mangament information systems

The organisation BCC has suffered a number of information security related breaches in the past 18 months and wants to implement an Information Security Management System (ISMS) to address shortcomings in its management of information security. You have been recruited as the Chief Information Security Officer (CISO) and your first task is to prepare a plan for implementing an ISMS within BCC, with the long term aim of achieving ISO 27001 certification. For the purpose of this assignment you are being asked to complete a number of tasks associated with the planning stage of an ISMS. Note: The organisation you choose as BCC can be in any industry or sector. It can be a real organisation you are familiar with or a made-up organisation. You will need to clearly describe the organisation and its systems when you define the scope of the ISMS. Your assignment should incorporate all of the following elements: ? Define the Scope of the ISMS. The scope of the ISMS describes the boundaries of the ISMS in terms of organisational characteristics such as location(s), business functions, assets, and technology. It should include a list of important business functions that are critical to the organisation’s mission and survival. It should also include a list of important information, information technology and system assets. [10 marks] ? Prepare an information security policy statement for you chosen organisation. This should include a statement of management commitment as well as setting out the organisation’s approach to managing information security. [10 marks] ? Carry out a risk assessment that should identify at least 12 information security risks to you chosen organisation, its network, systems and information. Use one of the risk assessment models such as NIST SP 800-30. Identify relevant threat events and sources and determine their relevance. Identify vulnerabilities (and their severity) within the organisation that could be exploited by the threat events you identified. You should select vulnerabilities that are appropriate to your chosen organisation. Determine the likelihood of the threat events occurring and being successful, and the type and magnitude of the Part 2: adverse impacts to the organisation. Finally determine the level of each risk to the organisation. [36 marks] ? Describe how you propose to respond (acceptance, mitigation…. etc.) to the 12 risks you identified in the risk assessment. Explain the justification for the responses you have chosen for each risk. [20 marks] ? Select information security controls to address 6 of the risks you have identified that need to be mitigated. To address a particular risk you will typically require a number of controls. Briefly describe how you would implement each of the selected controls. You should include policies, procedures and technical controls. Using the ISO 27002 list of controls, reference each controls selected (e.g. 7.1.1 Inventory of assets). [24 marks] Make whatever logical assumptions about the organisation BCC, its information systems and its information security that you feel are necessary to give you adequate scope to complete this assignment ? 3000 words (excluding Bibliography and Appendices). Total 100 -Please find attached a sample table about the scores of the security risk and give a total. -Title page -Content Page -Conclusion –

Both comments and pings are currently closed.
Powered by WordPress | Designed by: buy backlinks | Thanks to webdesign berlin, House Plans and voucher codes