BSBXCS402 Promote Workplace Cyber Security Awareness and Best Practices

/ / Published in Computer Science
BSBXCS402 Promote Workplace Cyber Security Awareness and Best Practices

Online Help on BSBXCS402 Case Study Assessment

Specific task instructions

The instructions and the criteria in the case study will be used by the teacher/assessor to determine whether you have satisfactorily completed the Case Study Scenario. Use these instructions and criteria to ensure you demonstrate the required knowledge.

Written Answers

In this assessment you must word-process all your answers. Ensure that your answers are tidy and accurate with correct spelling and grammar.

It is important that you always enter your name on the bottom of each page of the assessment including any additional pages.

Resources

Throughout this assessment there are explicit references to a range of resources including software applications, hardware, tools and website links. At the time of writing this assessment, the versions and links of these resources were correct. It is expected that over time this may change.

In addition, your teacher/assessor may prefer a suitable alternative resource. They will let you know if there are any alterations to prescribed resources.

Contact your teacher/assessor if there are any issues associated with a resource.

Bibliography & References

In some parts of this assessment you will be conducting research. To support your answer, you will need to provide a Bibliography listing of all your references. For more information on how to prepare a Bibliography go to the TAFE Library Services – Researching and Referencing: Referencing Skills.

( Long URL: https://tafensw.libguides.com/research/referencing )

You should use either a Harvard or APA reference style.

An example of a webpage reference, using Harvard reference style is:

Barracuda Cloud-to-Cloud Backup, viewed 1 December 2020, https://www.barracuda.com/products/cloudtocloudbackup

TAFE library staff are available to provide help if needed.

Task directions

To complete this assessment, first read the Cyber security awareness and best practice for Gelos Enterprise staff scenario below.

Once you have read the information, complete your responses to tasks as directed. Ensure that you take note of the volume of response requirement where indicated.

All responses must:

  • Address all parts of each task with examples as appropriate.
  • Use clear and concise language to ensure the intended meaning is understood.

Once completed, submit this assessment to the teacher/assessor for marking.

Scenario – Cyber security awareness and best practice for Gelos Enterprise staff

Gelos Enterprises are very aware of possible cyber security threats to the business and are committed to maintaining cyber security best practice. This applies to not only the ICT staff but to all Gelos Enterprises staff.

Two surveys have been conducted of all staff in selected departments:

  • Gelos Enterprises Cyber Security Awareness Survey – to determine the overall level of cyber security awareness in the organisation.
  • Gelos Enterprises Cyber Security Practices Survey – to determine the overall level of adherence to required cyber security practice in the organisation.

The questions in these surveys are associated with Gelos Enterprises’ existing policies and procedures relating to cyber security awareness and practices.

You will notice in the survey that results have been listed by department. To promote cyber security awareness and best practice a program needs to be created and arranged. This program will include a range of activities and practices.

Your role

You are working as an ICT Trainee for Gelos Enterprises. You have been asked to contribute to the creation of a program to promote workplace cyber security awareness and best practices.

Your supervisor is Amanda Bowker and the ICT Security Senior Manager is Terrence Stewart

Gelos Enterprises cyber security survey results

Gelos Enterprises has conducted a survey of all staff, in selected departments, of their current level of cyber security awareness and adherence to required practices. These results have been provided in the files Gelos_Cyber_Security_Awareness_Survey_Results.xlsx and Gelos_Cyber_Security_Practices_Survey_Results.xlsx.

In these spreadsheets are a list of questions and responses organised by department. Graphs have been included to summarise results by question, department, and overall organisational results. You will need to review Gelos Enterprises Policies and procedures to determine the “correct” answer to each question.

Part 1: Develop cyber security awareness

In this part of the assessment you will develop cyber security awareness in the work area by establishing the current level of awareness, creating a cyber security awareness program and contributing to cyber security related policies and procedures.

Task 1.1 – Establish current level of cyber security awareness

  1. Interpret the results of the Gelos Enterprises Cyber Security Awareness Survey to establish the current level of cyber security awareness in the work area, as required by Gelos Enterprises’ Policies and Procedures.

Determine the correct answers to the questions, and how many from each department provided the correct answer to each question. Include this data on the Overall Results sheet in the Gelos Enterprises Cyber Security Awareness Survey. The remaining data and graph will populate automatically.

Save this file as Gelos_Cyber_Security_Awareness_Survey_Results_yourname.xlsx and include this in your submitted assessment.

Check your answer with your teacher/assessor before progressing with this assessment.

  1. Reflect on the questions’ results by department and the overall organisation making reference to the relevant Gelos Enterprises Policies and Procedures.

Indicate if overall each department, and the organisation as a whole, has a strongneeds some improvement, or weak level of cyber security awareness by selecting from the dropdown menu.

Use the following table for your answer. You may use point form in your answer.
(50 words each row)

Task 1.2 – Create and maintain Cyber Security Awareness Program

  1. Create a program to promote cyber security awareness. This Cyber Security Awareness Program must reflect Gelos Enterprises’ organisation-wide best practice and policies and procedures.

In your program you need to include different activities which will satisfy the following criteria:

  • Gains support from executives.
  • Launches the program to the entire organisation.
  • Gains engagement from each department staff member.
  • Provides for remote workers or workers who only attend the office one or two days a week.
  • Makes use of a range of different technology platforms including remote working technology, such as MS Teams or Learning Managements Systems, for example Moodle.
  • Provides continual reminders to be cyber security aware.
  • Provides updates on cyber security matters.
  • Provides scheduled training activities within the normal business day.
  • Provides anytime training activities.
  • Relates to at least two different cyber security matters.

One activity in your program may satisfy two or more of these criteria.

Include at least five activities in Cyber Security Awareness Program.

You do not need to be limited to structured training activities in your program. You may choose from a range of different communication means suitable for a work environment such as emails, online meetings, promotional material, newsletters, intranet etc.

Use the following table, Cyber Security Awareness Program, for your answer adding additional table rows as needed. A sample answer has been included for reference.

(Approx. 100 words)

Scenario – Updates to Cyber Security Awareness Program

Gelos Enterprises’ CEO Catherine Dunn, has mandated that cyber security awareness should be a standing agenda item in each department’s weekly meeting. This must be reflected in the Cyber Security Awareness Program.

  1. Maintain your existing Cyber Security Awareness Program (See Task 1.2 a above) to satisfy the above requirement. To show that you have updated your program, highlight this entry by making the entire row text blue.

Task 1.3 – Develop cyber security policies and procedures

Scenario – Use of USB flash drives at Gelos Enterprises

A cyber security breach incident recently took place at Gelos Enterprises. A Gelos Enterprises employee used a personal USB flash drive that had been infected with malware, in a Gelos Enterprises staff computer. This USB flash drive had been infected when used on a “free” Wi-Fi network at a local hamburger restaurant. Although current Gelos Enterprises anti-malware software detected the malware this time, ICT staff are concerned that this may occur again and lead to a full malware infection and a possible ransomware attack.

For this reason, the following decisions have been made:

  • Personal USB flash drives are banned from use on Gelos Enterprises computers or worker’s personal computers which remotely connect to the Gelos Enterprises network.
  • MS OneDrive cloud storage is the preferred method of sharing documents both internally on the Gelos Enterprises in-house network and externally through remote access.
  • USB flash drive use is to be kept to an absolute minimum for an unavoidable business need, only with the emailed approval of an employee’s manager and only on Gelos Enterprises supplied laptops.
  • Files and data stored on USB Flash drive should be kept to a minimum to meet the immediate unavoidable business need.
  • All USB flash drives are to be sourced from ICT Service Desk personnel who will provide an encrypted USB flash drive that is password protected. A recovery key will need to be set. Appropriate labelling will be used.
  • A register of USB flash drives will be kept and maintained by ICT Service Desk personnel.

All staff are to be informed of this requirement, however, feedback must first be gained from the Gelos Enterprises heads of department. This policy and procedure will be stored on Gelos Enterprises’ intranet.

  1. Develop a policy and procedure that promote cyber security awareness and practices relating to use of USB flash drives in the Gelos Enterprises workplace. To do this:
  • Identify a suitable policy title .
  • Summarise the policy statement to reflect Gelos Enterprises’ stance on USB flash drives.
  • Identify the scope of the procedure including to whom this policy/procedure applies and when the policy/procedure must be followed.
  • Outline the procedure staff must follow to gain access to a USB drive.
  • Identify any related policies and procedures which an employee must also refer to when viewing this policy & procedure.

use the Gelos Enterprises Policy and Procedure Template in the following table to document your answer.

  1. Prepare an email to be sent to the ICT manager, requesting feedback on the new cyber security related policy and procedure for use of USB flash drives.

In this communication you need to:

  • outline the reasons for the new policy and procedure
  • summary of the overall policy and procedure
  • CC your supervisor.

Follow the Gelos Enterprises Policy and Procedure Template for emails in the following table to prepare your email.

Ensure that you write your email in a business-like manner that would be appropriate when communicating with other staff members.

Hint: Write this email as if you were communicating with an executive, who has limited time to read emails and attached forms, but still needs to be aware of what is happening in the organisation.

Use the area below for your answer. (Approx. 50 words)

Part 2: Support effective cyber security practices

In this part of the assessment you will support effective cyber security practices in the work area by reviewing the cyber security practices in the organisation, arranging training and updates for the areas of immediate concern and then reporting insights on this to the required personnel.

Task 2.1 – Review cyber security practices

  1. Interpret the results of the Gelos Enterprises Cyber Security Practices Survey to review the current level of adherence to cyber security practice, as required by Gelos Enterprises Policies and Procedures.

Determine the correct answers to the questions and how many from each department provided the correct answer to each question. Include this data on the Overall Results sheet in the Gelos Enterprises Cyber Security Practices Survey. The remaining data and graph will populate automatically.

Save this file as Gelos_Cyber_Security_Practices_Survey_Results_yourname.xlsx and include this in your submitted assessment.

Check your answer with your teacher/assessor before progressing with this assessment.

  1. Reflect on the questions results by department and the overall organisation making reference to the relevant Gelos Enterprises Policies and Procedures.

Indicate overall if each department, and the organisation as a whole, has a strongneeds some improvement, or weak level of adherence to the required cyber security practice by selecting from the dropdown menu.

  1. Identify the areas of cyber security practices which are an immediate concern for the organisation.

Use the following table for your answer. You may use point form in your answer.
(Approx. 50 words each row)

Task 2.2 – Arrange training and provide updates

  1. Create a schedule to arrange training to colleagues that will support cyber security practices or awareness.

In your Cyber Security Training Schedule, you need to include different activities which will satisfy the following criteria:

  • Provides scheduled training activities within the normal business day. Scheduled activities must occur within the next two weeks.
  • Provides anytime training activities
  • Relates to two different cyber security matters that were identified as areas of immediate concern in either the Gelos Enterprises Cyber Security Practices Survey. (See Task 2.1)
  • Makes use of a range of different technology platforms including remote working technology i.e. MS Teams or Learning Managements System i.e. Moodle.

One activity in your schedule may satisfy two or more of these criteria.

No activity should take more than two hours to complete.

Include four different activities in Cyber Security Training Schedule.

Use the following table, Cyber Security Training Schedule, for your answer adding additional table rows as needed. A sample answer has been included for reference.

(Approx. 100 words)

Scenario – Training numbers

All scheduled training activities have now been completed. Many staff have also completed online anytime training activities. You have been supplied with the Gelos Enterprises Cyber Security Training Staff Attendance Sheets for each activity. These attendance sheets include Gelos Enterprises employee’s name and department.

You have been asked by your supervisor to update the training records to include a summary of the attendance details by department and overall. This will later be presented to the Executive. The total number of staff in each Department has been included for reference in Task 2.3.

  1. Maintain the training records to reflect the employee’s attendance at the Cyber Security training.

To do this calculate the attendance counts for each activity and departmentInclude this data on the Overall Results sheet in the Gelos Enterprises Cyber Security Training Attendance. Include your activity titles with your results. The remaining data and graph will populate automatically.

Save this file as Gelos_Cyber_Security_Training_Staff_Attendance_Sheets_yourname.xlsx and include this in your submitted assessment.

Scenario – Cyber awareness training for Executive staff

Gelos Enterprises’ ICT Security Manager has requested a cyber security awareness training session, to be provided to the executive staff, immediately following their weekly meeting. This weekly meeting takes place in the boardroom on Monday 10:00am to 12:00pm. The training must only take 30 minutes.

This will be communicated to all Heads of Departments through your manager.

  1. Prepare an email, to be sent to your manager, informing them of the update to the Cyber Security Training Schedule.

In this communication you need to identify the changes to the Cyber Security Training Schedule.

You do not need to update your Cyber Security Training Schedule at this time.

Ensure that you write your email in a business-like manner that would be appropriate when communicating with other staff members.

Use the table below for your answer. (Approx. 30 words)

Task 2.3 – Present insights from review and training

To complete this part of the assessment, you must participate in a role play to demonstrate your ability to complete skills-based tasks to industry standards. The role play will be observed by your teacher/assessor.

Your responses will be used as part of the overall evidence requirements of the units.

You should refer to the list of criteria provided in Observation Checklist 1 to understand what skills you need to demonstrate in this section of the assessment. This checklist outlines the assessment criteria used to assess your performance.

Scenario – Presenting insights to Gelos Enterprises Executive

Your supervisor, Amanda Bowker has asked you to present your findings from the Gelos Enterprises Cyber Security Practices Survey and your Cyber Security Training Schedule to the Gelos Enterprises executive including your manager, Terrence Stewart.

The executives are particularly concerned about the level of adherence to cyber security practices in the organisation and would like to discuss what their next steps might be to address this issue.

This presentation will be delivered to the executive online, using MS Teams and MS PowerPoint. The executive will later need to refer back to this presentation and will therefore need speaker’s notes as a form of documentation.

Gelos Enterprises ICT Security Senior Manager, Terrence Stewart role

Terrence is a stakeholder in this presentation and asking you questions about the content, such as:

  • Overall, how did the organisation go in the Cyber Security Practices Survey?
  • Which department overall had the greatest need for improvement?
  • What areas have you specifically targeted in the training program? Why?
  • What would have been the potential impacts on the organisation if this continued?
  • How well was the training attended? Did all departments participate?
  • What are the next areas training should be provided in?

Gelos Enterprises Human Resources Director, Frankie Mitchell role

Frankie is another stakeholder in this presentation and asking you questions about the content, such as:

  • How did the HR department perform in the Cyber Security Practices Survey?
  • Are there any questions that HR staff performed badly on? Was this included in the training program?
  • Did HR staff have good attendance at the training?
  • What are the next areas training should be provided?

Your role

You must demonstrate the following in this role play:

  • Present insights from the Cyber Security Practices Survey review including identifying the cyber security practices areas of immediate concern.
  • Explain the potential impact on the workplace if this area was not addressed.
  • Provide an overview of the Cyber Security Training Schedule that you developed.
  • Present insights on the provided training, based on attendance levels.
  • Consult with the stakeholders so that they can decide on the next areas of training.

Your presentation must be created in MS PowerPoint and should be well structured and professional in appearance, including:

  • suitable design layout/template for the target audience and topic
  • title slide
  • table of contents slide
  • speakers notes on each slide
  • one slide per topic
  • tables, graphs or diagrams with supporting data
  • closing slide to trigger discussion
  • no more than ten slides in total.

Location

This presentation is to be implemented as a tele-conference (MS Teams teleconference) with the student, “Terrence Stewart”, “Frankie Mitchell” and teacher/assessor participating.

Resources

None required.

Time allowed

This role play will take approximately 10 to 15 minutes.

Evidence

You will need to submit your presentation as Gelos_Insights_Presentation_yourname.ppt.

Observation Checklist 1

The Observation Checklist 1 will be used by your teacher/assessor to mark your performance in the Part 2 Task 2.3. Use this checklist to understand what skills you need to demonstrate in the role play scenario. The checklist lists the assessment criteria used to determine whether you have successfully completed this assessment event. All the criteria must be met. Your demonstration will be used as part of the overall evidence requirements of the unit. The teacher/assessor may ask questions while the demonstration is taking place or if appropriate directly after the task/activity has been completed..

Part 3: Review cyber security awareness

In this part of the assessment you will review the cyber security awareness in the work area by reviewing, documenting and communicating researched information on the latest cyber threats and trends that could impact the organisation.

Scenario – Cyber security best practice

You have been asked by your supervisor to research the latest cyber security threats and trends to determine if Gelos Enterprises is maintaining best business practice.

Your manager is keen to hear your suggestions for improvement to Gelos Enterprises’ business practice, however, these ideas must be supported with relevant reliable information sources.

When you have completed your work, you will review this with your supervisor and then communicate this with the ICT Security Senior Manager, copying in your supervisor.

Task 3.1 – Review latest cyber security threats and trends

Review the latest cyber security threats and trends impacting organisations and make suggestions for improvements.

To do this:

  • Research online to find two cyber security threats and two cyber security trends.
  • Document your review by including a topic and a summary for each threat/trend.
  • Include your references for your research.
  • Identify a suggested improvement to the business practices of the organisation in response to the threat / trend.
  • Follow the relevant Gelos Enterprises’ policy and procedure.
  • Use the following Gelos Enterprises Suggestion Form to document the outcomes of your review.

Use the following tables for your answer. You may use point form for your answer.
(Approx. 20 to 40 words each)

Task 3.2 – Communicate review outcomes and suggested improvements

Based on the findings of your review of cyber security threats and trends, prepare an email to be sent to required personnel for their consideration.

In this email you will communicate your review outcomes and suggested cyber security improvement requirements. This must be done according to Gelos Enterprises’ policies and procedures.

In this email you need to:

  • Outline the overall outcomes of your review .
  • Identify your suggested improvements requirements for the organisation.

You can assume that your improvement forms are attached to the email.

Ensure that you write your email in a business-like manner that would be appropriate when communicating with other staff members.

Hint: write this email as if you were communicating with an executive, who has limited time to read emails and attached forms but still needs to be aware of what is happening in the organisation.

Use the following table for your answer. (Approx. 50 words)

What you can read next

BUS5AP Business Application of Analytics
BUS5AP Business Application of Analytics
CRH503 E-health Privacy and Security Issues
CRH503 E-health Privacy and Security Issues
CSE5CFN Computer Forensics
CSE5CFN Computer Forensics

Leave a Reply

Your email address will not be published. Required fields are marked *