Higher Nationals

Internal verification of assessment decisions – BTEC (RQF)

INTERNAL VERIFICATION – ASSESSMENT DECISIONS

Programme title BTEC Higher National Diploma in Computing

Assessor Internal Verifier

Unit 05: Security
Unit(s)
EMC Cloud Solutions
Assignment title

Student’s name

List which assessment Pass Merit Distinction

criteria the Assessor
has awarded.
INTERNAL VERIFIER CHECKLIST

Do the assessment criteria awarded

match those shown in the Y/N
assignment brief?

Is the Pass/Merit/Distinction grade

awarded justified by the assessor’s
Y/N
comments on the student work?

Has the work been assessed

Y/N
accurately?
Is the feedback to the student:
Give details:

• Constructive?
Y/N
• Linked to relevant assessment
criteria? Y/N

• Identifying opportunities for

improved performance?
Y/N

• Agreeing actions? Y/N

Does the assessment decision need

Y/N
amending?
Assessor signature Date

Internal Verifier signature Date

Programme Leader signature (if
Date
required)
 Confirm action completed
Remedial action taken

Give details:

Assessor signature Dat

e
Internal
Dat
Verifier
e
signature
Programme Leader
Dat
signature (if required)
e
 Higher Nationals - Summative Assignment Feedback Form

Student Name/ID

Unit Title Unit 05: Security

Assignment Number 1 Assessor

Date Received
Submission Date
1st submission
Date Received 2nd
Re-submission Date
submission
Assessor Feedback:

LO1. Assess risks to IT security

Pass, Merit & Distinction P1 P2 M1 D1

Descripts

LO2. Describe IT security solutions.

Pass, Merit & Distinction P3 P4 M2 D1

Descripts

LO3. Review mechanisms to control organisational IT security.

Pass, Merit & Distinction P5 P6 M3 M4 D2

Descripts

LO4. Manage organisational security.

Pass, Merit & Distinction P7 P8 M5 D3

Descripts
Grade: Assessor Signature: Date:

Resubmission Feedback:

Grade: Assessor Signature: Date:

Internal Verifier’s Comments:

Signature & Date:

* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and grades
decisions have been agreed at the assessment board.
Pearson
Higher Nationals in
Computing
Unit 5 : Security
General Guidelines

1. A Cover page or title page – You should always attach a title page to your assignment. Use previous
page as your cover sheet and make sure all the details are accurately filled.
2. Attach this brief as the first section of your assignment.
3. All the assignments should be prepared using a word processing software.
4. All the assignments should be printed on A4 sized papers. Use single side printing.
5. Allow 1” for top, bottom , right margins and 1.25” for the left margin of each page.

Word Processing Rules

1. The font size should be 12 point, and should be in the style of Time New Roman.
2. Use 1.5 line spacing. Left justify all paragraphs.
3. Ensure that all the headings are consistent in terms of the font size and font style.
4. Use footer function in the word processor to insert Your Name, Subject, Assignment No, and
Page Number on each page. This is useful if individual sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to help editing your
assignment.

Important Points:

1. It is strictly prohibited to use textboxes to add texts in the assignments, except for the compulsory
information. eg: Figures, tables of comparison etc. Adding text boxes in the body except for the
before mentioned compulsory information will result in rejection of your work.
2. Carefully check the hand in date and the instructions given in the assignment. Late submissions
will not be accepted.
3. Ensure that you give yourself enough time to complete the assignment by the due date.
4. Excuses of any nature will not be accepted for failure to hand in the work on time.
5. You must take responsibility for managing your own time effectively.
6. If you are unable to hand in your assignment on time and have valid reasons such as illness, you
may apply (in writing) for an extension.
7. Failure to achieve at least PASS criteria will result in a REFERRAL grade .
8. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will then
be asked to complete an alternative assignment.
9. If you use other people’s work or ideas in your assignment, reference them properly using
HARVARD referencing system to avoid plagiarism. You have to provide both in-text citation and
a reference list.
10. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be
reduced to A REFERRAL or at worst you could be expelled from the course
Student Declaration

I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as
my own without attributing the sources in the correct way. I further understand what it means to copy
another’s work.

1. I know that plagiarism is a punishable offence because it constitutes theft.

2. I understand the plagiarism and copying policy of the Edexcel UK.
3. I know what the consequences will be if I plagiarize or copy another’s work in any of the
assignments for this programme. .
4. I declare therefore that all work presented by me for every aspects of my programme, will be of
my own, and where I have made use of another’s work, I will attribute the source in the correct
way.
5. I acknowledge that the attachment of this document, signed or not, constitutes a binding
agreement between myself and Pearson UK.
6. I understand that my assignment will not be considered as submitted if this document is not
attached to the main submission.

Student’s Signature: Date:

(Provide E-mail ID) (Provide Submission Date)
Assignment Brief
Student Name /ID Number

Unit Number and Title Unit 5- Security

Academic Year 2018/2019

2020/21
Unit Tutor

Assignment Title EMC Cloud Solutions

Issue Date

Submission Date

IV Name & Date

Submission Format:

The submission should be in the form of an individual written report written in a concise, formal business style using
single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as appropriate,
and all work must be supported with research and referenced using Harvard referencing system. Please provide in-
text citation and an end list of references using Harvard referencing system.

Section 4.2 of the assignment required to do a 15 minutes presentation to illustrate the answers.

Unit Learning Outcomes:

LO1 Assess risks to IT security.

LO2 Describe IT security solutions.

LO3 Review mechanisms to control organisational IT security.

LO4 Manage organisational security.

Assignment Brief and Guidance:

Scenario

EMC Cloud Solutions is reputed as the nation’s most reliable Cloud solution provider in Sri Lanka. A
number of high-profile businesses in Sri Lanka including ESoft Metro Campus network, SME Bank Sri Lanka and
WEEFM are facilitated by EMC Cloud Solutions. EMC Cloud provides nearly 500 of its customers with SaaS,
PaaS & IaaS solutions with high capacity compute and storage options. Also EMC is a preferred contractor for Sri
Lanka, The Ministry of Defense for hosting government and defense systems.

EMC’s central data center facility is located at Colombo Sri Lanka along with its corporate head-office in
Bambalapitiya. Their premises at Bambalapitiya is a six story building with the 1st floor dedicated to sales and
customer services equipped with public Wi-Fi facilities. Second-floor hosts HR, Finance and Training &
Development departments and the third-floor hosts a boardroom and offices for senior executives along with the IT
and Data center department. Floor 4,5,6 hosts computer servers which make up the data center.

With the rapid growth of information technology in Kandy area in recent years, EMC seeks an opportunity to
extend its services to Kandy, Sri Lanka. As of yet, the organization is considering the nature of such an extension
with what to implement, where it is to be a suitable location and other essential options such as security are
actually being discussed.

You are hired by the management of EMC Solutions as a Security Analyst to evaluate the security-related specifics
of its present system and provide recommendations on security and reliability related improvements. Furthermore,
you have to plan the establishment of the extension on a solid security foundation.

Activity 01

Assuming the role of External Security Analyst, you need to compile a report focusing on following elements to the
board of EMC Cloud Solutions;

1.1 Identify types of security risks EMC Cloud is subject to its present setup and the impact that they would make
on the business itself. Evaluate at least three physical and virtual security risks identified and suggest the
security measures that can implemented in order to improve the organization’s security.

1.2 Develop and describe security procedures for EMC Cloud to minimize the impact of issues discussed in section
(1.1) by assessing and rectifying the risks.
Activity 02

2.1 Identify how EMC Cloud and its clients will be impacted by improper/ incorrect configurations that are
applicable to firewalls and VPN solutions. It security can include a network monitoring system. Discuss how EMC
cloud can benefit by implementing a network monitoring system.

2.2 Explain how the following technologies would benefit EMC Cloud and its Clients by facilitating a ‘trusted
network’. (Support your answer with suitable examples).

i) DMZ

ii) Static IP

iii)NAT

Activity 03

3.1 Discuss suitable risk assessment procedures for EMC Cloud solutions and impact an IT security audit will have
on safeguarding organization and its clients Your discussion furthermore should include how IT security can be
aligned with an organizational IT policy and how misalignment of such a policy can impact on organization’s
security.

3.2 Explain the mandatory data protection laws and procedures which will be applied to data storage solutions
provided by EMC Cloud. You should also summarize ISO 31000 risk management methodology.

Activity 04

4.1 Design a security policy for EMC Cloud to minimize exploitations and misuses while evaluating the suitability
of the tools used in an organizational policy.

4.2 Develop and present a disaster recovery plan for EMC Cloud for all venues to ensure maximum uptime for its
customers. Discuss how critical the roles of the stakeholders in the organization to successfully implement the
security policy and the disaster recovery plan you recommended as a part of the security audit.

(Students should produce a 15 minutes PowerPoint presentation which illustrates the answer for this section
including justifications and reason for decisions and options used).
Grading Rubric

Grading Criteria Achieved Feedback

LO1 Assess risks to IT security

P1 Identify types of security risks to organizations.

P2 Describe organizational security procedures.

M1 Propose a method to assess and treat IT security risks.

LO2 Describe IT security solutions

P3 Identify the potential impact to IT security of incorrect configuration of firewall

policies and third party VPNs.

P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a
network can improve Network Security.

M2 Discuss three benefits to implement network monitoring systems with supporting

reasons.
D1 Investigate how a ‘trusted network’ may be part of an IT security solution.

LO3 Review mechanisms to control organizational IT

security

P5 Discuss risk assessment procedures.

P6 Explain data protection processes and regulations as applicable to an organization.

M3 Summarize the ISO 31000 risk management methodology and its application in IT
security.

M4 Discuss possible impacts to organizational security resulting from an IT security

audit.

D2 Consider how IT security can be aligned with organizational

policy, detailing the security impact of any misalignment.

LO4 Manage organizational security

P7 Design and implement a security policy for an organization.

P8 List the main components of an organizational disaster recovery plan, justifying the
reasons for inclusion.

M5 Discuss the roles of stakeholders in the organization to implement security audit

recommendations.

D3 Evaluate the suitability of the tools used in an organizational policy.