-2124075center0010944225-694372560220/12

-2124075center0010944225-694372560220/12

0060220/12

right4913326Evaluate an organisations compliance with cyber security standards and law

00Evaluate an organisations compliance with cyber security standards and law

rightcenterAdvanced Diploma of Information Technology (Cyber Security)

00Advanced Diploma of Information Technology (Cyber Security)

89427054562475ICTCYS606

0ICTCYS606

93668853244215ICT60220

0ICT60220

79629005361940Module 06

Assessment Task 2 of 2

00Module 06

Assessment Task 2 of 2

79152757200900PACIFIC TRAINING GROUP 2022 All Rights Reserved

00PACIFIC TRAINING GROUP 2022 All Rights Reserved

righttop00

Student Information

Student ID

Click or tap here to enter text.

Click or tap here to enter text.

Click or tap here to enter text.

Students First Name Students Last Name

Knowledge Activity

Overview

Objective: To provide an opportunity for you to show you have the required knowledge for this unit.

The answers to the following questions will enable you to demonstrate your knowledge of:

security risks, and tolerance of risk in an organisation

cyber security standards, regulations and laws applicable to the organisation

organisational business processes and applicable cyber security requirements in each area

principles of cyber security

methods of identifying cyber security incidents

different types of cyber security incidents including security vulnerabilities and malware.

Answer each question in as much detail as possible, considering your organisational or simulated workplace environments requirements for each one.

Question 1

Answer each question in 50-100 words:

A.) Give a brief description of the following common security risk which are faced by the IT organisations.

Ransomware attack

Cyberwarfare.

B.) Briefly explain the risk tolerance level of an IT organisation.

Question 2

A.) Briefly explain the following cybersecurity standards:

ISO 27001. Answer in 50-100 words.

PCI DSS. Answer in 50-100 words.

B.) Briefly explain the following cybersecurity regulations and laws:

Gramm Leach Billy Act. Answer in 50-100 words.

Cybercrime act of 2001. Answer in 40-80 words.

Question 3

A.) Briefly explain the following business processes of the IT organisation. Answer in 100-150 words:

Planning and budgeting

Approval

Password policy.

B.) Why is cybersecurity required in business processes? Answer in 40-80 words.

Question 4

A.) What is the purpose of having cybersecurity principles in the ICT industry? Answer in 40-80 words.

B.) Explain the role of the following categories of cybersecurity principles (Answer in 70-120 words):

Govern

Protect.

Question 5

Briefly explain the following ways/methods to identify the cybersecurity incidents in the IT organisation:

Anomalies in outbound network traffic. Answer in 50-100 words.

Unauthorised insiders accessing the server and data. Answer in 50-100 words.

Configuration changes. Answer in 50-100 words.

Question 6

Provide detail information about the following cybersecurity incidents (Answer in 150-200 words):

Cybersecurity vulnerability

Malware

Denial of Service

Phishing.

Question 7

A.) What is meant by cybersecurity strategies? Answer in 30-50 words.

B.) Give any three cybersecurity strategies which should be implemented in the organisation. Answer in 50-100 words.

Question 8

What is meant by compliance assessment? Answer in 30-50 words.

Question 9

What are the different methods used to submit documents to the management?

Question 10

List the responsible person to whom compliance documents and other relevant documents are distributed to ensure that business activities meet the requirements.

Question 11

A.) What is meant by evaluation strategy? Answer in 30-50 words.

B.) List the steps involved in the development of the evaluation strategy.

Skills and Performance Activities

Overview

Objective: To provide an opportunity for you to show you have the required skills for this unit.

This activity will enable you to demonstrate the following skills:

Learning

Reading

Writing

Teamwork

Planning and organizing.

Objective: To provide an opportunity for you to demonstrate the required performance elements for this unit.

identify cyber security standards and laws and analyse an organisations operations and compliance to required laws and standards on at least one occasion.

In the course of the above, the candidate must:

document processes and summarise findings.

Answer each question in as much detail as possible, considering your organisational or simulated workplace environments requirements for each one.

Scenario

Future IT is an IT company which provides different IT services such as application development, technical issues resolution, software support, Internet services, database services and others. It operates all across Australia with the branches in major cities such as Melbourne, Sydney, Perth and Brisbane.

It has around 133,240 clients and has been providing services to them for the last five years. The company has been consistent with providing services and offers tough competition in the industry.

Future IT is the registered organisation from the last ten years and follows the laws and regulations from that timeframe. Future IT has never updated its policies and procedures since then.

Future IT has come to know that they are many laws and regulations which have been updated and changed during this timeframe and that Future ITs policies and procedures are not compliant at the moment.

You have joined Future IT as the Auditor who is aware of the situation, and you need to go through the policies and procedures of Future IT to ensure it becomes compliant and update them.

The manager will provide you with the following documents for completing the activities:

Organisational policies and procedures Cybersecurity policies and procedures Documenting policies and procedures.

Future IT is aware that cybersecurity laws and standards have been updated. You can access the resources with the help of the following links or search on the internet the laws and standards relevant to cybersecurity in Australia.

Cybersecurity laws and standards:

https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/australiahttps://info.australia.gov.au/information-and-services/security-and-defence/national-security/cyber-securityFuture IT cybersecurity strategies:

Create a security system: Develop a cybersecurity system which will be used to prevent data from cyber-attacks.

Increase your team member skillset: Train the employees about cyber attacks and ways to avoid being caught by scams to access the data and system.

Backup your data: Organisation has backed up the data so that if any thing happens and data gets lost, they can recover it.

Put the cloud to work: Store data on the cloud to provide security and backup option for storing data. It is also easy to access and can be monitored by the anyone who has access to the data.

Invest in your IT infrastructure: Install antivirus programs and firewalls on your computers. It helps in protecting the data and system.

Future IT has developed the benchmark for the updated policies and procedures of cybersecurity which are:

Meet all the organisational guidelines

Organisational policies and procedures are compliant with the government laws and regulations

You need to go through the scenario and internet to complete the following activities.

Activity 1

Instructions

Activity 1: WRITTEN REPORT ON SECURITY STANDARDS AND LAWS

In this activity, you need to develop a report on the security standards and laws of cybersecurity which the organisation needs to follow to be compliant with the government guidelines. The report needs to cover the information about the previous policies and procedures of the organisation.

In the report, you need to cover the following:

Research and analyse the standards and laws associated with cybersecurity

Obtain the existing cybersecurity strategies of the organisation

Highlight cybersecurity laws

Compare the strategies with the information obtained

Gather requirements for compliance evaluation

Information about the benchmarking of the compliance including time period for compliance check

For this activity, you need to research the internet and review the scenario and provided documents.

You need to complete this Security standards and laws associated with cybersecurity template to complete this activity. After completing this template, submit to your assessor via LMS using this file naming convention: 60220_12_PRJ_Activity 1_WrittenReport_YourLastName.

The report needs to be completed and documented according to the organisational policies and procedures.

Activity 2

Instructions

Activity 2: DISCUSSION OF THE REPORT

SCENARIO: Let us suppose that you called your manager to gather information about the benchmarking requirements for compliance and timeframe required to make the policies compliant with the current policies. Your manager then provided you with the information about the benchmarking and timeframe required for a compliance evaluation.

Task: Video record yourself discussing the following points and the information you gathered from your manager:

Discuss the report prepared in the previous activity

Share the information you gathered about the benchmarking for compliance

Share the information you gathered about timeframe required for completing compliance.

Refer to the Video Submission Guidelines for more information. Use this file saving format when you submit your video: 60220_12_PRJ_Activity 2_VideoReport_YourLastName.

Activity 3

Instructions

Activity 3: DISCUSSION OF THE REPORT

In this activity, you need to perform compliance evaluation to identify the areas which need improvement and keep a record of those areas so that they can be updated in later activities.

In this activity, you need to perform the following task:

Prepare the compliance assessment document for cybersecurity

Perform the assessment

Keep the record of the results

Highlight areas of non-compliance.

You need to complete this task using the following resources:

Computer

Internet

Computer server

Cyber security testing tools

While conducting the compliance, you need to follow the legislative and organisational requirements from the compliance assessment to ensure that it is done according to the requirements.

You also need to follow the organisational policies and procedures to document the results and documents in the database.

Prepare the document under the following names and submit them to the trainer for assessment.

Compliance assessment document submit as a Compliance documentResults of assessment as Test results

Areas of improvement as Improvement document.

All these documents should be submitted in the word format using this file naming convention: 60220_12_PRJ_Activity 3_ComplainceAssessment_YourLastName

Activity 4

Instructions

Activity 4: DEVELOP COMPLIANCE REQUIREMENTS AND EVALUATION STRATEGY

In this activity, you need to develop compliance requirements and evaluation strategy, which can realign the business activities with the updated document version.

In the activity, you need to perform the following task:

Develop compliance requirements

Compliance program to realign the business processes

Develop an evaluation strategy.

Use this Development of compliance requirement and evaluation strategy template to complete your activity and submit it using this file saving format: 60220_12_PRJ_Activity 4_EvaluationStrategy_YourLastName.

You need to follow the given organisational policies and procedure during this activity.

Student Assessment Checklist

Knowledge Activity

Q1-Q11 Write-up

Skills and Performance Activity

Activity 1 Written report on security standards and laws

Activity 2 Video discussion report

Activity 3 Written discussion report

Activity 4 Written compliance requirements and evaluation strategy

To submit your answers to the Knowledge questions, upload this document to LMS using this file naming convention: 60220_12_PRJ_Knowledge_Student ID_YourLastName.

To submit your answers to the Skills and Performance activities, just upload the documents with their corresponding file naming conventions via LMS for assessment.

Student Assessment Feedback Form

This section is for you to add any comments you would like to share or request further feedback or support from your assigned trainer/assessor.

Attempt Date Comment Name of Trainer

1st Attempt

Pick a date.

2nd Attempt

Pick a date.

3rd Attempt

Pick a date.

Trainer Assessment Feedback Form

This section is for trainers to provide you with overall feedback on your assessment.

Attempt Date Comment Name of Trainer

1st Attempt

Pick a date.

2nd Attempt

Pick a date.

3rd Attempt

Pick a date.