Identifying high-priority security controls
As part of your role you should create a framework of policies in the format of one (1) page table that are UK Government compliant for the organisation’s IT infrastructure. The framework of policies you create must pass UK Government -based requirements. Currently, your organisation does not have any UK Government contracts and thus has no UK Government-compliant security policies or controls in place. You should identify 3 high-priority security controls for your organisation. You should write an executive report of no more than two (2) pages that discusses the elements of the framework, what elements are essential, and which elements could be optional. It is imperative that the executive report should have a professional look and should be precise. After all it will be submitted to the company’s executive team as the result of your work. Also, it should include your rationale behind your decisions.
In order to complete the task, you should work on and consider the following:
- Any compliance laws required for UK Government contracts.
- Any controls placed on domains in the IT infrastructure.
- Any required standards for all your devices, based on IT domain.
- A deployment plan for implementation of these polices, standards, and controls.
- All applicable UK Government frameworks
– Business Continuity and Incident Response
Task 3 is weighted at 30% of the overall portfolio mark.
You were recently employed as the CISO for the University of New and you have been contacted by a government agency to inform you they have strong indications a data breach that involves critical data has occurred.
Later that day, you met with a National Crime Agency agent along with the University’s legal department to discuss the activity. The National Crime Agency has been investigating activity involving online purchases made with several stolen credit card numbers. More than 30 of the transactions during the past week had been traced to one of the University’s IP addresses. The National Crime Agency agent asked for the University’s assistance, and in turn, you asked for the incident response team’s assistance in acquiring evidences, only to realise your team is not well prepared. You know this will cause delays in the process and important information might get lost in the meantime. It is vitally important that this matter be kept confidential.
Your next team meeting is approaching, and you decide to prepare and give a presentation to your team. Your slides should address the following items:
1. The severity level of the above-mentioned incident.
2. Who or what groups will be involved in the situation?
3. Suggest measures to contain and recover from the incident.
4. Suggest measures to prevent similar incidents from occurring in the future.
5. Suggest actions to improve the detection of similar events.
You will need approximately 12 slides for your presentation. It needs to be professional, brief and informative. Any additional material can be communicated as slide notes. You must include a title slide in the beginning and a summary slide in the end. You are expected to use appropriate peer reviewed sources for developing your arguments and the Harvard referencing style as per the University regulations.
A scheduled formative feedback in-class session with your tutor the week will give you the opportunity to reflect on your activities and improve your work where necessary. You are strongly advised to have worked on a draft of this task by then.