The purpose of the assignment is to assess the learners in various security areas including IT security risk, policy, security control, audit, relevant laws necessary for an organisational security. Therefore, it is necessary for the learners to understand the security risks, various IT security policy, risk assessment methods, security audit, security control and tools, laws and its alignment towards organisational strategy.
It is expected that learners will utilise a professionally delivered format to present the report with appropriate referencing. The guideline is given end of the assignment brief.
This coursework is designed in the form of set questions and design scenario. The tasks are divided into four sections, with section compromising several questions.
A retail organisation based in London operates on food distribution across many towns. The company has an established online platform whereby customers place orders. The delivery is done using the company own vehicles.
• The company IT platform and order processing software is 3 years and since then no upgradation was made. It already has security processes in place, such as access controls, backup, encryption, and disaster recovery.
• Recent incident whereby the company suffered server downtime for 6 hours due to a Distributed Denial of Service (DoS) attacks.
• Furthermore, the network is very slow and there are unwanted accounts created to the network. In several occasions the system was automatically reboot and malware infections was detected. Not all employees have adequate information security awareness trainings that might impact ensuring overall security.
The management considers protection of information and other assets as the top priority for business continuity and reputation. As a security specialist, you are to carry out investigation about the IT security risks, existing organisational security procedure and controls to mitigate the risks. You also need to consider IT security policies, data protection laws, risk assessment methods, and security audit necessary for improving the overall security.
You should follow the assignment brief scenario and produce the followings:
Part 1: Produce a report that contains the followings:
Risk assessment procedure
Data protection regulation and risk management standard ISO 31000 applicability to the IT
IT security audit impact on organisational security
The responsibilities of employees and stakeholders in relation to implementation of security audit recommendations.
Part 2: Develop and implement an IT security policy based on the scenario context within the main components of disaster recovery plan with justification for their inclusion.
Part 3: You will evaluate your security policy and proposed tools used within the policy and how they align with IT security.