Set Task Electronic Template – Unit 11
Task A - Activity 2 Template: Cyber security plan for the networked system
Use the section headings below for each protection measure.
1) Threat(s) addressed by the protection measure
1, Social Engineering, Moderate
2) Details of action(s) to be taken
Staff shouldn’t let anybody in unless they know for sure they’re who they say they
are.
3) Reasons for the actions
If strangers are allowed in, they could access the computers and cause the
organisation problems.
4) Overview of constraints – technical and financial
Technical:
Financial: If a stranger gets into the organisation, they could steal valuable assets.
This would cause the organisation to have to replace the item in order to be able to
work again.
5) Overview of legal responsibilities
If a stranger steals company equipment, the company would have to tell the police
which could scare certain customers.
6) Overview of usability of the system
If a staff member has a stranger talking to them, claiming to know another staff
member, they could go talk to a high up staff member and ask them if they could
come in.
7) Outline cost-benefit
If they keep strangers out, their equipment will be secure and they won’t face a
financial loss.
Test plan
Test Test description Expected outcome Possible further
No action following
test
1 Hire a person to try and They will be refused No other staff
fake their way into the members are
organisation around, so the
receptionist will
have to deal with
the problem on their
own.
, 1) Threat(s) addressed by the protection measure
2, USB sticks with malware on, Major
2) Details of action(s) to be taken
Don’t allow USB sticks to be used at all. Allow staff to remotely access work from
home.
3) Reasons for the actions
Staff could unknowingly have a malicious program on their USB and bring it to the
organisations system.
4) Overview of constraints – technical and financial
Technical: This could cause downtime for the organisations computers which would
stop them from being able to work.
Financial: The computers may be damaged in some way, so they would have to
spend a lot of money buying new computers.
5) Overview of legal responsibilities
They could’ve broken the Computer Misuse Act and could face a fine.
6) Overview of usability of the system
Remind the staff regularly to not use external storage devices on the organisation’s
computers.
7) Outline cost-benefit
If it is kept up, the computers will continue to function virus free.
Test plan
Test Test description Expected outcome Possible further
No action following
test
1 Give a task to the staff They’ll remotely access the Make sure the
that’ll take a long time, work from home and work on it remote access to
increasing the chances of from there. the organisations
them taking it home to system is secure.
work on it there.
Task A - Activity 2 Template: Cyber security plan for the networked system
Use the section headings below for each protection measure.
1) Threat(s) addressed by the protection measure
1, Social Engineering, Moderate
2) Details of action(s) to be taken
Staff shouldn’t let anybody in unless they know for sure they’re who they say they
are.
3) Reasons for the actions
If strangers are allowed in, they could access the computers and cause the
organisation problems.
4) Overview of constraints – technical and financial
Technical:
Financial: If a stranger gets into the organisation, they could steal valuable assets.
This would cause the organisation to have to replace the item in order to be able to
work again.
5) Overview of legal responsibilities
If a stranger steals company equipment, the company would have to tell the police
which could scare certain customers.
6) Overview of usability of the system
If a staff member has a stranger talking to them, claiming to know another staff
member, they could go talk to a high up staff member and ask them if they could
come in.
7) Outline cost-benefit
If they keep strangers out, their equipment will be secure and they won’t face a
financial loss.
Test plan
Test Test description Expected outcome Possible further
No action following
test
1 Hire a person to try and They will be refused No other staff
fake their way into the members are
organisation around, so the
receptionist will
have to deal with
the problem on their
own.
, 1) Threat(s) addressed by the protection measure
2, USB sticks with malware on, Major
2) Details of action(s) to be taken
Don’t allow USB sticks to be used at all. Allow staff to remotely access work from
home.
3) Reasons for the actions
Staff could unknowingly have a malicious program on their USB and bring it to the
organisations system.
4) Overview of constraints – technical and financial
Technical: This could cause downtime for the organisations computers which would
stop them from being able to work.
Financial: The computers may be damaged in some way, so they would have to
spend a lot of money buying new computers.
5) Overview of legal responsibilities
They could’ve broken the Computer Misuse Act and could face a fine.
6) Overview of usability of the system
Remind the staff regularly to not use external storage devices on the organisation’s
computers.
7) Outline cost-benefit
If it is kept up, the computers will continue to function virus free.
Test plan
Test Test description Expected outcome Possible further
No action following
test
1 Give a task to the staff They’ll remotely access the Make sure the
that’ll take a long time, work from home and work on it remote access to
increasing the chances of from there. the organisations
them taking it home to system is secure.
work on it there.
