All necessary info is attached to complete this task. Start with reading the DR Alarms case study (DR Alarms Case Study.pdf) since the task below is based on this case study.  You are an ICT Security and Risk consultant and you have been approached by DR Alarms to help them recover from a cyber attack. You have successfully isolated the machines affected by the attack and brought the company's system back into operation. You have now completed a risk assessment for DR Alarms (see attached), and in your discussions with the Managing Director (MD) have indicated that they need a policy to protect their data and their Intellectual Property (IP) around their ICS and IoT monitoring systems. The MD has indicated that he thinks this is "being a bit excessive" and will "cost more than it's worth". The company is the in process of developing some new IoT monitoring systems that have attracted considerable interest from some major industrial companies in Australia and overseas. The Engineering Manager is concerned about the designs for these new devices being stolen or hacked, but the MD still thinks that the company is too small to attract that sort of attention. However, one of the government organisations that intends to purchase the new IoT devices has asked the Engineering Manager to describe their level of cyber security maturity.   The DR Alarms MD is still not entirely convinced that this is necessary, but wants you to develop a proposal for some security policies, just in case they win a government contract. Tasks: You have been contracted by DR Alarms to discuss and propose security policies to protect their data and resources in view of their existing risk assessment. Write a proposal for DR alarms that discusses:  The need for security policies at DR Alarms. The discussion should include how these policies (as outlined in Q1b.) will enhance DR Alarms security and help to raise their level of cyber security maturity,  Outline the following security policies: A security policy that would act to preserve the Confidentiality, Integrity and Availability of their data, A security policy that would act to protect their data centre resources, and A security policy that would act to educate DR Alarms staff in how they can protect the company's data and resources. As part of the outline for each security policy your proposal should discuss:  The intent and rationale and scope of the policy, The mandatory requirements for the rules or actions that you think are reasonable to place into this policy to meet its intent and rationale, Any exemptions that you think are reasonable to place into this policy to meet its intent and rationale. The reference list is not counted as part of the word count. - Further info on CIA triad: https://en.wikipedia.org/wiki/Information_security