THE ASSIGNMENT TASK:
Task 1 - The CISO memo
Assume you are a newly employed chief information security officer (CISO) for the Department of Computer Science at the University of Hertfordshire. You decide to review and analyse the existing Information Security Policy of the University of Hertfordshire. Then, you want to produce a memo report for your first meeting with your team as a CISO.
You have been provided with the UH Information Security Policy V.04.0, UPR IM03 (UH ISP) and a copy of the General Data Protection Regulation (GDPR).
You should focus on the topics covered in class and analyse the status of the UH ISP. The report should critically evaluate the Information Security Policy in relation to GDPR. You should highlight strengths and weaknesses of the UH ISP in relation to GDPR and recommend modifications to areas that need improvement. It should not exceed 1000 words and follow an appropriate Memo template.
A scheduled formative feedback session with your tutor in the week commencing 15.10.2018 will give you the opportunity to reflect on your activities and improve your work where necessary. You are strongly advised to have a complete draft by then.
Task 2 - Information Security Policy
After the completion of Task 1 you decided your second task as a CISO is to draft an Acceptable Use Policy (AUP) along the lines of the ISO27000 family for the Department of Computer Science at the University of Hertfordshire. You should additionally link a Bring Your Own Device Policy (BYOD) to your AUP.
You should take into consideration any confidentiality, integrity, and availability (CIA) issues of the information assets at the Department of Computer Science and assess all relevant risks to the Department.
Please note that you will NOT be producing an academic report, but a policy document. There is no word limit for this task as long as you are concise and precise.
You are expected to use appropriate peer reviewed sources for developing your arguments and the Harvard referencing style as per the University regulations.
A review session is planned for the week commencing 12.11.2018. You must bring a printed complete draft of your work to your tutorial session to participate and receive feedback on this task. A group discussion on the task will follow.
Task 3 - Business Continuity and Incident Response
Because of your role as the CISO for the Department of Computer Science at the University of Hertfordshire you have been contacted by a government agency to inform you they have strong indications a data breach that involves critical data for the Department of Computer Science has occurred. They provide you with specific details about the incident and you decide to initialise incident response and investigation procedures, only to realise your team is not well prepared. You know this will cause delays in the process and important information might get lost in the meantime.
Your next team meeting is approaching and you decide to prepare and give a presentation to your team. You want to cover the risk a data breach exposes the Department of Computer Science and the importance of an incidence response plan that clearly identifies the groups that are involved in an incident response. Additionally, you want to discuss how you can turn intelligence information into actionable leads in the future. You will need approximately 15-20 slides for your presentation. It needs to be professional, brief and informative.
You are expected to use appropriate peer reviewed sources for developing your arguments and the Harvard referencing style as per the University regulations.
A scheduled formative feedback session with your tutor the week commencing 26.11.2018 will give you the opportunity to reflect on your activities and improve your work where necessary. You are strongly advised to have worked on a complete draft by then.
Overall Portfolio Conclusion and Reflection
You are requested to submit a final version of the three tasks as a portfolio for your first annual appraisal as the CISO for the Department of Computer Science at the University of Hertfordshire. Your portfolio should have a professional presentation.
Attachment:- Information Security Policy.rar