C3 A cyber security plan for a system
A plan for a networked system, including:
• cyber security protection measures to be taken (actions) for the most severe (medium,
high and extreme) risks with the largest impact level/loss value and that are most likely
to occur, to include:
o hardware protection measures, including firewalls, routers, wireless access points
o software protection measures, including anti-malware, firewall, port scanning,
access rights and information availability
o physical protection measures, including locks, CCTV, alarms, data storage and
backups
o alternative risk management measures, including risk transfer to a third party
(commissioning a service provider), risk avoidance by stopping an activity and
risk acceptance
• a justification about how each planned protection measure would protect the system
from attack
• an overview of any technical and financial constraints
• an overview of legal responsibilities
• an overview of usability of the system, including the degree to which security restrictions
impact on the efficiency of the system in terms of the ease of completing tasks and the
user experience
• outline cost–benefit analysis of implementing the protection measures
• test plan to check that the protection measures work as intended, including the test
description, expected outcome, and possible further action following the test.
Links to Learning Outcomes |
Links to Assessment criteria |
|
|---|---|---|
Anonymous Assessment - Learners assess an anonymous piece of work containing deliberate mistakes against given success criteria.