You are to complete and submit in written and online form, a report that outlines the need for a security management program and suggest how the organisation may proceed with developing an ongoing Security Management Program. You have also been requested to supply an example of a small risk assessment task to demonstrate what risk assessment/management is about. To assist you in producing the final report, you will complete and submit three small assignment pieces:
Weekly questions for each tutorial (included in each weeks tutorial questions. Submitted online only.)
A report outline (see below for details. Submitted online only.)
A report draft (see below for details. Submitted online only.)
Assignment (Part A Report Body) - Report for a security management and governance program
Discuss the benefits derived from seeing Security Management as an ongoing process and the reasons for having a policy
Discuss the development of a Security Policy and Security Management Plan.
Identify and present a description of the functions, tasks, roles and responsibilities that need to be defined for the Security Management Program for PIA. Discuss the roles of different individuals/groups would play in terms of governance in general.
Identify any models or methods that may be relevant for the development of a Security Management Program
Discuss the implications of legal and statutory requirements and the benefits your formal approach would bring
Assignment (Part B – Appendix) Risk Assessment/Management – Patient Information
Briefly explain the benefits a Risk Management Plan can bring to a company and the steps necessary to build one. Include a discussion on the importance of Contingency Planning to PIA, as well as the risk analysis and CBA mentioned above
For the Patient Information area, list the threats, vulnerabilities, and attacks that your formal plan would manage. This should not be an exhaustive, detailed list. Keep the focus on PIA’s context
Work on this aspect and draw up a Risk Management Plan for it and include a recommendation based on a Cost-Benefit Analysis.
Where does the responsibility for the user and the vendor begin?
Both draft and final reports must include the following:
Assignment Cover Page (only with the. Final report hard copy). Use the cover sheet provided by Melb Poly. . Include the Title, Assignment name, Student Name and ID, Subject;
Microsoft Word “Cover Page”. Include the name of the report, who it has been prepared for, and the author (Student Name and ID, Subject.);
Executive summary (1 paragraph: Who the report is for, scope/purpose of report; action required); Table of contents;
Body (Numerous headings and text at the writer’s discretion) This will include an introduction that describes the scope of the document and its structure as well as the information discussed in part A above; References (List of works used in the document)/Bibliography(Materials relevant to the report, but not directly used);
Appendix for the Risk management plan (See part B above).
The final report will be at least 2000 words (maximum 2500 words) addressing the following:
• Discuss the fit of your formal approach to security with the company’s values. Discuss too the role your approach would play in terms of governance in general.
• Discuss the development of a Security Policy, including a methodology and the reason for having a
• List the threats, vulnerabilities, and attacks that your formal plan would manage. This should not be an exhaustive, detailed list. Keep the focus on PAI’s context.
• Discuss the implications of legal and statutory requirements and the benefits your formal approach would bring
• Explain the benefits a Risk Management Plan can bring to a company and the steps you would go through to build one. Include a discussion on the importance of Contingency Planning to PIA, as well as the risk analysis and CBA mentioned above
• Discuss the benefits derived from seeing Security Management as an ongoing process
This assessment is to be completed individually. You may discuss the assignment with other students, but your submitted work must be your own work.
Submissions is in 4 parts
Week 4 Report Part A outline
Assessed as part of test. Major headings, some minor headings named to match the case study. Overall structure described.
Week 7 Report Part A structure and Part B (Appendix)Risk assessment started structure
The report plan should include the main headings for each part of the final document. The key points for the executive summary must be listed. The structure of the body with bullet points must be outlined and comments relevant to each section included. Some references should be listed and appendices identified. The Risk Assessment will include a prioritized list of Assets, Threats and Vulnerabilities for the patient information system.
Week 10: Draft Report and Risk Assessment
The draft report should not just be an outline or template. It should be an attempt to develop the completed, final report.
The Risk Assessment must also include suggested controls and an outline of a contingency plan for the patient information system.
Week 12 (Start of class): Final Report and Risk Assessment/Management Plan
Your submission must be compatible with the software in Melbourne Polytechnic’s computer Laboratories/Classrooms. A .docx file is preferred.