Networking and Security Management System
Food 4 You Pty Ltd Information Security Management System (ISMS, Study
Owner. Ben Richards
Company: food 4 You Ply Ltd Food 4 You Ply Ltd is an online food management company. Their focus is to enhanc th • o life for people who want to achieve a balanced or healthy lifestyle but do not have the ‘e qual” •f busy schedule to prepare meals of nutritional value. To achieve this, Food 4 You Pty letd”ornffeerins :heir range of food and lifestyle services through a subscription-based business model. Services provided by Food 4 You Pty Ltd are food selection; food delivery; Dietary and allergens customisation and food proportion customisation. Food 4 You Pty Ltd source all their ingredients locally within Australi which is delivered to their warehouse. Here, ingredients are assembled, packaged and delivered to the clients’ address as per order. Food 4 You Pty Ltd front end services are streamlined for clients to reduce complexity whilst adhering to control and flexibility in the clients’ favour. The Process f ollows: Client/user once subscribed to the service would log into the Food 4 You Pty Ltd website, a select number of meals per day for the week, number of serves per meal, then select which cuisines and diet, requirements and/or allergens if applicable. Once complete, the order is sent to Food 4 You Pty ltd customer care department for processing. Food 4 You Pty Ltd have recently come under organisational risk due to a lack of organisational policy development due to standardisation models when compared to similar businesses who meet validated levels of security governance. Food 4 You Pty Ltd after being confronted with the iSO/IEC 27000 series, is required to initiate an information security management system (ISMS) project. An information security management systern (ISMS) project is critical to the development Food 4 YOu Pty Ltd will need in order to attain security governance and standardisation. The first step is hiring a risk assessment team to conduct a risk analysis which will allow project professionals to act in respect for what needs to be addressed for an information security management system (ISMS). The current status of Food 4 You Pty Ltd security policy or lack of is confirmed and advised by the risk assessment team after their analysis, to which they have passed on your teams’ details to Food You Pty Ltd as a recornmendation to proceed with the next step in establishing an information security management system (ISMS). The risk has left Food 4 You Pty Ltd quite concerned about that could come if future threats were to take action from the lack of security and organisational policy protecting the business integrity from both an external and internal dynamics. Food 4 You Pty Ltd have welcomed your team into the project to establish a solution which will mei their criteria and expectations to the development of the information security management system (ISMS). Your role in the project is to assess the results from the risk analysis team; design and p a complete information security management system (ISMS) model which will mitigate all drieskveu’pholding the Food 4 You Pty Ltd business to a modern, justified and complete security standard.
Capstone BIT371 BIT372 Project Case Study — Networking and Security
The project timeline is twelve (12) months until completion, which then, a risk analysis team will assess the project progress of the newly developed information security management system (ISMS). Below are the results of the analysis from the risk assessment team, which have addressed the following criteria to be incorporated into the information security management system (ISMS). Each are considered a technical objective to the success of the project.
• Asset Management Mobile Phones/Tablels User Policies o Misuse of Company Assets o Company Asset Security & Management • Human Resource Security o Hiring Employee o Employee Data Management o Employee Termination o Security Awareness, Education and Training o Disciplinary Process • physic, and Environmentai security o Perimeter and Structure Security o Technical Security Controls • Security Risk Treatment • Cryptographic Controls o Key Management • Cormnunications and Operations Management • Isolation Testing Facilities • Information Security Incident Management o Documentation Procedures & Storage • Media Handling o Management of Removable Media o Disposal of Media o Information Handling Procedures • Inforrnation Exchange policies o Ethics of Professional Communication 0 Messaging Platforms Policies
• Access Control PoliCY 0 User Access Management n Password Managernent System o User Password Management o User Access Rights • Opera ting System Access Control o Secure Log-on Procedures User identification & Authentication Information Classification Information Security Polio/ 0 information Security Policy Document Information Security Policy Document Template • Business continuity management o Business Continuity Plan • Network Security Management o Technical Administrative Policies (GP0s) o Network Technical Control Mechanisms • Organisational Ethics • Compliance – Legal o Data Protection and Privacy — Personal Information o Protection of Organisational Records Compliance —Security Policies, Standards, Technical Cornpliance o Compliance with Security Polices o Technical Compliance Non-Technical Audit Controls Technical Audit Controls
The above mentioned is a minimum which is to be addressed. You’re to incorporate additional security factors at your own research, application and relevancy under an information security management system (ISMS). This case study requires a large in-depth research component. Minimum of 3500 words. Materials may be sources from standards of practice, real business policies, benchmarks and pieces of literature within relevancy. The information security management system liSMS) Is based on ISWIEC 27002 standard.