








































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Assignment 2 - Security - PASS
Typology: Assignments
1 / 48
This page cannot be seen from the preview
Don't miss anything!









































Qualification BTEC Level 5 HND Diploma in Computing Unit number and title Unit 5: Security Submission date 08/09/2022 Date Received 1st submission Re-submission Date Date Received 2nd submission Student Name Huynh Minh Huy Student ID GCD Class GCD210173^ Assessor name Tran Trong Minh Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false declaration is a form of malpractice.
Grading grid P5 P6 P7 P8 M3 M4 M5 D2 D
Grade: Assessor Signature: Date: Lecturer Signature:
Introduction I spoke about network security ideas such measuring IT risk security. Furthermore, Security Solutions are addressed, including Firewall Policies and IDS, since recognizing incorrectly configured FIS Firewall and IDS. Another required system strength tool is network monitoring. I explained the benefits of adopting a network monitoring system with appropriate justifications. I also studied a "trusted network," and after weighing the pros and cons, I concluded that FIS should include "Trusted Network" as part of its security solution. In this assignment, I will complete two duties. The first duty is to evaluate techniques for controlling corporate IT security. In this assignment, I will address risk assessment procedures, as well as data protection and regulation. In addition, I will describe the ISO 3100 risk management approach and its application in IT security. Another prerequisite is to examine the potential impact of a security audit on organizational security. The next job involves designing and implementing a security strategy for a company, as well as demonstrating the essential components of an organizational disaster recovery plan. Because stakeholders are a part of the company, I will address their role in putting security audit findings into action.
Task 1 – Discuss risk assessment procedures (P5). I. Define a security risk and how to do risk assessment. A computer security risk is defined as anything on your computer that has the potential to destroy or steal your data, or to allow someone else to use your computer without your knowledge or agreement. Malware, a broad phrase used to represent numerous sorts of harmful software, is one of many things that might pose a computer danger. We usually think of computer viruses, but there are other sorts of malicious software that may compromise computer security, including viruses, worms, ransomware, spyware, and Trojan horses. Computer product misconfiguration, as well as dangerous computing practices, pose concerns. Risk assessment procedures A risk assessment is a detailed examination of your workplace to identify those objects, circumstances, procedures, and so on that might cause harm, especially to people. After identifying the risk, you must examine and assess its likelihood and severity. Once this assessment has been reached, you may next decide what steps should be put in place to effectively remove or control the harm. Figure 1 : Security Risk.
II. Define assets, threats and threat identification procedures and give examples.
III. Explain the risk assessment procedures. The risk assessment process's purpose is to examine hazards and then remove or minimize the level of risk by applying appropriate control measures. As a result, you must create a safer and healthier workplace, which includes: Risk Assessment Identification of risks Risk evaluation Risk impact Recommendation of risk-reducing measures Risk Mitigation Risk avoidance Risk mitigation Risk acceptance Risk transference Risk assessment Evaluation and Assurance Continuous risk assessment Periodic assessment Regulatory adherence
Task 2 – Explain data protection processes and regulations as applicable to an organization (P6). I. Define data protection. Data protection is the process of protecting data and includes the interaction between the collecting and distribution of data and technology, the public perception and expectation of privacy, and the political and legal frameworks surrounding that data. It seeks to achieve a balance between individual privacy rights and the usage of data for corporate reasons. Data security is often referred to as data privacy or information privacy. II. General Data Protection Regulation. The General Data Protection Regulation (GDPR) harmonizes EU data protection legislation for use in the digital age. The EU says that by adopting a single norm, it would offer better clarity to promote citizens' rights and the growth of the digital economy. GDPR is widely regarded as the world's greatest set of data security rules, since it improves how individuals can access information about themselves and limits what organizations can do with personal data. Figure 5 : Data Protection.
III. Principles of Data Protection. Article 5 of the General Data Protection Regulation (GDPR) establishes important principles that underpin the general data protection system. These essential principles are stated early at the start of the GDPR and have an impact on the other regulations and duties contained throughout the Act, both directly and indirectly. As a result, compliance with these fundamental principles of data protection is the first step for controllers in fulfilling their GDPR duties. The following is a summary of the Data Protection Principles mentioned in Article 5 of the GDPR: Lawfulness, fairness and transparency: Any processing of personal data must be legitimate and equitable. Individuals should be aware that personal data about them is being collected, utilized, consulted, or otherwise processed, as well as the degree to which the personal data is or will be treated. Transparency demands that all information and communication relevant to the processing of such personal data be freely available and understandable, and that clear and simple language be used. Purpose Limitation: Personal data should only be gathered for specific, explicit, and legal objectives and should not be treated in a way that contradicts those goals. The exact reasons for which personal data are processed, in particular, should be Figure 6 : General Data Protection Regulation.
and how they comply with the GDPR, and be able to verify compliance (by suitable records and procedures) to the DPC in particular. IV. Explain data protection process in an organization. The new data landscape has inspired the creation of new standards for critical asset control, driven by user privacy concerns, increasing legislation, and the need for business-driven identity and access management (IAM) rules. Security efforts must provide in three critical areas to properly safeguard their data: Intelligent Visibility: Enterprises may achieve unified supervision across data, cloud networks, and endpoints by combining AI-driven solutions and automated monitoring technologies. This provides essential information into assets that must be protected as well as potential points of compromise. Proactive Mitigation: Effective endpoint and application security solutions are required for enterprises to build, deploy, and enforce security across data at scale, enabling proactive responses to possible attacks. Continuous Control: Organizations must use complete security solutions that enable them to implement rules at scale, maximize asset safeguards, and comply with regulatory requirements and standards, allowing them to maintain continuous control over all operational assets. Full-featured data protection, asset defense, and compliance strategy are no longer optional initiatives for businesses of all sizes. V. Why are data protection and security regulation important? When raw data is processed, it becomes data that needs privacy, security, and cybersecurity. Furthermore, adequate data protection fosters trust and confidence in the general public that you are a company that values the security of its stakeholders' information. Every business has vital information. In fact, data is one of a company's most valuable assets. As a result, data security should be a top concern for any business. This involves safeguarding
the data's availability to personnel who require it, its integrity (keeping it correct and up to date), and its confidentiality (ensuring that it is only accessible to those who are permitted). Customers, in fact, expect corporations to keep their data secure when they engage with or invest in them. Appropriate data governance fosters confidence. It protects your company's reputation by establishing you as a brand that customers can trust with their data. The GDPR emphasized data security even further, making it not only a corporate imperative but a legal one. According to the GDPR, a controller must "take suitable technological and organizational means to guarantee and show that processing is done in compliance with the Regulation." Security awareness training is an important component of such measures: personnel must be aware of the need of adhering to data security rules and processes. Headlines about, and inept responses to, a data breach, for example, may demolish confidence built up over a decade in a matter of days.