Professional Documents
Culture Documents
VU23213 MP AT2 Policy Review
VU23213 MP AT2 Policy Review
Decision making To achieve an overall satisfactory result for this assessment task:
rules
All questions must be answered satisfactorily.
Learner In this written task you will review the organisation’s security policy and
instructions identify current procedures and areas for continual improvement to
protect the business from cyber threats.
For this task you will:
Complete it individually.
Write answers to all questions.
Complete it in your own time and submit it by the due date.
Have time to read and review the assessment task in class.
Submit your assessment via Moodle.
If you have any questions about the task or concerns about your ability to
complete the task, please discuss this with your assessor.
Safety:
You must follow all safety requirements set for the assessment
environment to ensure the safety of yourself and others.
If you feel unsafe for any reason, stop participating in the assessment
and inform your assessor.
The assessor will stop the assessment immediately if the safety of any
person or property is at risk.
If an assessment is stopped, alternative arrangements for assessment
can be discussed with the assessor.
Scenario
You are a cyber security technician at MP Tech and are required to review the organisation’s
security policy. You will need to source the MP Tech cyber security policy from the VU23213 Moodle
site, read the document and answer all of the questions.
a. Does the policy include provisions for visitors’ access and external technical
personnel access? Yes or No
1 b. Do you consider this access information needed in the policy? Why?
c. List 4 associated risks to the business
ANSWER
a. NO
Yes, it is important to include provisions for visitors' access and external technical
personnel access in the policy. Visitors and external technical personnel may pose
b. potential security risks if their access is not properly managed and controlled.
Including specific guidelines for these scenarios helps ensure that security measures
are in place, reducing the risk of unauthorized access and potential security breaches.
Unauthorized Access: Without clear policies for visitors and external technical
personnel, there is an increased risk of unauthorized individuals gaining access to
sensitive areas or information, potentially leading to security breaches.
Data Breach: Lack of controls for external technical personnel could result in
unauthorized access to sensitive data, leading to data breaches and potential legal
and reputational consequences for the business.
c.
Physical Security Concerns: Visitors' access without proper guidance may pose
physical security risks, such as tailgating or entry to restricted areas, compromising
the overall security posture of the business.
ANSWER
The policy could provide more specific guidelines on acceptable social media use. For
example, it could specify what constitutes professional and responsible use, outline
1. potential risks associated with social media activities, and provide examples of
prohibited actions.
To enhance cybersecurity, the policy could include a section on best practices for
securing personal and organizational information on social media platforms. This
might include recommendations on privacy settings, two-factor authentication, and
2. guidelines for recognizing and avoiding social engineering threats on social media.
List the people in the organisation with access to official-sensitive data and how they
3 are authorised.
ANSWER
The policy does not explicitly specify the individuals or roles within the organization that have
access to official-sensitive data and how their authorization is granted.
Are the current measures secure for electronic data and the printed
Printed For printed documents, introducing a secure printing and release system can
documents enhance security. This ensures that sensitive documents are only printed when
Are the current measures secure for electronic data and the printed
Introducing regular security training and awareness programs for employees can
contribute to an overall improvement in data security. Educating personnel on
Improvemen
best practices, recognizing social engineering tactics, and reinforcing the
t
importance of data protection can help create a security-aware culture within the
organization
Review the Privacy Impact Assessment section. How could this section be improved?
5
ANSWER
Provide a brief overview of the Privacy Impact Assessment process, outlining the key steps
involved.
Specify how frequently PIAs should be conducted.
Offer specific examples of risks that the PIA is designed to address. This could include
potential breaches of confidentiality, unauthorized access, or unintended data uses.
Providing concrete examples helps employees understand the importance of the PIA
process.
Include contact information for individuals or departments that employees can reach out
to if they have questions or concerns about the PIA process.
ANSWER
RISK CONSEQUENCE
ANSWER
RISK CONSEQUENCE
ANSWER
ANSWER
Assume that a recent network check report has identified a significant increase in the
number of ARP attacks detected. Although the current detection tool works, more is
needed in the long term.
8 What are 2 reasons you can use to justify and convince management about
the need to update the current security systems and tools.
Outdated security systems may lack the necessary features and capabilities to
effectively counter newer, more sophisticated attack methods.
a.
Newer tools often incorporate machine learning algorithms and provides more
accurate and proactive identification of malicious activities. This will strengthen our
b. ability to thwart ARP attacks but also enhances the overall security posture of the
network.
FEEDBACK
Assessor must include constructive feedback such as what was done well, where improvement is
needed and specific suggestions about how to achieve improvement.
SATISFACTORY
NOT SATISFACTORY
OVERALL TASK RESULT
Resubmission required (if not satisfactory)
Due date:
TRAINER/ASSESSOR NAME
TRAINER/ASSESSOR SIGNATURE