




























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
LO1 Assess risks to IT security P1 Identify types of security risks to organisation
Typology: Assignments
1 / 127
This page cannot be seen from the preview
Don't miss anything!





























































































INTERNAL VERIFICATION – ASSESSMENT DECISIONS Programme title BTEC Higher National Diploma in Computing Assessor Mr.^ E.^ Janarthanan^ Internal Verifier Unit(s) Unit 05:^ Security Assignment title EMC Cyber Student’s name Sivarasa Pakeen List which assessment criteria the Assessor has awarded. Pass Merit Distinction INTERNAL VERIFIER CHECKLIST Do the assessment criteria awarded match those shown in the assignment brief? Y/N Is the Pass/Merit/Distinction grade awarded justified by the assessor’s comments on the student work? Y/N Has the work been assessed accurately? Y/N Is the feedback to the student: Give details:
Confirm action completed Remedial action taken Give details: Assessor signature Date Internal Verifier signature Date Programme Leader signature (if required) Date
General Guidelines
Student Name /ID Number Sivarasa Pakeen Unit Number and Title Unit 5- Security Academic Year 2020/ Unit Tutor Mr. E. Janarthanan Assignment Title EMC Cyber Issue Date 2021.07. Submission Date 2021.09. IV Name & Date Submission Format: The submission should be in the form of an individual written report written in a concise, formal business style using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as appropriate, and all work must be supported with research and referenced using Harvard referencing system. Please provide in- text citation and an end list of references using Harvard referencing system. Section 4.2 of the assignment required to do a 15 minutes presentation to illustrate the answers. Unit Learning Outcomes: LO1 Assess risks to IT security. LO2 Describe IT security solutions. LO3 Review mechanisms to control organisational IT security. LO 4 Manage organisational security. Assignment Brief and Guidance:
Scenario ‘EMC Cyber’ is a reputed cyber security company based in Colombo Sri Lanka that is delivering security products and services across the entire information technology infrastructure. The company has a number of clients both in Sri Lanka and abroad, which includes some of the top-level companies of the world serving in multitude of industries. The company develops cyber security software including firewalls, anti-virus, intrusion detection and protection, and endpoint security. EMC Cyber is tasked with protecting companies’ networks, clouds, web applications and emails. They also offer advanced threat protection, secure unified access, and endpoint security. Further, they also play the role of consulting clients on security threats and how to solve them. Additionally the company follows different risk management standards depending on the company, with the ISO 31000 being the most prominent. One of the clients of EMC Cyber, Lockhead Aerospace manufacturing which is a reputed aircraft manufacturer based in the US, has tasked the company to investigate the security implications of developing IOT based automation applications in their manufacturing process. The client has requested EMC to further audit security risks of implementing web based IOT applications in their manufacturing process and to propose solutions. Further, Lock head uses ISO standards and has instructed EMC to use the ISO risk management standards when proposing the solution. The director of the company understands such a system would be the target for cyber-attacks. As you are following a BTEC course, which includes a unit in security, the director has asked you to investigate and report on potential cyber security threats to their web site, applications and infrastructure. After the investigation, you need to plan a solution and how to implement it according standard software engineering principles.
Activity 03 3.1 Discuss suitable risk assessment integrated enterprise risk management procedures for EMC Cyber solutions and the impact an IT security audit will have on safeguarding organization and its clients. Furthermore, your discussion should include how IT security can be aligned with an organizational IT policy and how misalignment of such a policy can impact on organization’s security. (This can include one or more of the following: network change management, audit control, business continuance/disaster recovery plans, potential loss of data/business, intellectual property, Data Protection Act; Computer Misuse Act; ISO 31000 standards.) 3.2 Explain the mandatory data protection laws and procedures, which will be applied to data storage solutions provided by EMC Cyber. You should also summarize ISO 31000 - risk management methodology. Activity 04 4.1 Design an organizational security policy for EMC Cyber to minimize exploitations and misuses while evaluating the suitability of the tools used in an organizational policy. 4.2 Develop and present a disaster recovery plan for EMC Cyber according to the ISO/IEC 17799:2005 or similar standard, which should include the main components of an organizational disaster recovery plan with justifications. Discuss how critical the roles of the stakeholders in the organization to successfully implement the security policy and the disaster recovery plan you recommended as a part of the security audit. (Students should produce a 15 minutes PowerPoint presentation, which illustrates the answer for this section including justifications and reason for decisions and options used).
M2 Discuss three benefits to implement network monitoring systems with supporting reasons. D1 Evaluate a minimum of three of physical and virtual security measures that can be employed to ensure the integrity of organisational IT security. LO3 Review mechanisms to control organisational IT security P5 Discuss risk assessment procedures. P6 Explain data protection processes and regulations as applicable to an organisation. M3 Summarise the ISO 31000 risk management methodology and its application in IT security. M4 Discuss possible impacts to organizational security resulting from an IT security audit. D2 Consider how IT security can be aligned with organisational policy, detailing the security impact of any misalignment.
LO4 Manage organizational security P7 Design and implement a security policy for an organisation. P8 List the main components of an organisational disaster recovery plan, justifying the reasons for inclusion. M5 Discuss the roles of stakeholders in the organisation to implement security audit recommendations. D3 Evaluate the suitability of the tools used in an organisational policy.
Sivarasa Pakeen Security (Unit 05) Page 3 of 127 HND in Computing and System Development 4.1.3 Tools Used in an organizational Policy ....................................................... 88 4.2 Develop and present a disaster recovery plan for EMC Cloud ........................... 93 4.2.1 EMC Cyber’s DRP Screenshot .................................................................... 93 4.2.2 Implementing Security Audit Recommendations for the Organization. ... 104 5 References ................................................................................................................ 109
HND in Computing and System
HND in Computing and System Development