Unit 05 - Security Reworded 2021 Bhanuka Perera

Higher Nationals
Internal verification of assessment decisions – BTEC (RQF)

INTERNAL VERIFICATION – ASSESSMENT DECISIONS
Programme title BTEC Higher National Diploma in Computing
Assessor Internal Verifier

Unit 05: Security
Unit(s)
EMC Cyber
Assignment title
Student’s name Jayasuriya Kuranage Bhanuka Perera
List which assessment Pass Merit Distinction

criteria the Assessor has
awarded.
INTERNAL VERIFIER CHECKLIST
Do the assessment criteria awarded

match those shown in the assignment Y/N
brief?
Is the Pass/Merit/Distinction grade

awarded justified by the assessor’s
Y/N
comments on the student work?
Has the work been assessed
Y/N
accurately?
Is the feedback to the student:
Give details:
• Constructive?
Y/N
• Linked to relevant assessment
criteria? Y/N
• Identifying opportunities for

improved performance?
Y/N
• Agreeing actions? Y/N
Does the assessment decision need

Y/N
amend?
Assessor signature Date
Internal Verifier signature Date

Programme Leader signature (if
Date
required)
UNIT 05 – SECURITY | BHANUKA PERERA 1

Confirm action completed
Remedial action taken
Give details:
Assessor signature Date
Internal Verifier
Date
signature
Programme Leader signature

Date
(if required)

Higher Nationals - Summative Assignment Feedback Form
Student Name/ID Jayasuriya Kuranage Bhanuka Perera NEG – E-118432
Unit Title Unit 05: Security
Assignment Number Assessor
Date Received
Submission Date
1st submission
Date Received 2nd
Re-submission Date
submission
Assessor Feedback:
LO1. Assess risks to IT security
Pass, Merit & Distinction P1 P2 M1 D1

Descripts
LO2. Describe IT security solutions.

Descripts
LO3. Review mechanisms to control organizational IT security.
Pass, Merit & Distinction P5 P6 M3 M4 D2

Descripts
LO4. Manage organizational security.

Descripts
Grade: Assessor Signature: Date:

Resubmission Feedback:
Grade: Assessor Signature: Date:

Internal Verifier’s Comments:
Signature & Date:

* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and grades decisions have
been agreed at the assessment board

Pearson
Higher Nationals in
Computing
Unit 5: Security

General Guidelines
1. A Cover page or title page – You should always attach a title page to your assignment. Use previous page as
your cover sheet and make sure all the details are accurately filled.
2. Attach this brief as the first section of your assignment.
3. All the assignments should be prepared using a word processing software.
4. All the assignments should be printed on A4 sized papers. Use single side printing.
5. Allow 1” for top, bottom, right margins and 1.25” for the left margin of each page.
Word Processing Rules
1. The font size should be 12 point and should be in the style of Time New Roman.
2. Use 1.5 line spacing. Left justify all paragraphs.
3. Ensure that all the headings are consistent in terms of the font size and font style.
4. Use footer function in the word processor to insert Your Name, Subject, Assignment No, and Page Number
on each page. This is useful if individual sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to help editing your assignment.
Important Points:
1. It is strictly prohibited to use textboxes to add texts in the assignments, except for the compulsory information.
e.g.: Figures, tables of comparison etc. Adding text boxes in the body except for the before mentioned
compulsory information will result in rejection of your work.
2. Carefully check the hand in date and the instructions given in the assignment. Late submissions will not be
accepted.
3. Ensure that you give yourself enough time to complete the assignment by the due date.
4. Excuses of any nature will not be accepted for failure to hand in the work on time.
5. You must take responsibility for managing your own time effectively.
6. If you are unable to hand in your assignment on time and have valid reasons such as illness, you may apply (in
writing) for an extension.
7. Failure to achieve at least PASS criteria will result in a REFERRAL grade.
8. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will then be asked to
complete an alternative assignment.
9. If you use other people’s work or ideas in your assignment, reference them properly using HARVARD
referencing system to avoid plagiarism. You have to provide both in-text citation and a reference list.
10. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be reduced to A
REFERRAL or at worst you could be expelled from the course

Student Declaration
I hereby, declare that I know what plagiarism entails, namely, to use another’s work and to present it as my own
without attributing the sources in the correct way. I further understand what it means to copy another’s work.
1. I know that plagiarism is a punishable offence because it constitutes theft.

2. I understand the plagiarism and copying policy of the Edexcel UK.
3. I know what the consequences will be if I plagiarize or copy another’s work in any of the assignments for this
programme.
4. I declare therefore that all work presented by me for every aspect of my programme, will be of my own, and
where I have made use of another’s work, I will attribute the source in the correct way.
5. I acknowledge that the attachment of this document, signed or not, constitutes a binding agreement between
myself and Pearson UK.
6. I understand that my assignment will not be considered as submitted if this document is not attached to the
main submission.
bhnkperera@gmail.com 28th December 2022

Student’s Signature: Date:
(Provide E-mail ID) (Provide Submission Date)

Assignment Brief
Student Name /ID Number Jayasuriya Kuranage Bhanuka Perera NEG – E-118432
Unit Number and Title Unit 5- Security
Academic Year 2020/2021
Unit Tutor Anne Roshanie
Assignment Title EMC Cyber
Issue Date
Submission Date
IV Name & Date
Submission Format:
The submission should be in the form of an individual written report written in a concise, formal business style
using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as
appropriate, and all work must be supported with research and referenced using Harvard referencing system.
Please provide in- text citation and an end list of references using Harvard referencing system.
Section 4.2 of the assignment required to do a 15-minute presentation to illustrate the answers.
Unit Learning Outcomes:
LO1 Assess risks to IT security.
LO2 Describe IT security solutions.
LO3 Review mechanisms to control organizational IT security.
LO4 Manage organizational security.

Assignment Brief and Guidance:

Scenario
‘EMC Cyber’ is a reputed cyber security company based in Colombo Sri Lanka that is delivering security
products and services across the entire information technology infrastructure. The company has a
number of clients both in Sri Lanka and abroad, which includes some of the top-level companies of the
world serving in multitude of industries. The company develops cyber security software including
firewalls, anti-virus, intrusion detection and protection, and endpoint security. EMC Cyber is tasked
with protecting companies’ networks, clouds, web applications and emails. They also offer advanced
threat protection, secure unified access, and endpoint security. Further they also play the role of
consulting clients on security threats and how to solve them. Additionally, the company follows
different risk management standards depending on the company, with the ISO 31000 being the most
prominent.
One of the clients of EMC Cyber, Lockhead Aerospace manufacturing which is a reputed aircraft
manufacturer based in the US, has tasked the company to investigate the security implications of
developing IOT based automation applications in their manufacturing process. The client has requested
EMC to further audit security risks of implementing web based IOT applications in their manufacturing
process and to propose solutions. Further, Lockhead uses ISO standards and has instructed EMC to use
the ISO risk management standards when proposing the solution.
The director of the company understands such a system would be the target for cyber-attacks. As you
are following a BTEC course which includes a unit in security, the director has asked you to investigate
and report on potential cyber security threats to their web site, applications, and infrastructure. After
the investigation you need to plan a solution and how to implement it according to standard software
engineering principles.

Activity 01
Assuming the role of External Security Analyst, you need to compile a report focusing on following
elements to the board of EMC Cyber’.
1.1 Identify the CIA Triad concept and evaluate why and how the CIA Triad could be utilize to EMC
Cyber in order to improve the organization’s security.
1.2 Identify types of security risks EMC Cyber is subject to its present setup and the impact that they
would make on the business itself. Evaluate at least three physical and virtual security risks identified
and suggest the security measures that can be implemented in order to improve the organization’s
security.
1.3 Develop and describe security procedures for EMC Cyber to minimize the impact of issues
discussed in section (1.1) by assessing and rectifying the risks.
Activity 02
2.1 Identify how EMC Cyber and its clients will be impacted by improper/ incorrect configurations
that are applicable to firewalls and VPN solutions. IT security can include a network monitoring
system. Discuss how EMC cyber can benefit by implementing a network monitoring system with
supporting reasons.
WEEK08
2.2 Explain how the following technologies would benefit EMC Cyber and its Clients by facilitating a
‘trusted network’. (Support your answer with suitable examples).
i) DMZ
ii) Static IP
iii)NAT
2.3 Identify and evaluate the tools that can be utilized by EMC cyber to improve the network and
security performance without compromising each other. Evaluate at least three virtual and physical

security measures that can be implemented by EMC to uphold the integrity of organization’s IT
policy.
Activity 03
3.1 Discuss suitable risk assessment integrated enterprise risk management procedures for EMC
Cyber solutions and the impact an IT security audit will have on safeguarding organization and its
clients. Furthermore, your discussion should include how IT security can be aligned with an
organizational IT policy and how misalignment of such a policy can impact on organization’s security.
(This can include one or more of the following: network change management, audit control, business
continuance/disaster recovery plans, potential loss of data/business, intellectual property, Data
Protection Act; Computer Misuse Act; ISO 31000 standards.)
3.2 Explain the mandatory data protection laws and procedures which will be applied to data storage
solutions provided by EMC Cyber. You should also summarize ISO 31000 risk management
methodology.
Activity 04
4.1 Design an organizational security policy for EMC Cyber to minimize exploitations and misuses
while evaluating the suitability of the tools used in an organizational policy.
4.2 Develop and present a disaster recovery plan for EMC Cyber according to the ISO/IEC 17799:2005
or similar standard which should include the main components of an organizational disaster recovery
plan with justifications. Discuss how critical the roles of the stakeholders in the organization to
successfully implement the security policy and the disaster recovery plan you recommended as a part
of the security audit.
(Students should produce a 15-minute PowerPoint presentation which illustrates the answer for
this section including justifications and reason for decisions and options used).

Grading Rubric
Grading Criteria Achieved Feedback
LO1 Assess risks to IT security
P1 Identify types of security risks to organizations.

P2 Describe organizational security procedures.
M1 Propose a method to assess and treat IT security risks.
LO2 Describe IT security solutions
P3 Identify the potential impact to IT security of incorrect

configuration of firewall policies and triparty VPNs.
P4 Show, using an example for each, how implementing a DMZ,

static IP and NAT in a network can improve Network Security.
M2 Discuss three benefits to implement network monitoring
systems with supporting reasons.
D1 Evaluate a minimum of three of physical and virtual security
measures that can be employed to ensure the integrity of
organizational IT security.
LO3 Review mechanisms to control organizational IT
security
P5 Discuss risk assessment procedures.

P6 Explain data protection processes and regulations as applicable
to an organization.
M3 Summarize the ISO 31000 risk management methodology and its

application in IT security.
M4 Discuss possible impacts to organizational security resulting
from an IT security audit.
D2 Consider how IT security can be aligned with organizational
policy, detailing the security impact of any misalignment.
LO4 Manage organizational security
P7 Design and implement a security policy for an organization.
P8 List the main components of an organizational disaster recovery

plan, justifying the reasons for inclusion.
M5 Discuss the roles of stakeholders in the organization to
implement security audit recommendations.
D3 Evaluate the suitability of the tools used in an organizational
policy.

ACKNOWLEDGMENT
Primarily, I would like to express my sincere gratitude to the lecturer of

this unit, Ms. Anne Roshanie, for the delivery of valuable lectures, assignment
guidance and review sessions conducted to examine our progress
from time to time.
Aside from her, I would also like to extend my gratitude to the management of
ESoft Metro Campus for conducting extra guidance sessions and for providing
the necessary facilities to join online learning due to the
prevailing pandemic situation.
Finally, I would also like to thank my family and my dear batch mates for their
support and encouraging me during this challenging time.
Regards,
Bhanuka Perera

Table of Contents
Acknowledgment ......................................................................................... 14
Activity 01 .................................................................................................... 18
1.1 Identify the CIA Triad concept and evaluate why and how the CIA Triad could
be utilize to EMC Cyber in order to improve the organization’s security. ............... 18
1.1.1 CIA introduction ........................................................................................... 18
1.1.2 Confidentiality .............................................................................................. 19
1.1.3 Integrity ........................................................................................................ 19
1.1.4 Availability .................................................................................................... 20
1.1.5 Importance of CIA Triad in Cyber Security ................................................... 21
1.2 Identify types of security risks EMC Cyber is subject to its present setup and the
impact that they would make on the business itself. Evaluate at least three physical
and virtual security risks identified and suggest the security measures that can be
implemented in order to improve the organization’s security. ............................... 22
1.3 Develop and describe security procedures for EMC Cyber to minimize the
impact of issues by assessing and rectifying the risks. ............................................. 24
1.3.1 Importance assessing and treat IT security risks ......................................... 25
1.4 Propose a method to assess and treat IT security risks. ...................................... 2
Activity 02 .................................................................................................... 26
2.1 Identify how EMC Cyber and its clients will be impacted by improper/ incorrect
configurations that are applicable to firewalls and VPN solutions. ......................... 27
2.1.1 VPN ............................................................................................................... 27
2.1.2 Firewall ......................................................................................................... 27
2.1.3 VPN and firewall impact to an organization ................................................ 29
2.1.4 Results of incorrect VPN and firewall configurations .................................. 30
2.2 Discuss how EMC cyber can benefit by implementing a network monitoring
system with supporting reasons. .............................................................................. 31
2.3 Show, using an example for each, how implementing a DMZ, static IP and NAT
in a network can improve Network Security. ........................................................... 32
2.3.1 a DMZ............................................................................................................ 32
2.3.2 Static IP addresses and NAT in a network .................................................... 33
2.3.3 Show, using an example that how DMZ, static IP and NAT in a network can
improve Network Security to the company. ......................................................... 36
2.4 Identify and evaluate the tools that can be utilized by EMC cyber to improve
the network and security performance without compromising each other. Evaluate
at least three virtual and physical security measures that can be implemented by
EMC to uphold the integrity of organization’s IT policy. .......................................... 37
2.4.1 Evaluate at least three virtual and physical security measures that can be
implemented by EMC to uphold the integrity of organization’s IT policy. ........... 39
2.5 Discuss three benefits to implement network monitoring systems with

supporting reasons. .................................................................................................. 40
Activity 03 .................................................................................................... 43
3.1 Discuss suitable risk assessment integrated enterprise risk management

procedures for EMC Cyber solutions and the impact an IT security audit will have
on safeguarding organization and its clients. ........................................................... 43
3.1.1 Risk assessment matrix ................................................................................ 45
3.1.2 IT security audit ............................................................................................ 47
3.2 Explain the mandatory data protection laws and procedures which will be
applied to data storage solutions provided by EMC Cyber. You should also
summarize ISO 31000 risk management methodology. .......................................... 50
3.2.1 Data protection laws and procedures .......................................................... 50
3.2.2 How will data protection acts affect to the company.................................. 51
3.2.3 IS0 31000 ...................................................................................................... 52

3.3 Discuss possible impacts to organizational security resulting from an IT security
audit. ......................................................................................................................... 53
3.4 Consider how IT security can be aligned with organizational policy, detailing the
security impact of any misalignment. ....................................................................... 55
Activity 04 ...................................................................................................... 4
4.1 Design an organizational security policy for EMC Cyber to minimize

exploitations and misuses while evaluating the suitability of the tools used in an
organizational policy. ............................................................................................. 56
4.1.1 A security policy............................................................................................ 56
4.1.2 Policy for EMC Cyber .................................................................................... 57
4.1.3 Why should for EMC Cyber have a policy and its uses and advantages ...... 58
4.2 Develop and present a disaster recovery plan for EMC Cyber ........................... 59
4.2.1 A disaster recovery plan ............................................................................... 59
4.2.2 Disaster recovery plan for EMC cyber .......................................................... 60
4.3 Critical roles of the stakeholders in the organization ......................................... 61
4.3.1 implement the security policy and the disaster recovery plan you
recommended as a part of the security audit. ...................................................... 63
4.4 Evaluate the suitability of the tools used in an organizational policy. ............... 64
List of tables ................................................................................................ 16
List of figures ............................................................................................... 16
REFERENCES ................................................................................................. 66

List of tables
Table 1. CIA triad importance |Source (Reddit, 2022)............................................................ 22
Table 2. Risk assessment matrix | Source (Author’s data) ...................................................... 47
List of figures
Figure 1. CIA triad |Source (F5 Networks) ............................................................................. 19

Figure 2. Security risk types |Source (iStock, 2022) ............................................................... 24
Figure 3. a VPN | Source (Dreamstime, 2020) ....................................................................... 28
Figure 4. Host-based firewalls and Network firewalls | Source (Network raining, 2019) ...... 29
Figure 5. DMZ clipart | Source (Spiceworks, 2019) ............................................................... 33
Figure 6.IP addresses | Source (Broadband compare, 2018) ................................................... 34
Figure 7. NAT | Source (Wikipedia, 2021) ............................................................................. 36
Figure 8. Load balancing | Source (Wikipedia, 2021) ............................................................. 39
Figure 9. Network monitoring system | Source (vi networks, 2021) ...................................... 43
Figure 10. IT Security Audit advantages | Source (Varonis, 2021) ........................................ 50
Figure 11. GDPR | Source (Snel,com, 2021) .......................................................................... 53
Figure 12. ISO 31000 | Source (RiskWatch, 2022) ................................................................. 54
Figure 13. Disaster recovery plan| Source (SupraTS, 2022) ................................................... 60
Figure 14. stakeholders in the organization| Source (Wikipedia, 2019) ................................. 63

TASK 01
1.1 Identify the CIA Triad concept and evaluate why and how the CIA Triad
could be utilize to EMC Cyber in order to improve the organization’s
security.
1.1.1 CIA introduction
The goal of cyber security is to protect a company's digital assets from the increasing number
of cyber-attacks. By implementing proper security controls, security features such as
prevention, deterrence and detection of cybercrime can be provided. Ensuring the
confidentiality, integrity and availability (CIA) of data and services is the primary goal of cyber
security. The CIA is also known as the CIA Triad.
The CIA triad is critical to cybersecurity because it provides key security features, supports
regulatory compliance, ensures business continuity, and protects the company from
reputational damage. Learn how the CIA triad can improve your business's cybersecurity
posture.
There are mainly three parts to the CIA triad,

1. Confidentiality
2. Integrity
3. Availability
Figure 1. CIA triad |Source (F5 Networks)

1.1.2 Confidentiality
Integrity is the protection against illegal tampering, modification or alteration of data to further
malicious intent. This means that the data sent must be received by the authorized recipient in
its entirety and unaltered. Whether on data storage media or in migration, integrity is critical.
Data integrity is essential for business and e-commerce websites. The introduction of malicious
code into databases and Man-in-the-Middle (MITM) attacks are some examples of attacks that
compromise data integrity.
confidentiality, integrity and availability, also known as the CIA triad, is designed to avoid
security issues, prevent deformational activities within an organization and also to ensure
business continuity. Together, these three principles form the foundation of any organization's
security infrastructure. EMC cyber is a cyber security company which provides security
products and services. The main objective EMC cyber is to make sure of CIA triad of their
survives and data & information.
1.1.3 Integrity
Integrity is the protection against illegal tampering, modification or alteration of data to further
malicious intent. This means that the data sent must be received by the authorized recipient in
its entirety and unaltered. Whether on data storage media or in migration, integrity is critical.
Data integrity is essential for business and e-commerce websites. The introduction of malicious
code into databases and Man-in-the-Middle (MITM) attacks are some examples of attacks that
compromise data integrity.
Developers typically use hashing algorithms such as MD5 and SHA1 to verify the accuracy of
data. Certificates, digital signatures and non-repudiation are further methods. (Logsign, 2021)
Some features of Integrity,

• Encryption: Our backup and recovery solutions use AES 256-bit encryption to secure
and protect your sensitive data.
• Hashing: Unitrends uses a SHA-512 cryptographic hash function to track duplicate
blocks during replication and offers multiple unique methods to maintain hash
references as data is duplicated.
• Recovery Testing: The highest level of application recovery testing is automated by
Unitrends Recovery Assurance without the involvement of IT personnel. It fully
recovers applications, performs analysis, measures recovery time and recovery point
and identifies the reasons for any recovery failure.

• Reporting: Powered by Recovery Assurance technology, our solution enables you to
automatically run a disaster recovery test to see reports and statistics that reveal how
business continuity is affected and how much data your business could lose.
• Hardened Linux Backup Appliances: Unitrends backup appliances are built on a
ransomware-resistant hard Linux platform, unlike weak Windows-based backups.
• Immutable Cloud Storage for Backup Copy: Unitrends Cloud-powered appliances
offer an immutable backup copy by storing a copy of your backup in the cloud or on
dedicated media (such as a disk), apart from your production environment and network.
(“The CIA Triad and Its Importance in Data Security | Unitrends”)
1.1.4 Availability
Continual availability of resources and services only to authorized personnel at the right time
is another security function provided by availability. Any organization must maintain reliable
hardware to provide continuous service to a large number of customers. Less downtime is
required during updates and backing up vital information on external devices will come in
handy in case of data loss.
In the worst-case scenario, quick disaster recovery strategies should be implemented. Backing
up data, patching and having redundant systems are further critical security measures. Fault
tolerance is ensured by redundancy. This means that when a primary system fails, a secondary
machine can provide functionality and services. In this scenario, security experts direct all
traffic or workloads to a backup system.
Some features of availability,
• Self-Healing Backup - Unitrends Helix is an intelligent SaaS remediation platform

with a laser focus on eliminating manual tasks such as troubleshooting environmental
issues that affect backups. Helix is designed to diagnose and fix the most common
backup problems without you having to lift a finger. Helix learns what conditions it
should look for and how to fix them automatically.
• Instant Recovery - Unitrends Instant Recovery enables you to recover a failed or
corrupted virtual machine or physical Windows server and access its entire data set in
minutes. This means that production data can be accessed and your employees can
resume work very quickly after an unexpected server failure. A faster recovery means
less downtime and more productivity for your organization.
• Replicas - The VM replica feature provides a quick way to restore a failed VMware
VM. It creates a virtual machine replica of the original VM and keeps the replica up to
date by applying backups of the original VM as they run.
(“VM replicas - guides.unitrends.com”)
1.1.5 Importance of CIA Triad in Cyber Security

Data theft and security breaches are causing problems in today's organizations. More recent
reports and polls reflect an unfavorable picture of the organization's cybersecurity posture.
There is a Facebook data breach controversy in the news right now that leaked the personal
information of millions of users. Due to lax standards, the majority of businesses have insecure
data, which can lead to data breaches and heavy fines for failing to comply with regulations
such as the General Data Protection Regulation.
Table 1. CIA triad importance |Source (Reddit, 2022)
Simply put, CIA (Confidentiality, Integrity and Availability) helps improve their services and
security. The purpose of 'confidentiality' is to ensure the security of data by preventing
unauthorized access to information. Only an authorized person can access the required
information. The objective of 'integrity' involves maintaining the consistency, accuracy and
reliability of data throughout its lifetime. The purpose of 'availability' is to ensure that systems,
applications and data are available to users when they need them.
1.2 Identify types of security risks EMC Cyber is subject to its present setup
and the impact that they would make on the business itself. Evaluate at least
three physical and virtual security risks identified and suggest the security
measures that can be implemented in order to improve the organization’s
security.
Current state of EMC cyber can be subjected various kinds of security risks that can implement
huge impacts on the business itself. There are both physical and virtual risks and impacts Some
of major virtual security risks are its likely to get hijacked, taking down websites maliciously
and Malware infections and data breaches etc. and as some physical risks are Theft and
Burglary, Vandalism, natural disasters etc. These kinds of risks can lead to huge impacts and
huge losses of sensitive data and information also in financial and the existence of the business.
If they take necessary measures, they can prevent those impacts, both physical and
virtual. Some safe measures to avoid previously mentioned virtual risks,
1) Improving the security of computer systems and using recommended step to secure them.
2) Smart password and security practices and using anti-malware software’s.
3) Using proper firewalls and VPN solutions etc.
Some safe measures to avoid previously mentioned physical risks,
1) Enabling security systems such as CCTV, Alarm’s systems etc.
2) Reducing noises and vibrations present in the workplace and preventing contact
from physical hazards such as radiation or microwaves and giving a proper
knowledge to employees about systems, safety measures etc.
3) Choosing a proper environment and creating a favorable atmosphere.
4) Having backup plans in case of emergencies etc.

There are many types of security risks to organizations. Some of the most common
include:
1. Data breaches: A data breach is when an unauthorized individual gains access to sensitive
or confidential information. This can happen through hacking, phishing, or social engineering.
2. Malware: Malware is a type of malicious software that can infect computers and devices. It
can damage systems, steal data, and cause other problems.
3. Denial of service attacks: A denial of service attack is when a hacker prevents legitimate
users from accessing a system or service. This can be done by flooding the system with traffic
or requests, or by taking control of devices and using them to attack the system.
4. Insider threats: An insider threat is when a current or former employee, contractor, or other
individual with access to an organization’s systems and data misuse their access for malicious
purposes.
5. Physical security risks: Physical security risks are those that involve the physical security
of an organization’s premises, equipment, and data. This can include risks such as theft,
vandalism, and natural disasters.
However, some common security procedures that organizations may implement include
background checks for employees, security clearance procedures, security training for
employees, and the use of security systems such as CCTV and access control systems. There
are a few measures that can be implemented in order to improve the organization's security.
One is to implement a strong cyber security strategy, which can help to prevent data breaches
and cyber-attacks. Another is to implement physical security measures, such as CCTV cameras
and security guards, which can help to deter physical attacks. Finally, the company can also
consider implementing ISO 27001, which is an international standard for information security
management.
Figure 2. Security risk types |Source (iStock, 2022)

1.3 Develop and describe security procedures for EMC Cyber to minimize
the impact of issues by assessing and rectifying the risks.
To minimize the impact of potential cyber security threats to Lockhead's web site, applications,
and infrastructure, EMC Cyber can follow the following security procedures:
• Conduct a thorough risk assessment: The first step in minimizing cyber security risks
is to identify and assess potential threats. This can be done through a risk assessment
process, which involves identifying assets, analyzing the likelihood and impact of
potential threats, and evaluating the existing controls in place to mitigate those threats.
• Implement a robust security plan: Once the risks have been identified and assessed,
EMC Cyber can develop and implement a security plan to mitigate those risks. This
may include measures such as implementing firewalls, antivirus software, intrusion
detection and protection systems, and endpoint security measures.
• Regularly update and maintain security systems: It is important to regularly update

and maintain security systems to ensure that they are effective in protecting against new
and emerging threats. This may involve installing patches and updates, as well as
conducting regular testing and monitoring of security systems.
• Train employees on security best practices: Ensuring that employees are aware of
and adhere to security best practices can help to minimize the risk of cyber-attacks. This
may involve training employees on topics such as password management, phishing
scams, and the importance of keeping systems and software up to date.
• Follow industry-standard risk management practices: EMC Cyber can follow

industry-standard risk management practices, such as the ISO 31000 standard, when
developing and implementing its security plan. This can help to ensure that the security
measures in place are effective and aligned with industry best practices.
• Implement a robust incident response plan: In the event of a security breach or

cyber-attack, it is important to have a well-defined incident response plan in place to
minimize the impact of the incident. This may include measures such as identifying the
source of the attack, isolating affected systems, and restoring normal operations as
quickly as possible.
By following these security procedures, EMC Cyber can effectively minimize the impact of
potential cyber security threats to Lockhead's web site, applications, and infrastructure.
It is important to note that this process should be ongoing, as the IT landscape is constantly
changing and new threats may emerge. It is also important to involve all relevant stakeholders
in the risk assessment and treatment process, as they may have valuable insights and
perspectives on the risks facing the organization.
1.3.1 Importance assessing and treat IT security risks
Assessing and treating IT security risks are both important for ensuring the security of an
organization's IT systems and protecting against potential threats. However, there are some key
differences between the two:
Assessing IT security risks involves identifying and evaluating the potential risks to an
organization's IT systems. This process helps to identify the vulnerabilities and weaknesses in
an organization's IT infrastructure and allows the organization to prioritize its efforts to address
the most significant risks. Treating IT security risks involves implementing controls and
strategies to prevent or mitigate the impact of identified risks. This may involve implementing
technical controls, such as firewalls and antivirus software, or developing contingency plans to
minimize the impact of a security incident.
Overall, both assessing and treating IT security risks are important for ensuring the security
and reliability of an organization's IT systems and protecting against potential threats.
Assessing risks helps to identify vulnerabilities and prioritize efforts to address the most
significant risks, while treating risks involves implementing controls and strategies to prevent
or mitigate the impact of identified risks.
[ Space left intentionally ]

1.4 Propose a method to assess and treat IT security risks.
A policy is a set of rules, regulations, and guidelines that a business uses to ensure that
employees and customers are treated fairly and consistently. Policies provide guidance to
employees on how to handle different situations and help to ensure that the business is
operating in a manner that is consistent with its mission and values. Policies also help to protect
the business from liability and provide a framework for resolving disputes.
By having clear policies in place, businesses can ensure that their operations are conducted in
a manner that is fair and consistent, and that their customers and employees are treated with
respect.
In the case of the Lockheed Aerospace manufacturing, a policy would help to ensure that all
employees are aware of the security risks associated with developing IOT-based automation
applications, and the steps they should take to protect the organization’s data and systems. It
would also help to ensure that the proposed solution is implemented according to standard
software engineering principles.

Activity 02
Identify how EMC Cyber and its clients will be impacted by improper/
incorrect configurations that are applicable to firewalls and VPN solutions.
IT security can include a network monitoring system. Discuss how EMC
cyber can benefit by implementing a network monitoring system with
supporting reasons.
2.1 Identify how EMC Cyber and its clients will be impacted by improper/ incorrect
configurations that are applicable to firewalls and VPN solutions.
2.1.1 VPN
A Virtual Private Network (VPN) is a secure connection between two or more devices over the
internet. It allows users to access private networks and share data securely over public networks
as if their computing devices were directly connected to the private network. VPNs can be used
to protect sensitive data, access restricted websites, and browse the web anonymously.
Figure 3. a VPN | Source (Dreamstime, 2020)
2.1.2 Firewall
A firewall is a type of network security system that controls incoming and outgoing network
traffic based on predetermined security rules. Firewalls are used to protect a network from
unauthorized access and can be implemented as hardware, software, or a combination of both.
Firewalls work by examining the incoming and outgoing traffic to a network and blocking or
allowing access based on predetermined rules. These rules are typically defined by the

administrator of the firewall and can include things like blocking access to certain websites or
only allowing access to certain types of traffic.
Firewalls can be configured to block all traffic by default and only allow access to specific sites
or types of traffic. Alternatively, they can be configured to allow all traffic and block specific
sites or types of traffic.
Firewalls are an important part of a comprehensive network security strategy, as they can help
to prevent unauthorized access to a network and protect against potential cyber threats.
There are several different types of firewalls that can be used to protect a network, following
are some most used firewall types :
1. Network firewalls: Network firewalls are designed to protect a network from

unauthorized access. They are typically implemented as hardware devices and are
placed between the network and the internet. Network firewalls can be configured to
allow or block specific types of traffic based on predetermined rules.
2. Host-based firewalls: Host-based firewalls are installed on individual computers or

servers and protect those specific devices from unauthorized access. They can be
implemented as software or as a combination of software and hardware.
Figure 4. Host-based firewalls and Network firewalls | Source (Network raining, 2019)

2.1.3 VPN and firewall impact to an organization
Virtual Private Networks (VPNs) and firewalls are important technologies that can have a
significant impact on an organization. Some potential benefits of using VPNs and firewalls
include:
1. Improved security: VPNs and firewalls can help to protect an organization's network
from unauthorized access and potential cyber threats. VPNs encrypt the data
transmitted between the remote device and the company's internal network, making it
more difficult for hackers to intercept and steal sensitive information. Firewalls can
block or allow access to specific types of traffic based on predetermined rules, helping
to prevent unauthorized access to the network.
2. Access to company resources: VPNs allow employees to access company resources

such as file servers, databases, and internal websites from anywhere with an internet
connection. Firewalls can be configured to allow access to specific resources while
blocking access to others, helping to ensure that only authorized users can access
sensitive data.
3. Improved productivity: With VPNs, employees can work from anywhere and still
have access to the same resources and tools as they would if they were in the office.
This can improve productivity and allow for more flexible work arrangements.
Firewalls can also help to improve productivity by blocking access to websites or types
of traffic that may be distracting or unproductive.
4. Cost savings: VPNs can allow an organization to reduce or eliminate the need for a
physical office space, which can result in significant cost savings. Firewalls can also
help to reduce costs by protecting against potential cyber threats that could result in
costly downtime or data breaches.
5. Compliance: Depending on the industry and regulatory requirements, VPNs and

firewalls may be necessary to ensure compliance with laws and regulations related to
data privacy and security.
Overall, the impact of VPNs and firewalls on an organization will depend on its specific needs
and goals. However, in general, these technologies can provide a number of benefits including
improved security, access to company resources, improved productivity, cost savings, and
compliance with regulatory requirements.

2.1.4 Results of incorrect VPN and firewall configurations
Incorrectly configuring both a Virtual Private Network (VPN) and a firewall can have serious
consequences for an organization. Some potential issues that can arise from incorrect VPN and
firewall configuration include:
1. Security vulnerabilities: If either a VPN or a firewall is not properly configured, it

may have security vulnerabilities that can be exploited by hackers. This can result in
the theft of sensitive data or unauthorized access to company resources.
2. Loss of connectivity: Incorrect VPN or firewall configuration can result in a loss of

connectivity between the remote device and the company's internal network. This can
disrupt employees' ability to access the resources they need to do their jobs.
3. Compliance issues: Depending on the industry and regulatory requirements, VPNs and
firewalls may be necessary to ensure compliance with laws and regulations related to
data privacy and security. If either a VPN or a firewall is not configured correctly, it
may not provide the necessary level of protection and could result in non-compliance.
4. Productivity loss: If employees are unable to access the resources they need to do their
jobs because of VPN or firewall issues, it can lead to decreased productivity and
potentially even lost revenue.
5. Difficulty in diagnosing and fixing issues: If both a VPN and a firewall are incorrectly
configured, it can be difficult to determine which of the two is causing a particular issue.
This can make it more challenging to diagnose and fix problems, leading to additional
downtime and productivity loss.
Overall, it is important to ensure that both a VPN and a firewall are properly configured in
order to avoid these potential issues. This may include working with a professional IT team to
set up and maintain both technologies, as well as regularly testing and updating the
configurations to ensure that they are secure and functioning properly.

2.2 Discuss how EMC cyber can benefit by implementing a network monitoring system
with supporting reasons.
To help mitigate above mentioned potential issues, EMC Cyber could benefit from
implementing a network monitoring system. A network monitoring system is a tool that helps
to monitor and manage the performance of a network, including its availability, capacity, and
security. By implementing a network monitoring system, EMC Cyber could:
1. Identify and resolve problems more quickly: A network monitoring system can
provide real-time visibility into the performance of a network, allowing EMC Cyber to
identify and resolve problems more quickly. This can help to reduce downtime and
improve productivity for both EMC Cyber and its clients.
2. Improve security: A network monitoring system can alert EMC Cyber to potential
security threats and help to identify vulnerabilities in the network. This can help EMC
Cyber to take proactive measures to prevent cyber-attacks and improve the overall
security of the network.
3. Enhance compliance: A network monitoring system can help EMC Cyber to ensure
compliance with industry and regulatory requirements by providing visibility into the
performance and security of the network. This can help EMC Cyber to demonstrate
compliance to its clients and regulators.
4. Improve network efficiency: By monitoring the performance of the network in real-

time, EMC Cyber can identify bottlenecks and other issues that could impact the
efficiency of the network. This can help EMC Cyber to optimize the network and
improve its overall performance.
Overall, implementing a network monitoring system can provide a number of benefits to EMC
Cyber and its clients, including improved security, enhanced compliance, improved efficiency,
and the ability to quickly identify and resolve problems.

2.3 Show, using an example for each, how implementing a DMZ, static IP
and NAT in a network can improve Network Security.
2.3.1 a DMZ
A DMZ (demilitarized zone) is a network security area that sits between a trusted network,
such as a corporate intranet, and an untrusted network, such as the Internet. The purpose of a
DMZ is to provide an additional layer of security to a private network by isolating it from the
outside network and limiting access to only authorized traffic.
In a DMZ, servers that need to be accessed by external users, such as web servers or email
servers, are placed. These servers are then protected by a firewall, which controls the incoming
and outgoing traffic to and from the DMZ. This way, if an attacker were to compromise a server
in the DMZ, they would not have direct access to the internal network.
The DMZ is typically implemented using three firewalls: an external firewall to protect the
DMZ from the Internet, an internal firewall to protect the internal network from the DMZ, and
a third firewall between the DMZ and the internal network to allow authorized traffic to pass
through.
Figure 5. DMZ clipart | Source (Spiceworks, 2019)

2.3.2 Static IP addresses and NAT in a network
A static IP address is a fixed, permanent IP address assigned to a device or computer. It is in
contrast to a dynamic IP address, which is temporary and can change.
A static IP address is useful for devices that need to be accessed remotely, such as servers or
website hosting. It is also useful for devices that need to maintain a consistent connection, such
as security cameras or home automation systems.
To set up a static IP address, you need to access the device's network configuration settings and
specify the static IP address that you want to use. You may also need to specify the subnet
mask, default gateway, and DNS server addresses. It is important to make sure that the static
IP address you choose is not already in use on the network, or it could cause conflicts.
In some cases, you may need to configure your router or modem to assign a static IP address
to a specific device. This is typically done using the router's web-based configuration interface.
Figure 6.IP addresses | Source (Broadband compare, 2018)
Here are some common uses for static IP addresses,
1. Remote access: Static IP addresses are often used to allow remote access to devices,
such as through a VPN or remote desktop connection.
2. Hosting servers: If you are hosting a server, such as a website or game server, you will
need to use a static IP address. This allows users to access the server consistently, as
the IP address will not change.

3. Home automation: Devices like smart thermostats, security cameras, and home
automation systems often use static IP addresses to maintain a consistent connection.
4. Online gaming: Some online games may require a static IP address to function
properly.
5. Printer sharing: If you want to share a printer with multiple computers on your
network, you may need to assign a static IP address to the printer.
6. Network configuration: Static IP addresses are sometimes used in network

configuration, as they allow for more predictable and consistent network behavior.
7. Domain name resolution: If you have a domain name, you can use a static IP address
to link it to your website or other online services.
NAT (Network Address Translation) is a method used by network devices, such as routers, to
translate the IP addresses and port numbers of network traffic as it passes through a network.
NAT is used to enable multiple devices on a private network to share a single or a few public
IP addresses when connecting to the Internet.
There are three main types of NAT,
1. Static NAT: This type of NAT maps a specific private IP address to a specific public
IP address. This is useful for servers or other devices that need to be accessible from
the Internet.
2. Dynamic NAT: This type of NAT maps a private IP address to a public IP address
from a pool of available addresses. This allows multiple devices to share a small number
of public IP addresses.
3. NAT with Port Address Translation (PAT): This type of NAT maps multiple private
IP addresses to a single public IP address, using different port numbers to distinguish
between the different connections. This is also known as Network Address Port
Translation (NAPT).
NAT is useful for conserving public IP addresses and for hiding the internal network structure
from the Internet. It also provides some level of security by making it more difficult for external
devices to directly access devices on the private network.

Here are some common uses for NAT in a network,
1. To conserve public IP addresses: NAT allows multiple devices on a private network

to share a single or a few public IP addresses when connecting to the Internet. This
helps to conserve the limited number of available public IP addresses.
2. To hide the internal network structure: NAT can be used to hide the internal network
structure from the Internet, as it replaces the private IP addresses of devices with a
public IP address.
3. To provide some level of security: NAT can provide some level of security by making
it more difficult for external devices to directly access devices on the private network.
4. To enable internet access: NAT is often used to enable devices on a private network
to connect to the Internet, as it allows these devices to use a single shared public IP
address to access the Internet.
5. To allow servers to be accessed from the Internet: Static NAT can be used to map a
specific private IP address to a specific public IP address, allowing servers or other
devices to be accessed from the Internet.
Figure 7. NAT | Source (Wikipedia, 2021)

2.3.3 Show, using an example that how DMZ, static IP and NAT in a network
can improve Network Security to the company.
Here is an example of how DMZ, static IP, and NAT can improve network security in a
large company,
The DMZ is a network security area that sits between the large company's internal network and
the Internet. The DMZ contains servers that need to be accessed by external users, such as the
company's public website and email server. These servers are protected by a firewall, which
controls the incoming and outgoing traffic to and from the DMZ. If an attacker were to
compromise a server in the DMZ, they would not have direct access to the internal network.
Static IP addresses are used for servers and other devices that need to be accessed remotely or
need to maintain a consistent connection. By using static IP addresses for these devices, it is
easier to track and monitor their activity, as the IP address does not change. This can help to
identify and prevent security breaches.
NAT is used to translate the IP addresses and port numbers of network traffic as it passes
through a network. NAT can provide some level of security by making it more difficult for
external devices to directly access devices on the private network. It can also hide the internal
network structure from the Internet, making it harder for attackers to target specific devices.
In summary, using a DMZ, static IP addresses, and NAT can help to improve network security
by providing an additional layer of protection, making it easier to track and monitor activity,
and hiding the internal network structure from the Internet.

2.4 Identify and evaluate the tools that can be utilized by EMC cyber to
improve the network and security performance without compromising each
other. Evaluate at least three virtual and physical security measures that can
be implemented by EMC to uphold the integrity of organization’s IT policy.
There are several tools that a company can utilize to improve the performance of their network
and security without compromising each other. Some of these tools include:
1. Network monitoring tools: These tools allow a company to monitor the performance
of their network in real-time, identify bottlenecks and potential issues, and take
corrective action to improve performance. Examples of network monitoring tools
include SolarWinds Network Performance Monitor, PRTG Network Monitor, and
Nagios.
2. Firewall and intrusion prevention systems: These tools allow a company to block
unauthorized access to their network and protect against cyber threats such as malware
and ransomware. Examples of firewall and intrusion prevention systems include Cisco
Firepower, Palo Alto Networks, and Check Point.
3. Virtual Private Network (VPN) software: VPN software allows employees to

securely access the company's network and resources from remote locations. This can
improve security by encrypting data transmitted over the internet and preventing
unauthorized access to the company's network. Examples of VPN software include
NordVPN, ExpressVPN, and Private Internet Access.
4. Security Information and Event Management (SIEM) software: SIEM software

allows a company to collect, analyze, and report on security-related data from various
sources within the organization. This can help to detect potential security threats in real-
time and alert security personnel to take appropriate action. Examples of SIEM software
include Splunk Enterprise Security, LogRhythm, and IBM QRadar.
5. Load balancing software: Load balancing software allows a company to distribute

incoming traffic across multiple servers or resources, improving the performance and
availability of their network. Examples of load balancing software include F5 BIG-IP,
HAProxy, and NGINX.
By implementing these and other tools, a company can improve the performance of their
network and security without compromising each other. It is important, however, to carefully

evaluate and select the tools that are most appropriate for their specific needs and ensure that
they are properly configured and maintained to maximize their effectiveness.
Figure 8. Load balancing | Source (Wikipedia, 2021)
To uphold the integrity of the organization's IT policy, EMC Cyber could implement the
following virtual and physical security measures:
1. Two-factor authentication: 2FA is a security process that requires users to provide

two different authentication factors to access a system or network. This could include
something the user knows (such as a password), something the user has (such as a
security token), or something the user is (such as a fingerprint).
2. Network segregation: Network segregation is the process of separating different parts

of a network into separate, isolated segments. This can help to prevent the spread of
cyber threats and protect sensitive data.
3. Security Information and Event Management (SIEM): SIEM is a security solution

that aggregates and analyzes log data from multiple sources to identify security threats.

It can alert the system administrator to suspicious activity, allowing them to take action
to prevent a security breach.
In addition to these measures, EMC Cyber could also consider implementing a robust
cybersecurity policy and training program to educate employees on how to recognize and
prevent cyber threats. This could include training on topics such as secure password
management, identifying phishing attacks, and safe browsing practices.
2.4.1 Evaluate at least three virtual and physical security measures that can
be implemented by EMC to uphold the integrity of organization’s IT policy.
Virtual security measures are those that are implemented and enforced through the use of
computer systems, software, and other digital technologies. These measures are designed to
protect against cyber threats and unauthorized access to systems and data.
1. Virtual security measures:
a) Two-factor authentication: This involves requiring an additional form of authentication

beyond just a username and password in order to access an account or system. This could
include receiving a code via text message or using a biometric method such as fingerprint
scanning. Implementing two-factor authentication can help to prevent unauthorized access to
systems and accounts.
b) Network segmentation: This involves dividing a network into smaller, more secure
subnetworks, or segments. This can help to limit the scope of a potential breach and make it
more difficult for an attacker to access sensitive information. Network segmentation can be
implemented through the use of virtual local area networks (VLANs) or firewall rules.
c) Encryption: This involves encoding data so that it can only be accessed by someone with
the appropriate decryption key. Encrypting data in transit (e.g., when it is being transmitted
between systems) and at rest (e.g. when it is stored on a server) can help to protect it from being
accessed by unauthorized parties.
d) Firewalls: Firewalls are a type of security measure that helps to protect a network from
malicious attacks. Firewalls act as a barrier between the internal network and the outside world,
blocking any malicious traffic from entering the network.

2. Physical security measures:
a) Access controls: This involves implementing measures to control who has physical access
to a facility or server room. This could include the use of security badges, keycards, or
biometric scanners. Access controls can help to prevent unauthorized individuals from gaining
physical access to systems and data.
b) Security cameras: This involves the use of surveillance cameras to monitor a facility or
server room. Security cameras can help to deter potential attackers and can provide evidence
in the event of a security breach.
c) Environmental controls: This involves implementing measures to protect against

environmental threats such as fire, flood, or extreme temperatures. This could include the use
of fire suppression systems, flood sensors, and temperature monitoring systems. Protecting
against environmental threats can help to prevent damage to systems and data.
d) Intrusion detection systems: Intrusion detection systems are a type of security measure
that helps to detect any unauthorized access to a system or building. These systems can be used
to alert security personnel in the event of a breach.

2.5 Discuss three benefits to implement network monitoring systems with
supporting reasons.
A network monitoring system is a software or hardware system that is designed to monitor the
performance of a computer network and alert the network administrator to potential issues or
problems. Network monitoring systems typically collect data on various aspects of network
performance, such as bandwidth utilization, response times, and the availability of network
resources. This data is then analyzed and used to identify potential issues and generate alerts
when performance thresholds are exceeded or when other problems are detected.
Network monitoring systems can monitor networks of all sizes, from small local area networks
(LANs) to large enterprise networks. They can be used to monitor various types of networks,
including local area networks (LANs), wide area networks (WANs), and cloud-based
networks. Network monitoring systems can also be used to monitor various types of network
devices, such as servers, routers, switches, and firewalls.
Overall, a network monitoring system is an important tool for ensuring the performance,
uptime, and security of a computer network. By continuously monitoring the network and
alerting the administrator to potential issues, a network monitoring system can help to improve
the overall efficiency and effectiveness of the network.
There are several benefits to implementing network monitoring systems, including:
1. Improved network performance: Network monitoring systems allow a company to

identify bottlenecks and potential issues within their network in real-time. This can help
to improve the overall performance of the network by allowing the company to take
corrective action to resolve issues before they become major problems.
2. Increased uptime: Network monitoring systems can alert the company to potential
issues before they result in an outage or disruption of service. This can help to increase
the overall uptime of the network, ensuring that employees and customers have
consistent and reliable access to the resources they need.
3. Enhanced security: Network monitoring systems can detect potential security threats,
such as malware or unauthorized access, and alert the company to take appropriate
action. This can help to improve the overall security of the network and prevent data
breaches or other security incidents.

Overall, implementing network monitoring systems can help a company to improve the
performance, uptime, and security of their network, resulting in increased productivity,
customer satisfaction, and overall business success.
There are many tools available for monitoring a network. Some popular options include:
1. SolarWinds Network Performance Monitor: This is a comprehensive network

monitoring tool that allows you to monitor the performance of network devices, servers,
and applications, as well as detect and troubleshoot issues.
2. Nagios: This is an open-source network monitoring tool that provides alerts when
things go wrong and alerts when they get better.
3. Zabbix: This is another open-source network monitoring tool that allows you to
monitor the availability and performance of your network devices and servers.
4. ManageEngine OpManager: This is a commercial network monitoring tool that

provides real-time monitoring and alerts for your network devices and servers.
5. PRTG Network Monitor: This is a commercial network monitoring tool that allows
you to monitor your network devices, servers, and applications in real-time.
These are just a few examples of the many tools available for network monitoring. It's worth
considering company’s specific needs and budget when selecting a tool that's right for the
company.
Figure 9. Network monitoring system | Source (vi networks, 2021)

Activity 03
Discuss suitable risk assessment integrated enterprise risk management

procedures for EMC Cyber solutions and the impact an IT security audit
will have on safeguarding organization and its clients. Furthermore, your
discussion should include how IT security can be aligned with an
organizational IT policy and how misalignment of such a policy can impact
on organization’s security.
3.1 Discuss suitable risk assessment integrated enterprise risk management

procedures for EMC Cyber solutions and the impact an IT security audit
will have on safeguarding organization and its clients.
Risk assessment
Risk assessment is the process of identifying, analyzing, and evaluating the potential risks that
an organization or project may face. It is a crucial step in risk management, which is the process
of identifying, assessing, and prioritizing risks in order to minimize their impact on an
organization or project. The goal of risk assessment is to identify potential threats and
vulnerabilities, as well as the likelihood and potential impact of each risk. This information is
used to prioritize the risks and determine the appropriate course of action. This may involve
implementing controls to mitigate the risk, transferring the risk through insurance or other
means, or accepting the risk as part of doing business.
Risk assessment is an ongoing process that should be regularly reviewed and updated to ensure
that risks are being effectively managed. It is important to involve all relevant stakeholders in
the risk assessment process, as they may have valuable insights and perspectives on the risks
facing the organization.
There are several advantages to conducting a risk assessment:
1. Improved decision-making: By identifying and evaluating the potential risks that an

organization or project may face, decision-makers can make more informed decisions
about how to proceed. This can help to minimize the impact of risks and maximize the
chances of success.

2. Better resource allocation: Risk assessment can help to prioritize risks and allocate
resources to address the most significant ones first. This can help to ensure that
resources are used effectively and efficiently.
3. Enhanced safety and security: By identifying and addressing potential risks,

organizations can improve the safety and security of their operations. This is
particularly important in industries that involve hazardous materials or processes.
4. Improved reputation: By demonstrating a proactive approach to risk management,

organizations can improve their reputation and build trust with stakeholders.
5. Increased efficiency: By identifying and addressing potential risks, organizations can

improve their efficiency and reduce the likelihood of disruptions to their operations.
Overall, risk assessment is an important tool for helping organizations to identify and mitigate
potential risks, and to make more informed decisions about how to proceed.
Here are some suitable risk assessment and integrated enterprise risk management (ERM)
procedures that EMC Cyber could follow when developing a solution for Lockhead Aerospace:
1. Identify the risks: The first step in the risk assessment process is to identify the
potential risks that the solution may face. This can be done through a thorough analysis
of the manufacturing process and the specific web based IoT applications that will be
implemented. EMC Cyber should consider factors such as the sensitivity of the data
being processed, the potential for cyber-attacks, and the impact on the business if the
solution were to fail.
2. Analyze the risks: Once the risks have been identified, they should be analyzed to
determine the likelihood and potential impact of each risk. This can be done through
the use of risk assessment tools and techniques such as probability and impact matrices.
3. Evaluate the risks: The next step is to evaluate the identified risks to determine the
appropriate course of action. This may involve implementing controls to mitigate the
risk, transferring the risk through insurance or other means, or accepting the risk as part
of doing business. EMC Cyber should consider the specific requirements of the client,
including their use of ISO standards, when evaluating the risks.
4. Plan the solution: Based on the results of the risk assessment, EMC Cyber should plan
a solution that addresses the identified risks and meets the client's needs. This should

involve the development of a comprehensive security plan that outlines the specific
controls and measures that will be put in place to protect the solution.
5. Implement the solution: The final step is to implement the solution according to
standard software engineering principles. This should involve the development of a
project plan that outlines the specific tasks and milestones required to complete the
project, as well as the resources and budget needed to support it. EMC Cyber should
also establish clear policies and procedures for monitoring and reviewing the solution
to ensure that it remains effective over time.
3.1.1 Risk assessment matrix
A risk assessment matrix is a tool used to identify and assess potential risks to an organization.
It typically consists of a grid with the likelihood of a risk occurring on one axis and the impact
of the risk on the other axis. The intersection of these two factors is then used to determine the
overall risk level.
For example, a risk assessment matrix might have likelihood ratings of "rare," "unlikely,"
"likely," and "almost certain," and impact ratings of "minor," "moderate," "significant," and
"critical." The overall risk level is then determined by considering both the likelihood and
impact of the risk. Risks with a high likelihood and high impact would be considered high
priority and would require immediate attention. Risks with a low likelihood and low impact
would be considered low priority and may not require immediate attention.
The specific criteria and ratings used in a risk assessment matrix will depend on the
organization and the types of risks being considered. The matrix can be used to prioritize risks
and help organizations allocate resources to address the most pressing risks first.
Following is the risk matrix for the given company,

Description Probability Risk level Control measurers
• Keep software and operating

Malware and High Critical
systems up to date
ransomware
• back up data regularly
• Use strong, unique passwords
and firewalls
• Practice safe browsing habits
Power outages High High Risk • Use uninterruptible power

supplies (UPS) and generators
• Use redundant power sources
Human error High Moderate • Implement user training and

awareness programs
• Use error-checking tools and
checklists
Overheating of Medium Moderate • Keep computers in a cool,

computers well-ventilated area
• Clean the computer regularly
• Monitor the computer's
temperature
Network vulnerabilities High High Risk • Use firewalls

• Use strong, unique passwords
• Enable two-factor
authentication
• Train employees: Educate
employees on cybersecurity
best practices and the
importance of protecting
against malware and
ransomware.
Table 2. Risk assessment matrix | Source (Author’s data)

3.1.2 IT security audit
An IT security audit is a systematic review of an organization's information technology (IT)

systems, processes, and infrastructure to assess their security posture and identify potential
vulnerabilities. The purpose of an IT security audit is to identify weaknesses in an
organization's security controls and recommend steps to mitigate those weaknesses.
An IT security audit typically involves the following steps:
1. Planning: The audit team will define the scope of the audit, identify the resources
needed, and develop a plan for the audit.
2. Preparation: The audit team will gather information about the organization's IT
systems, processes, and infrastructure, and identify any potential risks or
vulnerabilities.
3. Testing: The audit team will use various techniques to test the organization's security
controls, such as scanning networks for vulnerabilities, testing system configurations,
and reviewing access controls.
4. Reporting: The audit team will compile a report detailing their findings and
recommendations for improving the organization's security posture.
5. Follow-up: The organization will review the audit report and implement any
recommended changes to improve their security posture.
An IT security audit is an important step in ensuring the security and integrity of an

organization's IT systems and data. It helps organizations identify and address potential
vulnerabilities before they can be exploited by attackers.
There are several types of IT security audits that can be conducted, depending on the focus and
scope of the audit:
1. Network security audit: A network security audit focuses on the security of an

organization's network infrastructure, including routers, switches, firewalls, and other
network devices.
2. System security audit: A system security audit focuses on the security of an

organization's individual computer systems, including the operating system,
applications, and data.

3. Application security audit: An application security audit focuses on the security of an
organization's applications, including web-based and mobile applications.
4. Physical security audit: A physical security audit focuses on the security of an

organization's physical infrastructure, including data centers, server rooms, and other
facilities.
5. Compliance audit: A compliance audit assesses an organization's compliance with

industry regulations or standards, such as PCI DSS or HIPAA.
6. Penetration test: A penetration test, also known as a "pen test," simulates an attack on
an organization's systems to identify vulnerabilities that an attacker could exploit.
7. Social engineering audit: A social engineering audit tests an organization's employees'

susceptibility to social engineering attacks, such as phishing or pretexting.
8. Cloud security audit: A cloud security audit assesses the security of an organization's
data and systems in a cloud computing environment.
There are several reasons why organizations should conduct IT security audits and the
advantages of doing so:
1. Identify vulnerabilities: An IT security audit helps organizations identify

vulnerabilities in their systems, processes, and infrastructure that could be exploited by
attackers. By identifying these vulnerabilities, organizations can take steps to mitigate
them before an attack occurs.
2. Improve security posture: An IT security audit can help organizations improve their
overall security posture by identifying weaknesses and recommending ways to
strengthen security controls.
3. Meet compliance requirements: Many industries have specific regulations or
standards that organizations must meet, such as PCI DSS or HIPAA. An IT security
audit can help organizations ensure that they are compliant with these regulations.
4. Protect sensitive data: An IT security audit can help organizations protect sensitive
data, such as customer information or intellectual property, from unauthorized access
or data breaches.
5. Improve customer trust: By demonstrating that an organization has taken steps to
ensure the security of its systems and data, an IT security audit can improve customer
trust and confidence in the organization.
6. Save money: By identifying and addressing vulnerabilities before an attack occurs, an
IT security audit can help organizations save money that might otherwise be spent on
responding to a security incident.
7. Reduce risk: An IT security audit can help organizations reduce the risk of a security
incident occurring, which can have significant financial and reputational consequences.
Figure 10. IT Security Audit advantages | Source (Varonis, 2021)

3.2 Explain the mandatory data protection laws and procedures which will
be applied to data storage solutions provided by EMC Cyber. You should
also summarize ISO 31000 risk management methodology.
3.2.1 Data protection laws and procedures

Data protection laws are laws that regulate the collection, use, and storage of personal data and
protect the privacy of individuals. These laws may apply to organizations within a specific
geographic region, such as the European Union (EU) or the United States, or to a specific
industry, such as healthcare or financial services.
Data protection procedures are internal policies and procedures that organizations put in place
to protect data and ensure that it is used responsibly. These may include policies for handling
and storing data, access controls to limit who can access data, and incident response plans for
responding to data breaches. Data protection procedures may be required by law or industry
regulations, or they may be implemented voluntarily by organizations to protect their own data
and the data of their customers or clients.
Data protection laws and procedures have several uses and advantages:
1. Protect privacy: Data protection laws and procedures protect the privacy of individuals
by regulating the collection, use, and storage of personal data. This helps prevent
organizations from collecting or using personal data in ways that may be intrusive or
unethical.
2. Prevent data breaches: Data protection laws and procedures help prevent data
breaches by requiring organizations to implement appropriate security controls and
procedures to protect data. This can help reduce the risk of unauthorized access to or
disclosure of sensitive data.
3. Promote trust: By demonstrating that an organization is committed to protecting

personal data and complying with data protection laws and regulations, data protection
measures can help build trust with customers and clients.
4. Comply with regulations: Data protection laws and regulations may be required by
law or industry standards. By implementing data protection measures, organizations
can ensure that they follow these regulations.

5. Reduce risk: Data protection measures can help reduce the risk of data breaches and
other security incidents, which can have significant financial and reputational
consequences.
6. Protect data: Data protection measures help protect the integrity and confidentiality of
data, ensuring that it is not accessed or disclosed without proper authorization. This can
help organizations protect sensitive information, such as intellectual property or
customer data.
3.2.2 How will data protection acts affect to the company
Data protection acts, such as the General Data Protection Regulation (GDPR) or the California
Consumer Privacy Act (CCPA), can affect a company like EMC Cyber in several ways:
1. Compliance: EMC Cyber will need to ensure that they are compliant with data
protection laws and regulations when collecting, using, and storing personal data. This
may require implementing specific security controls and procedures to protect personal
data.
2. Risk assessment: EMC Cyber will need to assess the risks to personal data and take
appropriate measures to mitigate those risks. This may include conducting data
protection impact assessments (DPIAs) or implementing data protection by design and
default principles.
3. Data subject rights: EMC Cyber will need to respect the rights of data subjects,
including the right to access, rectify, erase, and restrict the processing of personal data.
They will also need to provide information to data subjects about how their personal
data is being collected and used.
4. Notification of data breaches: In the event of a data breach, EMC Cyber may be
required to notify relevant authorities and potentially affected individuals.
By following data protection laws and regulations, EMC Cyber can help ensure the security
and privacy of personal data and protect against data breaches. This can help build trust with
clients and customers and reduce the risk of financial and reputational consequences.

Figure 11. GDPR | Source (Snel,com, 2021)
3.2.3 IS0 31000
ISO 31000 is an international standard for risk management. It provides principles and
guidelines for managing risk in a systematic and consistent manner and can be applied to a
wide range of organizations and sectors.
The standard outlines the following principles for risk management:
1. Risk management should be an integral part of an organization's decision-making and

planning processes.
2. Risk management should be based on a sound understanding of the organization's

context and objectives.
3. Risk management should be tailored to the needs of the organization and be consistent
with other processes and practices.
4. Risk management should involve the participation of relevant stakeholders.
5. Risk management should be transparent and provide accountability.
6. Risk management should be systematic and continuous.
The standard also provides guidelines for implementing a risk management process, including
risk assessment, risk evaluation, risk treatment, and risk review.

By following the principles and guidelines outlined in ISO 31000, organizations can improve
their ability to identify, assess, and manage risks effectively.
Figure 12. ISO 31000 | Source (RiskWatch, 2022)
3.3 Discuss possible impacts to organizational security resulting from an IT

security audit.
An IT security audit can have several impacts on organizational security, both positive and
negative:
1. Identify vulnerabilities: One of the main benefits of an IT security audit is that it can
help organizations identify vulnerabilities in their systems, processes, and infrastructure
that could be exploited by attackers. By identifying these vulnerabilities, organizations
can take steps to mitigate them, improving their overall security posture.
2. Improve security posture: An IT security audit can help organizations improve their
overall security posture by identifying weaknesses and recommending ways to

strengthen security controls. This can help reduce the risk of security incidents and
protect sensitive data.
3. Meet compliance requirements: Many industries have specific regulations or

standards that organizations must meet, such as PCI DSS or HIPAA. An IT security
audit can help organizations ensure that they are compliant with these regulations,
reducing the risk of fines or other penalties.
4. Improve customer trust: By demonstrating that an organization has taken steps to

ensure the security of its systems and data, an IT security audit can improve customer
trust and confidence in the organization.
5. Save money: By identifying and addressing vulnerabilities before an attack occurs, an

IT security audit can help organizations save money that might otherwise be spent on
responding to a security incident.
6. Disrupt operations: Conducting an IT security audit can be time-consuming and may

require resources to be redirected away from other tasks. This can disrupt operations
and may impact the organization's productivity.
7. Negative perception: If an IT security audit identifies significant vulnerabilities or

non-compliance issues, this may create a negative perception of the organization among
customers, shareholders, or other stakeholders.

3.4 Consider how IT security can be aligned with organizational policy,
detailing the security impact of any misalignment.
Aligning IT security with organizational policy is important in order to ensure that an

organization's systems, processes, and data are protected effectively. When IT security is
misaligned with organizational policy, it can have several negative impacts on security:
1. Gaps in protection: If IT security measures are not aligned with organizational policy,
there may be gaps in protection that could be exploited by attackers. For example, if an
organization's policy requires that all data be encrypted, but the IT security measures in
place do not include data encryption, there is a gap in protection that could allow data
to be accessed or disclosed without proper authorization.
2. Non-compliance: If IT security measures are not aligned with regulatory or industry

requirements, the organization may be non-compliant, potentially leading to fines or
other penalties.
3. Reduced trust: If an organization's IT security measures are not in line with its stated
policies, customers, stakeholders, and employees may lose trust in the organization.
This can impact the organization's reputation and may lead to a loss of business.
4. Increased risk: Misalignment between IT security and organizational policy can

increase the risk of security incidents, such as data breaches or unauthorized access to
systems. This can have significant financial and reputational consequences for the
organization.
To ensure that IT security is aligned with organizational policy, it is important for organizations
to regularly review and update their policies, as well as their IT security measures, to ensure
that they are consistent and effective.

Activity 04
4.1 Design an organizational security policy for EMC Cyber to minimize

exploitations and misuses while evaluating the suitability of the tools used in
an organizational policy.
4.1.1 A security policy
A security policy is a document that outlines an organization's approach to security. It sets out
the principles and guidelines that the organization follows to protect its systems, networks,
data, and people from threats and vulnerabilities.
A security policy may cover a range of topics, including:
1. Access control: The policies and procedures for granting and revoking access to
systems, networks, and data.
2. Network security: The measures in place to protect the organization's network from
external threats, such as firewall configurations and intrusion prevention systems.
3. Data protection: The measures in place to protect the organization's data, including
data encryption and backup procedures.
4. Asset management: The policies and procedures for managing the organization's
assets, including hardware, software, and data.
5. Incident response: The procedures for responding to security incidents, such as data
breaches or system failures.
6. Training and awareness: The measures in place to educate employees about security
risks and how to protect the organization's systems and data.
A security policy should be tailored to the needs of the organization and reviewed and updated
regularly to ensure that it remains effective in protecting against current and emerging threats.

4.1.2 Policy for EMC Cyber
Following is the security policy for EMC Cyber:
Policy Statement: EMC Cyber is committed to protecting the security and confidentiality of
our clients' systems, networks, and data. To meet this commitment, we have implemented a
range of security measures and procedures to safeguard against threats and vulnerabilities.
Scope: This policy applies to all employees, contractors, and third-party service providers
working with EMC Cyber. It also applies to all systems, networks, and data owned or managed
by EMC Cyber.
Policy Requirements:
1. Access control: Access to systems, networks, and data will be granted on a need-to-
know basis and will be reviewed and updated regularly. Strong passwords and other
authentication measures will be used to protect against unauthorized access.
2. Network security: EMC Cyber will implement and maintain appropriate network
security measures, such as firewalls and intrusion prevention systems, to protect against
external threats.
3. Data protection: EMC Cyber will use encryption and other security measures to
protect client data in transit and at rest. Backups will be conducted regularly to ensure
that data can be recovered in the event of a disaster.
4. Asset management: EMC Cyber will maintain an inventory of all hardware, software,
and data assets and will implement appropriate controls to ensure their security.
5. Incident response: EMC Cyber will have a plan in place to respond to security
incidents, including data breaches and system failures. This plan will include
procedures for reporting incidents and conducting investigations.
6. Training and awareness: EMC Cyber will provide regular training and awareness
programs to educate employees about security risks and how to protect the
organization's systems and data.
This policy will be reviewed and updated regularly to ensure that it remains effective in
protecting against current and emerging threats.

4.1.3 Why should for EMC Cyber have a policy and its uses and advantages
Having a security policy is important for EMC Cyber for several reasons:
1. Provides guidance: A security policy provides guidance for employees and contractors
on how to protect the organization's systems, networks, and data. It helps to ensure that
everyone is working towards the same security goals and is aware of their
responsibilities in protecting the organization's assets.
2. Demonstrates commitment: A security policy demonstrates to clients, stakeholders,

and regulators that EMC Cyber is committed to protecting the security and
confidentiality of its systems and data. This can build trust and confidence in the
organization.
3. Increases security: A well-crafted security policy can help to identify and address
potential vulnerabilities and threats, which can increase the overall security of the
organization.
4. Promotes compliance: A security policy can help EMC Cyber to comply with
regulatory and industry requirements, such as data protection laws and standards like
ISO 31000.
5. Reduces risk: Implementing a security policy can help to reduce the risk of security
incidents, such as data breaches or unauthorized access to systems. This can help to
protect the organization's reputation and bottom line.
Overall, a security policy is a valuable tool for EMC Cyber in helping to protect the
organization's systems, networks, and data and ensuring that it meets the needs and
expectations of its clients and stakeholders.

Develop and present a disaster recovery plan for EMC Cyber according to the ISO/IEC
17799:2005 or similar standard which should include the main components of an
organizational disaster recovery plan with justifications. Discuss how critical the roles of
the stakeholders in the organization to successfully implement the security policy and the
disaster recovery plan you recommended as a part of the security audit.
4.2 Develop and present a disaster recovery plan for EMC Cyber
4.2.1 A disaster recovery plan
A disaster recovery plan is a set of procedures and policies that outline how an organization
should respond to and recover from a disaster or disruption. A disaster can be any event that
disrupts the normal operations of an organization, such as a natural disaster, cyber-attack, or
power outage. The purpose of a disaster recovery plan is to ensure that the organization is
prepared to respond to and recover from a disaster in a timely and effective manner.
A disaster recovery plan typically includes procedures for backing up and restoring data,
maintaining critical business functions, communicating with employees and stakeholders, and
transitioning to alternative work locations. It may also include procedures for testing and
training employees on the disaster recovery plan. The goal of a disaster recovery plan is to
minimize the impact of a disaster on the organization and ensure that it is able to return to
normal operations as quickly as possible
Figure 13. Disaster recovery plan| Source (SupraTS, 2022)

4.2.2 Disaster recovery plan for EMC cyber
ISO 17799:2005 :- ISO/IEC 17799:2005 is an international standard for information security

management that provides guidelines for the protection of information assets. It is also known
as ISO 17799 or the Code of Practice for Information Security Management.
The standard covers a wide range of topics related to information security, including risk
management, access control, data protection, and incident management. It is designed to help
organizations establish and maintain an effective information security management system
(ISMS) and to protect against threats such as unauthorized access, data breaches, and cyber-
attacks.
A disaster recovery plan is a set of procedures and policies that outline how an organization
should respond to and recover from a disaster or disruption. Here is a sample disaster recovery
plan for EMC Cyber:
Purpose: The purpose of this disaster recovery plan is to ensure that EMC Cyber is prepared
to respond to and recover from any disaster or disruption that could affect its operations.
Scope: This plan applies to all systems, networks, and data owned or managed by EMC Cyber.
It also applies to all employees, contractors, and third-party service providers working with
EMC Cyber.
When developing a disaster recovery plan for EMC Cyber according to the ISO/IEC
17799:2005 standard, the following main components should be included:
1. Risk assessment: A risk assessment should be conducted to identify potential disasters

and disruptions that could affect the organization, as well as the likelihood and impact
of each event. This information can be used to prioritize the disaster recovery plan and
allocate resources accordingly.
2. Backup and restoration: Procedures should be put in place to regularly back up

important data and systems, and to restore them in the event of a disaster. These
procedures should be tested regularly to ensure that they are effective.
3. Communication and notification: A plan should be in place for how to communicate

with employees and stakeholders in the event of a disaster, including notification
procedures and contact information for key personnel.

4. Critical business functions: The disaster recovery plan should identify which business
functions are critical to the organization and how they can be maintained or resumed in
the event of a disaster.
5. Alternate work locations: The plan should include provisions for relocating
employees to alternate work locations if necessary, including information on
transportation, housing, and equipment.
6. Testing and training: The disaster recovery plan should be tested regularly to ensure
that it is effective, and employees should be trained on their roles and responsibilities
in the event of a disaster.
In addition to these main components, the disaster recovery plan should also include a detailed
list of resources and procedures for responding to and recovering from a disaster, as well as a
timeline for implementing each step. The plan should be reviewed and updated regularly to
ensure that it is up to date and effective.
4.3 Critical roles of the stakeholders in the organization
The stakeholders in an organization are individuals or groups that have an interest or concern
in the organization. They can be internal stakeholders, such as employees and management, or
external stakeholders, such as customers, suppliers, shareholders, and regulators.
In the context of information security, the roles of the stakeholders in the organization are
critical because they can have a significant impact on the security of the organization's
information assets. For example:
• Management: Management has a critical role to play in establishing and maintaining

the organization's information security policies and procedures, as well as in providing
the necessary resources and support to ensure that they are effective.
• Employees: Employees play a key role in the security of the organization's information
assets, as they are responsible for following the established policies and procedures and
for reporting any security incidents or breaches.

• Customers: Customers have a right to expect that their personal and sensitive
information will be protected by the organization, and they can be a valuable source of
information on potential security threats or vulnerabilities.
• Suppliers: Suppliers can also have an impact on the security of the organization's
information assets, as they may have access to sensitive information or systems. It is
important for the organization to have secure processes in place for managing
relationships with suppliers.
• Shareholders: Shareholders have a vested interest in the security of the organization's

information assets, as the value of their investment can be affected by data breaches or
other security incidents.
• Regulators: Regulators play a critical role in ensuring that organizations adhere to

relevant laws and regulations related to information security. They can also help to hold
organizations accountable for any breaches or incidents that occur.
Figure 14. stakeholders in the organization| Source (Wikipedia, 2019)

4.3.1 implement the security policy and the disaster recovery plan you
recommended as a part of the security audit.
In order to successfully implement the security policy and disaster recovery plan, it is critical
that all stakeholders in the organization are involved and fully understand their roles and
responsibilities. This includes management, employees, IT staff, and any third-party service
providers.
Management needs to ensure that the policy and plan are clearly communicated and understood
by all employees, and that sufficient resources are allocated for their implementation.
Employees need to be educated on their role in following the policy and procedures, and IT
staff need to be responsible for implementing and maintaining the technical controls and
systems in place to support the policy and plan.
Third-party service providers, such as EMC Cyber, need to be involved in the development
and implementation of the policy and plan, and need to understand their responsibilities in
maintaining the security of the organization's systems and data.
Overall, it is important that all stakeholders are fully aware of their role in maintaining the
security of the organization, and that they work together to effectively implement and follow
the security policy and disaster recovery plan.
To implement the security audit recommendations, the following steps can be taken:
1. Identify the key stakeholders in the organization, including management, employees,

customers, and any third-party vendors or partners.
2. Communicate the findings of the security audit and the proposed recommendations to
all stakeholders, ensuring that they understand the importance of implementing these
measures.
3. Develop a plan for implementing the recommendations, including a timeline and budget
for any necessary resources or upgrades.
4. Assign responsibility for implementing each recommendation to a specific individual

or team within the organization.
5. Regularly review and monitor the effectiveness of the implemented security measures
to ensure that they are effective in protecting the organization's assets and data.

6. Adjust the security measures as needed, based on the results of the regular review and
monitoring process.
4.4 Evaluate the suitability of the tools used in an organizational policy.
To evaluate the suitability of the tools used in an organizational policy, there are several factors
to consider:
1. Relevance: The tools should be relevant to the goals of the policy. For example, if the
policy is focused on data protection, the tools should be related to data security.
2. Effectiveness: The tools should be effective at achieving the desired results. For
example, if the policy aims to prevent data breaches, the tools should be able to detect
and prevent such breaches.
3. Ease of use: The tools should be easy to use for the intended audience. If the tools are
too complex or difficult to use, they may not be adopted or used effectively.
4. Maintenance: The tools should be easy to maintain and update. If they require frequent
maintenance or updates, they may not be practical for long-term use.
5. Cost: The cost of the tools should be reasonable and in line with the budget of the
organization.
By considering these factors, organizations can determine if the tools they are using in their
policy are suitable for their needs.
Organizational policies typically outline the rules and guidelines that employees and
stakeholders should follow in order to achieve specific goals and objectives. These policies
may include a range of tools, such as training programs, risk assessments, and incident response
plans, that are designed to help ensure compliance and mitigate potential risks.
When evaluating the suitability of the tools used in an organizational policy, it is important to
consider a number of factors. These may include the effectiveness of the tools in achieving the
desired outcomes, the level of employee buy-in and engagement with the tools, the resources
required to implement and maintain the tools, and any potential negative impacts or unintended
consequences that may arise as a result of their use. It may also be useful to consider the
alignment of the tools with the overall goals and values of the organization, as well as with any
relevant industry standards or regulations.

Overall, the key to successfully implementing and evaluating the tools used in an
organizational policy is to have a clear understanding of the goals and objectives that the policy
is intended to achieve, and to ensure that the chosen tools are appropriately tailored to meet
those needs.

REFERENCES
www.logsign.com. (n.d.). What Is the CIA Triad and Why Is It Important for Cybersecurity?
- Logsign. [online] Available at: https://www.logsign.com/blog/what-is-the-cia-triad-and-
why-is-it-important-for-cybersecurity/.
Unitrends (2021). The CIA Triad and Its Importance in Data Security. [online] Unitrends.
Available at: https://www.unitrends.com/blog/cia-triad-confidentiality-integrity-
availability#:~:text=The%20CIA%20triad%20is%20vital.
CCOHS (2017). Risk assessment. [online] Ccohs.ca. Available at:

https://www.ccohs.ca/oshanswers/hsprograms/risk_assessment.html.
Cisco. (n.d.). What Is Network Monitoring? [online] Available at:

https://www.cisco.com/c/en/us/solutions/automation/what-is-network-
monitoring.html#:~:text=Network%20monitoring%20systems%20include%20software.
Default. (n.d.). Network Address Translation Definition | How NAT Works | Computer
Networks | CompTIA. [online] Available at: https://www.comptia.org/content/guides/what-is-
network-address-translation#:~:text=What%20Is%20NAT%3F.
for, O. (2005). ISO/IEC 17799:2005. [online] ISO. Available at:

https://www.iso.org/standard/39612.html.
forcepoint (2019). What is a Firewall? [online] Forcepoint. Available at:

https://www.forcepoint.com/cyber-edu/firewall.
GeeksforGeeks. (2022). Relationship Between VPN and Firewall. [online] Available at:
https://www.geeksforgeeks.org/relationship-between-vpn-and-firewall/.
IBM (n.d.). What is a disaster recovery (DR) plan. [online] www.ibm.com. Available at:
https://www.ibm.com/uk-en/services/business-continuity/disaster-recovery-
plan#:~:text=A%20disaster%20recovery%20(DR)%20plan%20is%20a%20formal%20docum
ent%20created.
id4d.worldbank.org. (n.d.). Data protection and privacy laws | Identification for

Development. [online] Available at: https://id4d.worldbank.org/guide/data-protection-and-
privacy-laws.

Information Technology at Sonoma State University. (2019). What are the roles and
responsibilities of key stakeholders? [online] Available at: https://it.sonoma.edu/kb/pm/what-
are-roles-and-responsibilities-key-stakeholders.
International Organization for Standardization (2018). ISO 31000 Risk management. [online]
ISO. Available at: https://www.iso.org/iso-31000-risk-management.html.
Kaspersky (2021). What is an IP Address – Definition and Explanation. [online]

www.kaspersky.com. Available at: https://www.kaspersky.com/resource-
center/definitions/what-is-an-ip-address.
Keary, T. (2018). 2019 Best FREE Network Monitoring Tools | 25+ Free & Premium Tools.
[online] Comparitech.com. Available at: https://www.comparitech.com/net-admin/network-
monitoring-tools/.
Lutkevich, B. (2021). What is a DMZ in Networking? [online] SearchSecurity. Available at:

https://www.techtarget.com/searchsecurity/definition/DMZ.
Lutkevich, B. (n.d.). What is a Security Policy? - Definition from SearchSecurity. [online]

SearchSecurity. Available at: https://www.techtarget.com/searchsecurity/definition/security-
policy.
NGINX (2018). What Is Load Balancing? How Load Balancers Work. [online] NGINX.
Available at: https://www.nginx.com/resources/glossary/load-balancing/.
Proofpoint. (2022). What Is a VPN? - Meaning, What It Does & More | Proofpoint AU.
[online] Available at: https://www.proofpoint.com/au/threat-
reference/vpn#:~:text=A%20Virtual%20Private%20Network%20(VPN.
Static vs. Dynamic IP Addresses. (n.d.). Static vs. Dynamic IP Addresses. [online] Available
at: https://www.avast.com/c-static-vs-dynamic-ip-
addresses#:~:text=A%20static%20IP%20address%20is.
Varghese, J. (2020). IT Security Audit: Types, Importance and Methodology. [online] Astra
Security Blog. Available at: https://www.getastra.com/blog/security-audit/it-security-audit/.

www.thousandeyes.com. (n.d.). How Virtual Private Networks Impact Application
Performance. [online] Available at: https://www.thousandeyes.com/blog/how-virtual-private-
networks-impact-
performance#:~:text=Sometimes%2C%20a%20misconfiguration%20or%20connecting.

Unit 05 - Security Reworded 2021 Bhanuka Perera

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Unit 05 - Security Reworded 2021 Bhanuka Perera

Uploaded by

Copyright:

Available Formats

Higher Nationals

Internal verification of assessment decisions – BTEC (RQF)

Programme title BTEC Higher National Diploma in Computing

Assessor Internal Verifier

Student’s name Jayasuriya Kuranage Bhanuka Perera

List which assessment Pass Merit Distinction

Do the assessment criteria awarded

Is the Pass/Merit/Distinction grade

• Identifying opportunities for

• Agreeing actions? Y/N

Does the assessment decision need

Internal Verifier signature Date

UNIT 05 – SECURITY | BHANUKA PERERA 1

Assessor signature Date

Programme Leader signature

UNIT 05 – SECURITY | BHANUKA PERERA 2

Unit Title Unit 05: Security

Assignment Number Assessor

LO1. Assess risks to IT security

Pass, Merit & Distinction P1 P2 M1 D1

LO2. Describe IT security solutions.

Pass, Merit & Distinction P3 P4 M2 D1

LO3. Review mechanisms to control organizational IT security.

Pass, Merit & Distinction P5 P6 M3 M4 D2

LO4. Manage organizational security.

Pass, Merit & Distinction P7 P8 M5 D3

Grade: Assessor Signature: Date:

Grade: Assessor Signature: Date:

Signature & Date:

UNIT 05 – SECURITY | BHANUKA PERERA 3

UNIT 05 – SECURITY | BHANUKA PERERA 4

Word Processing Rules

UNIT 05 – SECURITY | BHANUKA PERERA 5

1. I know that plagiarism is a punishable offence because it constitutes theft.

bhnkperera@gmail.com 28th December 2022

UNIT 05 – SECURITY | BHANUKA PERERA 6

Unit Number and Title Unit 5- Security

Academic Year 2020/2021

Unit Tutor Anne Roshanie

Assignment Title EMC Cyber

IV Name & Date

Unit Learning Outcomes:

LO1 Assess risks to IT security.

LO2 Describe IT security solutions.

LO3 Review mechanisms to control organizational IT security.

LO4 Manage organizational security.

UNIT 05 – SECURITY | BHANUKA PERERA 7

UNIT 05 – SECURITY | BHANUKA PERERA 8

UNIT 05 – SECURITY | BHANUKA PERERA 9

UNIT 05 – SECURITY | BHANUKA PERERA 10

UNIT 05 – SECURITY | BHANUKA PERERA 11

Grading Criteria Achieved Feedback

LO1 Assess risks to IT security

P1 Identify types of security risks to organizations.

M1 Propose a method to assess and treat IT security risks.

LO2 Describe IT security solutions

P3 Identify the potential impact to IT security of incorrect

P4 Show, using an example for each, how implementing a DMZ,

P5 Discuss risk assessment procedures.

UNIT 05 – SECURITY | BHANUKA PERERA 12

M3 Summarize the ISO 31000 risk management methodology and its

P7 Design and implement a security policy for an organization.

P8 List the main components of an organizational disaster recovery