Many companies have been compelled to embrace remote working as a consequence of the COVID-19 pandemic. Evidence suggests that his trend is likely to continue, as organisations realise that remote working can be as productive as office-based work and employees can see the benefits, such as reduced commuting times and flexible working.
These companies are continuing to support increasing numbers of employees working from home and are having to provide secure remote access while reducing security risks. This pandemic-induce shift provides organisations with the opportunity to implement good practices for remote access.
The Centre for the Protection of National Infrastructure (the government authority for protective security advice to the UK national infrastructure) is currently advising organisations to adjust their protective security arrangements to reflect changing threats and new working practices resulting from the COVID-19 situation.
They advise the key activities for all organisations at this time are to:
· Identify the threats from the current pandemic situation to your organisation
· Conduct a Risk Assessment based on the identified threats and update risk registers
· Put proportionate measures, policies and procedures in place to mitigate the new risks
· Communicate changes across the workforce clearly and effectively
· Provide guidance and training to the workforce to adapt to the new security arrangements and give access to welfare for those needing additional support.
Task
With this in mind, your task is to draft a Remote Access Policy along the lines of the ISO27000 family for a medium-sized software development business with approximately 200 employees. You should additionally link a Bring Your Own Device Policy (BYOD) to your policy.
You should take into consideration any confidentiality, integrity, and availability (CIA) issues of the information assets for the company and assess all relevant risks. Any work as part of your research on security policies, consideration of issues and risk assessment MUST be provided as an appendix.
Please note that you will NOT be producing an academic report, but a policy document. As a general guideline your policy should not be more than three (3) pages long and approximately 1500 words. You will need to be concise and precise.
You are expected to use appropriate peer reviewed sources for developing your arguments and use Harvard style referencing.
This is an individual assessment and it is essential that you develop your own policy based on your consideration and analysis of the issues that lead to the statements in your policy. Supporting information should be included in the appendix.
You are strongly encouraged to make use of Turnitin prior to submitting your policy and avoid the direct use of publicly available policies.
Submission Requirements:
The final report is expected to have the following structure:
· Cover Page
o Module code
o Module title
o ID number (the submission MUST be anonymous)
o Month and year, e.g. December 2020
The report should be prepared as follows:
· The same font should be used throughout. We would prefer you to use 12-point Times, though any reasonable alternative (such as Arial) will be accepted.
· Lines should be single-spaced, with between 1/2 a line and a whole line of extra space after each paragraph.
· Margins: at least 20mm left and right; 25mm top and bottom.
You are required to submit the final report as one document via StudyNet in a PDF format using your student number as the filename.
Marks awarded for:
Assessment Criteria |
Mark Available |
Organisation of policy |
18 |
Quality/ Clarity of arguments |
18 |
Appendices: Consideration of issues, Risk identification and threat assessment |
18 |
Presentation, design and references |
6 |
Total |
60 |
This Assignment assesses the following module Learning Outcomes (from Definitive Module Document):
2. Managing an information environment in terms of deterrence, detection, protection and reaction to access.
3. A systematic application of the tools, methods and procedures (theoretical and methodological) used within the cyber security arena under the context of a risk and threat assessment.
4. Critically demonstrate self-direction and creativity in managing the security of an information environment at the strategic, tactical and operational levels, effectively developing information security policies.
6. Demonstrating a systematic approach of creatively applying security standards to unfamiliar contexts for solving problems.