need this assignment within 24h. No words limit no reference Simple Question Answers Thanks
Microsoft Word - Document1 Case study scenario: Denisovan Medical Supplies Denisovan Medical Supplies is a producer of chemical products for use in the production of pharmacological medicines. This includes inert powders used in pill production, liquid solvents for medicines that need to be delivered either by mouth or intravenously, as well as specialised chemicals needed to produce other medicines. Denisovan also has a research arm that develops techniques for producing these products. This research leads to the registration of several patents each year or improvement in their production processes. Denisovan has several separate facilities. They have two production facilities, a Research and Development Centre located near a major University, and an Administration and Sales Facility centrally located in Melbourne. The administration and sales facility, usually referred to as ‘Head Office’, supports executive management, legal support, sales, and ICT services. Sales are nearly always to large pharmaceutical firms and involve large amounts of money and detailed legal contracts. There are about 100 employees located at head office. This includes the senior executive management, legal experts in contract and patent law, pharmaceutical sales experts, and a range of ICT personnel. Currently ICT is responsible for implementing and supporting Denisovan’s ICT architecture (networks, operating systems, applications, hardware, and ICT personnel) and take responsibility for ICT security. The Research and Development Centre is networked directly to head office central server room. The Production Facilities run their own servers which are connected to the head office via the internet using intranet technologies. The ICT systems at the Production Facilities and the Research and Development Centre are managed centrally, however there are ICT staff located at each facility. Current applications in use across the organisation include; common productivity tools (word processing and other office tools); purchasing and production planning (Prod Plan); Sales and Invoicing (AccountsPlus); statistical analysis (SAS); and chemical development tools (ChemBuild). The Research and Development Centre employs 50 people whose focus is on product development. They specialize in creating commercially viable methods for manufacturing products essential for the creation of pharmaceutical products. Some of the methods they develop lead to patents, though much of the research is devoted to improving in- house production techniques. It is important to keep these efforts secure until a patent has been achieved or the new methods have been implemented in their manufacturing processes. The R&D Centre is also responsible for the overall quality control of od Denisovan’s manufactured products. The two production facilities have different focuses. The Inert Products Facility produces inert powders used in pill production, liquid solvents needed for liquid medicines, and other chemicals that are used as a carrier or delivery component for medicines. These products are well known and are either no longer covered by patents or Denisovan has licensed the rights to production. Many of these products require specialised equipment to produce. This manufacturing unit has 250 employees including production planners, lab technicians, logistics planners, purchasing and other personnel. The Pharmaceutical Products Facility produces chemicals needed to produce the active ingredients in medicines. In some instances, they produce the final product active component. This production facility has a range of specialised equipment that can be configured to produce a wide range of organic and inorganic products. This production facility often works closely with R&D to develop production techniques capable of producing significant quantities of the raw materials. The nature of production in this facility is significantly more specialised than in the Inert Production Facility. It employs 100 personnel, but they include staff with higher skills needed for the customised development processes needed. Many of the products that are manufactured are for other pharmaceutical companies that outsource the manufacturing of some of their products. Denisovan has determined they need to implement a more robust Information Security Program. Currently this responsibility has been assumed by ICT services, but in an unplanned manner and it has been noted that the incidence of information security attacks have become more frequent and significant. Denisovan have contracted your consulting service, Secure Security Services (SSS), to provide a report outlining the need for an Information Security Program, its purpose, and a suggested framework for the program that oversees security concerns across their business. Answers must be in your own words. Four questions. Total marks 90.Answer all questions. This assessment is to be completed individually without discussing with other students or persons. Evidence of collusion with other students will lead to significant reduction in your result. All questions are to be completed. Complete your answers using this document. Case study scenario: (Denisovan Medical Supplies) In discussing the questions below, you may use information from the Denisovan Case Study. Question 1. Risk management is focused on developing strategies and controls for known vulnerabilities. Contingency plans are strategies and tactics for dealing with unexpected events: what to do when the risk management processes fail. A. List and briefly describe the components of contingency planning for information security. (3 marks) B. Incident Response performs a key role in a contingency plan when any adverse event occurs. Describe the role of Incident Response in the implementation of a contingency plan making sure to discuss its interaction with Disaster recovery and Business Continuity. (8 marks) C. After a DOS attack incident affecting the Research and Developments Network at Denisovan, briefly discuss what they should included in their After-Action Review (AAR). (4 marks) Question 2. Formal policy development, implementation, and compliance are important to medium and large organisations. A. Write a paragraph explaining the reasons why formal policy statements are essential at Denisovan Medical Supplies. (6 Marks) B. Describe what elements compliance statements should contain in a policy document. (5 marks.) C. Give Two examples of Policy Documents that would be required at Denisovan Medical Supplies, provide justification for your choice. (4 marks) For parts D and E: Denisovan recognises the need to protect their Intellectual Property and Product patents. They have developed a policy that restricts the copying of information (secured use of photocopying, restricted USB use, file locking preventing exporting or emailing company files) within the organisations networks. They are about to implement this policy. D. Suggest a program to ensure awareness and compliance to the policy. (8 marks) E. Describe how you could determine the success of your program? (7 Marks) Security Management and Governance S2 2021 Security Management & Governance (BIT361) Page 3 of 4 Question 3. Denisovan needs to determine how to prioritize the security arrangements for several of their assets. In brief discussions with them, you obtain the following information: Asset Asset impacts Threats and vulnerabilities (Frequency per year) ICT Network Services Little importance to profitability, little impact on public image, and little impact to the success of organisation Human error: Misconfiguration of Network (4 /yr), Hardware failure: Equipment lifetime failure (2/yr) ChemBuild Software Some importance to profitability, Some impact on public image, some impact on success of organisation Incorrect entries (70/yr) Research and Development Centre Important to profitability and public image, strong impact on the success of organisation Compromises to intellectual property: Copyright infringement (5/yr.), Patent infringement (1/2yr) Pharmaceutical Products Facility Staff Essential to profitability, No impact on public image, Critical for the success of organisation Development Skills Shortage: Employee leaves (4/yr.) A. Using this information and your general knowledge, complete the following tables. Show all calculations. (15 Marks) B. When you have completed the tables, write a paragraph discussing the relative priorities of the assets and how that will affect security planning for these assets. You should include some discussion of the types of controls that should be considered for the different assets and their vulnerabilities. (5 Marks) Table 1: Asset priority table Success of the organization impact Profitability Impact Public image Priority Score (Asset impact) P_________ of _______ Criterion Weight -> Assets ˅ 25 40 35 Table 2: TVA Table Assets Threats Table 3: Risk. Asset Threat Vulnerability Likelihood Impact Priority Question 4. Denisovan has identified several possible control measures for the improvement of their information security. Currently the data in Table 1 and Table 2 below has been determined. A. Complete a Cost Benefit Analysis for the items in the tables below. You may need to add columns or rows. Show all calculations. (15 Marks) B. Discuss, in detail, which of these controls should be implemented, considered, or rejected. (10 Marks) Table 1: Risk - unprotected Asset Threat Vulnerability Likelihood - Annualised Rate of Occurrence (ARO) Single Loss Expectancy Annualized Loss Expectancy (ALE) Intellectual Property / Patents Espionage or trespass Network intrusion 45 6524 Workstations Software attacks Virus/Malware 130 452 Production Servers Hacking Network intrusion 40 2968 Central HO Server Room Hardware equipment failure Power Failure 0.5 175786 The control measures identified include: Table 2: Risk protected Asset Threat Vulnerability Control Likelihood - Annualised Rate of Occurrence (ARO) Annual cost of Safeguard (Control) (ACS) Single Loss Expectancy (SLE) - Post Controls Intellectual Property / Patents Espionage or trespass Network intrusion Firewall 12 $75,000 5529 Workstations Software attacks Virus / Malware Anti-virus 5 $16,000 452 Production Servers Hacking Network intrusion IDPS 15 $20,000 1744 Central HO Server Room Hardware equipment failure Power Failure Uninterruptible Power Supply 0.25 $125,000 15067