week 12

C3 A cyber security plan for a system

A plan for a networked system, including:

• cyber security protection measures to be taken (actions) for the most severe (medium,

high and extreme) risks with the largest impact level/loss value and that are most likely

to occur, to include:

o hardware protection measures, including firewalls, routers, wireless access points

o software protection measures, including anti-malware, firewall, port scanning,

access rights and information availability

o physical protection measures, including locks, CCTV, alarms, data storage and

backups

o alternative risk management measures, including risk transfer to a third party

(commissioning a service provider), risk avoidance by stopping an activity and

risk acceptance

• a justification about how each planned protection measure would protect the system

from attack

• an overview of any technical and financial constraints

• an overview of legal responsibilities

• an overview of usability of the system, including the degree to which security restrictions

impact on the efficiency of the system in terms of the ease of completing tasks and the

user experience

• outline cost–benefit analysis of implementing the protection measures

• test plan to check that the protection measures work as intended, including the test

description, expected outcome, and possible further action following the test.

English and Maths

English

Stretch and Challenge

Homework

Equality and Diversity Calendar

How to's

Anonymous Assessment - Learners assess an anonymous piece of work containing deliberate mistakes against given success criteria.

Links to Learning Outcomes		Links to Assessment criteria