On completion of the scenario, students will be able to: Learning Outcomes 1 Critically analyse and prioritise information security risks. 2 Systematically.

Slides:

Advertisements

Similar presentations

Achieve Benefit from IT Projects. Aim This presentation is prepared to support and give a general overview of the ‘How to Achieve Benefits from IT Projects’

Advertisements

E.g Act as a positive role model for innovation Question the status quo Keep the focus of contribution on delivering and improving.

The Aged Care Standards and Accreditation Agency Ltd Continuous Improvement in Residential Aged Care.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

Work-Based Learning (WBL) Coordination The Amended Model WORKLIFE COOPERATION PLAN Workplace analysis Workplace database Framework agreement Workplace.

Confidential & Proprietary to Cooper Compliance Corporation Revised September 8, 2014 AUDiT-READY TM.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

Mitun PatelMXP07U. Organisational structure Top management; this includes the organisation’s general manager and its executives Department managers; this.

Internal Auditing and Outsourcing

Teaching Security via Problem- based Learning Scenarios Chris Beaumont Senior Lecturer Learning Technology Research Group Liverpool Hope University College.

SecureAware Building an Information Security Management System.

OHT 25.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 The quality assurance organizational framework Top management’s quality.

Association for Biblical Higher Education February 13, 2013 Lori Jo Stanfield Evaluator Team Training for Business Officers.

NIST Special Publication Revision 1

SME Security. Articulate the major security risks and legal compliance issues for an SME.Explain and justify approaches of investment on InfoSec controls,

Group work – why do it? Rachel Horn – Civil & Structural Engineering.

Management of Change ► The health, safety, security, environmental, technical and other impacts of temporary and permanent changes are formally assessed,

Copyright  2005 McGraw-Hill Australia Pty Ltd PPTs t/a Australian Human Resources Management by Jeremy Seward and Tim Dein Slides prepared by Michelle.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

Evaluate Phase Pertemuan Matakuliah: A0774/Information Technology Capital Budgeting Tahun: 2009.

Chapter 8 Auditing in an E-commerce Environment

MINE SAFETY MANAGEMENT PLAN. DIRECTORATE GENERAL OF MINES SAFETY DGMS n It is recommended that mines be required to put in place Mine Safety Management.

IAEA International Atomic Energy Agency Development of the Basis Document for Periodic Safety Review for Research Reactors William Kennedy Research Reactor.

SEVESO II transposition and implementation: Possible approaches and lessons learned from member states and new member states SEVESO II transposition and.

SEC 420 Entire Course (UOP) For more course tutorials visit  SEC 420 Week 1 Individual Assignment Responsibilities of Personal Protection.

HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.

SEC 420 UOP professional tutor / sec420dotcom.  SEC 420 Entire Course (UOP)  SEC 420 Week 1 DQ 1 (UOP)  SEC 420 Week 1 Individual Assignment Responsibilities.

What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.

Primary Steps for Achieving ISO Certification.

For more course tutorials visit

Articulate the major security risks and legal compliance issues for a Fire and Rescue Service. Identify and justify technical controls for securing remote.

Technical Business Consultancy Project

Office 365 Security Assessment Workshop

OUTCOME BASED EDUCATION

PowerPoint to accompany:

CMS Policy & Procedures

MOSH Adoption Team Training

Project Human Resource Management

Learn Your Information Security Management System

CMGT 431 Competitive Success/snaptutorial.com

HCS 325 Competitive Success/snaptutorial.com

HRM 554 Competitive Success/snaptutorial.com

MGT 360 Competitive Success/snaptutorial.com

HRM 554 Enthusiastic Study/snaptutorial.com

HRM 554 RANK Education Your Life - hrm554rank.com.

HRM 554 RANK Lessons in Excellence-- hrm554rank.com.

BIS 320 NERD Perfect Education/ bis320nerd.com.

CMGT 431 Education for Service-- snaptutorial.com.

CMGT 431 STUDY Lessons in Excellence--cmgt431study.com.

HCS 325 Education for Service/snaptutorial.com

HRM 554 Education for Service/snaptutorial.com

MGT 360 Education for Service/snaptutorial.com

CMGT 431 Teaching Effectively-- snaptutorial.com.

CMGT 431 STUDY Education for Service- -cmgt431study.com.

HRM 554 RANK Education for Service-- hrm554rank.com.

HCS 325 Teaching Effectively-- snaptutorial.com

Human Resources Competency Framework

Asset Governance – Integrated Strategic Asset Management

Evaluate the effectiveness of the implementation of change plans

IS4550 Security Policies and Implementation

Internship Bill of Rights

Cyber security Policy development and implementation

Safety Management System Implementation

Education and Training in the Area of Safety Assessment Irina Sanda

COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.

Civilian Secretariat for Police 2013/14 ANNUAL REPORT Analysis

Occupational health and wellbeing

Process and Procedure Documentation

Awareness and Auditor training kit

Presentation transcript:

On completion of the scenario, students will be able to: Learning Outcomes 1 Critically analyse and prioritise information security risks. 2 Systematically identify countermeasures and review techniques appropriate to the management of information security risks. 3 Demonstrate a thorough understanding of the policy and technology trade-offs involved in developing information security systems of adequate quality. 4 Analyse and evaluate the significance of legal regulations and requirements on information security systems.

Pre-requisite Knowledge This scenario is adaptable and the prerequisite knowledge is not essential, some of it may be considered part of the learning outcomes. The following identify concepts/processes that are required for successful completion of the scenario. Information Security concepts including: 1.Confidentiality, Integrity, Availability, 2.Information Assets, Threat, Vulnerability, Impact, Likelihood, Risk, 3.Teamwork.

Pre-requisite Knowledge Introduction The following quiz will test your pre-requisite knowledge.

Quiz Click the Quiz button to edit this quiz

Introduction You have been hired as a consultant to an SME (West Lancashire Asbestos)

The Company West Lancashire Asbestos (WLA) is a small company with 18 full time employees employed. Employees are trained to the highest standards and supported by one of the most respected management teams in industry. The company is full licensed by the Health and Safety Executive (HSE) to work with Asbestos Containing Materials. All major contracts are allocated a designated Contracts Manager and Asbestos Administrator.

Company Divisions Asbestos Removal Service Domestic Contracts Large Scale Commercial Contracts Asbestos Surveying Asbestos Awareness Training WLA Originally offered

Managing Director Interview

Task 1 To provide detailed advice of how to implement an ISMS that is consistent with the ISO27k framework. Produce an outline plan of activities required for the implementation of ISO To provide detailed recommendations as to the Risk assessment process that should be adopted. Your response should be contained in one team Information Security Management (ISM) recommendations report together with a presentation. You will get feedback on this. Essentially this comprises a formative draft for this section of the assessment. A table showing team members’ contribution to the work in the scenario.

Task 2 To create key documents for the Risk assessment, consistent with ISO27001:2013. To identify any actions the company should take to create and maintain a security culture and ensure the ISMS is a ‘living’ system. Additional information regarding the scenario can be obtained from your tutor. Your team should submit your comprehensive ISM final report. This should address all terms of reference, and include updated version from stage 1. A table showing team members’ contribution to the work in the scenario. Your team will also present your solution to the board of directors in a tutorial. A short PowerPoint presentation is expected. Your contribution to teamwork will be graded.

Reflection on Learning It is also important that at the end of the scenario you should reflect on your learning and team working and identify what worked well, what didn’t and actions for future improvement.