Information Security Management Assessment-Practical and Written Assessment
Assessment Task -
Each group/student is required to analyse the scenario given below and develop a 'Copyright Compliance Policy' for the organisation described in the scenario.
The ISSP should include:
1. Statement of Purpose
2. Authorised Uses
3. Prohibited Uses
4. Systems Management
5. Violations of Policy
6. Policy Review and Modification
7. Limitations of Liability
You also need to include a section containing the justification of the contents of your policy as well as any assumptions that you have made.
The Scenario for Information Security Management Assessment Tasks
Academics for Academics (A4A) is a Non-Governmental Organisation (NGO) that has its head office and the branch office in Sydney and Singapore respectively. Being a NGO, A4A funds all of its projects and activities from public donations. A4A has a team of 10 staff members, and 6 of them are located in Sydney office and the remaining four are located in the Singapore office.
A4A was established to help small public and private universities and colleges in Australia and Southeast Asia. The private universities and colleges that are interested in receiving the service of A4A need to register with A4A and become its member institutions. The academics and experienced professionals who like to provide a voluntary service such as teaching a subject, supervising a +research project or development of curricula for a member institution, can register their interests with A4A. After a recruiting process, they can become members of A4A. A4A then recruit them to short term assignments at its member institutions. The members that are recruited to various projects will be provided with accommodation, meals, medical and travel expenses.
Once recruited to a project, the A4A member will work at the member institution but the information produced by the member, except the emails, marked assignments and exams will remain the property of A4A and the member. As such, all those information should be handled and stored by the information system of A4A irrespective of the location where the member works. A4A needs the guarantee that the various data and information in their information system are secured.
As A4A was established last year, the information security policies have not yet been developed. It is now in the process of developing a comprehensive set of information security policies for its information system.
Note: This scenario was created by Dr Rohan de Silva on 3rd June 2017 and no part of this scenario should be reproduced by any individual or an organisation without written permission from CQUniversity, Australia.
Attachment:- Template.rar