The Assignment The report must outline the need for a security management program and suggest how the organisation may proceed with developing an ongoing Security Management Program. The final report will be at least 1000 words (maximum 2000 words) addressing the following: ✓ Discuss the benefits derived from seeing Security Management as an ongoing process and the reasons for having a policy. ✓ Discuss the purpose of a Security management Program. ✓ Discuss the development of a Security Policy and Security Management Program. ✓ Identify and present a description of the functions, tasks, roles and responsibilities that need to be defined for the Security Management Program for EMS. Discuss the roles of different individuals/groups would play in terms of governance of security in general. ✓ Identify any models or methods that may be relevant for the development of a Security Management Program ✓ Discuss the implications of legal and statutory requirements and the benefits your formal approach would bring. Report Structure Assignment Part A Report for a security management and governance program completed using MS word format. The final report must include the following: Report cover page which includes the report title, who it has been prepared for, and the author Name (and Student ID, subject group); Executive summary(1 paragraph: Who the report is for, scope/purpose of report; action required. page i); Table of contents (page ii); Body of report: This will include an introduction (page 1) that describes the scope of the document and its structure followed by separate sections that address the client’s requests. These sections need to cover the assessment criteria outlined below. References A list of works used in the document. Use the Harvard referencing style. (Every reference must have at least 1 in-text citation).
Case study scenario: Central Medical Supplies Central Medical Supplies (CMS) is a company that designs and manufactures specialised electronic and mechanical equipment for Medical use. They sell their products to specialist retailers and through their own branch offices. Some of the products they manufacture must be installed by specialist technicians. CMS branch offices have trained service professionals and training staff. Some common items are kept in stock at the branch locations, but most products are shipped to branches on an as needed basis due to the customization required to match different installations. An online portal allows branches and retailers to order equipment and arrange installation dates, time, and location. A key part of CMS is the design and testing of their products. Care must be taken with products in development that the information is retained within the company and laws relating to copyright (e.g. software for electronic equipment), patents and trade secrets as well as not releasing important commercial information (eg product release dates and quantities). Design and development is all performed at the main branch in Melbourne. The Main Branch in Melbourne has three main divisions Research, Design and Development, Manufacturing, Sales and Installation. Support departments include Finance, Payroll, and Accounts, ICT, and Human Resources. Support and oversight for branches is largely provided by the relevant areas of the business. hosting the main servers and applications, manufacturing products, contracting with suppliers. The Melbourne Branch has 100 employees. There is a sales branch in each state and territory. Branches in NSW, VIC, WA have about 20 employees consisting of 5 installers, 3 general installation assistants, a branch manager, an ICT assistant, an installation manager, an accounts manager, a sales and training staff, and several other personnel. SA, TAS and NT branches are smaller, with approximately 1/3 of the staffing. Products final assembly and set up occurs in Melbourne. Most of the components for final products are manufactured by subcontractors located in Australia as well as overseas. Research and development use specialist applications for developing products. This includes applications including software development tools and hardware design applications. The Sales and Installation main application is AllAccounts Software. It provides for sales of products, invoicing and accepting payments of clients, scheduling of installations, and finalising sales and installation accounts. Stock control (purchasing and inventory maintenance) also has its own application and tracks products from purchase through to installation. The customer online webpages are hosted by an outside provider which interacts with the AllAccounts software though an internet link. Payroll is handled by a separate system: MyPayrol which runs on a server at the main branch office. All branches can interact with these major systems through the internet. CMS uses many other common application programs: email, word processing, spreadsheets, etc. ICT has the responsibility of organising and implementing the network, server and computing facilities as well as maintaining the applications in use in the Melbourne Branch as well as the Sales Branches. CMS has only recently identified a need for a more formal approach to securing their ICT systems, though there are currently some elements implemented in an ad hoc fashion (firewalls, virus and malware protection, user access controls which are overseen by the ICT technical staff. CMS have contracted your consulting service, Secure Security Services (SSS), to provide a report outlining the need for a Security Management Program, its purpose, and a suggested framework for the development of a security management program that oversees security concerns across their business. As an employee of SSS, you have been asked to develop a report that presents the needs and requirements to implement an ICT Security Program for CMS. This plan should discuss how information security could be better managed by developing a Security Management Program and provide an overview of how to develop such a program. This would include identifying the tasks and roles that need to be assigned for the development and implementation of a Security Management Program. CMS has two major organizational units that relate directly to their products: Research and Development, Sales and Service and Support. Other vital parts of CMS’s business structure are Finance and Accounts, IT Services and Human Resources. Though most of the employee positions are stable, the turnover of employees in the ICT Unit is high because of the large demand for IT employees with detailed knowledge of ICT systems.