Objectives
This assessment task can be undertaken in a group of up to 4 members or individually. Each group/student will analyse the given scenario of the organisation, and develop and document the specified Issue Specific Security Policy (ISSP) for the organisation.
Assessment Criteria
The students are assessed against their ability to analyse the given scenario and develop the specified ISSP.
The marking criteria for Assessment Item 1 are provided on page 4.Students need to familiarise themselves with the marking criteria to ensure that they have addressed them when preparing the document for this assessment item.
Assessment Task
You are required to analyse the scenario on page 3 and develop the following ISSP for the organisation described in the scenario:
- Wireless Communication Policy
The ISSP should include:
- Statement of Purpose
- Authorised Uses
- Prohibited Uses
- Systems Management
- Violations of Policy
- Policy Review and Modification
- Limitations of Liability
You also need to include a section containing the justification of the contents of your policy as well as any assumptions that you have made.
Note: Each student (not just one student in a group) needs to upload the document containing the ISSP to Moodle. You must follow the Harvard citation and referencing guidelines.
Please do not include an executive summary, a table of contents, an introduction or a conclusion. Please use the ‘Template for Your Answers’ Section of this document and upload only that template.
Check the course website at least once a week for further information relating to this assessment task. Please ensure that you write your answers in your own words to avoid possible plagiarism and copyright violation. You can understand the Plagiarism Procedures by following the corresponding link in the CQ University Policies section of the Course Profile.
The Scenario for Information Security Management Assessment Tasks
Farmers for Farmers (3F) is a cooperative society of crop farmers in Queensland founded one year ago. Established to increase the yield of its member farmers and reduce the wastage due to rotting of crops, the society sells the crops to the customers at a lower price than that of the few giant supermarket chains in the state. 3F competes with these supermarket chains by directly supplying the produce from the farmers to the consumers without an intermediary. To this end, 3F has its own trucks, five distribution centres in the state and six distribution vehicles at each distribution centre.
3F operates from a small office in Rockhampton and the customers can place their orders using the web interface of 3F or over the phone. The orders are processed using a proprietary software algorithm of 3F. By using this software, 3F not only collect the optimum quantities of crops from the farmers and deliver them on time to the distribution centres, but also deliver the order to the customers in a minimum time. This whole process is automated with the help of on-board computers on the trucks as well as on the distribution vehicles connected to the office of 3F and the farmers.
This software algorithm is also used by the farmers to order and add fertilizer to their farmlands, to water the plants, spray pesticides and collect the yield in an optimum fashion while saving energy costs, resources and money. For this purpose, the algorithm collects real-time information from the farms, such as air and soil temperature, humidity, soil moisture content, information about pests, rain fall figures and the intensity of sunlight, without human intervention. The farmers also connect to the Internet via the network of 3F and post questions to the online forums. 3F also includes an online banking society that provides most of the banking facilities of other banks to its member farmers. 3F needs the guarantee that their proprietary algorithm, and various data and information in their information system are secured.
After the success in Queensland, 3F expanded its services this year to the New South Wales farmers and customers as well.
As the society was established last year, the information security policies have not yet been developed. The society is now in the process of developing a comprehensive set of information security policies for its information system.
Note: This scenario was created by Dr Rohan de Silva on 7th June 2016 and without written permission from CQUniversity, Australia no part of this scenario should be reproduced by any individual or an organisation.
Marking Criteria
Section
|
HD
|
D
|
C
|
P
|
F
|
Max Mark
|
Mark
|
6
|
5.1
|
4.8
|
4.5
|
4.2
|
3.9
|
3.6
|
3
|
2.7
|
0
|
Assumptions
|
Listed all assumptions.
|
Some assumptions missing.
|
Most assumptions missing.
|
Not clear and most assumptions missing.
|
All assumptions missing.
|
6
|
|
Section
|
HD
|
D
|
C
|
P
|
F
|
|
|
3
|
2.55
|
2.4
|
2.25
|
2.1
|
1.95
|
1.8
|
1.5
|
1.35
|
0
|
Statement of Purpose
|
Contained all information in detail.
|
Contained all information but not enough detail.
|
Had too brief or missing information.
|
Not clear but contained most information.
|
Not clear and most information missing.
|
3
|
|
Authorised Uses
|
Contained all information in detail.
|
Contained all information but not enough detail.
|
Had too brief or missing information.
|
Not clear but contained most information.
|
Not clear and most information missing.
|
3
|
|
Prohibited Uses
|
Contained all information in detail.
|
Contained all information but not enough detail.
|
Had too brief or missing information.
|
Not clear but contained most information.
|
Not clear and most information missing.
|
3
|
|
Systems Management
|
Contained all information in detail.
|
Contained all information but not enough detail.
|
Had too brief or missing information.
|
Not clear but contained most information.
|
Not clear and most information missing.
|
3
|
|
Violations of Policy
|
Contained all information in detail.
|
Contained all information but not enough detail.
|
Had too brief or missing information.
|
Not clear but contained most information.
|
Not clear and most information missing.
|
3
|
|
Policy Review and Modification
|
Contained all information in detail.
|
Contained all information but not enough detail.
|
Had too brief or missing information.
|
Not clear but contained most information.
|
Not clear and most information missing.
|
3
|
|
Limitations and Liability
|
Contained all information in detail.
|
Contained all information but not enough detail.
|
Had too brief or missing information.
|
Not clear but contained most information.
|
Not clear and most information missing.
|
3
|
|
Section
|
HD
|
D
|
C
|
P
|
F
|
|
|
6
|
5.1
|
4.8
|
4.5
|
4.2
|
3.9
|
3.6
|
3
|
2.7
|
0
|
Justification
|
Focussed and contained all information in detail.
|
Focussed and contained but not enough detail.
|
Focussed but some information missing.
|
Not clear but contained most information.
|
Not clear and most information missing.
|
6
|
|
Section
|
HD
|
D
|
C
|
P
|
F
|
|
|
2
|
1.7
|
1.6
|
1.5
|
1.4
|
1.3
|
1.2
|
1
|
0.9
|
0
|
References
|
All references are listed according to Harvard reference style.
|
A few referencing errors.
|
Not all references are listed but correctly referenced..
|
Many references missing
|
No or incorrect reference list..
|
2
|
|