Your team has been hired as consultants to bring GALA's information security up to an acceptable standard. To achieve this, you will need to undertake and complete the following activities:
1. A project plan which incorporates the essential components of project management. This will include personnel, the activities to be undertaken by each team member, a timeline using an appropriate planning tool, the risks and threats to successful completion of the project.
2. A risk assessment of the threats faced by GALA's information assets. Your risk assessment must be conducted according to ISO 31000:2009, the risk assessment standard. Also consider HB167 in your reading for this task. The information assets to be considered are: data storage (staff home drives etc), email, student records database, course management system (database), and the student enquiry management system. You will also need to identify and assess other information assets, risks and threats that Get A Life Advanetures may be subject to.
3. Develop an information security policy for GALA. As well as internal considerations about protecting information assets, you also need to consider the external compliance issues. e.g. Western Australian State legislation, Federal legislation, telecommunications legislation etc. This policy must be completely your own work, however it is suggested that you use ISO27002 5.1 Information Security Policy as a guideline to help you achieve this particular task. This two page document outlines all the key areas. Polices which contain any elements of "copy and paste" will result in a grade of zero (0) for this element of the assignment, and may also lead to a reduction in marks for the assignment overall.
4. Develop a security awareness and training (SEAT) program for users of GALA information assets relevant to USB dropping or the use of social networking media (Your group will be assigned ONE of these topics when you submit your group members to Blackboard). This will consist of a set of training materials to educate users about the risks and threats they face as end users of GALA's information assets.