Report of 1500 words Max for 3rd year bachelors of IT course. Security Management & Governance. case study attached below
BIT361 Security Management and Governance BIT361 Security Management and Governance Prepare a report that that outlines a security management program which includes a suggested management structure, governance procedures, and organisational roles for a business. (1500 words) Major Assessment Part A Due Dates: Final Week 8, 11:59 pm 15 September The Assignment Complete this assessment using the case study scenario provided in Moodle. The organisation in the case study has asked you to present a formal report to the CEO. The report must outline the need for a Information Security Program, propose an appropriate management structure for the case study, and describe the roles of each position in your proposed structure. The report must be presented as a professional document. · Describe the purpose and benefits derived from having Information Security Program. · Identify and describe the major elements of an Information Security Program. · Suggest an information security staffing structure for the business described in the Case Study. Include a chart showing the structure. · Justify your suggested staffing structure for the provided Case Study · For each security position you have defined in your suggested structure prepare a description of its functions, tasks, and responsibilities · Discuss the importance of including governance within the Information Security Program. · Suggest the different governance responsibilities that need to be assigned to the positions you have identified in your staffing structure. Report Development The required report must be completed using MS word. Report cover Includes the report title, the date, who it has been prepared for, and the author’s name (and Student ID, subject group). DO NOT USE MS TEMPLATES! Executive summary 1 paragraph: (Who the report is for, scope/purpose of report; action required. Page numbering starts at roman numeral ‘i’). Table of contents (page ‘ii’). Body of report: Introduction (new page, numbering restarted at ‘1’) that must include a description of the purpose, scope, and structure of the document. Separate sections that address the client’s requests. These sections need to cover the assessment criteria outlined below. References A list of works used in the document. Use the Harvard referencing style. (Every reference must have at least 1 in-text citation). Finished Report Due Week 8 The final report must follow layout described in the outline section above.: The final document must be a complete document that is directed to the organisation outlined in the case study. The report must be correctly structured and be appropriate for the client’s needs. Prior to submission, students should make sure that the report addresses all criteria listed in the marking guideline. You are to complete the assignment parts using MS Word. See Subject outline for formal Assessment overview and feedback Marking Criteria Student: ID: Part A Report (Weight 30%) Due Week 8 N A Attempt Poor Good Very Good Excel Report has an identified purpose i) Executive summary (5) ii) The introduction states the purpose of the report and describes the report structure. (5) Report Content i) Describe the purpose and benefits derived from having Information Security Program. (10) ii) Identify and describe the major elements of an Information Security Program. (10) iii) Suggest an information security staffing structure for the business described in the case study including chart (10) iv) Justify your proposed structure (10) v) Descriptions of the functions, tasks, and responsibilities for each security position defined in the suggested structure prepare (10) vi) Discuss the importance of including governance within the Information Security Program. (5) vii) Describe the governance responsibilities that need to be assigned to the positions you have identified in your staffing structure. (5) References & Grammar i) Report meets required format (5) ii) Harvard style references list with in-text citations (5) iii) Report Draft (5) iv) Grammar and expression. (5) Turnitin Score: Gross Result: Turnitin adjustment Late submission deduction: Net Result (Max 90): Security Man & Governance (BIT361) Semester 2, 2021 Page 1 of 5 Security Man & Governance (BIT361) Semester 2, 2021 Page 1 of 5 Security Man & Governance (BIT361) Semester 2, 2021 Page 1 of 5 Case study scenario: Denisovan Medical Supplies Denisovan Medical Supplies is a producer of chemical products for use in the production of pharmacological medicines. This includes inert powders used in pill production, liquid solvents for medicines that need to be delivered either by mouth or intravenously, as well as specialised chemicals needed to produce other medicines. Denisovan also has a research arm that develops techniques for producing these products. This research leads to the registration of several patents each year or improvement in their production processes. Denisovan has several separate facilities. They have two production facilities, a Research and Development Centre located near a major University, and an Administration and Sales Facility centrally located in Melbourne. The administration and sales facility, usually referred to as ‘Head Office’, supports executive management, legal support, sales, and ICT services. Sales are nearly always to large pharmaceutical firms and involve large amounts of money and detailed legal contracts. There are about 100 employees located at head office. This includes the senior executive management, legal experts in contract and patent law, pharmaceutical sales experts, and a range of ICT personnel. Currently ICT is responsible for implementing and supporting Denisovan’s ICT architecture (networks, operating systems, applications, hardware, and ICT personnel) and take responsibility for ICT security. The Research and Development Centre is networked directly to head office central server room. The Production Facilities run their own servers which are connected to the head office via the internet using intranet technologies. The ICT systems at the Production Facilities and the Research and Development Centre are managed centrally, however there are ICT staff located at each facility. Current applications in use across the organisation include; common productivity tools (word processing and other office tools); purchasing and production planning (Prod Plan); Sales and Invoicing (AccountsPlus); statistical analysis (SAS); and chemical development tools (ChemBuild). The Research and Development Centre employs 50 people whose focus is on product development. They specialize in creating commercially viable methods for manufacturing products essential for the creation of pharmaceutical products. Some of the methods they develop lead to patents, though much of the research is devoted to improving in-house production techniques. It is important to keep these efforts secure until a patent has been achieved or the new methods have been implemented in their manufacturing processes. The R&D Centre is also responsible for the overall quality control of od Denisovan’s manufactured products. The two production facilities have different focuses. The Inert Products Facility produces inert powders used in pill production, liquid solvents needed for liquid medicines, and other chemicals that are used as a carrier or delivery component for medicines. These products are well known and are either no longer covered by patents or Denisovan has licensed the rights to production. Many of these products require specialised equipment to produce. This manufacturing unit has 250 employees including production planners, lab technicians, logistics planners, purchasing and other personnel. The Pharmaceutical Products Facility produces chemicals needed to produce the active ingredients in medicines. In some instances, they produce the final product active component. This production facility has a range of specialised equipment that can be configured to produce a wide range of organic and inorganic products. This production facility often works closely with R&D to develop production techniques capable of producing significant quantities of the raw materials. The nature of production in this facility is significantly more specialised than in the Inert Production Facility. It employs 100 personnel, but they include staff with higher skills needed for the customised development processes needed. Many of the products that are manufactured are for other pharmaceutical companies that outsource the manufacturing of some of their products. Denisovan has determined they need to implement a more robust Information Security Program. Currently this responsibility has been assumed by ICT services, but in an unplanned manner and it has been noted that the incidence of information security attacks have become more frequent and significant. Denisovan have contracted your consulting service, Secure Security Services (SSS), to provide a report outlining the need for an Information Security Program, its purpose, and a suggested framework for the program that oversees security concerns across their business.