Assessment 1, Project
docx
keyboard_arrow_up
School
Holmes Colleges Sydney *
*We aren’t endorsed by this school
Course
ICT60220
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
6
Uploaded by phuyalkp123
Assessment 1 - Project
Your task is to write the answers to each of the following questions. Answers
should exceed 50 words but no more than 100 words for each question:
1.
Discuss the following legislative requirements relating to cyber security
context of performance evidence:
a.
Data protection
b.
Implications of Notifiable Data Breach legislation on an
organisation and other associated Australian privacy laws
Cyber security is the practice of defending computers, servers, mobile devices,
electronic systems, networks, and data from cyber threats. It also sometimes
referred to as ‘information technology security’.
Date Protection
is the process of preventing important data from being tampered
with, compromised, or stolen. Consequently, a large part of a data protection
strategy is ensuring that data can be restored quickly after any corruption or loss.
There are many different types of data created by an organization like Human
sources data, Operation data, Sales and marketing data and customer support data
which includes the legislation like
The Privacy Act 1998 (Commonwealth)
The spam Act 2003 (Commonwealth)
The information Privacy Act 2014 (Commonwealth)
An eligible
data breach
must be reported to the Office of the Australian Information
Commissioner (OAIC) and affected individuals under the Notifiable Data Breach
(NDB) scheme. An eligible data breach occurs when unauthorized access to or
disclosure of personal information held by an organisation or agency, or a loss of
personal information held by an organisation or agency.
The Privacy Act of 1998, the Privacy Amendment Act of 2000, and associated state
and territorial legislation all deal with privacy issues.
2.
What international legislation has been established relating to data
protection and privacy?
The following are the list of international legislation which has been established
related to data protection and privacy: -
The Data Protection Directive of the European Union (EU)
aims to protect the
privacy of individuals in the EU when personal data is transferred to countries
outside the EU.
The Asia-Pacific Economic Cooperation (APEC) Privacy Framework
— this
document comprises nine privacy principles that acknowledge "the necessity
of developing effective privacy protections that eliminate barriers to
information flows, allow continuing commerce, and economic progress in the
APEC region."
The Asia-Pacific Privacy Charter Initiative
- this document contains
independent privacy standards for the Asia-Pacific area, with the goal of
influencing the region's privacy regulations.
Cyber security guidelines from the International Telecommunications Union
and the World Economic Forum Centre for Cybersecurity
3.
Outline the typical inclusions in the following organisational policies
and procedures:
a.
Securely storing, sharing and managing information
An organisation needs to handle, share, and store its data properly to safeguard it.
The policies and procedures of your company will specify how you are supposed to
handle, share, and store various kinds of data under certain circumstances. For
instance, the regulations and protocols will outline how and where to store various
kinds of electronic data, as well as who can exchange various data, as well as
controlling data disposal and retention, etc.
b.
Encryption, and protocols for its uses
Encryption attempts to make information unreadable by anyone who is not explicitly
authorized to view that data. People or devices can be authorized to access
encrypted data in many ways, but typically this access is granted via passwords or
decryption keys.
c.
Data classification and management
Data classification is broadly defined as the process of organizing data by relevant
categories so that it may be used and protected more efficiently. The purpose of data
management is to assist individuals, organisations, and connected things in
optimising data use within the confines of policy and legislation so that they can
make decisions and take actions that benefit the company the most.
d.
Media/document labelling
Organisations label media and documents, so they can be easily identified and
retrieved when required. Your organisation’s policies and procedures will explain the
types of media and documents which must be labelled, and the labelling system to
be used.
e.
Data governance
The practise of controlling an organization's data's availability, usefulness, integrity,
and security based on internal data standards that regulate data usage is referred to
as "data governance." Good data governance makes sure that data is reliable,
consistent, and not abused. You must adhere to the applicable data governance
policies and processes inside your business for these reasons.
f.
Acceptable use
Acceptable use’, sometimes referred to as ‘fair use’, is a set of rules which stipulate
constraints and practices that a user must agree to for access to a corporate network
or the Internet. It is vital that you apply workplace acceptable use
policies/procedures.
g.
Bring your own device.
Bring your own device, or BYOD. It's an IT policy that permits and occasionally even
encourages employees to use their own mobile devices, like laptops, tablets, and
smartphones, to access company data and systems.
4.
Identify the Australian government sources of information you could
access and use relevant to current threats
The Australian Government now uses a vast amount of data while gathering
intelligence on cyberthreats. Here is a list of some of the sources that assist
individuals in understanding and ensuring the application of a solid cycle in cyber
security:
i.
The Australian Cyber Security Centre’s ‘Latest Threat Advice’ website
ii.
The Australian Cyber Security Centre’s most recent Threat Report
iii.
The Australian Signals Directorate’s ‘Cyber Security’ website
iv.
The Australian government’s current ‘cyber security strategy
5.
Identify and outline the risks which are associated with workplace cyber
security
Cyber threats also refer to the possibility of a successful cyber-attack that aims to
gain unauthorized access, damage, disrupt, or steal an information technology asset,
computer network, intellectual property, or any other form of sensitive data. Cyber
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
threats can come from within an organization by trusted users or from remote
locations by unknown parties.
Risks for individuals
Theft of funds from credit cards, bank accounts, or investment accounts creating
credit cards, bank accounts, or investment accounts in person’s name in order to get
loans or cash advances, or to make fraudulent payments or transactions the
fraudulent use of identity theft to get additional services or benefits the breach of
privacy, such as when cameras, phones, or emails are compromised the selling of
personal data to enable others to carry out comparable actions harm to credit score,
making it more difficult for individual to get credit
Risk for business
The stealing of funds from the company through the above-mentioned methods the
theft of concepts from the company, including trade secrets or intellectual property; in
severe circumstances, this may lead to a reduction in the company's ability to
compete in the market. the revelation of private or sensitive information (such as
shareholder information, strategy goals, client names, addresses, and payment
details, among other things) the loss of crucial information and systems, as well as
the interruption of company operations harm to the company's earnings, share price,
and reputation, among other things.
6
.
What strategies and techniques might be used
for promoting workplace
cyber security?
Social Media can be a great tool for spreading information about cyber security
awareness at work whether it be publicly or on private social media within the
company.
A Leaflet can help promote security as it would easily lay out all the fact in a visual
form which often shows people how real the threat can be. For example, it can show
all the different ways in which the company can be attacked and how easily people
can fall for scams.
Consider the following
cyber security tools
for use in the workplace like
PKI (public key infrastructure) software
This can be used to enable multifactor authentication, create trusted digital
signatures, encrypt email, build identity and trust into IOT systems,
create/store/revoke digital certificates, etc.
Network security monitoring tools
These monitor the performance of an organisation’s networks, to enable detection of
and response to attacks.
Encryption tools
These encrypt an organisation’s data (particularly when it is stored or transmitted
over networks,) to minimise the risk of it being accessed.
Consider the following
cyber security practice
for use in the workplace like
Antivirus Software
Antivirus software is a program which is designed to prevent, detect, and remove
viruses and other malware attacks on the individual computer, networks, and IT
systems. It provides some additional services such as scanning emails to ensure
that they are free from malicious attachments and web links.
Make sure passwords are strong and secure.
Use a screen lock with a strong password (one that includes uppercase letters,
lowercase letters, numbers, and symbols).
Make sure passwords are strong and secure.
A virtual private network (VPN) connects a private network to a public network,
allowing users to send and receive data as if they were directly connected to the
private network.
7.
Discuss techniques which are suitable to use for:
a.
Implementing and promoting workplace cyber security awareness
Training is a great way to educate the whole workforce on what they should be doing
to keep themselves and the organisation safe when using the internet. Having a
professional speaker in will help get the message across of how easily an attack can
happen if people are not prepared.
Update reminders can be sent out to employees when necessary to remind them to
update the OS and Anti-Virus software to improve security with the latest threat
information.
b.
Facilitating training that promotes cyber security awareness,
including the use of simulated activities
Online Training that all employees can complete is a good way to keep training up to
date when new threats need to be communicated to staff.
A video for training can visually show how hackers can access information and how
similar scams and phishing can look to the real websites and emails.
Delivering cyber security training- Individuals must cater to the needs of people who
learn in a variety of ways. Visual, auditory, and kinaesthetic learning styles are the
most common. It is important to note that most adult learners fall into at least one, if
not more, of these categories.
Visual
Learn through looking at
and observing things,
such as photos,
diagrams, movies, or
demonstrations.
Prefer to
read/write than
listen.
Need an overall
view/purpose.
Like written
handouts, take
notes
Auditory
Listening to spoken words
is a great way to learn
able to follow
verbal directions.
Enjoy debating and
conversing with
others.
Prefer to hear
someone explain
something
Kinaesthetic
Learn by actively
participating in activities
and applying what we
have learned.
Take notes and
draw sketches
frequently.
Memorise by
seeing, watching.
Find joy in group
engagement.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help