Information Security Aspects of Business Continuity Management Case Study

1.This Assignment assesses the following module Learning Outcomes (from Definitive Module Document):

2.Managing an information environment in terms of deterrence, detection, protection and reaction to access.

3.A systematic application of the tools, methods and procedures (theoretical and methodological) used within the cyber security arena under the context of a risk and threat assessment.

4.Critically demonstrate self-direction and creativity in managing the security of an information environment at the strategic, tactical and operational levels, effectively developing information security policies.

5.Demonstrating a systematic approach of creatively applying security standards to unfamiliar contexts for solving problems.

Assignment Brief:

This assignment ONLY applies to students with a referral or deferral opportunity.

THE ASSIGNMENT TASK:

ISM-Tech Solutions, a small (fictitious) software development company that is working towards ISO27000 certification. To assist with this, you have been asked to review the Information Security Aspects of Business Continuity Management within the company.

As this is a small company, there is a single corporate server hosted at the company’s main office. This server is backed up to tape each week and then the tape is put into local storage. There are enough tapes to last 6 months before they are reused.

Each of the employees has been issued with a work laptop that can be connected to the corporate server. According to the company’s local processes, it is the responsibility of the employee to ensure that any important information on their laptop is backed up. For any new major project, the employee must document where the backups from their laptop will be stored. This has led to inconsistent practice with some employees storing data on the corporate server, while other use removable drives, local hard disks, and free cloud storage services.

A recent security incident, where a removable drive was lost while an employee was travelling on public transport led to immediate security training for all employees. Staff was reminded of the importance of backing up data and that they should only work on official work laptops. However, the management believes that some employees are continuing to use their equipment for work purposes.

Task

Chief Information Security Officer (CISO) for ISM-Tech Solutions has tasked you with preparing a presentation for the Executive Board. You are required to identify the technical problems relating to the current situation and highlight the best practice in relation to Incident Response and Business Continuity. You should identify 3 priority security risks in relation to the current practice and discuss the threat by providing an adequate background to each of the risks and then a solution. The background should be your interpretation of the problem.

You should also research on Incident Response and Business Continuity (technical, practice, policies, procedures, standards) for you to be able to expand on the topic and recommend the good practice for ISMTech Solutions. Remember that this is for the companies ISO27000 certification.

You may either produce a slide deck for the presentation with no more than 10 slides or up to a 10-minute video recording of you delivering the presentation. In either case, you must provide a list of references used.

You are required to submit your set of presentation slides via Canvas in an appropriate format (such as PDF or PowerPoint) using your student number as the filename. The First slide must also contain your student number and the final slide(s) should include a list of references used.

Video Presentation Option

You are required to submit a video presentation via Canvas in a commonly used video format using your student number as the filename. Please note that if you use a proprietary video format, we may not be able to view it and you will not receive any marks. You can include your reference list in the video or submit the reference list as a second document on Canvas in a suitable format (such as PDF, Word, or PowerPoint). You are strongly encouraged to make use of a video compression utility to reduce the size of your video and avoid issues with uploading large files.