The document outlines an assessment task for a university course on Information Security Management. Students are to analyze a scenario involving an organization called Auto-fishing Group and develop an 'Use of Personal Digital Devices Policy' for the organization. The policy must include sections on purpose, authorized uses, prohibited uses, systems management, violations, review/modification, limitations of liability, and justifications/assumptions. Students will be marked based on addressing these criteria. The scenario provided involves Auto-fishing Group, a cooperative of Tasmanian fishermen that uses technology to locate fish and deliver directly to customers.
Coit20263 information security management assignment 2
1. 1 | 4
Need this or a similar Assignment
Contact: qualityonewriters@gmail.com
Whatsapp/Call: +91-9502220077
COIT20263 Information Security Management (Term 1, 2017)
Assessment Item 2—Practical and Written Assessment
Due date: 11:30pm AEST, Friday, Week 7 ASSESSMENT
Weighting: 35%
2
Length: 2000 words (±500 words)
Objectives
This assessment task can be undertaken in a group of up to 4 members or individually. Each
group/student will analyse the scenario given on page 3, and develop and document the specified
Issue Specific Security Policy (ISSP) for the organisation.
Assessmentcriteria
The students are assessed against their ability to analyse the given scenario and develop the specified
ISSP.
The marking criteria for Assessment Item 2 are provided on page 4.Students need to familiarise
themselves with the marking criteria to ensure that they have addressed them when preparing the
document for this assessment item.
Assessment Task
Each group/studentis required to analyse the scenario given on page 3 and develop a ‘Use of Personal
Digital Devices Policy’ for the organisation described in the scenario.
The ISSP should include:
1. Statement of Purpose
2. Authorised Uses
3. Prohibited Uses
4. Systems Management
5. Violations of Policy
2. 2 | 4
6. Policy Review and Modification
7. Limitations of Liability
You also need to include a section containing the justification of the contents of your policy as well as
any assumptions that you have made.
Note:Each student in the group needsto upload the ISSP document of their group to Moodle. You
must follow the Harvard citation and referencing guidelines when writing the ISSP document and
include a reference list.
Please do not include an executive summary, a table of contents, an introduction or a conclusion.
Please use the ‘Template for Your Answers’ Section of this document and upload only that template.
Check the unit website at least once a week for further information relating to this assessment task.
Please ensure that you write your answers in your own words to avoid possible plagiarism and
copyright violation. You can understand the Plagiarism Procedures by following the corresponding
link in the CQUniversity Policies section of the Unit Profile.
Submission
To be submitted online through the COIT20263 Moodle unit website assessment block on or before
the due date.
3. 3 | 4
The Scenario for Information Security Management Assessment Tasks
Auto-fishing Group (AG) is a cooperative society of fishermen in Tasmania establisheda year ago.
AG was established to increase the fish yield of its member fishermen and supply the fish to the
consumers as quickly as possible at a reasonable price. Using sophisticated technology, including
Unmanned Aerial Vehicles (UAVs),the fishermen locate the schools of fish suitable for consumption
without catching them indiscriminately and thereby reducing over fishing. AG directly supply the fish
from the fishermen to the customers without an intermediary. To this end, AG has its own vehicles,
ten distribution centres along the coast of the state and three distribution vehicles at each distribution
centre. Each fisherman will be affiliated to a distribution centre.
AG operates from a small office in Hobart. When a customer places an order using the application of
AG or over the phone, the order is processed using a proprietary software program of AG. By using
this software,AG is only be able to receive the optimum quantity of fish from the fishermen on time
but also be able to deliver the order to the customers quickly. This whole process is automated with
the help of on-board computers on the distribution vehicles connected to the office of AG and the
mobile devices of the fishermen.
The fishermen can get connected to the Internet and post questions to online forums. AG also has an
online banking society that provides most of the main banking facilities of other banks to its member
fishermen.
AG also has a marine and fisheries training centre in Hobart. The centre has a managing director, a
secretary and two instructors. There are 20 students at any time in the training centre,participating in
the classes. The instructors can show the students the live videos of fish shoals and schools as well as
the techniques used by the fishermen. The network of the training centre is a part of the network of
AG. AGneeds the guarantee that their proprietary application, and various data and information in
their information system are secured.
After the success in Tasmania, AG expanded its services to fishermen and customers in Victoria as
well.
As the society was established last year, the information security policies have not yet been
developed. The society is now in the process of developing a comprehensive set of information
security policies for its information system.
Note: This scenario was createdby Dr Rohande Silva on 10thDecember2016andno part of this scenario shouldbe reproducedby any
individual or an organisationwithout written permissionfromCQUniversity, Australia.
4. 4 | 4
Marking Criteria
Section
HD D C P F
Max Mark Mark
6 5.1 4.8 4.5 4.2 3.9 3.6 3 2.7 0
Assumptions Listedall assumptions.
Some assumptions
missing.
Most assumptions
missing.
Not clear and most
assumptions
missing.
All assumptions missing. 6
Section
HD D C P F
3 2.55 2.4 2.25 2.1 1.95 1.8 1.5 1.35 0
Statement ofPurpose Containedall information in detail.
Containedall information
but not enough detail.
Had too brief or
missing information.
Not clear but
contained most
information.
Not clear and most
information missing. 3
Authorised Uses Containedall information in detail.
Containedall information
but not enough detail.
Had too brief or
missing information.
Not clear but
contained most
information.
Not clear and most
information missing.
3
Prohibited Uses Containedall information in detail.
Containedall information
but not enough detail.
Had too brief or
missing information.
Not clear but
contained most
information.
Not clear and most
information missing. 3
Systems Management Containedall information in detail.
Containedall information
but not enough detail.
Had too brief or
missing information.
Not clear but
contained most
information.
Not clear and most
information missing. 3
Violations ofPolicy Containedall information in detail.
Containedall information
but not enough detail.
Had too brief or
missing information.
Not clear but
contained most
information.
Not clear and most
information missing. 3
Policy Review and Modification Containedall information in detail.
Containedall information
but not enough detail.
Had too brief or
missing information.
Not clear but
contained most
information.
Not clear and most
information missing. 3
Limitations and Liability Containedall information in detail.
Containedall information
but not enough detail.
Had too brief or
missing information.
Not clear but
contained most
information.
Not clear and most
information missing. 3
Section
HD D C P F
6 5.1 4.8 4.5 4.2 3.9 3.6 3 2.7 0
Justification
Focussed and contained all
information in detail.
Focussed and contained
but not enough detail.
Focussed but some
information missing.
Not clear but
contained most
information.
Not clear and most
information missing.
6
Section
HD D C P F
2 1.7 1.6 1.5 1.4 1.3 1.2 1 0.9 0
References
All references are listedaccordingto
Harvardreferencestyle.
A few referencingerrors.
Not all references are
listed but correctly
referenced..
Many references
missing
No or incorrect reference
list.. 2
5. 5 | 4
TEMPLATE FOR YOUR ANSWERS
COIT20263 Information Security Management - Assessment Item 2 (Term 1, 2017)
Names and student numbers of group members:
Use ofPersonal Digital Devices Policy Mark
allocated
Mark
earned
Assumptions 6
1 Statement of Purpose 3
2 Authorised Uses 3
3 Prohibited Uses 3
4 Systems Management 3
5 Violations of Policy 3
6 Policy Review and Modification 3
7 Limitations of Liability 3
Justification 6
References 2
Late submission penalty
Plagiarism penalty
Total 35