Performance objective
The candidate must demonstrate skills, knowledge and understanding to maintain professional and ethical conduct, as well as to ensure that personal information of stakeholders is handled in a confidential and professional manner when dealing with stakeholders in an information and communications technology (ICT) environment.
Throughout this program you are to demonstrate Knowledge Evidence
- discuss codes of ethics pertinent to computing industry
- discuss federal and state or territory legislation and policy relevant to an ICT environment and relating to:
- access and equity
- copyright and intellectual property
- workplace health and safety (WHS)
- privacy
- outline organisational communication processes and procedures
- outline organisational requirements for customer service
- discuss the security features of server operating systems
- explain system security procedures.
Assessment description:
For this Assessment there are 6 tasks all together, you need to read the Scenario and gather information to determine the organisation's code of ethics, and protect and maintain privacy policies and system security and ethics code. You need to demonstrate how to resolve the problemsand create reportto your clients.
Specifications/Conditions:
Your assessor will be looking for evidence of:
- analyse legislation and standards relating to professional conduct and privacy in the information and communications technology (ICT) industry
- contribute to the development of a code of ethics and monitor the workplace to ensure code of ethics is being applied and is appropriate
- contribute to the development of a privacy policy and monitor the workplace to ensure the policy is being applied and is appropriate.
Task 1
An Internet start-up company called "NetMovies" who are planning to compete with "NetMovies" and "Bigpond Movies" hiring out DVDs and Blu-Rays online, has approached you to assist with determining how they will be affected by privacy legislation. The systems being designed by the company will contain information such as billing, shipping and previous movies that have been hired by customers.
NetMovies employ 20 staff, 8 in distribution, 5 in a call centre, 4 in billing and administration and the remaining 3 in management. The only form of privacy policy they have is a hastily written paragraph on their website indicating that "information relating to an account will only be released to the account holder and will not be distributed to any third party or individual".
For this Assessment Task you are to create a report for NetMovies containing:
a) an overview of legislation that they should be aware of, as well as The Privacy Act 1988 requires us to have a privacy policy.
b) privacy policies and / or procedures they should consider implementing to ensure that the privacy and security of data stored is maintained.
Task 2
For this assessment task you are to develop
a) an updated privacy policy and procedure for NetMovies new website based on the investigation and report produced in Assessment Task 1.
b) to whom the policies and procedures should be distributed
c) Guidelines for co-ordination of training for personnel
d) Guidelines for the review of work practices to ensure correct application of the policy and procedures
Task 3
For this assessment task you are to develop the following policies (and associated procedures) for Net Movies. You must present your policies and procedures to the CEO of Net Movies (to be played by your assessor), along with a report that provides.
Task 4
You have been asked to assist in setting up a small office IT system for Freedom Franchise that will be used for the following:
- 1 manager - Needs the full administration suite
- 5 administration staff (need Word, Excel, Outlook and associated support programs (i.e. acrobat PDF reader, etc)
- 2 sales staff (mainly on the road) - Require same programs as admin, plus PowerPoint for sales presentations
The company will be required to share files and have regular back-ups that can be stored off-site
This company is on a tight budget, but want the best possible equipment as possible. You have access to cracked Microsoft Office and Windows 7 Software that you can reproduce as often as you like (because you have the software on disc). You also have a friend that can get "staff discount" from a local PC store, where the price is 20% cheaper than most major retailers. And, as a benefit, your friend gets commission on each product sold. He has suggested you sell the products at full price and split the difference with him. It seems win-win. (to calculate the prices of this equipment, just take 20% off the cheapest system you can find when you research what is available). It is important to note that your friend's company creates "new PC's" by reclaiming old PC's and putting the internal components into new casings.
You are to:
a) develop a proposal for Freedom Franchise, which includes
i. the type of system you would install,
ii. price (including your labour),
iii. warranty,
iv. support and availability
You are to then present your proposal to your assessor (who will act as the client) in a one-on-one meeting and explain what you have to offer.
Task 5
Following from Assessment 3, Net Movies have received a complaint from a client stating they were told by a staff member that if they paid cash, they could have their late fees halved.
The staff member denies all knowledge of this, and the Net Movies have noticed they have no documented process for dealing with the issue.You have been asked by the CEO of Net Movies to:
Develop a grievance policyand procedure for dealing with policy breaches.
You are to develop this policy, along with a sequential procedure that can be followed throughout the organisation. Once developed, you are to present your policy and procedure to the CEO for approval
Task 6
PART A
You are to identify a system and perform a securityreview. The system you select is your choice but must be approved by your instructor. Examples of acceptable systems include your workstation or an e-commerce website.Your security review should also cover the privacy and ethical temptation issues covered in your previous assessment.
In your review you must:
a) Conduct a risk analysis on the system, record the outcomes then assess and categorise risks
b) Evaluate threats to the system and record your findings
c) Identify and document human interactions with the system, categorise and assess the risks associated with these actions
d) Determine and plan resources, controls and risk management plans for the identified categories
PART B
You are to design password policies and procedures for workstation logins in an organisation, including complexity and ageing.
You are to research and develop:
a) a security plan identifying how to implement controls to enforce these policies in Microsoft Windows or other operating system. You should also research methods to identify breakdowns and attempted circumventions of these controls and:
b) document a procedure for periodically monitoring these attempts.
PART C
You are to develop and document:
a) a management review process for reviewing and monitoring risks. Your review process should include reviewing your risk analysis process based on security benchmarks from vendors, security specialists and organisational reviews.
You must also investigate and recommend the suitable times at which your system should be analysed re-evaluated for new threats and risks.