BSBXCS303 Assessment 2
docx
keyboard_arrow_up
School
Canberra Institute of Technology *
*We aren’t endorsed by this school
Course
303
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
6
Uploaded by CoachWolverine3943
Assessment Written
Student Name:
CIT Number:
Competency Title, Code
and Banner Code
CRN
BSBXCS303
Securely manage personally identifiable information and workplace information
Assessment Type
☐
Written
☐
Case Study
☐
Project
☐
Assignment
☐
Other
Assessment Name
Assessment Task 2:
Knowledge Test
Assessment Date
27/04/2023
Student Statement:
This assessment is my own work. Any ideas and comments made by other people have been
acknowledged. I understand that by emailing or submitting this assessment electronically, I agree to this statement.
Student Signature:
Date:
PRIVACY DISCLAIMER:
CIT is collecting your personal information for assessment purposes. The information will only be
used in accordance with the CIT Privacy Policy.
Assessor Feedback
☐
Student provided with feedback
Attempt 1
☐
Satisfactory
☐
Not Yet Satisfactory
Date:
/
/
Attempt 2
☐
Satisfactory
☐
Not Yet Satisfactory
Date:
/
/
Assessor Name: Adnan Syed
Assessor Signature: Adnan
Note from Assessor:
Please record any reasonable adjustment that has occurred for this assessment.
© Canberra Institute of Technology
Page 1 of 6
Date created: 23/08/2021
CRICOS No. 00001K | RTO Code 0101
Date updated: 4/12/2023
Assessment Task Instructions for Students
This assessment is a self-marking quiz that consists of multiple choice and matching questions.
Covering the following topics:
legislative requirements relating to securely managing PII and workplace information
organisational policies and procedures
industry best practice and Australian government sources of information relating to access control
risks and benefits of cloud storage
risks of communicating sensitive information via non-secure means e.g. email and SMS
framework for distributed storage
data protection protocols and industry-standard compliance standards relating to:
•
back-up
•
data sharing
•
data storage
•
disposal of sensitive information
•
privacy impact assessments.
Time allowed
:
please see your subject guide.
Assessment range and conditions
:
This is an open book assessment
This is an individual assessment.
To ensure your responses are satisfactory, consult a range of learning resources and other information such as
handouts, textbooks, learner resources etc.
To be assessed as Satisfactory in this assessment task, all questions must be answered correctly.
Materials provided:
Access to eLearn and learning resources
Materials you may need:
Assessment documentation, BYOD and internet access
Information for students:
You may have two (2) attempts for this assessment.
If your
first
attempt is not successful, your teacher will discuss your results with you and will arrange a second
attempt.
If your
second
attempt is not successful, you will be required to re-enrol in this unit.
© Canberra Institute of Technology
Page 2 of 6
Date created: 23/08/2021
CRICOS No. 00001K | RTO Code 0101
Date updated: 4/12/2023
Only one re-assessment attempt will be granted for each assessment item.
Assessment Task:
1.
What is the most ideal way of applying privacy policies to your device and documentation?
a) encryption
b) APPs
c) the Privacy Act
d) Governance implementation
e)
personal security training
2.
How do we report malfunctioning, breached or attacked infrastructure that pose a threat?
a)
you must advise the ACSC within 6 hours after you become aware regardless the breach
b) you must advise the ACSC within 12 hours if there is significant impact on your asset
c
) you must advise the ACSC within 72 hours if the incident is likely to have a relevant impact
d) you must advise the ACSC within 48 hours after you become aware regardless the breach
3.
Which legislative requirement relates directly to Data Protection, managing PII and workplace information?
a)
the Privacy Act
b) the Australian Privacy Principles
c) workplace Privacy Policy
4.
Identify two (2) consequences that result from a ‘data spill’
a
) damage to the companies reputation
b)
unauthorised parties may profit or steal identity
c) creditability to the organisation
d) financial fines from the commissioner
5.
If your company trades within the EU, what is a legislative requirement you must follow?
a)
general data protection regulation (GDPR)
b) privacy impact assessment (PIA)
© Canberra Institute of Technology
Page 3 of 6
Date created: 23/08/2021
CRICOS No. 00001K | RTO Code 0101
Date updated: 4/12/2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
c) workplace policy
d) Australian privacy policies
6.
After reviewing CITs Student identification policy, how do we monitor and report faults and malfunctions?
a)
faults and malfunctions are reported directly to the Digital Technology System (DTS) via email only
b) faults and malfunctions can be reported via phone to the Senior staff within your teaching department
c) records and information are viewed weekly and reports are provided to each area every Monday am
d) records and information are viewed monthly and reports are provided to management only
7.
How should sensitive data be deleted or devices be managed once they are no longer required?
a)
data stored on hard drives must be shredded
b) data stored on USBs must be recycled
c)
devices restored to factory settings
d) devices back up and then sent for donation
8.
Select the benefits of Cloud storage
a)
back up can be completed remotely
b) fixed contract
c) easy to move or change providers as data is remote
d)
data is encrypted for additional security
e) cloud is compatible with almost any device
9.
Select the disadvantages of Cloud storage
a)
requires the internet
b)
challenging to change providers
c) storage is too large
d) cannot manage your data when you need to
10.
What are the risks of sharing information via email or SMS?
© Canberra Institute of Technology
Page 4 of 6
Date created: 23/08/2021
CRICOS No. 00001K | RTO Code 0101
Date updated: 4/12/2023
a)
SMS messages are not encrypted and sent over open data
b)
there is the potential for forgery when sharing emails, the use of a wet signature can be is quick and easy to apply
c) allows staff to further share information when needed
d) emails and SMS are encrypted so there is no risk
11.
Review the
Basic Data Sharing Framework
and match the following restrictions with its description:
The data set exists
no detail may be provided other than the existence of the data set. For example, knowing that a
register of drivers’ licences exists
Details about the data set
such as sharing details of the scope, parameters involved (often referred to as the data
dictionary), period over which the data is collected
Ability to interrogate aggregated, perturbed, or obfuscated data
such as the ability to run a defined set of logical
operations over, and receive a result from, data which has been de-identified in some way without accessing the data itself.
Ability to access aggregated, perturbed, or obfuscated data
the ability to run an unlimited set of queries over data which
has been de-identified in some way
Access to data
whilst this may still be restricted to certain individuals, for certain approved purposes in secure operating
environments, there is no technical limitations to the operations which may be performed
Ability to share data
some systems, such as the SURE6
system used by the SAX Institute system, limit how data is accessed
to prevent further sharing.
I think its same answer
12.
What are the standards for a Privacy Impact Assessment?
a) is a legal compliance requirement
b) you should not consult with stakeholders to support the PIA
c) does not require you to analyse your privacy impacts
d)
should comply with the APPs
13.
Offsite back up providers must comply with the Privacy Act and APPs. What are other requirements for offsite
backups?
a
) the organisation must have a reliable back up system that supports timely accessibility
b)
the organisation must a business continuity plan and regularly tested to ensure back up protocols are working
c) policy must provide detailed information on what your organisation will be sharing without permission
d) data must be stored in Australia
e) can be encrypted
for ease of sharing
© Canberra Institute of Technology
Page 5 of 6
Date created: 23/08/2021
CRICOS No. 00001K | RTO Code 0101
Date updated: 4/12/2023
14.
When storing data we must ensure we apply the Australian Privacy Policy and provide the following details:
a) identify how long the information is being stored
b)
data information must be secure
c)
information is securely erased when no longer required
d) compete regular privacy assessments
15.
Cybercriminals gain access to your personal information to steal money or gain other benefits. They can create
fake identity documents in your name, get loans and benefits or apply for real identity documents in your name,
but with another person's photograph. The following graph is showing the amount loss from identity theft
in
2022 (source:
https://www.scamwatch.gov.au/scam-statistics?scamid=29&date=2022
). In this graph, which
month did people lose the most amount of money?
a)
November
B) July
c) August
d) September
Link:
https://www.scamwatch.gov.au/scam-statistics?scamid=29&date=2022
© Canberra Institute of Technology
Page 6 of 6
Date created: 23/08/2021
CRICOS No. 00001K | RTO Code 0101
Date updated: 4/12/2023
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help