Elizabeth Chan is the CEO of a one year old electronics company.
The company designs, develops and manufactures printed circuit
board and assembly requirements, cables and wiring harnesses this
is Elizabeths own invention and it is a small but important
component for many large businesses. Elizabeth is an engineer but
she has no modern technical understanding of IT security issues.
Elizabeth has had no problems with IT Security until very recently
when the Companys network was subject to a series of attacks. In
the period of 3 days, the companys website was defaced, a serious
virus infected the company e-mail and large quantities of data were
corrupted. Elizabeths IT security risk management concerns are wide
ranging. She needs to determine whether the same hackers are likely
to hack the company again. She believes the recent attacks suggest
the hackers were interested in either proprietary theft of
sensitive information for personal and/ or financial gain or, to
disrupt the affected company in such a way as competitors have an
edge. There is also an evidence of a previous disgruntled employee
planning for revenge against Elizabeth. Elizabeth knows that
current security policy has several weaknesses and needs to be
rewritten.Elizabeth has become very worried about cyberterrorism
and is concerned about becoming a victim of e-crime. After
discussing with the Executive committee, she appoints you as a
Chief Information Security Officer (CISO). As a first step, current
security policy has to be reviewed and updated. Secondly, a through
Business Impact Analyses (BIA) of the current threats should be
made and based on the analysis a comprehensive Information Security
Management Plan needs to be created. Thirdly, a Forensic Readiness
Plan should be developed so as to be prepared for possible action
against the hackers who have been attacking this company. Task: 1.
Based on the above information, use your own imagination to come up
with a company structure. 2. Analyse the companys existing
Information security policy. (Assume that the current policy is not
very effective). Evaluate the gaps and provide an overview of
suitable security policy for your CEO. Include the major sections
of the proposed policy document. 3. Identify the threats the
company currently facing and how these threats can be managed. Your
discussion can be categorised under the broad categories of people,
process and technology. 4. Based on the evaluation of the above
threats, prepare a Business Impact Analysis (BIA). 5. Based on any
one Industry Standards (for example, ISO or NIST) or Government
Standards develop a comprehensive security management plan.6.
Finally, illustrate the legal and ethical issues will your client
face if the data in her databases or files is lost or damaged?
Provide details of the broad categories of Federal and South
Australian criminal legislation can be used to prosecute hackers
and computer criminals in South Australia. Advise how your client
can ensure her organisation is forensically ready for possible
action against intruders to company network
Other samples, services and questions:
When you use PaperHelp, you save one valuable — TIME
You can spend it for more important things than paper writing.
