BIT361-Security Management and Governance
Case study scenario
Climate Craft has asked that you provide some assistance with their Information Security Policy and some assistance with performing and evaluating a Cost Benefit Analysis. Currently, Climate Craft does not have a formal structure for policy documents. They have provided some questions that will provide them with the information they need.
Q1. Identify the components that are required in a policy document. Be sure to include all non-content elements as well (e.g. Title, Dates,…). Describe each of these components and briefly discuss why they are required to be included in policy documents. This must be answered in your own words.
Q2. Every staff member of Climate Craft is provided with a company email address which is controlled by Climate Craft’s email policy. This policy restricts the use of company email services to company business and that all company email correspondence must be conducted using the company provided email service. Personal email accounts are not to be used on company owned networks or equipment.
A.Suggest a program to ensure awareness and compliance to the policy.
B.Describe how you could determine the success of the program?
Q3. Climate Craft has identified several possible control measures for the improvement of their information security. Currently the data in Table 1 and Table 2 below has been determined.
A.Complete a Cost Benefit Analysis for the items in the tables below. Show all calculations.
B.Discuss, in detail, which of these controls should be implemented, considered, or rejected.