computer network and system security assignment, Assignments of Network security

LO1 Assess risks to IT security P1 Identify types of security risks to organisation

Typology: Assignments

2020/2021

Available from 02/05/2022

strom-muiner
strom-muiner 🇳🇵

9 documents

1 / 127

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Higher Nationals
Internal verification of assessment decisions BTEC (RQF)
INTERNAL VERIFICATION ASSESSMENT DECISIONS
Programme title
BTEC Higher National Diploma in Computing
Assessor
Mr. E. Janarthanan
Internal Verifier
Unit(s)
Unit 05: Security
Assignment title
EMC Cyber
Student’s name
Sivarasa Pakeen
List which assessment
criteria the Assessor has
awarded.
Pass
Merit
Distinction
INTERNAL VERIFIER CHECKLIST
Do the assessment criteria awarded
match those shown in the assignment
brief?
Y/N
Is the Pass/Merit/Distinction grade
awarded justified by the assessor’s
comments on the student work?
Y/N
Has the work been assessed
accurately?
Y/N
Is the feedback to the student:
Give details:
Constructive?
Linked to relevant assessment
criteria?
Identifying opportunities for
improved performance?
Agreeing actions?
Y/N
Y/N
Y/N
Y/N
Does the assessment decision need
amending?
Y/N
Assessor signature
Date
Internal Verifier signature
Date
Programme Leader signature (if
required)
Date
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download computer network and system security assignment and more Assignments Network security in PDF only on Docsity!

Higher Nationals

Internal verification of assessment decisions – BTEC (RQF)

INTERNAL VERIFICATION – ASSESSMENT DECISIONS Programme title BTEC Higher National Diploma in Computing Assessor Mr.^ E.^ Janarthanan^ Internal Verifier Unit(s) Unit 05:^ Security Assignment title EMC Cyber Student’s name Sivarasa Pakeen List which assessment criteria the Assessor has awarded. Pass Merit Distinction INTERNAL VERIFIER CHECKLIST Do the assessment criteria awarded match those shown in the assignment brief? Y/N Is the Pass/Merit/Distinction grade awarded justified by the assessor’s comments on the student work? Y/N Has the work been assessed accurately? Y/N Is the feedback to the student: Give details:

  • Constructive?
  • Linked to relevant assessment criteria?
  • Identifying opportunities for improved performance?
  • Agreeing actions? Y/N Y/N Y/N Y/N Does the assessment decision need amending? Y/N Assessor signature Date Internal Verifier signature Date Programme Leader signature (if required) Date

Confirm action completed Remedial action taken Give details: Assessor signature Date Internal Verifier signature Date Programme Leader signature (if required) Date

Pearson

Higher Nationals in

Computing

Unit 5: Security

General Guidelines

  1. A Cover page or title page – You should always attach a title page to your assignment. Use previous page as your cover sheet and make sure all the details are accurately filled.
  2. Attach this brief as the first section of your assignment.
  3. All the assignments should be prepared using a word processing software.
  4. All the assignments should be printed on A4 sized papers. Use single side printing.
  5. Allow 1” for top, bottom , right margins and 1.25” for the left margin of each page. Word Processing Rules
  6. The font size should be 12 point, and should be in the style of Time New Roman.
  7. Use 1.5 line spacing. Left justify all paragraphs.
  8. Ensure that all the headings are consistent in terms of the font size and font style.
  9. Use footer function in the word processor to insert Your Name, Subject, Assignment No, and Page Number on each pag e. This is useful if individual sheets become detached for any reason.
  10. Use word processing application spell check and grammar check function to help editing your assignment. Important Points:
  11. It is strictly prohibited to use textboxes to add texts in the assignments, except for the compulsory information. eg: Figures, tables of comparison etc. Adding text boxes in the body except for the before mentioned compulsory information will result in rejection of your work.
  12. Carefully check the hand in date and the instructions given in the assignment. Late submissions will not be accepted.
  13. Ensure that you give yourself enough time to complete the assignment by the due date.
  14. Excuses of any nature will not be accepted for failure to hand in the work on time.
  15. You must take responsibility for managing your own time effectively.
  16. If you are unable to hand in your assignment on time and have valid reasons such as illness, you may apply (in writing) for an extension.
  17. Failure to achieve at least PASS criteria will result in a REFERRAL grade.
  18. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will then be asked to complete an alternative assignment.
  19. If you use other people’s work or ideas in your assignment, reference them properly using HARVARD referencing system to avoid plagiarism. You have to provide both in-text citation and a reference list.
  20. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be reduced to A REFERRAL or at worst you could be expelled from the course

Assignment Brief

Student Name /ID Number Sivarasa Pakeen Unit Number and Title Unit 5- Security Academic Year 2020/ Unit Tutor Mr. E. Janarthanan Assignment Title EMC Cyber Issue Date 2021.07. Submission Date 2021.09. IV Name & Date Submission Format: The submission should be in the form of an individual written report written in a concise, formal business style using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as appropriate, and all work must be supported with research and referenced using Harvard referencing system. Please provide in- text citation and an end list of references using Harvard referencing system. Section 4.2 of the assignment required to do a 15 minutes presentation to illustrate the answers. Unit Learning Outcomes: LO1 Assess risks to IT security. LO2 Describe IT security solutions. LO3 Review mechanisms to control organisational IT security. LO 4 Manage organisational security. Assignment Brief and Guidance:

Scenario ‘EMC Cyber’ is a reputed cyber security company based in Colombo Sri Lanka that is delivering security products and services across the entire information technology infrastructure. The company has a number of clients both in Sri Lanka and abroad, which includes some of the top-level companies of the world serving in multitude of industries. The company develops cyber security software including firewalls, anti-virus, intrusion detection and protection, and endpoint security. EMC Cyber is tasked with protecting companies’ networks, clouds, web applications and emails. They also offer advanced threat protection, secure unified access, and endpoint security. Further, they also play the role of consulting clients on security threats and how to solve them. Additionally the company follows different risk management standards depending on the company, with the ISO 31000 being the most prominent. One of the clients of EMC Cyber, Lockhead Aerospace manufacturing which is a reputed aircraft manufacturer based in the US, has tasked the company to investigate the security implications of developing IOT based automation applications in their manufacturing process. The client has requested EMC to further audit security risks of implementing web based IOT applications in their manufacturing process and to propose solutions. Further, Lock head uses ISO standards and has instructed EMC to use the ISO risk management standards when proposing the solution. The director of the company understands such a system would be the target for cyber-attacks. As you are following a BTEC course, which includes a unit in security, the director has asked you to investigate and report on potential cyber security threats to their web site, applications and infrastructure. After the investigation, you need to plan a solution and how to implement it according standard software engineering principles.

Activity 03 3.1 Discuss suitable risk assessment integrated enterprise risk management procedures for EMC Cyber solutions and the impact an IT security audit will have on safeguarding organization and its clients. Furthermore, your discussion should include how IT security can be aligned with an organizational IT policy and how misalignment of such a policy can impact on organization’s security. (This can include one or more of the following: network change management, audit control, business continuance/disaster recovery plans, potential loss of data/business, intellectual property, Data Protection Act; Computer Misuse Act; ISO 31000 standards.) 3.2 Explain the mandatory data protection laws and procedures, which will be applied to data storage solutions provided by EMC Cyber. You should also summarize ISO 31000 - risk management methodology. Activity 04 4.1 Design an organizational security policy for EMC Cyber to minimize exploitations and misuses while evaluating the suitability of the tools used in an organizational policy. 4.2 Develop and present a disaster recovery plan for EMC Cyber according to the ISO/IEC 17799:2005 or similar standard, which should include the main components of an organizational disaster recovery plan with justifications. Discuss how critical the roles of the stakeholders in the organization to successfully implement the security policy and the disaster recovery plan you recommended as a part of the security audit. (Students should produce a 15 minutes PowerPoint presentation, which illustrates the answer for this section including justifications and reason for decisions and options used).

M2 Discuss three benefits to implement network monitoring systems with supporting reasons. D1 Evaluate a minimum of three of physical and virtual security measures that can be employed to ensure the integrity of organisational IT security. LO3 Review mechanisms to control organisational IT security P5 Discuss risk assessment procedures. P6 Explain data protection processes and regulations as applicable to an organisation. M3 Summarise the ISO 31000 risk management methodology and its application in IT security. M4 Discuss possible impacts to organizational security resulting from an IT security audit. D2 Consider how IT security can be aligned with organisational policy, detailing the security impact of any misalignment.

LO4 Manage organizational security P7 Design and implement a security policy for an organisation. P8 List the main components of an organisational disaster recovery plan, justifying the reasons for inclusion. M5 Discuss the roles of stakeholders in the organisation to implement security audit recommendations. D3 Evaluate the suitability of the tools used in an organisational policy.

HND in Computing and System

Sivarasa Pakeen Security (Unit 05) Page 3 of 127 HND in Computing and System Development 4.1.3 Tools Used in an organizational Policy ....................................................... 88 4.2 Develop and present a disaster recovery plan for EMC Cloud ........................... 93 4.2.1 EMC Cyber’s DRP Screenshot .................................................................... 93 4.2.2 Implementing Security Audit Recommendations for the Organization. ... 104 5 References ................................................................................................................ 109

HND in Computing and System

HND in Computing and System Development

  • Sivarasa Pakeen Security (Unit 05) Page 2 of - 2.1.6 Network-monitoring systems. Development - 2.1.7 Tools, Which Use to Networking Monitoring
    • 2.2 How DMZ, Static IP and NAT Helps To a Trusted Network in EMC
      • 2.2.1 Definition of Trusted Network.....................................................................
      • 2.2.2 DMZ (Demilitarize Zone)
      • 2.2.3 Static IP (Internet Protocol)
      • 2.2.4 NAT (Network Address Translation)
  • 3 Task
    • clients 3.1 Risk management procedure for EMC Cyber solutions to safeguard itself and its
      • 3.1.1 Risk Assessment
      • 3.1.2 Risk Assessment Framework(RAF)
      • 3.1.3 5 components of RMF
      • 3.1.4 Importance of Risk Assessment Framework
      • 3.1.5 Procedures of Risk Assessment
      • 3.1.6 Comment on IT Security & Organizational Policy......................................
      • 3.1.7 Organizational Policy...................................................................................
      • 3.1.8 Advantages of IT Security Audit
    • storage solutions provided by EMC Cloud 3.2 Mandatory Data Protection laws and procedures, which will be, applied to data
      • 3.2.1 Definition of Data Protection Act
      • 3.2.2 Computer Misuse Act
      • 3.2.3 Personal Data Protection Act
      • 3.2.4 ISO 31000 Risk Management Methodology
  • 4 Task
    • 4.1 Managing Organizational Security......................................................................
      • 4.1.1 Security Policy
      • 4.1.2 Security Policy for EMC Cyber
  • Sivarasa Pakeen Security (Unit 05) Page 4 of
  • Figure 1 CIA Triad Table of Figures
  • Figure 2 Cyber Security
  • Figure 3 Types of cyber security attacks
  • Figure 4 Active attack
  • Figure 5 Passive Attacks
  • Figure 6 Threats, Vulnerabilities, Risks, and Counter-measures
  • Figure 7 Risk Management Process
  • Figure 8 Firewall
  • Figure 9 Virtual Private Network.......................................................................................
  • Figure 10 Network Monitoring System
  • Figure 11 Solar Winds NPM
  • Figure 12 Demilitarized Zone
  • Figure 13 Static IP..............................................................................................................
  • Figure 14 Network Address Translation
  • Figure 15 Risk Matrix
  • Figure 16 Risk Rating
  • Figure 17 IT Security Audit
  • Figure 18 data Protection
  • Figure 19 Data Protection Act of
  • Figure 20 Data Protection act of
  • Figure 21 ISO
  • Figure 22 Introduction slide
  • Figure 23 Introduction about EMC Cyber
  • Figure 24 Definition of ISO
  • Figure 25 Cover Slide of Disaster Recovery Plan
  • Figure 26 Contents of Presentation
  • Figure 27 Goal of Presentation
  • Figure 28 explanation of Disaster
  • Figure 29 examples for types of disaster
  • Figure 30 Disaster Recovery Plan
  • Figure 31 Types of Disaster
  • Figure 32 Disaster Recovery Plan
  • Sivarasa Pakeen Security (Unit 05) Page 5 of
  • Figure 33 Key components of Disaster Recovery Plan Development
  • Figure 34 Take Inventory of IT Assets
  • Figure 35 Establish a Recovery Timeline
  • Figure 36 Assign Roles and Responsibilities & Communication
  • Figure 37 data Backup & Location
  • Figure 38 consider insurance
  • Figure 39 Test the disaster recovery plan
  • Figure 40 Advantages of Data Recovery Plan
  • Figure 41 Cost Efficiency
  • Figure 42 Increased employee Productivity.....................................................................
  • Figure 43 Greater Customer Retention
  • Figure 44 any questions Slide
  • Figure 45 Stakeholders.....................................................................................................
  • Figure 46 Types of Stakeholders
  • Sivarasa Pakeen Security (Unit 05) Page 6 of
  • Table 1 Difference between Active and Passive Attacks................................................... Table of Tables
  • Table 2 EMC Cyber Procedure Chart
  • Table 3 Probability Levels and their description
  • Table 4 System Failure
  • Table 5 Uncertain Base Risk
  • Table 6 Hardware and Software errors
  • Table 7 Internet Problems
  • Table 8 inside and outside threats
  • Table 9 Financial Problems................................................................................................
  • Table 10 Physical Problems
  • Table 11 IT Security Audit of EMC Cyber........................................................................
  • Table 12 IT Security Audit for Organizations Policies & Procedures
  • Table 13 IT Security Audit for Basic network controls
  • Table 14 IT Security Audit for Wireless and remote access..............................................
  • Table 15 IT Security Audit for Network Servers
  • Table 16 IT Security Audit for Encryption
  • Table 17 IT Security Audit for Access Control
  • Table 18 Computer misuse law's offence and penalty