FILE 1 IS THE CASE STUDY AND FILE 2 IS FINAL REPORT REQUIREMENTS. PLEASE CHECK MARKING CRITERIA ON THE LAST PAGE OF THE FINAL REPORT.
Case study scenario: Denisovan Medical Supplies Denisovan Medical Supplies is a producer of chemical products for use in the production of pharmacological medicines. This includes inert powders used in pill production, liquid solvents for medicines that need to be delivered either by mouth or intravenously, as well as specialised chemicals needed to produce other medicines. Denisovan also has a research arm that develops techniques for producing these products. This research leads to the registration of several patents each year or improvement in their production processes. Denisovan has several separate facilities. They have two production facilities, a Research and Development Centre located near a major University, and an Administration and Sales Facility centrally located in Melbourne. The administration and sales facility, usually referred to as ‘Head Office’, supports executive management, legal support, sales, and ICT services. Sales are nearly always to large pharmaceutical firms and involve large amounts of money and detailed legal contracts. There are about 100 employees located at head office. This includes the senior executive management, legal experts in contract and patent law, pharmaceutical sales experts, and a range of ICT personnel. Currently ICT is responsible for implementing and supporting Denisovan’s ICT architecture (networks, operating systems, applications, hardware, and ICT personnel) and take responsibility for ICT security. The Research and Development Centre is networked directly to head office central server room. The Production Facilities run their own servers which are connected to the head office via the internet using intranet technologies. The ICT systems at the Production Facilities and the Research and Development Centre are managed centrally, however there are ICT staff located at each facility. Current applications in use across the organisation include; common productivity tools (word processing and other office tools); purchasing and production planning (Prod Plan); Sales and Invoicing (AccountsPlus); statistical analysis (SAS); and chemical development tools (ChemBuild). The Research and Development Centre employs 50 people whose focus is on product development. They specialize in creating commercially viable methods for manufacturing products essential for the creation of pharmaceutical products. Some of the methods they develop lead to patents, though much of the research is devoted to improving in-house production techniques. It is important to keep these efforts secure until a patent has been achieved or the new methods have been implemented in their manufacturing processes. The R&D Centre is also responsible for the overall quality control of od Denisovan’s manufactured products. The two production facilities have different focuses. The Inert Products Facility produces inert powders used in pill production, liquid solvents needed for liquid medicines, and other chemicals that are used as a carrier or delivery component for medicines. These products are well known and are either no longer covered by patents or Denisovan has licensed the rights to production. Many of these products require specialised equipment to produce. This manufacturing unit has 250 employees including production planners, lab technicians, logistics planners, purchasing and other personnel. The Pharmaceutical Products Facility produces chemicals needed to produce the active ingredients in medicines. In some instances, they produce the final product active component. This production facility has a range of specialised equipment that can be configured to produce a wide range of organic and inorganic products. This production facility often works closely with R&D to develop production techniques capable of producing significant quantities of the raw materials. The nature of production in this facility is significantly more specialised than in the Inert Production Facility. It employs 100 personnel, but they include staff with higher skills needed for the customised development processes needed. Many of the products that are manufactured are for other pharmaceutical companies that outsource the manufacturing of some of their products. Denisovan has determined they need to implement a more robust Information Security Program. Currently this responsibility has been assumed by ICT services, but in an unplanned manner and it has been noted that the incidence of information security attacks have become more frequent and significant. Denisovan have contracted your consulting service, Secure Security Services (SSS), to provide a report outlining the need for an Information Security Program, its purpose, and a suggested framework for the program that oversees security concerns across their business. Microsoft Word - report(FINAL)-converted.docx Perform a risk analysis on a small part of a business system and provide a list of possible controls. Provide the results in a report which discusses costings, implementation issues and user impacts. (1000 words). The management have requested more information on policy development and the need for a risk management program. Specifically, they have asked for an explanation of benefits of a risk management plan, the steps for creating a risk management plan, a description of risk assessment process. To meet the client’s request, you need to do the following: Document contents: ✓ A discussion of the types of policies needed for information security. ✓ A discussion on what policy documents should look like. ✓ Explanation of benefits and purpose of a risk assessment. ✓ Description of risk assessment process. ✓ Outline the steps for creating a risk management plan. ✓ A set of asset and risk priorities using the tables below: o Identification of Assets. (One asset from each of the different categories: people, process, hardware and software). o Identification of threats/vulnerabilities. (One threat from each of the different categories: Internal, external, deliberate, and accidental). o Priorities determined, Preliminary impact of risks ✓ Suggest controls for the items in the last table. To assist with their understanding of risk assessment and management you have decided to consider 4 assets and 4 threats to be used to complete the tables below. To effectively demonstrate your skill, the tables would need to include examples of assets from different categories: people, process, hardware, software, and network. Threats should also include examples from different categories: Internal, external, deliberate, and accidental. The format for submission for this document is less formal than for the original report: Cover page. Introduction (What is the purpose and why the report was needed/requested. Headings for each part of the client’s request. A document that covers all the information requested by the Case Study client. The Risk Assessment will include a prioritized list of Assets, Threats and Vulnerabilities to meet the request of the client. The Risk Assessment must also include suggested controls for the risks you have identified for the Case Study. References. Table 1: Asset priority table ???? lmpact Impact ????? impact Priority Score (Asset impact) Jon Weight -> A et V Table 2: TVA Table Assets Threats Table 3: Risk. Asset Threat Vulnerability Likely hood Impact Priority Marking Criteria Risk Assessment/management Document Content: 1. i) A discussion of why policies are needed (5) 2. ii) A discussion of what policy documents should look like. (5) 3. iii) A discussion of the types of policies needed for information security. (10) 4. iv) Benefits and purpose of a risk assessment plan. (5) 5. v) Description of risk assessment process (10) 6. vi) Outline the steps for creating a risk management plan (10) Perform a simple risk assessment: 1. i) Identification of Assets (5) 2. ii) Asset priority determined using Table 1. (5) 3. iii) Identification of threats/vulnerabilities using TVA table. (10) 4. iv) Priorities set (Table 3). (10) 5. v) Suggested controls (5) Document presentation: 1. i) Draft submitted on time (5) 2. ii) Grammar, file name, and references (5)