Cl_SecurityPrivacy_AE_Pro

docx

School

TAFE NSW - Sydney Institute *

*We aren’t endorsed by this school

Course

30120

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

37

Uploaded by EarlSnow11717

Report
Project Assessment Criteria Unit code and name BSBXCS303 - Securely manage personally identifiable information and workplace information ICTICT313 - Identify IP, ethics and privacy policies in ICT environments Qualification/Course code and name Student details Student number Student name Assessment declaration Note: If you are an online student, you will be required to complete this declaration on the TAFE NSW online learning platform when you upload your assessment. This assessment is my original work and has not been: Plagiarised or copied from any source without providing due acknowledgement. written for me by any other person except where such collaboration has been authorised by the Teacher/Assessor concerned. Student signature and date Document title: Cl_SecurityPrivacy_AE_Pro Page 1 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Version: 20210916 Date created: 15 March 2021 Date modified: 16 September 2021 For queries, please contact: Technology and Business Services SkillsPoint Ultimo © 2021 TAFE NSW RTO Provider Number 90003 | CRICOS Provider Code: 00591E This assessment can be found in the: Learning Bank The contents in this document is copyright © TAFE NSW 2021 and should not be reproduced without the permission of TAFE NSW. Information contained in this document is correct at the time of printing: 28 November 2023. For current information please refer to our website or your Teacher/Assessor as appropriate. Document title: Cl_SecurityPrivacy_AE_Pro Page 2 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Assessment instructions Table 1 Assessment instructions Assessment details Instructions Assessment overview The objective of this assessment is to assess your knowledge and performance in in assisting with the protection of lawful use of intellectual property (IP), observing ethics and privacy policies and securely managing personally identifiable information (PII) and workplace information. Assessment event number 2 of 2 Instructions for this assessment This is a project-based assessment that assesses your knowledge and performance of the unit. This assessment is in four parts: 1. Review organisational documents 2. Identify risks and infringements 3. Confirm security responsibilities 4. Manage data – Gelos Client List July 2021 Project And is supported by: Observation checklist Assessment checklist Assessment feedback Supporting documents contained in Cl_SecurityPrivacy_AE_Pro_Appx.zip. Appendix A – Long descriptions for screenshots Note : This assessment may contain links to external resources. If a link does not work, copy and paste the URL directly into your browser. Submission instructions On completion of this assessment, you are required to submit it to your Teacher/Assessor for marking. Where possible, submission and upload of all required assessment files should be via the TAFE NSW online learning platform. It is important that you keep a copy of all electronic and hardcopy assessments submitted to TAFE and complete the assessment declaration when submitting the assessment. What do I need to do to achieve a To achieve a satisfactory result for this assessment you must Document title: Cl_SecurityPrivacy_AE_Pro Page 3 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Assessment details Instructions Assessment overview The objective of this assessment is to assess your knowledge and performance in in assisting with the protection of lawful use of intellectual property (IP), observing ethics and privacy policies and securely managing personally identifiable information (PII) and workplace information. satisfactory result? answer all the questions correctly. If a resit is required to achieve a satisfactory result it will be conducted at an agreed time after a suitable revision period. What do I need to provide? TAFE NSW student account username and password. Computer or other device with word processing software and internet access. Writing materials, if required. Cloud storage account (Google Drive, Dropbox or OneDrive). A USB drive. What the Teacher/Assessor will provide Access to this assessment and learning resources, including the student workbook and any supporting documents or links. Organisational policies, procedures, documentation and other resources Relevant standards, codes of practice and legislation. For face-to-face students, a computer or other device with word processing and internet access. Due date Time allowed Location Refer to UAG Six hours (indicative only) This assessment may be completed both in a face-to-face or online environment. Assessment feedback, review or appeals In accordance with the TAFE NSW policy Manage Assessment Appeals, all students have the right to appeal an assessment decision in relation to how the assessment was conducted and the outcome of the assessment. Appeals must be lodged within 14 working days of the formal notification of the result of the assessment. If you would like to request a review of your results or if you have any concerns about your results, contact your Teacher/Assessor or Head Teacher. If they are unavailable, contact the Student Administration Officer. Document title: Cl_SecurityPrivacy_AE_Pro Page 4 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Assessment details Instructions Assessment overview The objective of this assessment is to assess your knowledge and performance in in assisting with the protection of lawful use of intellectual property (IP), observing ethics and privacy policies and securely managing personally identifiable information (PII) and workplace information. Contact your Head Teacher/Assessor for the assessment appeals procedures at your college/campus. Specific task instructions The instructions and the criteria in the tasks and activities will be used by your Teacher/Assessor to determine if you have satisfactorily completed this assessment event. Use these instructions as a guide to ensure you demonstrate the required knowledge and skills. Document title: Cl_SecurityPrivacy_AE_Pro Page 5 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Project scenario You are working as an ICT Trainee for Gelos Enterprises. As a result of recent data breaches, the security management at Gelos has established a project team to address current security risks and upgrade the current practices. As the project deals with sensitive data, your supervisor wants to make sure that the project team complies with Gelos policies, as well as privacy legislation. You will be assisting with tasks to ensure compliance, as well as ensuring the data is securely managed. You have been supplied with the following documentation to assist you with this project: Gelos Privacy Policy ( GE_Privacy_policy.pdf ) Gelos Intellectual Property Policy ( GE_Intellectual-Property_policy.pdf ) Gelos Data Protection Policy ( GE_Data-Protection_policy.pdf ) Gelos Maintenance Procedure ( GE_ICT-Maintenance_procedure.pdf ) Gelos Trainee Induction Kit ( GE_New-Staff-ICT-Induction-Kit_policy.pdf ) Gelos IT Risk Management Policy ( GE_ICT-Risk-Management-Policy.pdf ) Pending completion of a full ethics policy and code of conduct, Gelos requires its management and employees to abide by the ITPA (Information Technology Professional Association) code of ethics policy . Download and unzip the resource folder ( Cl_SecurityPrivacy_AE_Pro_Appx.zip ), which contains: Gelos Asset Information Register (GE_Asset-Info-Register.docx) Gelos Client List July 2021 (GE_Client-List-July-2021.docx) Gelos Privacy Impact Assessment (GE_PIA.docx). Document title: Cl_SecurityPrivacy_AE_Pro Page 6 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Part 1: Review organisational documents 1. Research and describe three different ethical theories and approaches, explaining how they could be applied in the workplace. (Between 20 to 30 words per response). Table 2 Description of ethical theory Description of ethical theory and approach How it could be applied in workplace Utilitarianism is an ethical theory that looks for the best outcome for a number of people. This could mean making decisions that provide the greatest benefit to the most people. A company might decide to invest in new technology that would save time and money while improving the quality of the product. Deontology is an ethical theory that looks at the morality of an action, rather than its consequences. This requires people to follow certain rules and complete without questioning. A company might decide to pay a living wage to all of its employees, even if it means sacrificing some profit. Virtue ethics is an ethical theory that focuses on developing and displaying good character traits, such as honesty and integrity. Looks at the moral character action, rather than the ethical duties and consequences of actions. Being honest to customers and coworkers. 2. Describe the purpose and intention for developing and implementing Gelos' IP, ethics and privacy policies and procedures. (Between 40 and 50 words). Gelos is committed to protecting the privacy, confidentiality, and security of its customers’ data. As such, Gelos has developed and implemented IP, ethics and privacy policies and procedures to ensure the highest standards of data protection. The purpose and intention of these policies and procedures is to ensure that Gelos protects all of its customers’ data, including personal information, financial information, and intellectual property, from unauthorized access, use, and disclosure. By implementing these policies and procedures, Gelos is able to provide customers with a secure environment for the storage, processing, and sharing of their data. Furthermore, these policies and procedures also ensure that the data of customers is kept confidential, secure, and only used for the purpose it was provided for. Additionally, Gelos has incorporated security protocols into its policies and procedures to prevent the unauthorized access of data, as well as to provide customers with the ability to monitor and control access to their data. Document title: Cl_SecurityPrivacy_AE_Pro Page 7 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
3. Briefly explain the principles that have been applied in Gelos' IP, ethics and privacy policies and procedures. (Between 40 to 50 words per response). Table 3 Policies, procedures and principles applied Policies and procedures Principles applied IP Gelos leverages the power and flexibility of IP to implement a number of key principles that provide an effective and reliable monitoring solution. First, Gelos utilizes a distributed architecture, with multiple nodes that collect data and share information in a secure, peer-to-peer manner. This ensures that data is collected and shared reliably and securely. Second, Gelos leverages a distributed sensing approach, where sensors are placed at various points of the network infrastructure to provide real-time monitoring of the environment. Third, Gelos deploys a host-based intrusion detection system that monitors each device on the network for suspicious activity. Gelos also provides a centralized management platform that stores and aggregates all the monitoring data into a single, comprehensive view of the environment. Ethics This ethical system holds that the ultimate aim of an individual's actions should be to strive for the best possible outcome for the entire society as a whole. This means that individuals should not only consider their own interests and well-being, but also those of their fellow citizens. To achieve this, Gelos' ethics places a large emphasis on the idea of reciprocity, or the idea that if one person does something for another, the other should do something in return. This concept is further exemplified by the idea of justice, which states that all individuals should be treated fairly and equally according to the law. Gelos' ethics also puts a strong emphasis on personal responsibility, which states that individuals should take responsibility for their own actions and not place the blame on others for any negative outcomes. Finally, Gelos' ethics states that individuals should always strive to act with integrity and avoid any behavior that is dishonest or immoral. Privacy In order to ensure that your personal data is protected, Gelos follows the eight principles of data protection set out by the European Union’s General Data Protection Regulation (GDPR). These principles are: 1. Lawfulness, fairness and transparency: We make sure that all processing of your personal data is fair and legal, and that it is done in a transparent manner. Document title: Cl_SecurityPrivacy_AE_Pro Page 8 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
2. Purpose limitation: We make sure that your personal data is collected for specified, explicit and legitimate purposes, and is not used for other purposes without your consent. 3. Data minimization: We make sure that the data we collect is limited to the minimum necessary for the purposes for which it is processed. 4. Accuracy: We make sure that the data we process is accurate and, where necessary, kept up to date. 5. Storage limitation: We make sure that the data we process is stored for no longer than necessary for the purposes for which it was collected. 6. Integrity and confidentiality: We make sure that the data we process is protected against unauthorized access, and is kept secure. 7. Accountability: We take responsibility for the data we process and ensure that our policies and procedures are in line with our data protection obligations. By following these principles, we ensure that your personal data is treated with respect and kept secure. We are committed to protecting your privacy and to providing you with the best possible service. Document title: Cl_SecurityPrivacy_AE_Pro Page 9 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Part 2: Identify risks and infringements Task 1 – Scenario 1 Your team has been given a short time frame to present the work (refer to the project scenario) to management for approval and is having difficulty with the deadline and complex issues involved. One of your co-workers, Alex, was asked to join the team because they have experience working on software for 3D printing at a previous workplace, ABC Developments. You have been reviewing the source code and noticed in the comments the author's name listed as 'Terri Steinhart, ABC Developments'. As this was Alex's previous workplace, you asked them about the source code. Alex said that they asked a previous co-worker to send some of their source code from their finalised software product to help the team meet its deadline. Alex incorporated the source code into the Gelos program, which enabled the team to present it to management by the due date. Complete the table below by placing your response in the space provided. Table 4 Identify and respond to incidents Identify: Response: The non-compliance incident (one incident) Alex incorporated source code from a previous employer's software product into the Gelos program without permission. The risks to Gelos (at least two) Data breach, If the source code contains any security vulnerabilities, it could be exploited by hackers to gain access to Gelos's systems and data. Loss of professional reputation, it could damage the company's reputation and customer trust. Breach of privacy and confidentiality. Which part of the Gelos Intellectual Property Policy confirms that an infringement has occurred? Copy and paste the part of the policy that you believe has been breached. (Approximately 50 to 60 words) Any company brand names, logos, designs and so on should be registered under trademark laws or design registration laws as applicable. Respect for others: Respect for others: Staff must respect and not steal or misuse the IP of others, including suppliers, customers, contractors and manufacturers and owners of hardware and software that is used in the business. Where there has been an alleged infringement or misuse of IP owned by a third Document title: Cl_SecurityPrivacy_AE_Pro Page 10 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Identify: Response: party, staff must notify their line manager and seek appropriate advice. Copyright: Copyright protects original literary, dramatic, musical and artistic works, as well as films, sound recordings and broadcasts. Copyright is automatically created when a work is created, and it lasts for the life of the author plus 70 years. Trade secrets: Trade secrets are confidential information that gives a business a competitive advantage. Trade secrets can include things like customer lists, manufacturing processes, and marketing strategies. Identify and name one principle in the ITPA code of ethics that has been breached. https://www.itpa.org.au/code- of-ethics/ Copy and paste the principle in the policy that you believe has been breached. (Approximately 30 to 50 words) Respect intellectual property IT professionals must respect the intellectual property rights of others. This includes respecting copyrights, trademarks, patents, and trade secrets. Review the Gelos Intellectual Property Policy and make two recommendations for procedures that will improve and maintain the current practices. (at least two in total – between 20 to 40 words per recommendation). Implement a software licensing policy. This policy should establish clear guidelines for the use of licensed software within the company. The policy should also include a process for approving and tracking the use of all licensed software. Informing all individuals that are affected in the Document title: Cl_SecurityPrivacy_AE_Pro Page 11 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Identify: Response: situation of the use of IP immediately to ensure everyone is aware of the situation and what will be implemented to avoid the situation being repeated. Require all employees to sign a confidentiality agreement. This will help to ensure that employees are aware of their obligation to protect the company's intellectual property. Locate and use the risk identification and rating process used at Gelos ( Gelos IT Risk Management Policy ) and rate the level of risk to the company in this scenario. Include your justification why this would be the appropriate level. (Approximately 40 words) Level 4 - Major: The risk is likely to occur and could have a major impact on the company if it did occur. In the scenario described the risk of copyright infringement, data breach, and damage to reputation is rated as Level 4 - Major. This is because the risk is likely to occur and could have a major impact on the company if it did occur. Copyright infringement could lead to a lawsuit from ABC Developments, which could be costly and time- consuming. A data breach could expose Gelos's customers' personal information, which could damage the company's reputation and lead to customer churn. Damage to reputation could also lead to loss of sales and revenue. Document title: Cl_SecurityPrivacy_AE_Pro Page 12 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Task 2 – Scenario 2 As part of the project, a co-worker, Casey, has been asked by management to prepare an updated database of existing customers who may be interested in the new software program being developed. Casey has been added by the manager as an authorised employee with a password for access to all of Gelos' existing customer databases. The customer database includes all personal and financial information Gelos has on that customer. This includes name, contact details, bank account details, credit card details and tax file number. One of the customers on the database contacted Gelos, complaining that they had started receiving emails from a scam marketing company. These emails were being sent to an email address that was only used to contact Gelos. As Casey was handling the data, you spoke to them to investigate. They replied with the following: I needed to catch up with some work at home, so I downloaded the database onto my USB device. I was having some issues with my laptop, so I used a friend's laptop at their place. A strange message popped up on the screen, it might have been a virus, I'm not sure. Document title: Cl_SecurityPrivacy_AE_Pro Page 13 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Table 5 Identify and respond to risk Identify: Response: The non-compliance incident (one incident) Casey downloaded the customer database onto a USB device and used a friend's laptop to work on it, this is failure to comply with procedures regarding privacy of customers personal information. Identify at least two types of sensitive data that may have been impacted. Sensitive data that may have been impacted include: Financial information Personal information The risks to Gelos (at least two) Data breach: If the USB device was lost or stolen, or if the friend's laptop was infected with malware, the customer database could be compromised. This could expose Gelos's customers' personal and financial information to unauthorized individuals. Loss of professional reputation: If a data breach occurs, it could damage Gelos's reputation and customer trust. This could lead to a loss of sales and revenue. Which part of the Gelos Data Protection Policy specifically confirms that an infringement has occurred? Copy and paste the part of the policy that you believe has been breached. (Approximately 40 words) Data security Gelos must implement appropriate technical and organizational security measures to protect personal data from unauthorized access, use, disclosure, alteration, or destruction. Gelos employees must only access and use personal data for authorized purposes, and in accordance with this policy and all applicable laws and regulations. The following ITPA code of ethics principle has been breached: Privacy IT professionals must respect the privacy of individuals and organizations. This includes protecting personal data from unauthorized access, use, disclosure, alteration, or destruction. Document title: Cl_SecurityPrivacy_AE_Pro Page 14 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Identify: Response: Identify and name one principle in the ITPA code of ethics has been breached. https://www.itpa.org.au/code- of-ethics/ Copy and paste the principle in the policy that you believe has been breached. (Approximately 30 to 50 words) System Integrity I will strive to ensure the integrity of the systems for which I have responsibility, using all appropriate means —such as regularly maintaining software and hardware; analysing levels of system performance and activity; and, as far as possible, preventing unauthorised use or access. Review the Gelos Data Protection Policy and make two recommendations for procedures that will improve and maintain the current practices. (at least two in total – between 20 to 40 words per recommendation). Holding regular meetings to ensure all employees are aware of the protection policies that are in place for the company. Require all employees to complete data security training. This training should teach employees about the risks of data breaches and how to protect sensitive data. Document title: Cl_SecurityPrivacy_AE_Pro Page 15 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Part 3: Confirm security responsibilities To complete this part of the assessment, you are required to evidence your participation in an interactive role-play. This will be achieved by viewing an interactive video and then capturing your responses in a recording. Refer to the Observation Checklist to understand what skills you need to demonstrate in this section of the assessment. This checklist outlines the assessment criteria your Teacher/Assessor will be marking you on. Once completed, the recorded evidence will be submitted via the online platform to the Teacher/Assessor for marking. This digital recording may be either an audio file (sound only) or video/audio file. You may use your computer webcam and capture software or your mobile phone. Ensure you have access to the required equipment and resources. If space or bandwidth is limited, create an audio file rather than video. Video file uploads are limited to 1Gb. TIP: The following may be helpful: video recording instructions (pdf) . This one-page includes useful tips, links to resources, and a demonstration video. Refer to the scenario outline and start with task 1 below to complete this assessment part. 303: FS3.1, 313: FS1.1, FS1.2 Document title: Cl_SecurityPrivacy_AE_Pro Page 16 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Task 1 – Roleplay For the past week, you have noticed that one of your co-workers has their security passwords listed on paper and stuck to the front of the PC. As this against company policy and poses a serious security risk, you have decided to report the incident and have requested an informal meeting with the Security Administrator, Ajay Patel. You will need to interview Ajay Patel to report the breach and to clarify your responsibilities with regard to reporting data breaches. For the purpose of this assessment, an interactive conversation featuring Ajay Patel has been pre-recorded. You will need to verbally report the security breach and ask the client two questions regarding the project. Be clear and specific in your request for each piece of information and use correct terminology – it is not enough to say, 'what about that data breach?' and assume they will know what you mean. Use this table to prepare and write down your questions to remind yourself of what to ask: Table 6 Questions to ask your supervisor Make verbal report: Text for report Reporting the security breach (In your own words, report the breach as described in the scenario. About 50 words.) I am reporting a breach within the company from a coworker. The breach has occurred from the coworker having their security passwords stuck to the monitor of their PC. This is a risk to the company by potentially exposing employee or client information if someone else was to use the passwords for access. Ask a question about: Question to ask the supervisor The responsibility of an ICT trainee to report data breaches My question is, is it my responsibility as an ICT trainee to address the potential breaches with the coworker in question? Time requirement for notifying when a breach has occurred. Is it a priority to notify if there is a potential breach that has occurred or may occur, or should the potential risk be assessed first? Document title: Cl_SecurityPrivacy_AE_Pro Page 17 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Create your recordings To complete this task, you will need to access and view this interactive video . The interactive video will have pause points where you will verbally report the breach and ask your questions to Ajay Patel. You may submit your recording within one file recording or in separate files . If in one recording, leave a 10 second gap between each recording so the assessor can clearly identify the different parts. Recording process: Activate the interactive video. The video will play, Ajay will speak, and a message will appear asking you to record your part. Press pause on the video. Use your device to start recording and proceed to record your first part. When finished recording, press pause on your recording device. Return to the video and press play to continue. Repeat this process until you have recorded all parts. At the end of the interactive roleplay, you have the opportunity to play back your recordings. If you are not happy with your recordings, you can restart the interactive video and re-record your report and questions. If you are happy with your recordings, save the file, upload it in the space provided and click ‘Submit.’ Task 2 Following Ajay's information and feedback, what did you do that was not in line with the advice regarding the reporting of a security breach? Outline in the box below how you would modify your behaviour next time. (Approximately ten words) Breach needed to be reported right away, this is priority. Document title: Cl_SecurityPrivacy_AE_Pro Page 18 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Part 4: Manage data – Gelos Client List July 2021 Project Your supervisor has asked you to participate in a sensitive data management project. It is your responsibility to ensure that the data is accurate, stored securely and that Gelos is compliant with data protection standards. You have been given the appropriate authorisation to work with the data for this project. Task 1 1. Good data management consists of planning and organising the stages of the project. The table below is a summary of the tasks you will be required to undertake. For each task, identify the stages of the data management life cycle, which will allow the project to run efficiently and logically. A. Organise, store B. Reuse, maintain C. Use, analyse D. Archive, destroy E. Create, capture and collect F. Share Table 7 Matching question Task Stages Collect and collate data E Data maintenance (accurate, up to date and comprehensive) B Delete and destroy redundant data D Store data securely A Access data C Share secure data F Document title: Cl_SecurityPrivacy_AE_Pro Page 19 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Task 2 The Gelos Client List July 2021 needs to be updated as the customers have notified Gelos that they are not receiving their correspondence. Access the Gelos Client List July 2021 document and: check the entries against the table below to check for errors, including the total update and sign off submit the updated customer list. Table 2 Gelos Client List July 2021 First name Surname Address Email Elias Hummous 56 Ocean Drive MAROUBRA NSW 2035 Humming65@outlook.com.au Peter Johnston 88 Mortdale Road Hurstville NSW 2220 johnston45a@gmx.com Janet Del Rap 33 The Boulevarde Fairfield NSW 2165 JDR134@hotmail.com Document title: Cl_SecurityPrivacy_AE_Pro Page 20 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Task 3 The Gelos Client List July 2021 contains names, contact details, bank details and other personal and financial information of Gelos clients and needs to be securely backed up. You have been asked to ensure that they are secure by implementing the Gelos Data Protection Policy. 1. Create a folder on your USB drive called Gelos Confidential and backup the file called Gelos Client List July 2021 into this folder. 2. As per the Gelos Data Protection Policy, password protect the document . 3. Record your password in the box below to give to your supervisor (assessor). Enter the password used here: FullcS38! 4. Encrypt the USB drive and save the data encryption file containing the key to a location where you can easily file (NOT on the USB drive). 5. Open the data encryption file containing the key and take a screenshot. Paste the screenshot here. Was unable to use BitLocker with the USB as it wasn’t an option, installed/used VeraCrypt. 6. Save a copy for submission with your assessment. Please note, you will require a screenshot of the file path for this secure folder in task 4. Document title: Cl_SecurityPrivacy_AE_Pro Page 21 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Task 4 Your manager requires that Gelos meets all legal, statutory and regulatory requirements of sensitive data. The customer data is currently being stored on-site (stored in the confidential data folder you created). In line with the Gelos Data Protection Policy , sensitive, valuable or critical business data must be backed-up. This policy requires data to be stored locally and off-site (cloud storage). 1. Place a screenshot showing the file path of your backup copy on your hard drive (task 3) in the space below. Document title: Cl_SecurityPrivacy_AE_Pro Page 22 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
2. Copy the Gelos Confidential folder to your cloud account. You may also use the cloud storage account created during your learning. (examples of Gelos approved cloud storage includes Dropbox, OneDrive and Google Drive). Place a screenshot of the backup copy on the cloud storage in the space below. Document title: Cl_SecurityPrivacy_AE_Pro Page 23 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Task 5 As part of your data management tasks, your supervisor has asked you to complete the following organisational documents. Undertake the following: 1. Perform a privacy impact assessment (PIA) in line with the Gelos data maintenance process for the project you are currently working on. Use the drop-down boxes in the Gelos Privacy Impact Assessment (GE_PIA.docx) to confirm that this project now adheres to data protection compliance standards. 2. Complete the Gelos Asset Information Register Use the drop-down boxes in the Gelos Asset Information Register (GE_Asset_Information_Register.docx) to classify the workplace information data. Document title: Cl_SecurityPrivacy_AE_Pro Page 24 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Task 6 The following are screenshots which have appeared on various workstations. Your task is to identify the type of malfunction or attack for each screenshot shown in the table. For each one, write a brief report (in the space provided) to your manager on what you believe is the cause of this message. (No more than 30 words per response). Table 8 malfunctions and threats Screenshot Report A virus test file designed to test if the virus and threat protection security program is working correctly (Malware). Phishing attempt as the link looks suspicious. Should be no need to follow a link that says “hack tool”. Document title: Cl_SecurityPrivacy_AE_Pro Page 25 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot Report The use of the LocalSystem account by a WMI provider could potentially be a security risk as it has full administrative rights on the system. If the provider does not properly impersonate user requests, it could be used to carry out malicious activities such as data theft, unauthorized access to sensitive information, or other security violations. Appendix A – Long descriptions for screenshots Document title: Cl_SecurityPrivacy_AE_Pro Page 26 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Submit the following: This document with responses and screenshots. Completed asset information register. Completed privacy impact assessment. Updated and password protected Gelos Customer List 2021. Screenshot of USB drive encryption key (text document). Completed Gelos PIA Template. Asset Information Register. Document title: Cl_SecurityPrivacy_AE_Pro Page 27 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Observation Checklist The Observation Checklist will be used by your assessor to mark your performance in Part 3. Use this Checklist to understand what skills you are required to demonstrate in this section of the assessment. This checklist outlines the assessment criteria you will be marked on. All the criteria must be met. Your demonstration will be used as part of the overall evidence requirements of the unit. Your assessor may ask questions after the task/activity has been completed. Table 9 Observation Checklist Task # Task/Activity Performed S U/ S Assessor Comments (Describe the student's ability in demonstrating the required skills and knowledge) 1 Asks open and closed probing questions and actively listens to clarify consultations when obtaining information Date of Observation: Assessors are to record their observations in enough detail to demonstrate their judgement of the student's performance against the criteria required. 2 Uses appropriate industry relevant terminology suitable for audience Document title: Cl_SecurityPrivacy_AE_Pro Page 28 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Assessment Checklist The assessment checklist will be used by the assessor to capture evidence of your performance in any type of project. This checklist outlines all the required criteria you will be marked on. All criteria described in the assessment checklist must be met. Table 10 Assessment Checklist TASK/ STEP # Instructions S U/S Assessor Comments 1 Part 1, task 1 The student has researched, described and explained three different ethical theories and approaches. Date of Observation: Assessors are to record their observations in enough detail to demonstrate their judgement of the students' performance against the criteria. 2 Part 1, task 2 The student has described the purpose and intention for developing and implementing Gelos' IP, ethics and privacy policies and procedures. 3 Part 1, task 3 The student has briefly explained the principles applied in Gelos' IP, ethics and privacy policies and procedures. Document title: Cl_SecurityPrivacy_AE_Pro Page 29 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
TASK/ STEP # Instructions S U/S Assessor Comments 4 Part 2, task 1, scenario 1 Student has reviewed current standards, practices and procedures relating to Gelos workplace information. (first occasion) The student has identified Gelos risk assessment and identification processes The student has assisted with identifying and observing internal and external non-compliance infringements (internal infringement). Student has identified Gelos procedures which need to be improved and maintained (first occasion) The student has assisted with identifying the non-compliance incidents and risks within an organisation. 5 Part 2, task 2, scenario 2 Student has reviewed current standards, practices and procedures relating to Gelos workplace information. (external infringement) Document title: Cl_SecurityPrivacy_AE_Pro Page 30 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
TASK/ STEP # Instructions S U/S Assessor Comments The student has assisted with identifying and observing internal and external non-compliance infringements (second occasion) The student has identified sensitive data in own workplace according to Gelos policies Student has identified Gelos procedures which need to be improved and maintained (second occasion) 6 Part 3, task 2 Student outlined how they will modify behaviour as a result of receiving new information 7 Part 4, task 1 The student has efficiently and logically sequenced the stages of data management 8 Part 4, task 2 Student has made required changes, supported Gelos data maintenance and confirmed that the data is accurate, up to date and comprehensive Document title: Cl_SecurityPrivacy_AE_Pro Page 31 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
TASK/ STEP # Instructions S U/S Assessor Comments The student has correctly interpreted mathematical data by checking the accuracy of the total 9 Part 4, task 3 Student has applied privacy policies to all files and data devices that require confidentiality (USB encryption and password protected document) Student has stored and shared PII in a secure manner 10 Part 4, task 4 Student competently conducted backup of on-site and off-site data according to Gelos policies and procedures 11 Part 4, task 5.1 Student has supported data maintenance by correctly completing the Gelos privacy impact assessment and confirming compliance 12 Part 4, task 5.2 Student has correctly identified different types of intellectual property (IP) by completing the Gelos Asset Information Register 13 Part 4, task 6 Student correctly identified and reported malfunctioning Document title: Cl_SecurityPrivacy_AE_Pro Page 32 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
TASK/ STEP # Instructions S U/S Assessor Comments infrastructure and attacks on infrastructure Document title: Cl_SecurityPrivacy_AE_Pro Page 33 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Appendix A – Long descriptions for screenshots Long descriptions for screenshots used in Task 6 Screenshot 1 is of an error message screen Heading which reads: Virus and threat protection Protection for your device against threats. Sub-heading: Current threats Threats found. Start the recommended actions. Virus: DOS/EICAR_Test_File 7/15/2021 4:15AM (Active) Severe Button which says Start actions Screenshot 2 is of an error message screen The title bar reads: Operational Number of events: 92 (!) New events available Below the title bar is the information: Event 1116, Windows Defender General tab is selected Message reads: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/? linkid=370208&name=HackTool:Win32/Mimidatz.gen! H&threatid=21477840248&enterprise=0 Name: HackTool:Win32/Mimikatz.gen!H ID: 2147784024 Severity: High Category: Tool Path: containerfile: C:\Users\student\Downloads\mimikatz_trunk.zip followed by a long link address The bottom section of the screenshot includes other details such as Log Name, Source, Log date, Event ID, Task Category, Level, Keywords, User, computer name, OpCode and a link to more information. Document title: Cl_SecurityPrivacy_AE_Pro Page 34 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Document title: Cl_SecurityPrivacy_AE_Pro Page 35 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 3 is of an error message screen Title bar reads: Event 63, WMI General tab is selected A provider, MDWmiBridgeProv1, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged, and the provider may cause a security violation if it does not correctly impersonate user requests. The bottom section of the screenshot includes other details such as Log Name, Source, Log date, Event ID, Task Category, Level, Keywords, User, computer name, OpCode and a link to Event Log Online Help. Document title: Cl_SecurityPrivacy_AE_Pro Page 36 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Assessment feedback NOTE: This section must have the Teacher/Assessor and student signature to complete the feedback. If you are submitting through the TAFE NSW online learning platform, your Teacher/Assessor will give you feedback via the platform. Assessment outcome Satisfactory Unsatisfactory Assessor feedback Has the assessment declaration for this assessment event been signed and dated by the student? Are you assured that the evidence presented for assessment is the student's own work? Was reasonable adjustment in place for this assessment event? If yes, ensure it is detailed on the assessment document. Comments : Assessor name, signature and date Student acknowledgement of assessment outcome Would you like to make any comments about this assessment? Student name, signature and date Document title: Cl_SecurityPrivacy_AE_Pro Page 37 of 37 Resource ID: PRJ0011693_Cl_SecurityPrivacy_AE_Pro
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

CIS1130Topic14Labs.docx
MIS255_Assgn3_KTran1.docx
MIS255_Assgn3_KTran2.docx
CIS 1130 Topic 9 Labs.docx
Journal Tester 4-3 (1).docx
Answerbook. Tanvir Singh, 13250716, SITXCCS008.docx
Chapter 5 - CO Answer Sheet (1).docx
Chapter 3 - Inventory Management Answer Sheet(1) (1) (3).docx
Chapter 1 - Navigation Answer sheet (1).docx
Chapter 2 - Data Exploration Anwser Sheet(1).docx
assingment2.pdf
Study skills and student support_VU23094_Task 1_Student 2023 (1).docx