ICT60215: Security Risk Management Report

Verified

Added on 2019/10/09

AI Summary

This assessment is a holistic report for the ICT60215 Advanced Diploma of Network Security course, specifically addressing units CPPSEC5004A (Prepare security risk management plan) and CPPSEC5005A (Implement security risk management). The assignment uses two scenarios. Scenario 1 involves an event manager developing a risk management plan for a children's fair, addressing issues like site safety and resource allocation. Scenario 2 focuses on a mechanical repair shop experiencing productivity issues due to supplier problems and internal communication breakdowns, requiring the development of a risk profile. The assessment includes templates for creating both the risk management plan and risk profile, guiding students through identifying, assessing, and mitigating risks within a workplace context. The document also includes a feedback sheet for the trainer/assessor.

ASSESSMENT RECORD / FEEDBACK SHEET
Course: ICT60215 Advanced Diploma of Network Security
Name: Student ID:
Unit Name and Code: CPPSEC5004A Prepare security risk management
plan
CPPSEC5005A Implement security risk management
Assessment Task Number and Title: #3 Report (Holistic)
Date Submitted: Trainer’s Name:
 All assessments must be in a neat and readable format.
 Students are required to retain a duplicate of any assignment submitted,
both written & disk copy.
 Please refer to the Student Handbook for the Assessment Policy.
 Plagiarism is an academic misconduct and is unacceptable to Pacific College
of Technology.
I certify that the work submitted is my own. I have acknowledged
material taken from websites, textbooks and articles.
Student Signature: Date:
FEEDBACK
Signed (Trainer/Assessor) Date:
Feedback provided by the trainer Date:
Please retain this as proof of submission
Unit name: Assignment No:
Received By: Date:
DS-SC-02/17 R-CPPSEC5004A+CPPSEC5005A V2.0
RTO Provider Code: 91151
CRICOS Provider Code: 02668F Page 1 of 6
To be completed by Trainer
Competent Not yet competent to be

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Course : ICT60215 Advanced Diploma of Network
Security
Unit Code and Name : CPPSEC5004A Prepare security risk
management plan & CPPSEC5005A Implement security
risk management
Trainer/Assessor :
Assessment item : #3- Report (Holistic)
Due date : Week 6 (Extension upon trainer’s approval only)
Context and Purpose of the assessment:
This assessment will assess your skills and knowledge in the area of
‘CPPSEC5004A Prepare security risk management plan’ and
‘CPPSEC5005A Implement security risk management plan’ unit.
This assessment activity deals with the following elements of
performance and critical aspects of evidence:
Task Element Performance Criteria
CPPSEC5004A Prepare security risk management plan
1 3, 4 3.1, 3.2, 3.3, 3.4, 3.5, 4.1, 4.2, 4.3, 4.4
CPPSEC5005A Implementation security risk managnent
2 1, 2, 3 1.2, 1.5, 2.1, 2.2, 2.3, 2.4, 2.5, 3.1, 3.2, 3.3, 3.4, 3.5
o The assessment tasks for the unit assume that you will work in the
Information Technology industry. Case studies/ exercises used in this
assessment reflect a workplace scenario.
o The student must have access to a Computer, Printer and Microsoft
Office Suite Applications for doing the assessment for this unit.
o If you are not sure about any aspect of this assessment, please ask for
clarification from your assessor. If the assessment is not satisfactory,
the trainer will allow one more attempt to the assessment item.
o The responses to assessment questions should be in your own words
and examples from workplace should be used wherever possible.
DS-SC-02/17 R-CPPSEC5004A+CPPSEC5005A V2.0
RTO Provider Code: 91151
CRICOS Provider Code: 02668F Page 2 of 6

REPORT
Scenario 1
An event manager operating her own business in a regional area is contracted
by a local council to assist in the management of a children’s fair to be held in
conjunction with the annual agricultural show.
The event manager organises a site assessment of the facility planned for the
fair. A number of hazards and other general issues are identified, including the
site’s proximity to a busy road, absence of convenience facilities, a faulty
drinking fountain and a damaged fence bordering a residential property next to
the facility. The event manager, in conjunction with the council, develops a
treatment plan that demonstrates how and when the identified risks will be
addressed, the resources required and who will be responsible for ensuring the
strategy is implemented. The treatment plan also identifies the need for a
subsequent site assessment to ensure that the identified risks have been
successfully controlled to a level deemed appropriate by the organizing
committee.
Discussion
The risk treatment plan provides confidence to the council that there is a
planned approach to addressing the identified risks. The document can also be
used as a level of control and source of information when making decisions
about signing off on resource allocation or approvals.
Task:
Develop risk management plan for the organization in the scenario using
the template below.
Risk management plan – part 1 (contextual information)
Brief description of
activity
First we need to understand the back ground of the place and what are
the options that are available for the resources to be accessible very
easily. if all the resources for the events are available near we can say
that the place is ready to handle any un predicable events that they may
occur during the events.
Reason for activity or
task
The infrastructure of the fair is not up to the mark .people who are
attending the fair will feel discomfort able.
Objectives of RMP The objective of the recovery management plan is to run the fair
smoothly with no interruptions
Significance/importance
of activity
Importance of the Activities are to keep track of the proceeding of the
fair so that every aspect of the fair will be covered and no disturbance
will happen
DS-SC-02/17 R-CPPSEC5004A+CPPSEC5005A V2.0
RTO Provider Code: 91151
CRICOS Provider Code: 02668F Page 3 of 6

References required (e.g.
regulations, policies)
Insights and forecast
Assumptions In order to run the fair smoothly all the resources should be accessible
easily for the supply of the raw material for the production of food or
decorations something the people need to get the work done
Limitations The limitation of the fair all the plan what we set might not go
according to the plan we made there will changes we need to handle
those changes
Risk management plan – part 2 (risk register)
Risk dimension: (Document dimension of risk here, e.g. financial, safety)
Serial
No.
Risk
description
Impact Consequence Likelihood Level of
risk
Risk
priority
Treatmen
t
options
1 Safety High The frequent
change in the
system in
and around
the area
90 percent Extreme high Can see
other
places for
the fair
2 Not easily
accessible
medium The short age
of supply
with happen
only we the
stock runs
out
20 percent Minor medium We can
buy the
things in
advanced
3 Infrastructu
re
medium The
infrastructure
need to be
patched
before
stating the
fair
40 percent major medium We need
to fix the
infrastruc
ture in
order to
use it
4 resources medium Lack of
resources
20 percent Minor medium We need
to
estimate
the needs
Risk management plan – part 3 (risk treatment plan)
Serial
No.
Treatment
strategy
Resources
required
Priority
rating
Person
responsible
Deadline Strategy for
review
1 Making the
fair noise free
Making the
Rooms so
that noise
wont enter
high manager As soon as
possible
Checks for the
any complaints
from the people
2 Placing signs
for crossing
permissions high manager As soon as
possible
Checking whether
vehicle stops and
go
3 Handling the Raw high manager As soon as Keep note one
DS-SC-02/17 R-CPPSEC5004A+CPPSEC5005A V2.0
RTO Provider Code: 91151
CRICOS Provider Code: 02668F Page 4 of 6

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

customer
needs
materials
and
resources
possible people needs
4 Buying items
in advance
low individual As soon as
possible
Fix the supply
problem
RMP compiled by: Event Organizer
Risk methodology: Agile
Risk analysis tool: Insights Analyze
tool
Signature:
Scenario 2
Developing a risk profile will help a small business owner to determine their
major areas of risk, and what needs to be done to make sure these are
effectively managed. The risk profile can also assist to identify and realize the
opportunities for a business.
The business owner of a mechanical repair shop employing five staff is
concerned that his business is constantly running behind time. He has recently
received multiple complaints from clients. His head mechanic cannot provide
an adequate reason for this fall in productivity. He mentions that a new
employee who has only been working for the firm for five weeks may be the
reason. This new employee orders the supplies.
The head mechanic speaks to this new staff member on a number of occasions
about his performance and tells him to improve it. The delays continue and the
new employee is asked to leave.
Despite this action the delays in productivity continue. After some weeks, the
business owner decides to close the shop for half a day and discuss the
problem with his team. During discussion, it is revealed that there was a
problem with the responsiveness of a new supplier. Although most staff had
noticed this, each had considered the issue to be a ‘once-off’ and had not
shared the information with the rest of the team.
Task:
You are required to develop the risk profile for the following scenario using the
template provided then discuss with your trainer to gain feedback.
Brief description of business
The business that is discussed in the above paragraph is A mechanical shop
owner
The mechanical shop had five employee where one of the employee was the
head of the operation who handles the top issues in the mechanical shop.
DS-SC-02/17 R-CPPSEC5004A+CPPSEC5005A V2.0
RTO Provider Code: 91151
CRICOS Provider Code: 02668F Page 5 of 6

Vision and mission of business
The vision is to get the shop in great workflow wit high accurate delivery of the
service to the customer in time .
Context
External context Internal context Risk management
context
Determine:
 Key external influences on your business, e.g. political, social, legal
 Key internal influences, e.g. organizational objectives
 Risk management context, e.g. risk management requirements,
objectives, timeframes
Stakeholders
Internal stakeholders External stakeholders
Shop owner
Customer
Supply manager The parts manufacturer
Supervisor Logistics company
Risk categories Risk criteria
 Identify the categories of risk
for your business
 For each risk category,
document what is an acceptable
risk level for the activity and
what is unacceptable
 Failure in the Quality of service  Not acceptable
 Failure in the productive  Not acceptable
 Delay in the production  Acceptable to a certain period
of time
 Maintaining customer needs  Not acceptable
Key objectives Major risks/opportunities Level of risk
low wait time It hard to keep up with
the flow of the customer
is customer are more
than the ration of the
employee count
high
Achieve Quality of
service
It hard to get the Quality
of service with the New
employees
high
DS-SC-02/17 R-CPPSEC5004A+CPPSEC5005A V2.0
RTO Provider Code: 91151
CRICOS Provider Code: 02668F Page 6 of 6