14/01/2021 9:30 – 11:00
Part A
Activity 1 – Risk assessment
o 8 Marks
o Hour and half
o Title that links to scenario
o State Vulnerability
o What would happen if it happened to business with context?
o After effects (Legal, Financial)
o Link to scenario
o Specific
o Internal and external threats
o Internal Threats
Employee Sabotage and Theft
Unauthorised Access by Employees
Weak Cyber Security Measures and Unsafe Practices
Accidental Loss or Disclosure of Data
o External Threats
Malicious Software
Hacking
Sabotage
Social Engineering
o System Vulnerability’s
Network
Ports
External storage devices
Organisation
File permissions
Weak Password
Software
Malware
Out of date
OS
Being unsupported by developer
Not regularly updated
Mobile device
Unsupported
Physical
USB Devices
Process
Phishing
Cloud
Little Security Control
, 14/01/2021 11:00 – 12:00
18/01/2021 - 13.00 - 14.30
Activity 2 – Security Plan
o 20 Marks
o 2 and half hours
o Template
1. Threat(s) addressed by the protection measure
Number, Title, Impact
2. Details of action(s) to be taken
What should be put in place
3. Reasons for the actions
Why it should be done (What if scenario)
4. Overview of constraints – technical and financial
Technical: Outline the technical problems that could occur if this
happens
Financial: Outline the financial problems that could occur if this
happens
5. Overview of legal responsibilities
Outline the legal problems that could occur if this happens
6. Overview of usability of the system
How easy is it to maintain?
7. Outline cost-benefit
Do the benefits outweigh the cost?
8. Test plan
Test Number - a sequential number for each test
Test description – describe what you going to do to test your
proposed action, e.g. try to connect a mobile device to a
network WIFI to see if the settings work.
Expected Outcome – what you expect to happen if all works well
e.g. access denied
Possible further action following test – what else could be done
to ensure that all works well.
Part A
Activity 1 – Risk assessment
o 8 Marks
o Hour and half
o Title that links to scenario
o State Vulnerability
o What would happen if it happened to business with context?
o After effects (Legal, Financial)
o Link to scenario
o Specific
o Internal and external threats
o Internal Threats
Employee Sabotage and Theft
Unauthorised Access by Employees
Weak Cyber Security Measures and Unsafe Practices
Accidental Loss or Disclosure of Data
o External Threats
Malicious Software
Hacking
Sabotage
Social Engineering
o System Vulnerability’s
Network
Ports
External storage devices
Organisation
File permissions
Weak Password
Software
Malware
Out of date
OS
Being unsupported by developer
Not regularly updated
Mobile device
Unsupported
Physical
USB Devices
Process
Phishing
Cloud
Little Security Control
, 14/01/2021 11:00 – 12:00
18/01/2021 - 13.00 - 14.30
Activity 2 – Security Plan
o 20 Marks
o 2 and half hours
o Template
1. Threat(s) addressed by the protection measure
Number, Title, Impact
2. Details of action(s) to be taken
What should be put in place
3. Reasons for the actions
Why it should be done (What if scenario)
4. Overview of constraints – technical and financial
Technical: Outline the technical problems that could occur if this
happens
Financial: Outline the financial problems that could occur if this
happens
5. Overview of legal responsibilities
Outline the legal problems that could occur if this happens
6. Overview of usability of the system
How easy is it to maintain?
7. Outline cost-benefit
Do the benefits outweigh the cost?
8. Test plan
Test Number - a sequential number for each test
Test description – describe what you going to do to test your
proposed action, e.g. try to connect a mobile device to a
network WIFI to see if the settings work.
Expected Outcome – what you expect to happen if all works well
e.g. access denied
Possible further action following test – what else could be done
to ensure that all works well.
