Question 1 COIT20263 Information Security Management (Term 1, 2016) Assessment Item 1—Practical and Written Assessment Due date: 11:30pm AEST, Friday, Week 7 ASSESSMENT Weighting: 35% 1 Length: 2000 words (±500 words) Objectives This assessment task can be undertaken in a group of up to 4 members or individually. Each group/student will analyse the given scenario of the organisation, and develop and document the specified Issue Specific Security Policy (ISSP) for the organisation. Assessment criteria The students are assessed against their ability to analyse the given scenario and develop the specified ISSP. The marking criteria for Assessment Item 1 are provided on page 4. Students need to familiarise themselves with the marking criteria to ensure that they have addressed them when preparing the document for this assessment item. Assessment Task You are required to analyse the scenario on page 3 and develop the following ISSP for the organisation described in the scenario: • Access and use of sensitive information of the organisation

The ISSP should include:

1. Statement of Purpose 2. Authorised Uses

3. Prohibited Uses 4. Systems Management

5. Violations of Policy

6. Policy Review and Modification 7. Limitations of Liability You also need to include a section containing the justification of the contents of your policy as well as any assumptions that you have made. Note: You need to upload the document containing the ISSP to Moodle. You must follow the Harvard citation and referencing guidelines. Please do not include an executive summary, a table of contents, an introduction or a conclusion. Please use the 'Template for Your Answers' Section of this document and upload only that template. Check the course website at least once a week for further information relating to this assessment task. Please ensure that you write your answers in your own words to avoid possible plagiarism and copyright violation. You can understand the Plagiarism Procedures by following the corresponding link in the CQUniversity Policies section of the Course Profile. Submission To be submitted online through the COIT20263 Moodle course website assessment block on or before the due date.   The Scenario for Information Security Management Assessment Tasks A private company in Australia plans to establish a private nursing school. The main campus of the nursing school is located in a suburb of Sydney and the satellite campuses are located in the suburbs of capital cities of three South East Asian countries. The company has made agreements with a private hospital in each of these locations to provide the internship and training to the students of the nursing school. The main and satellite campuses that are currently being constructed will have modern communication networks suitable for the business. The lectures, tutorials and laboratory classes conducted in the main campus will form virtual classrooms with the satellite campuses. The students can participate in the virtual classes from within the campus premises or from their homes. More than 100 students are expected to enrol in each location in the first year. The management of the company plans to help out the wider community by providing a telemedicine and homecare service to the needy patients at their homes. This service covers a radius of about 200km from the main and satellite campuses and will be provided with the help of a mobile team of health personnel. The mobile team will be able to receive medical advice directly from the medical staff of the hospital in their country as well as the private hospital in Sydney via a virtual consultation room. The hospitals should be able to locate and contact all registered homecare patients. The nursing school should know the location of all their students and staff when they are on duty. As the company is newly established, the information security policies are yet to be developed.

Marking Criteria Section HD D C P F Max Mark Mark 6 5.1 4.8 4.5 4.2 3.9 3.6 3 2.7 0 Assumptions Listed all assumptions. Some assumptions missing. Most assumptions missing. Not clear and most assumptions missing. All assumptions missing. 6 Section HD D C P F

3 2.55 2.4 2.25 2.1 1.95 1.8 1.5 1.35 0

Statement of Purpose Contained all information in detail. Contained all information but not enough detail. Had too brief or missing information. Not clear but contained most information. Not clear and most information missing. 3 Authorised Uses Contained all information in detail. Contained all information but not enough detail. Had too brief or missing information. Not clear but contained most information. Not clear and most information missing. 3 Prohibited Uses Contained all information in detail. Contained all information but not enough detail. Had too brief or missing information. Not clear but contained most information. Not clear and most information missing. 3 Systems Management Contained all information in detail. Contained all information but not enough detail. Had too brief or missing information. Not clear but contained most information. Not clear and most information missing. 3 Violations of Policy Contained all information in detail. Contained all information but not enough detail. Had too brief or missing information. Not clear but contained most information. Not clear and most information missing. 3 Policy Review and Modification Contained all information in detail. Contained all information but not enough detail. Had too brief or missing information. Not clear but contained most information. Not clear and most information missing. 3 Limitations and Liability Contained all information in detail. Contained all information but not enough detail. Had too brief or missing information. Not clear but contained most information. Not clear and most information missing. 3 Section HD D C P F

6 5.1 4.8 4.5 4.2 3.9 3.6 3 2.7 0

Justification Focussed and contained all information in detail. Focussed and contained but not enough detail. Focussed but some information missing. Not clear but contained most information. Not clear and most information missing. 6 Section HD D C P F

2 1.7 1.6 1.5 1.4 1.3 1.2 1 0.9 0 References All references are listed according to Harvard reference style. A few referencing errors. Not all references are listed but correctly referenced.. Many references missing No or incorrect reference list.. 2

TEMPLATE FOR YOUR ANSWERS COIT20263 Information Security Management - Assessment Item 1 (Term 1, 2016) Names and student numbers of group members:

Access and Use of Sensitive Information of the Organisation Mark allocated Mark earned Assumptions 6 1 Statement of Purpose

3 2 Authorised Uses 3

3 Prohibited Uses 3 4 Systems Management

3 5 Violations of Policy 3 6 Policy Review and Modification 3 7 Limitations of Liability 3 Justification 6 References 2 Late submission penalty Plagiarism penalty Total 35