​​​ Your team has been hired as consultants to bring GALA's information security up to an acceptable standard. To achieve this, you will need to undertake and complete the following activities: 1. A project plan which incorporates the essential components of project management. This will include personnel, the activities to be undertaken by each team member, a timeline using an appropriate planning tool, the risks and threats to successful completion of the project. 2. A risk assessment of the threats faced by GALA's information assets. Your risk assessment must be conducted according to ISO 31000:2009, the risk assessment standard. Also consider HB167 in your reading for this task. The information assets to be considered are: data storage (staff home drives etc), email, student records database, course management system (database), and the student enquiry management system. You will also need to identify and assess other information assets, risks and threats that Get A Life Advanetures may be subject to. 3. Develop an information security policy for GALA. As well as internal considerations about protecting information assets, you also need to consider the external compliance issues. e.g. Western Australian State legislation, Federal legislation, telecommunications legislation etc. This policy must be completely your own work, however it is suggested that you use ISO27002 5.1 Information Security Policy as a guideline to help you achieve this particular task. This two page document outlines all the key areas. Polices which contain any elements of "copy and paste" will result in a grade of zero (0) for this element of the assignment, and may also lead to a reduction in marks for the assignment overall. 4. Develop a security awareness and training (SEAT) program for users of GALA information assets relevant to USB dropping or the use of social networking media (Your group will be assigned ONE of these topics when you submit your group members to Blackboard). This will consist of a set of training materials to educate users about the risks and threats they face as end users of GALA's information assets. This needs to consist of the following components: a. An information document about the threats to GALA's information assets. This will be no more than a few pages, and must be written in non-technical language that the lay person can understand. b. A PowerPoint presentation summarising the key points of the information document c. An awareness and training video which explains the threats to GALA's information assets, educates users about what these look like, and what actions they need to take if they think they are being targeted by an attacker. The video can use people, can use machinima (e.g. Source Filmmaker), but must be "live action" and not a series of still photos or PowerPoint slides. Consider the use of humour or some other device to get the point across to the end users. d. Develop a short multiple choice test to determine what end users learnt from your awareness and training materials. You get to test someone else!