Task
Write between 400 to 600 words for each of the short-essay questions. All questions are of equal value. You should provide credible references for each question according to the Faculty of Business guidelines.
However, it is expected that answers to questions be succinct (i.e. precise and concise) with all sources of information fully referenced as per APA referencing style. See the CSU guide to APA at http://www.csu.edu.au/division/studserv/learning/referencing/index.htm
Question 1 – (5 marks)
Discuss 4 suitable information security policies for an online food supply company. Polices should include: implementable, deliverable to end-users and stakeholders.
Question 2 – (5 marks)
Access controls are built on three key principles. List and briefly define them. And how to apply these key principles on smart phone devices GPS tracking system/software to mitigate user personal information be exposed undesirably.
Question 3 – (5 marks)
Describe the recommended process for the development of information security measurement program implementation.
Question 4 – (5 marks)
Using the Internet and/or Library find an example of a company or organisation which is subject to information security vulnerability. From the finding identify people, procedures, and data assets which are still remaining a security risk and need to address and action promptly.
Question 5 – (5 marks)
Explain why risk appetite and residual risk are varies from organisation to organisation. Provide an example for each to support your discussion.
Question 6 – (5 marks)
List and describe the criteria for selecting information security personnel. In scenario of selecting a security officer for Australian Tax Office to manage and backup all databases, name some of criteria this employee should comply with.
Rationale
This assessment item is designed to test your understanding of ICT management and information security topics, issues and be able to:
• provide suitable information security policies for an designated organisation;
• address and apply the key access control principles on smart phone devices in concerning about the users personal information;
• describe process for performance measures implementation recommended by NIST;
• identify how people, procedures, and assets are part of information security system;
• explain the variation of risk appetite and residual risk in organisations; and
• examine the requirement criteria for a information security officer in an given organisation.
Marking criteria
Marks will be awarded for evidence of reading, selection of sources, logical flow of discussion, spelling, grammar, English expression and completion of tasks. Detailed marking criteria and marking sheet for this assessment will be uploaded available in Interact - Resources.
Satisfactory work will be awarded 60%. You need to demonstrate much better than ordinary work to receive a higher score.