COIT20263 Information Security Management (Term 1, 2017) Assessment Item 2—Practical and Written Assessment Due date: 11:30pm AEST, Friday, Week 7 ASSESSMENT Weighting: 10% 2 Length: 1000 words (±500 words) Objectives This assessment task can be undertaken in a group of up to 4 members or individually. Each group/student will analyse the scenario given on page 3, and develop and document the specified Issue Specific Security Policy (ISSP) for the organisation. Assessment criteria The students are assessed against their ability to analyse the given scenario and develop the specified ISSP. The marking criteria for Assessment Item 2 are provided on page 4. Students need to familiarise themselves with the marking criteria to ensure that they have addressed them when preparing the document for this assessment item. Assessment Task Each group/student is required to analyse the scenario given on page 3 and develop a 'Use of Personal Digital Devices Policy' for the organisation described in the scenario. The ISSP should include: 1. Statement of Purpose 2. Authorised Uses 3. Prohibited Uses 4. Systems Management 5. Violations of Policy 6. Policy Review and Modification 7. Limitations of Liability You also need to include a section containing the justification of the contents of your policy as well as any assumptions that you have made. Note: Each student in the group needs to upload the ISSP document of their group to Moodle. You must follow the Harvard citation and referencing guidelines when writing the ISSP document and include a reference list. Please do not include an executive summary, a table of contents, an introduction or a conclusion. Please use the 'Template for Your Answers' Section of this document and upload only that template. Check the unit website at least once a week for further information relating to this assessment task. Please ensure that you write your answers in your own words to avoid possible plagiarism and copyright violation. You can understand the Plagiarism Procedures by following the corresponding link in the CQUniversity Policies section of the Unit Profile. Submission To be submitted online through the COIT20263 Moodle unit website assessment block on or before the due date.   The Scenario for Information Security Management Assessment Tasks Auto-fishing Group (AG) is a cooperative society of fishermen in Tasmania established a year ago. AG was established to increase the fish yield of its member fishermen and supply the fish to the consumers as quickly as possible at a reasonable price. Using sophisticated technology, including Unmanned Aerial Vehicles (UAVs), the fishermen locate the schools of fish suitable for consumption without catching them indiscriminately and thereby reducing over fishing. AG directly supply the fish from the fishermen to the customers without an intermediary. To this end, AG has its own vehicles, ten distribution centres along the coast of the state and three distribution vehicles at each distribution centre. Each fisherman will be affiliated to a distribution centre. AG operates from a small office in Hobart. When a customer places an order using the application of AG or over the phone, the order is processed using a proprietary software program of AG. By using this software, AG is only be able to receive the optimum quantity of fish from the fishermen on time but also be able to deliver the order to the customers quickly. This whole process is automated with the help of on-board computers on the distribution vehicles connected to the office of AG and the mobile devices of the fishermen. The fishermen can get connected to the Internet and post questions to online forums. AG also has an online banking society that provides most of the main banking facilities of other banks to its member fishermen. AG also has a marine and fisheries training centre in Hobart. The centre has a managing director, a secretary and two instructors. There are 20 students at any time in the training centre, participating in the classes. The instructors can show the students the live videos of fish shoals and schools as well as the techniques used by the fishermen. The network of the training centre is a part of the network of AG. AG needs the guarantee that their proprietary application, and various data and information in their information system are secured. After the success in Tasmania, AG expanded its services to fishermen and customers in Victoria as well. As the society was established last year, the information security policies have not yet been developed. The society is now in the process of developing a comprehensive set of information security policies for its information system. Note: This scenario was created by Dr Rohan de Silva on 10th December 2016 and no part of this scenario should be reproduced by any individual or an organisation without written permission from CQUniversity, Australia. Marking Criteria Section HD D C P F Max Mark Mark 6 5.1 4.8 4.5 4.2 3.9 3.6 3 2.7 0 Assumptions Listed all assumptions. Some assumptions missing. Most assumptions missing. Not clear and most assumptions missing. All assumptions missing. 6 Section HD D C P F 3 2.55 2.4 2.25 2.1 1.95 1.8 1.5 1.35 0 Statement of Purpose Contained all information in detail. Contained all information but not enough detail. Had too brief or missing information. Not clear but contained most information. Not clear and most information missing. 3 Authorised Uses Contained all information in detail. Contained all information but not enough detail. Had too brief or missing information. Not clear but contained most information. Not clear and most information missing. 3 Prohibited Uses Contained all information in detail. Contained all information but not enough detail. Had too brief or missing information. Not clear but contained most information. Not clear and most information missing. 3 Systems Management Contained all information in detail. Contained all information but not enough detail. Had too brief or missing information. Not clear but contained most information. Not clear and most information missing. 3 Violations of Policy Contained all information in detail. Contained all information but not enough detail. Had too brief or missing information. Not clear but contained most information. Not clear and most information missing. 3 Policy Review and Modification Contained all information in detail. Contained all information but not enough detail. Had too brief or missing information. Not clear but contained most information. Not clear and most information missing. 3 Limitations and Liability Contained all information in detail. Contained all information but not enough detail. Had too brief or missing information. Not clear but contained most information. Not clear and most information missing. 3 Section HD D C P F 6 5.1 4.8 4.5 4.2 3.9 3.6 3 2.7 0 Justification Focussed and contained all information in detail. Focussed and contained but not enough detail. Focussed but some information missing. Not clear but contained most information. Not clear and most information missing. 6 Section HD D C P F 2 1.7 1.6 1.5 1.4 1.3 1.2 1 0.9 0 References All references are listed according to Harvard reference style. A few referencing errors. Not all references are listed but correctly referenced.. Many references missing No or incorrect reference list.. 2 TEMPLATE FOR YOUR ANSWERS COIT20263 Information Security Management - Assessment Item 2 (Term 1, 2017) Names and student numbers of group members: Access and Use of Sensitive Information of the Organisation Mark allocated Mark earned Assumptions 6 1 Statement of Purpose 3 2 Authorised Uses 3 3 Prohibited Uses 3 4 Systems Management 3 5 Violations of Policy 3 6 Policy Review and Modification 3 7 Limitations of Liability 3 Justification 6 References 2 Late submission penalty Plagiarism penalty Total 35