Professional Documents
Culture Documents
I. Sparq Chief Executive Officer (Ceo) Department: Admin Staff Mom Handle
I. Sparq Chief Executive Officer (Ceo) Department: Admin Staff Mom Handle
The SparQ’s CEO department is responsible for promote Information Security culture
at SparQ. By delegating the role for other department heads, CEO’s SparQ want to
ensure Information Security Management System (ISMS) will be followed by all
employees. This would be meet requirements from local government and SparQ’s
customers to ensure an adequate ISMS is deployed and maintained at SparQ.
By implementing ISO 27000 framework, SparQ would also increase its market
competition comparing with other potential competitors. A well manage ISMS and
high-level Information Security awareness is a key to sustain and enhance SparQ
business capability in future.
•Deliver to
participators
Admin •Record Digital MoM •Keep MoM
MoM files Handle outside of
Staff •Note
non-
authorized
people
Another potential information asset that handled by CEO’s department is a set of legal
paper documents. These legal papers including but not limited to third parties’
contracts, company’s certificates, property’s certificates, company’s audit reports and
internal compliance case documents.
Keys are
Legal paper
CEO's managed
documents Stored In department
cabinets by Admin
Staff
Records of previous data breach: one case in last three years ago.
Scenario: Hackers found list of Admin’s staff employee email in a public forum.
They start an intensive phishing attack on these emails. One of employees of Admin
staff click the phishing email and open the malicious attachment which lead to her
computer infected by a trojan
Records of previous data breach: one case in last three years ago.
Scenario: One of employees in Admin staff leave user and password in open places.
This information could be stolen and accessed by unauthorized person
Records of previous data breach: One case that happened last year.
Scenario: There was a crash in file sharing server that cause the interruption in access
important MoM files in department sharing drive.
Records of previous data breach: One case that happened last year.
Records of previous data breach: One case that happened last year.
#107 – IT application
Records of previous data breach: One case in the last five years.
Scenario: A thief bypass physical security system and cracked the CEO’s department
cabinets. Several legal paper documents could be stolen from the company.
Records of previous data breach: One case in the last five years.
Records of previous data breach: One case in the last three years.
Records of previous data breach: This threat did not occur yet but according to
company incident history, there was a small fire near the CEO’s department area that
was occurred five years ago
#204 – Natural Disaster
Records of previous data breach: This threat did not occur yet but the area where
SparQ is located inside a valley landscape. The last flood was recorded by local
government that happened five years ago.