Type of Product (tick which applies) ü Project Summary and Purpose of Assessment This project is one of two assessment tasks that you need to complete, in order to be deemed competent for this unit. Completing this project allows you to demonstrate your ability to: • develop cyber security awareness in a work area by applying an up-to-date knowledge in line with company policies and procedures • be able to support cyber security practice in the workplace by planning, training, and reviewing personnel behaviours on site and when working remotely • document and report suggested improvements to specific individuals and management Assessment Instructions This is an individual and group based (Task 2a/b) project to be completed in class and at home over the assessment period of 4 weeks. What Goal of this project: You have been tasked with auditing this network and all the equipment to improve security. To complete this task, you will need to create a report on your audit. Your report must contain the following: • Title Page • Table of Contents • Identifying and valuing XPC’s assets • Identifying and modelling the main threats • Implementing and testing solutions to these main threats • Conclusion Task 1a Establish current level of awareness in work area relating to cyber security Read the following scenario: Company XYZ is a new start-up (6 months) mostly an Online company which has 3 distinctdepartments. Their product is educational software sold to tertiary schools 1. CEO & Office Admin 2. Sales & Marketing 3. IT Support The company has only reported 1 known security breach in the first 6 months of operations. The CEO and IT support have acknowledged the fact that security threats exist and seek your Security expertise to know how to prevent and respond to them. You conduct walk-through and hold meetings with several members of the company and discover the following data: 1. Operations and environment related to CEO (Grace) and Office Admin (Tim) a) CEO Grace uses her own laptop, the shared WIFI connected net printer, VoIP Phone - Uses the same password for everything including their outlook email account, personal email, and social media accounts. b) All CEO data is stored on their laptop. c) Door to IT Office is kept locked (Admin has additional key in their draw) d) Office Admin uses 1 PC station, shared net printer, – keeps their password on a post-it notes on the screen as they have trouble with recall and they often forget to log off from PC. Emails are often sent from home email Gmail account as they find Outlook a bit too complicated at times to create email for internal staff. Most data is stored on PC and a few USB sticks that the admin takes home. Anti-virus software was updated 6 months ago. e) Office Admin notices a lot of emails that seem suspicious after clicking on internal links but neglects to report on them to IT support because they are so busy. Operations and environment related to Sales & Marketing department (4 members: Kara, Raj, Ryan and Jiang) a) Staff members share 2 laptops between themselves, a shared net printer and use personal smart phone for calls. You note that Kara loves to download movies. b) Sales representatives – travel and remotely connect to the office at airports and cafes that offer free internet when working on their smart phone and IPADs. c) Door to IT Office is not locked which joins to customer lounge– a lot of printed documents left on desktops d) Anti-virus software & and windows 10 operating system was updated 6 months earlier e) Guests, customers and staff can access internet using an open Wireless net 3. Operations and environment related to IT support (2 members Tom & Kelly) a) Each member uses 1 laptop each, Windows 10 and anti-virus software was updated 3 months ago b) Door to IT Office is not locked when unattended c) IT staff login to WIFI using a default password d) Net device is accessed with a generic unencrypted password (Kelly’s birthday) Overall- you have perceived the following – messy / busy desks left in that state at the end of the day. Competition to use available laptops in Sales & Marketing. No security guidelines are available – staff learn on the job. Identify the Cyber Security Threats. Your task is to Identify security threats and implement a plan for suitable controls. Fill the table below: [无法识别的内容] URL: 1. 2. 3. Task 1b.Research Official Sites. The impact and scope of recent cyberattacks have many business and government officials concerned. Review the latest cyber threats and trend affecting Australian Businesses. Include the URL and report on the 3 common threat that could affect this company. Task 2a Draft and Create a Security Policy Based on the information gathered in Task 1 – work with your assigned partner to draft a security policy for company XYZ. ** Remember to keep your language in as plain and easy to read (Understandable!) as possible! Using the separate supplied document – to share with your partner and Class Teacher in OneDrive: Correctly fill in side panelwith your answers to 40 blank lines to complete the draft policy with your partner, where blank lines ____________ usually= 1 word, except follow word count required, e.g. (3) – You MUST Use the Comments section to show collaboration with your partner. Also, complete task 2b and incorporate comments between you and your partner. | 
