Presentation is loading. Please wait.

Presentation is loading. Please wait.

On completion of the scenario, students will be able to: Learning Outcomes 1 Critically analyse and prioritise information security risks. 2 Systematically.

Similar presentations


Presentation on theme: "On completion of the scenario, students will be able to: Learning Outcomes 1 Critically analyse and prioritise information security risks. 2 Systematically."— Presentation transcript:

1

2 On completion of the scenario, students will be able to: Learning Outcomes 1 Critically analyse and prioritise information security risks. 2 Systematically identify countermeasures and review techniques appropriate to the management of information security risks. 3 Demonstrate a thorough understanding of the policy and technology trade-offs involved in developing information security systems of adequate quality. 4 Analyse and evaluate the significance of legal regulations and requirements on information security systems.

3 Pre-requisite Knowledge This scenario is adaptable and the prerequisite knowledge is not essential, some of it may be considered part of the learning outcomes. The following identify concepts/processes that are required for successful completion of the scenario. Information Security concepts including: 1.Confidentiality, Integrity, Availability, 2.Information Assets, Threat, Vulnerability, Impact, Likelihood, Risk, 3.Teamwork.

4 Pre-requisite Knowledge Introduction The following quiz will test your pre-requisite knowledge.

5 Quiz Click the Quiz button to edit this quiz

6 Introduction You have been hired as a consultant to an SME (West Lancashire Asbestos)

7 The Company West Lancashire Asbestos (WLA) is a small company with 18 full time employees employed. Employees are trained to the highest standards and supported by one of the most respected management teams in industry. The company is full licensed by the Health and Safety Executive (HSE) to work with Asbestos Containing Materials. All major contracts are allocated a designated Contracts Manager and Asbestos Administrator.

8 Company Divisions Asbestos Removal Service Domestic Contracts Large Scale Commercial Contracts Asbestos Surveying Asbestos Awareness Training WLA Originally offered

9 Managing Director Interview

10 Task 1 To provide detailed advice of how to implement an ISMS that is consistent with the ISO27k framework. Produce an outline plan of activities required for the implementation of ISO27001. To provide detailed recommendations as to the Risk assessment process that should be adopted. Your response should be contained in one team Information Security Management (ISM) recommendations report together with a presentation. You will get feedback on this. Essentially this comprises a formative draft for this section of the assessment. A table showing team members’ contribution to the work in the scenario.

11 Task 2 To create key documents for the Risk assessment, consistent with ISO27001:2013. To identify any actions the company should take to create and maintain a security culture and ensure the ISMS is a ‘living’ system. Additional information regarding the scenario can be obtained from your tutor. Your team should submit your comprehensive ISM final report. This should address all terms of reference, and include updated version from stage 1. A table showing team members’ contribution to the work in the scenario. Your team will also present your solution to the board of directors in a tutorial. A short PowerPoint presentation is expected. Your contribution to teamwork will be graded.

12 Reflection on Learning It is also important that at the end of the scenario you should reflect on your learning and team working and identify what worked well, what didn’t and actions for future improvement.


Download ppt "On completion of the scenario, students will be able to: Learning Outcomes 1 Critically analyse and prioritise information security risks. 2 Systematically."

Similar presentations


Ads by Google