Trainer may decide whether this will be an individual or group assessment.
In this assessment, you will need to perform various tasks related to the elements of the cluster. Your role will be a System Analyst who has been assigned by Sandra Herriard, the Managing Director of Herriard Pty Ltd to perform some tasks as specified below.
The company detail and some supporting documents required for the tasks are provided in the Appendix A. Trainer will be the representative for the company and your main point of contact regarding all the tasks. He will be also providing further clarification if required to complete the tasks.
Duration:
Trainer will set the due date for the assessment
Task A: IT security requirements
Task A1: Identify the security requirements for Herriard IT system.
Task A2: What are the security components missing in Herriard and how they are affecting the Herriard IT system?
Task A3: Identify related or relevant privacy legislation
Assume, they will implement an e-commerce site the system will obtain record and use personal information of members and clients for various operation of the business. Because some or all of this information is predominately based on personal information, steps need to be taken to ensure the system is adequately protecting the privacy of the users, and their personal information. Provided with this assessment is an example of a “flawed” information security document in Appendix A as help to answer following questions. You can also visit privacy.gov.au to identify laws regarding privacy Identify related or relevant privacy legislation that may apply to the organisation.
Task A4: Identify industry standards for IT security
Herriard is based in Australia, so which is the Information Security Standard they should follow?
Task B: Risk analysis
Task B1: What are the different threats to Herriard IT system? Categorise them
Task B2: What are the security measures you would recommend to minimise the risk for Herriard
Task B3: Do some research online and find out what are the costs involved developing controls (e.g. anti-virus, firewall) and contingencies (e.g. data backup) for Herriard.
Task C: IT security policy and operational procedures
Task C1: Review feedback
External technicians used the risk evaluation table below to measure levels of risk posed to the security of the IT system to report to Sandra, the Managing Director. But as there was no risk control/mitigation strategy suggested in the evaluation.
To find the Risk Factor, multiply the Impact value by the Likelihood value
Task C2: IT security policy and procedure elements
Review Herriard Pty LTD’s IT policy (given in Appendix A) and compare it with ISO/IEC 17799 Information Security Standard.
What are the other elements should be added to their policy and procedure according to ISO/IEC 17799 Information Security Standard?
Task C3: Ensure confidentiality
To ensure confidentiality of staffs personal files or works what are the actions Herriard has taken?
Task D: Develop components
Consider Herriard Pty LTD’s “Sales Processing” system. They want to automate the sales process and develop a system/software to do that. As an Analyst, define and draw the components which will represent the development project specification.
Task E: Prepare action diagrams
Draw an activity diagram for Herriard Pty LTD’s “Sales Processing” system.
Task F: Interaction diagram
To develop an interaction (collaboration) diagram which form of Interaction will you use?
Task G: Review
What are the types of testing you will do for this software development? What are the initial test criteria will you recommend for the system?
