The company SMS and the company description available

/0 Comments/in /by

You work is based on the company SMS and the company description available. The work will be carried out in your student groups, but the report must clearly state who did what in the assignment.

The company SMS and the company description available

Instructions Assignment 1

General description: You work is based on the company SMS and the company description available. The work will be carried out in your student groups, but the report must clearly state who did what in the assignment. It is up to you to decide what is a reasonable limit for the task. Keep in mind that demarcation can be the hard part to solve.

The task is also to determine the limit against the course schedule. Be sure to motivate your demarcation. The work will be carried out with the tools provided and based on ISO/IEC 27001 and MSB’s method support.

Aim
Analyse Business and Environment Identify and analyze operations and the outside world related to information security based on:

Firstly, business

Secondly, internal stakeholders

Thirdly, internal prerequisites

Fourthly, information assets Environment

Further, external stakeholders

Additionally, external prerequisites

Further, legal requirements

More information about Analyse Business and Environment

Analyse Risk

Perform a risk analysis with a focus on information security by:

Firstly, Select appropriate information assets to proceed with

Secondly, Identify and  threats vulnerability

Thirdly, Make a risk assessment – Consequence and Probability

Fourthly, develop suggestions for action

More information about Analyse Risk

Analyse Gap
Perform a Gap analysis with a focus on information security by:

Firstly, Identify the applicability of security controls

Secondly, document the current situation

Thirdly, document improvement suggestions

More information about Analyse Gap

Submission 1
Submission 1 takes place in a written report and via an oral presentation. The information must be submitted by the deadline (see Canvas/Assignment). Report structure as follows: • Title page with the title of work, name, also email address of all participants in the group • Table of Contents
1 Introduction
2. Analysis Business and Environment
2.1 Identify and analyse the business
2.1.1 Internal Stakeholders 2.1.2 Internal Prerequisites 2.1.3 Information Assets
2.2 Identify and analyse the environment
2.2.1 External Stakeholders 2.2.2 External Prerequisites 2.2.3 Legal Requirements
3. Risk Analysis
3.1 Selected area of Analysis 3.2 Threats and Vulnerabilities 3.3 Risk Assessment
3.3.1 Identify Consequences 3.3.2 Identify Likelihood
3.4 Develop Action Proposal
4. Gap Analysis
4.1 Identify the Applicability of Security Controls 4.2 Document the Current Situation 4.3 Document Improvement Suggestions
5. Conclusion and Discussion
6. Reflections

References • Any attachments

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *