unavailable. The permanent staff of Cosmos consists of a CEO, a Finance Manager, a HR Manager, a Publishing Manager and a Technical Manager assisted by 20 supporting staff. Cosmos is required to provide a secure and reliable service to its permanent staff, customers, advertisers and the freelance reporters. Their website and video feeds should be available 24/7.
Cosmos is now in the process of upgrading the information security policies for its information system.
Note: This scenario was created by Dr Rohan de Silva on 5th December 2017 and no part of this scenario should be reproduced by any individual or an organisation without written permission from CQUniversity, Australia.
| Marking Criteria | |||||||||||||||||
| Section | HD | D | C | P | F | Max Mark | Mark | ||||||||||
| 3 | 2.55 | 2.4 | 2.25 | 2.1 | 1.95 | 1.8 | 1.5 | 1.35 | 0 | ||||||||
| 1 Statement of Purpose | Contained all information in detail. | Contained all information but not enough detail. | Had too brief or missing information. | Not clear but contained most information. | Not clear and most information missing. | 3 | |||||||||||
| 2 Authorised Uses | Contained all information in detail. | Contained all information but not enough detail. | Had too brief or missing information. | Not clear but contained most information. | Not clear and most information missing. | 3 | |||||||||||
| 3 Prohibited Uses | Contained all information in detail. | Contained all information but not enough detail. | Had too brief or missing information. | Not clear but contained most information. | Not clear and most information missing. | 3 | |||||||||||
| 4 Systems Management | Contained all information in detail. | Contained all information but not enough detail. | Had too brief or missing information. | Not clear but contained most information. | Not clear and most information missing. | 3 | |||||||||||
| 5 Violations of Policy | Contained all information in detail. | Contained all information but not enough detail. | Had too brief or missing information. | Not clear but contained most information. | Not clear and most information missing. | 3 | |||||||||||
| 6 Policy Review and Modification | Contained all information in detail. | Contained all information but not enough detail. | Had too brief or missing information. | Not clear but contained most information. | Not clear and most information missing. | 3 | |||||||||||
| 7 Limitations and Liability | Contained all information in detail. | Contained all information but not enough detail. | Had too brief or missing information. | Not clear but contained most information. | Not clear and most information missing. | 3 | |||||||||||
| Section | HD | D | C | P | F | ||||||||||||
| 6 | 5.1 | 4.8 | 4.5 | 4.2 | 3.9 | 3.6 | 3 | 2.7 | 0 | ||||||||
| Assumptions | Listed all assumptions. | Some assumptions missing. | Most assumptions missing. | Not clear and most assumptions missing. | All assumptions missing. | 6 | |||||||||||
| Justification | Focussed and contained all information in detail. | Focussed and contained but not enough detail. | Focussed but some information missing. | Not clear but contained most information. | Not clear and most information missing. | 6 | |||||||||||
| Section | HD | D | C | P | F | ||||||||||||
| 2 | 1.7 | 1.6 | 1.5 | 1.4 | 1.3 | 1.2 | 1 | 0.9 | 0 | ||||||||
| References | All references are listed according to Harvard reference style. | A few referencing errors. | Not all references are listed but correctly referenced.. | Many references missing | No or incorrect reference list.. | 2 | |||||||||||
| Plagiarism penalty | |||||||||||||||||
| Late submission penalty | |||||||||||||||||
| Total | 35 | ||||||||||||||||
| Confidential Information Policy | Mark allocated | Mark earned |
| 1 Statement of Purpose | 3 | |
| 2 Authorised Uses | 3 | |
| 3 Prohibited Uses | 3 | |
| 4 Systems Management | 3 | |
| 5 Violations of Policy | 3 | |
| 6 Policy Review and Modification | 3 | |
| 7 Limitations of Liability | 3 | |
| Justification | 6 | |
| Assumptions | 6 | |
| References | 2 | |
| Late submission penalty | ||
| Plagiarism penalty | ||
| Total | 35 |
No comments:
Post a Comment