Page 1 ISYS1003 Assignment 1 Unit code ISYS1003 Assignment 2 Report (Cyber security program and policy development) Due Date Learning 30 April, 2021 1100pm AEST (Qld Time) Outcomes 2, 3 Weight 30% of...

1 answer below »
i want HD marks & no drama with deadline..need to send me back on time


Page 1 ISYS1003 Assignment 1 Unit code ISYS1003 Assignment 2 Report (Cyber security program and policy development) Due Date Learning 30 April, 2021 1100pm AEST (Qld Time) Outcomes 2, 3 Weight 30% of overall unit assessment Suggestion This assignment is developmental and cumulative. Leaving your starting date to the week before the due date is a very poor strategy for success in the unit. Scenario developments Since your preliminary report was delivered and you have become more comfortable in the CISO chair, the Norman Joe organisation has experienced great success and extraordinary growth due to an increased demand in e-commerce and online shopping in COVID-19. The company is even considering acquiring a specialised “research and development” (R&D) group specialising in e- commerce software development. The entity is a small but very successful software start-up. However, it is infamous for its very “flexible” work practices and you have some concerns about its security. As such, in anticipation of your employer’s acquisition of this new business you wish to ensure the company’s cyber risk management program and security policy library is sufficient. Requirements: 1. Carefully read the Case Study scenario document. You may use information provided in the case study but do not simply just copy and paste information. This will result in poor grades. Well researched and high-quality external content will be necessary for you to succeed in this assignment. 2. Align all Assignment 2 documents to those in Assignment 1 as the next stage of a comprehensive Cyber Security program. Tasks: 1. Identify, select and devise the top 5 security policies that are essential for Norman Joe’s. Hint: You may refer to security policies from the external sources such as the SANS policy library. However, you are required to draft these policies on your own, i.e., to be written in your own words (10%). 2. Risk Management Framework (10%) a. Outline what is meant by Risk Assessment, Risk Appetite and Risk Treatment. i. Use this information when developing a Risk Management Framework for Norman Joe. Be sure to include: 1. Risk Treatment Cycle 2. Cost Benefit analysis 3. Establishing feasibility – (all that are appropriate) https://www.sans.org/information-security-policy/ https://www.sans.org/information-security-policy/ Page 2 ISYS1003 Assignment 1 b. What Risk Management Framework would be most appropriate for Norman Joe moving forward? Considering what you now know about the direction of Norman Joe, explain your decision based on the requirements that you believe Norman Joe would need to address. 3. Update the company’s Risk Management Plan (10%). You must address: a. Based on the information given for Norman Joe and based on the preliminary threat modelling exercise in Assignment 1, develop an appropriate access control policy for this company. What types of access controls do you recommend protecting the assets of the company? Justify your choices. You should have physical and logical access controls, which do not let unauthorized access to the assets (assets include information, software, and hardware). b. Determine and recommend data security solutions for three different data states in the company: data in use, data in motion, and data at rest. c. What authentication method do you recommend for Norman Joe for effective and efficient management of user identify verification, especially for remote users. d. Explain how a single sign-on service (SSO) can help Norman Joe to manage authentication. Which protocol will be used to implement this SSO service and why? Explain the protocol. e. Describe six phases of developing an incident response plan. For this question, you should explain each phase and propose at least two activities for each phase in Norman Joe. In addition to analysing the case study materials carefully, you will need to do conduct independent research to answer this question. Requirements and marking rubric out of 30 marks (30%): 1. Update security policy library [10%] a. Clearly identified what security policies Norman Joe needs to have and why (2.5%) b. Each policy is comprehensively justified for inclusion (2.5%) Ci Each policy is clearly and comprehensively constructed in own words (5%) 2. Security Program Update Part 1: Risk Management Framework [10%] a. Clearly outlined Risk Assessment, Risk Appetite and Risk Treatment for Norman Joe as specified (6%) b. Clearly identified the Risk Management Framework most appropriate for Norman Joe and comprehensively justified why (4%) 3. Security Program Update Part 2: Risk Management Plan [10%] a. A comprehensive access control policy that clearly identifies types of access controls that are clearly justified (2%) b. Detailed data security solutions for three different data states (2%) c. Clearly identified the authentication method (1%) d. Clearly explained how SSO can help Norman Joe to manage authentication and identified and clearly explained the protocol (2%) e. Clearly detailed six phases of developing an incident response plan for the company (3%) 4. Referencing a. Not well researched [-1%] b. Low quality references [-1%] c. Inconsistent format [-1%] Page 3 ISYS1003 Assignment 1 Submission Format No SCU cover sheet is required – do not include an SCU cover sheet. A simple table of contents and simple introduction is required. While there is no enforced word limit for this assignment, simply writing more does not equal better grades! You will be assessed on how effectively you can communicate your responses to tasks and report on these activities. When you have completed the assignment, you are required to submit your assignment in the DOC or PDF format. The file will be named using the following convention: filename = FirstInitialYourLastName_ISYS1003_A2_S1_20xx.doc (i.e. NJoe_ISYS1003_A2_S1_2021.doc) Original Work It is a University requirement that a student’s work complies with the Academic Integrity Policy. It is a student’s responsibility to be familiar with the Policy. Failure to comply with the Policy can have severe consequences in the form of University sanctions. For information on this Policy please refer to Student Academic Integrity policy at the following website: http://policies.scu.edu.au/view.current.php?id=00141 As part of a University initiative to support the development of academic integrity, assessments may be checked for plagiarism, including through an electronic system, either internally or by a plagiarism checking service, and be held for future checking and matching purposes. A Turnitin link has been set up to provide you with an opportunity to check the originality of your work until your due date. Please make sure you review the report generated by the system and make changes (if necessary!) to minimise the issues of improper citation or potential plagiarism. Retain Duplicate Copy Before submitting the assignment, you are advised to retain electronic copies of original work. In the event of any uncertainty regarding the submission of assessment items, you may be requested to reproduce a final copy. School Extension Policy In general, I will NOT give extension unless where there are exceptional circumstances in line with University policy. Students wanting an extension must make a request at least 24 hours before the assessment item is due and the request must be received in writing by the unit assessor or designated staff Page 4 ISYS1003 Assignment 1 member through the formal process outlined on the unit site. Extensions within 24 hours of submission or following the submission deadline will not be granted (unless supported by a doctor’s certificate or where there are exceptional circumstances – this will be at unit assessor’s discretion and will be considered on a case by case basis). Extensions will be for a maximum of 48 hours (longer extensions supported by a doctor’s certificate or alike to be considered on a case by case basis). A penalty of 5% of the total available grade will accrue for each 24-hour period that an assessment item is submitted late. Therefore, an assessment item worth 30 marks will have 1.5 marks deducted for every 24-hour period and at the end of 20 days will receive 0 marks. Students who fail to submit following the guidelines will be deemed to have not submitted the assessment item and the above penalty will be applied until the specified submission guidelines are followed. Submission Format Original Work Retain Duplicate Copy School Extension Policy
Answered 1 days AfterApr 27, 2021ISYS1003Southern Cross University

Answer To: Page 1 ISYS1003 Assignment 1 Unit code ISYS1003 Assignment 2 Report (Cyber security program and...

Shubham answered on Apr 29 2021
145 Votes
Table of Contents
Introduction    1
1. Update security policy library    1
a. Security policies Norman Joe needs to have    1
b. Comprehensively justified for inclusion    2
c. Explanation of each policy    2
2. Security Program Update Part 1: Risk Management Framework    3
a. Risk Assessment, Risk Appetite and Risk Treatment for Norman Joe    3
b. Risk Management Framework most appropriate for Norman Joe    4
3. Security Program Update Part 2: Risk
Management Plan    4
a. Access control policy    4
b. Data security solutions for three different data states    5
c. Authentication method    5
d. Use of SSO in Norman Joe to manage authentication    5
e. Six phases of developing an incident response plan for the company    6
References    7
Introduction
Cybersecurity is required for Norman joe and this is the practice that will help in protecting system and network from digital attacks. It will provide with strong infrastructure that includes multiple layers for network and programs. This uses management tool for providing defense between vital information and digital chaos. It is the combination of firewall and variety of tool that can help in combating against the malware. The use of anti-virus includes use of tool and it will help in blocking suspicious activity.
1. Update security policy library
a. Security policies Norman Joe needs to have
The security policy that is required to be implemented by Norman joe includes the increased policy for increasing the efficiency. This includes protecting the sensitive information. The security policy provides backup for the disciplinary action that supports the policy of the organization.
Virus and Spyware Protection policy: This policy is required by Norman joe that will help in removing, repairing and detecting the side effects of the virus (Mandritsa et al. 2018). This is required for the detection of the threat in the file and it provides the download insight. It will help in detecting the application for exhibiting suspicious behavior.
Firewall Policy: The policy is required for providing the protection and it can help in accessing the network and system for connecting to the internet. This is required for Norman joe in detecting the attack of cybercriminals (Ganesan, Jajodia and Cam, 2017). It will help in removing the unwanted sources for the network traffic.
Intrusion Prevention Policy: This policy is required by Norman joe for blocking and detecting the network attack. It is required for checking for the content that includes multiple data packages and malware.
b. Comprehensively justified for inclusion
Norman joe requires cybersecurity for protecting the data from damage and theft. This includes sensitive data and confidential information of employees. The increase in cybersecurity risk can cause loss of sensitive data. It can be caused because of poor configuration of the cloud services and it can increase the risk for the organization. It is the state and process that can help in recovering the system and network (Gordon, Loeb and Zhou, 2020). It is important to ensure cybersecurity for reducing the risk of cybercrime. It includes educating all levels of organization for increasing security. The investment in tools can help in monitoring the data exposure. The use of technology can help in reducing the cost for overall cyber security risk assessment.
c. Explanation of each policy
Virus and Spyware Protection policy: This policy is required for ensuring security of users and it consists of automatic updates and manual scanning. This policy is required to be implemented by Norman joe for protecting computers against file virus, riskware, spyware and virus for ensuring security over the web traffic (Yeboah-Ofori and Islam, 2019). The automatic update can help in ensuring that spyware and virus protection is required to be kept updated for setting in the security policy. Norman joe is required to manage the network and it is required for monitoring the scanning result along with information of the managed host that sends the information to policy manager.
Firewall Policy: The implementation of firewall policy is required for ensuring that all type of network traffic is specified. This policy is required for defining features of firewall for assigning the policy for multiple firewall profiles. The active directory integration depends on permission and it can...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here