Professional Documents
Culture Documents
Unit 05 - Security Reworded 2021 Bhanuka Perera
Unit 05 - Security Reworded 2021 Bhanuka Perera
• Constructive?
Y/N
• Linked to relevant assessment
criteria? Y/N
Give details:
Internal Verifier
Date
signature
Date Received
Submission Date
1st submission
Date Received 2nd
Re-submission Date
submission
Assessor Feedback:
1. A Cover page or title page – You should always attach a title page to your assignment. Use previous page as
your cover sheet and make sure all the details are accurately filled.
2. Attach this brief as the first section of your assignment.
3. All the assignments should be prepared using a word processing software.
4. All the assignments should be printed on A4 sized papers. Use single side printing.
5. Allow 1” for top, bottom, right margins and 1.25” for the left margin of each page.
1. The font size should be 12 point and should be in the style of Time New Roman.
2. Use 1.5 line spacing. Left justify all paragraphs.
3. Ensure that all the headings are consistent in terms of the font size and font style.
4. Use footer function in the word processor to insert Your Name, Subject, Assignment No, and Page Number
on each page. This is useful if individual sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to help editing your assignment.
Important Points:
1. It is strictly prohibited to use textboxes to add texts in the assignments, except for the compulsory information.
e.g.: Figures, tables of comparison etc. Adding text boxes in the body except for the before mentioned
compulsory information will result in rejection of your work.
2. Carefully check the hand in date and the instructions given in the assignment. Late submissions will not be
accepted.
3. Ensure that you give yourself enough time to complete the assignment by the due date.
4. Excuses of any nature will not be accepted for failure to hand in the work on time.
5. You must take responsibility for managing your own time effectively.
6. If you are unable to hand in your assignment on time and have valid reasons such as illness, you may apply (in
writing) for an extension.
7. Failure to achieve at least PASS criteria will result in a REFERRAL grade.
8. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will then be asked to
complete an alternative assignment.
9. If you use other people’s work or ideas in your assignment, reference them properly using HARVARD
referencing system to avoid plagiarism. You have to provide both in-text citation and a reference list.
10. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be reduced to A
REFERRAL or at worst you could be expelled from the course
I hereby, declare that I know what plagiarism entails, namely, to use another’s work and to present it as my own
without attributing the sources in the correct way. I further understand what it means to copy another’s work.
Issue Date
Submission Date
Submission Format:
The submission should be in the form of an individual written report written in a concise, formal business style
using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as
appropriate, and all work must be supported with research and referenced using Harvard referencing system.
Please provide in- text citation and an end list of references using Harvard referencing system.
Section 4.2 of the assignment required to do a 15-minute presentation to illustrate the answers.
‘EMC Cyber’ is a reputed cyber security company based in Colombo Sri Lanka that is delivering security
products and services across the entire information technology infrastructure. The company has a
number of clients both in Sri Lanka and abroad, which includes some of the top-level companies of the
world serving in multitude of industries. The company develops cyber security software including
firewalls, anti-virus, intrusion detection and protection, and endpoint security. EMC Cyber is tasked
with protecting companies’ networks, clouds, web applications and emails. They also offer advanced
threat protection, secure unified access, and endpoint security. Further they also play the role of
consulting clients on security threats and how to solve them. Additionally, the company follows
different risk management standards depending on the company, with the ISO 31000 being the most
prominent.
One of the clients of EMC Cyber, Lockhead Aerospace manufacturing which is a reputed aircraft
manufacturer based in the US, has tasked the company to investigate the security implications of
developing IOT based automation applications in their manufacturing process. The client has requested
EMC to further audit security risks of implementing web based IOT applications in their manufacturing
process and to propose solutions. Further, Lockhead uses ISO standards and has instructed EMC to use
the ISO risk management standards when proposing the solution.
The director of the company understands such a system would be the target for cyber-attacks. As you
are following a BTEC course which includes a unit in security, the director has asked you to investigate
and report on potential cyber security threats to their web site, applications, and infrastructure. After
the investigation you need to plan a solution and how to implement it according to standard software
engineering principles.
Assuming the role of External Security Analyst, you need to compile a report focusing on following
elements to the board of EMC Cyber’.
1.1 Identify the CIA Triad concept and evaluate why and how the CIA Triad could be utilize to EMC
Cyber in order to improve the organization’s security.
1.2 Identify types of security risks EMC Cyber is subject to its present setup and the impact that they
would make on the business itself. Evaluate at least three physical and virtual security risks identified
and suggest the security measures that can be implemented in order to improve the organization’s
security.
1.3 Develop and describe security procedures for EMC Cyber to minimize the impact of issues
discussed in section (1.1) by assessing and rectifying the risks.
Activity 02
2.1 Identify how EMC Cyber and its clients will be impacted by improper/ incorrect configurations
that are applicable to firewalls and VPN solutions. IT security can include a network monitoring
system. Discuss how EMC cyber can benefit by implementing a network monitoring system with
supporting reasons.
WEEK08
2.2 Explain how the following technologies would benefit EMC Cyber and its Clients by facilitating a
‘trusted network’. (Support your answer with suitable examples).
i) DMZ
ii) Static IP
iii)NAT
2.3 Identify and evaluate the tools that can be utilized by EMC cyber to improve the network and
security performance without compromising each other. Evaluate at least three virtual and physical
Activity 03
3.1 Discuss suitable risk assessment integrated enterprise risk management procedures for EMC
Cyber solutions and the impact an IT security audit will have on safeguarding organization and its
clients. Furthermore, your discussion should include how IT security can be aligned with an
organizational IT policy and how misalignment of such a policy can impact on organization’s security.
(This can include one or more of the following: network change management, audit control, business
continuance/disaster recovery plans, potential loss of data/business, intellectual property, Data
Protection Act; Computer Misuse Act; ISO 31000 standards.)
3.2 Explain the mandatory data protection laws and procedures which will be applied to data storage
solutions provided by EMC Cyber. You should also summarize ISO 31000 risk management
methodology.
Activity 04
4.1 Design an organizational security policy for EMC Cyber to minimize exploitations and misuses
while evaluating the suitability of the tools used in an organizational policy.
4.2 Develop and present a disaster recovery plan for EMC Cyber according to the ISO/IEC 17799:2005
or similar standard which should include the main components of an organizational disaster recovery
plan with justifications. Discuss how critical the roles of the stakeholders in the organization to
successfully implement the security policy and the disaster recovery plan you recommended as a part
of the security audit.
(Students should produce a 15-minute PowerPoint presentation which illustrates the answer for
this section including justifications and reason for decisions and options used).
Aside from her, I would also like to extend my gratitude to the management of
ESoft Metro Campus for conducting extra guidance sessions and for providing
the necessary facilities to join online learning due to the
prevailing pandemic situation.
Finally, I would also like to thank my family and my dear batch mates for their
support and encouraging me during this challenging time.
Regards,
Bhanuka Perera
Activity 01 .................................................................................................... 18
1.1 Identify the CIA Triad concept and evaluate why and how the CIA Triad could
be utilize to EMC Cyber in order to improve the organization’s security. ............... 18
1.2 Identify types of security risks EMC Cyber is subject to its present setup and the
impact that they would make on the business itself. Evaluate at least three physical
and virtual security risks identified and suggest the security measures that can be
implemented in order to improve the organization’s security. ............................... 22
1.3 Develop and describe security procedures for EMC Cyber to minimize the
impact of issues by assessing and rectifying the risks. ............................................. 24
Activity 02 .................................................................................................... 26
2.1 Identify how EMC Cyber and its clients will be impacted by improper/ incorrect
configurations that are applicable to firewalls and VPN solutions. ......................... 27
2.2 Discuss how EMC cyber can benefit by implementing a network monitoring
system with supporting reasons. .............................................................................. 31
UNIT 05 – SECURITY | BHANUKA PERERA 15
2.3 Show, using an example for each, how implementing a DMZ, static IP and NAT
in a network can improve Network Security. ........................................................... 32
2.3.1 a DMZ............................................................................................................ 32
2.3.3 Show, using an example that how DMZ, static IP and NAT in a network can
improve Network Security to the company. ......................................................... 36
2.4 Identify and evaluate the tools that can be utilized by EMC cyber to improve
the network and security performance without compromising each other. Evaluate
at least three virtual and physical security measures that can be implemented by
EMC to uphold the integrity of organization’s IT policy. .......................................... 37
2.4.1 Evaluate at least three virtual and physical security measures that can be
implemented by EMC to uphold the integrity of organization’s IT policy. ........... 39
Activity 03 .................................................................................................... 43
3.2 Explain the mandatory data protection laws and procedures which will be
applied to data storage solutions provided by EMC Cyber. You should also
summarize ISO 31000 risk management methodology. .......................................... 50
3.4 Consider how IT security can be aligned with organizational policy, detailing the
security impact of any misalignment. ....................................................................... 55
Activity 04 ...................................................................................................... 4
4.1.3 Why should for EMC Cyber have a policy and its uses and advantages ...... 58
4.2 Develop and present a disaster recovery plan for EMC Cyber ........................... 59
4.3.1 implement the security policy and the disaster recovery plan you
recommended as a part of the security audit. ...................................................... 63
4.4 Evaluate the suitability of the tools used in an organizational policy. ............... 64
REFERENCES ................................................................................................. 66
List of figures
1.1 Identify the CIA Triad concept and evaluate why and how the CIA Triad
could be utilize to EMC Cyber in order to improve the organization’s
security.
The goal of cyber security is to protect a company's digital assets from the increasing number
of cyber-attacks. By implementing proper security controls, security features such as
prevention, deterrence and detection of cybercrime can be provided. Ensuring the
confidentiality, integrity and availability (CIA) of data and services is the primary goal of cyber
security. The CIA is also known as the CIA Triad.
The CIA triad is critical to cybersecurity because it provides key security features, supports
regulatory compliance, ensures business continuity, and protects the company from
reputational damage. Learn how the CIA triad can improve your business's cybersecurity
posture.
1.1.3 Integrity
Integrity is the protection against illegal tampering, modification or alteration of data to further
malicious intent. This means that the data sent must be received by the authorized recipient in
its entirety and unaltered. Whether on data storage media or in migration, integrity is critical.
Data integrity is essential for business and e-commerce websites. The introduction of malicious
code into databases and Man-in-the-Middle (MITM) attacks are some examples of attacks that
compromise data integrity.
Developers typically use hashing algorithms such as MD5 and SHA1 to verify the accuracy of
data. Certificates, digital signatures and non-repudiation are further methods. (Logsign, 2021)
1.1.4 Availability
Continual availability of resources and services only to authorized personnel at the right time
is another security function provided by availability. Any organization must maintain reliable
hardware to provide continuous service to a large number of customers. Less downtime is
required during updates and backing up vital information on external devices will come in
handy in case of data loss.
In the worst-case scenario, quick disaster recovery strategies should be implemented. Backing
up data, patching and having redundant systems are further critical security measures. Fault
tolerance is ensured by redundancy. This means that when a primary system fails, a secondary
machine can provide functionality and services. In this scenario, security experts direct all
traffic or workloads to a backup system.
Some features of availability,
Simply put, CIA (Confidentiality, Integrity and Availability) helps improve their services and
security. The purpose of 'confidentiality' is to ensure the security of data by preventing
unauthorized access to information. Only an authorized person can access the required
information. The objective of 'integrity' involves maintaining the consistency, accuracy and
reliability of data throughout its lifetime. The purpose of 'availability' is to ensure that systems,
applications and data are available to users when they need them.
UNIT 05 – SECURITY | BHANUKA PERERA 22
1.2 Identify types of security risks EMC Cyber is subject to its present setup
and the impact that they would make on the business itself. Evaluate at least
three physical and virtual security risks identified and suggest the security
measures that can be implemented in order to improve the organization’s
security.
Current state of EMC cyber can be subjected various kinds of security risks that can implement
huge impacts on the business itself. There are both physical and virtual risks and impacts Some
of major virtual security risks are its likely to get hijacked, taking down websites maliciously
and Malware infections and data breaches etc. and as some physical risks are Theft and
Burglary, Vandalism, natural disasters etc. These kinds of risks can lead to huge impacts and
huge losses of sensitive data and information also in financial and the existence of the business.
If they take necessary measures, they can prevent those impacts, both physical and
virtual. Some safe measures to avoid previously mentioned virtual risks,
1) Improving the security of computer systems and using recommended step to secure them.
2) Reducing noises and vibrations present in the workplace and preventing contact
from physical hazards such as radiation or microwaves and giving a proper
knowledge to employees about systems, safety measures etc.
1. Data breaches: A data breach is when an unauthorized individual gains access to sensitive
or confidential information. This can happen through hacking, phishing, or social engineering.
2. Malware: Malware is a type of malicious software that can infect computers and devices. It
can damage systems, steal data, and cause other problems.
3. Denial of service attacks: A denial of service attack is when a hacker prevents legitimate
users from accessing a system or service. This can be done by flooding the system with traffic
or requests, or by taking control of devices and using them to attack the system.
4. Insider threats: An insider threat is when a current or former employee, contractor, or other
individual with access to an organization’s systems and data misuse their access for malicious
purposes.
5. Physical security risks: Physical security risks are those that involve the physical security
of an organization’s premises, equipment, and data. This can include risks such as theft,
vandalism, and natural disasters.
However, some common security procedures that organizations may implement include
background checks for employees, security clearance procedures, security training for
employees, and the use of security systems such as CCTV and access control systems. There
are a few measures that can be implemented in order to improve the organization's security.
One is to implement a strong cyber security strategy, which can help to prevent data breaches
and cyber-attacks. Another is to implement physical security measures, such as CCTV cameras
and security guards, which can help to deter physical attacks. Finally, the company can also
consider implementing ISO 27001, which is an international standard for information security
management.
To minimize the impact of potential cyber security threats to Lockhead's web site, applications,
and infrastructure, EMC Cyber can follow the following security procedures:
• Conduct a thorough risk assessment: The first step in minimizing cyber security risks
is to identify and assess potential threats. This can be done through a risk assessment
process, which involves identifying assets, analyzing the likelihood and impact of
potential threats, and evaluating the existing controls in place to mitigate those threats.
• Implement a robust security plan: Once the risks have been identified and assessed,
EMC Cyber can develop and implement a security plan to mitigate those risks. This
may include measures such as implementing firewalls, antivirus software, intrusion
detection and protection systems, and endpoint security measures.
• Train employees on security best practices: Ensuring that employees are aware of
and adhere to security best practices can help to minimize the risk of cyber-attacks. This
may involve training employees on topics such as password management, phishing
scams, and the importance of keeping systems and software up to date.
It is important to note that this process should be ongoing, as the IT landscape is constantly
changing and new threats may emerge. It is also important to involve all relevant stakeholders
in the risk assessment and treatment process, as they may have valuable insights and
perspectives on the risks facing the organization.
Assessing and treating IT security risks are both important for ensuring the security of an
organization's IT systems and protecting against potential threats. However, there are some key
differences between the two:
Assessing IT security risks involves identifying and evaluating the potential risks to an
organization's IT systems. This process helps to identify the vulnerabilities and weaknesses in
an organization's IT infrastructure and allows the organization to prioritize its efforts to address
the most significant risks. Treating IT security risks involves implementing controls and
strategies to prevent or mitigate the impact of identified risks. This may involve implementing
technical controls, such as firewalls and antivirus software, or developing contingency plans to
minimize the impact of a security incident.
Overall, both assessing and treating IT security risks are important for ensuring the security
and reliability of an organization's IT systems and protecting against potential threats.
Assessing risks helps to identify vulnerabilities and prioritize efforts to address the most
significant risks, while treating risks involves implementing controls and strategies to prevent
or mitigate the impact of identified risks.
A policy is a set of rules, regulations, and guidelines that a business uses to ensure that
employees and customers are treated fairly and consistently. Policies provide guidance to
employees on how to handle different situations and help to ensure that the business is
operating in a manner that is consistent with its mission and values. Policies also help to protect
the business from liability and provide a framework for resolving disputes.
By having clear policies in place, businesses can ensure that their operations are conducted in
a manner that is fair and consistent, and that their customers and employees are treated with
respect.
In the case of the Lockheed Aerospace manufacturing, a policy would help to ensure that all
employees are aware of the security risks associated with developing IOT-based automation
applications, and the steps they should take to protect the organization’s data and systems. It
would also help to ensure that the proposed solution is implemented according to standard
software engineering principles.
Identify how EMC Cyber and its clients will be impacted by improper/
incorrect configurations that are applicable to firewalls and VPN solutions.
IT security can include a network monitoring system. Discuss how EMC
cyber can benefit by implementing a network monitoring system with
supporting reasons.
2.1 Identify how EMC Cyber and its clients will be impacted by improper/ incorrect
configurations that are applicable to firewalls and VPN solutions.
2.1.1 VPN
A Virtual Private Network (VPN) is a secure connection between two or more devices over the
internet. It allows users to access private networks and share data securely over public networks
as if their computing devices were directly connected to the private network. VPNs can be used
to protect sensitive data, access restricted websites, and browse the web anonymously.
2.1.2 Firewall
A firewall is a type of network security system that controls incoming and outgoing network
traffic based on predetermined security rules. Firewalls are used to protect a network from
unauthorized access and can be implemented as hardware, software, or a combination of both.
Firewalls work by examining the incoming and outgoing traffic to a network and blocking or
allowing access based on predetermined rules. These rules are typically defined by the
Firewalls can be configured to block all traffic by default and only allow access to specific sites
or types of traffic. Alternatively, they can be configured to allow all traffic and block specific
sites or types of traffic.
Firewalls are an important part of a comprehensive network security strategy, as they can help
to prevent unauthorized access to a network and protect against potential cyber threats.
There are several different types of firewalls that can be used to protect a network, following
are some most used firewall types :
Figure 4. Host-based firewalls and Network firewalls | Source (Network raining, 2019)
Virtual Private Networks (VPNs) and firewalls are important technologies that can have a
significant impact on an organization. Some potential benefits of using VPNs and firewalls
include:
1. Improved security: VPNs and firewalls can help to protect an organization's network
from unauthorized access and potential cyber threats. VPNs encrypt the data
transmitted between the remote device and the company's internal network, making it
more difficult for hackers to intercept and steal sensitive information. Firewalls can
block or allow access to specific types of traffic based on predetermined rules, helping
to prevent unauthorized access to the network.
3. Improved productivity: With VPNs, employees can work from anywhere and still
have access to the same resources and tools as they would if they were in the office.
This can improve productivity and allow for more flexible work arrangements.
Firewalls can also help to improve productivity by blocking access to websites or types
of traffic that may be distracting or unproductive.
4. Cost savings: VPNs can allow an organization to reduce or eliminate the need for a
physical office space, which can result in significant cost savings. Firewalls can also
help to reduce costs by protecting against potential cyber threats that could result in
costly downtime or data breaches.
Overall, the impact of VPNs and firewalls on an organization will depend on its specific needs
and goals. However, in general, these technologies can provide a number of benefits including
improved security, access to company resources, improved productivity, cost savings, and
compliance with regulatory requirements.
Incorrectly configuring both a Virtual Private Network (VPN) and a firewall can have serious
consequences for an organization. Some potential issues that can arise from incorrect VPN and
firewall configuration include:
3. Compliance issues: Depending on the industry and regulatory requirements, VPNs and
firewalls may be necessary to ensure compliance with laws and regulations related to
data privacy and security. If either a VPN or a firewall is not configured correctly, it
may not provide the necessary level of protection and could result in non-compliance.
4. Productivity loss: If employees are unable to access the resources they need to do their
jobs because of VPN or firewall issues, it can lead to decreased productivity and
potentially even lost revenue.
5. Difficulty in diagnosing and fixing issues: If both a VPN and a firewall are incorrectly
configured, it can be difficult to determine which of the two is causing a particular issue.
This can make it more challenging to diagnose and fix problems, leading to additional
downtime and productivity loss.
Overall, it is important to ensure that both a VPN and a firewall are properly configured in
order to avoid these potential issues. This may include working with a professional IT team to
set up and maintain both technologies, as well as regularly testing and updating the
configurations to ensure that they are secure and functioning properly.
To help mitigate above mentioned potential issues, EMC Cyber could benefit from
implementing a network monitoring system. A network monitoring system is a tool that helps
to monitor and manage the performance of a network, including its availability, capacity, and
security. By implementing a network monitoring system, EMC Cyber could:
1. Identify and resolve problems more quickly: A network monitoring system can
provide real-time visibility into the performance of a network, allowing EMC Cyber to
identify and resolve problems more quickly. This can help to reduce downtime and
improve productivity for both EMC Cyber and its clients.
2. Improve security: A network monitoring system can alert EMC Cyber to potential
security threats and help to identify vulnerabilities in the network. This can help EMC
Cyber to take proactive measures to prevent cyber-attacks and improve the overall
security of the network.
3. Enhance compliance: A network monitoring system can help EMC Cyber to ensure
compliance with industry and regulatory requirements by providing visibility into the
performance and security of the network. This can help EMC Cyber to demonstrate
compliance to its clients and regulators.
Overall, implementing a network monitoring system can provide a number of benefits to EMC
Cyber and its clients, including improved security, enhanced compliance, improved efficiency,
and the ability to quickly identify and resolve problems.
2.3.1 a DMZ
A DMZ (demilitarized zone) is a network security area that sits between a trusted network,
such as a corporate intranet, and an untrusted network, such as the Internet. The purpose of a
DMZ is to provide an additional layer of security to a private network by isolating it from the
outside network and limiting access to only authorized traffic.
In a DMZ, servers that need to be accessed by external users, such as web servers or email
servers, are placed. These servers are then protected by a firewall, which controls the incoming
and outgoing traffic to and from the DMZ. This way, if an attacker were to compromise a server
in the DMZ, they would not have direct access to the internal network.
The DMZ is typically implemented using three firewalls: an external firewall to protect the
DMZ from the Internet, an internal firewall to protect the internal network from the DMZ, and
a third firewall between the DMZ and the internal network to allow authorized traffic to pass
through.
A static IP address is useful for devices that need to be accessed remotely, such as servers or
website hosting. It is also useful for devices that need to maintain a consistent connection, such
as security cameras or home automation systems.
To set up a static IP address, you need to access the device's network configuration settings and
specify the static IP address that you want to use. You may also need to specify the subnet
mask, default gateway, and DNS server addresses. It is important to make sure that the static
IP address you choose is not already in use on the network, or it could cause conflicts.
In some cases, you may need to configure your router or modem to assign a static IP address
to a specific device. This is typically done using the router's web-based configuration interface.
1. Remote access: Static IP addresses are often used to allow remote access to devices,
such as through a VPN or remote desktop connection.
2. Hosting servers: If you are hosting a server, such as a website or game server, you will
need to use a static IP address. This allows users to access the server consistently, as
the IP address will not change.
4. Online gaming: Some online games may require a static IP address to function
properly.
5. Printer sharing: If you want to share a printer with multiple computers on your
network, you may need to assign a static IP address to the printer.
7. Domain name resolution: If you have a domain name, you can use a static IP address
to link it to your website or other online services.
NAT (Network Address Translation) is a method used by network devices, such as routers, to
translate the IP addresses and port numbers of network traffic as it passes through a network.
NAT is used to enable multiple devices on a private network to share a single or a few public
IP addresses when connecting to the Internet.
1. Static NAT: This type of NAT maps a specific private IP address to a specific public
IP address. This is useful for servers or other devices that need to be accessible from
the Internet.
2. Dynamic NAT: This type of NAT maps a private IP address to a public IP address
from a pool of available addresses. This allows multiple devices to share a small number
of public IP addresses.
3. NAT with Port Address Translation (PAT): This type of NAT maps multiple private
IP addresses to a single public IP address, using different port numbers to distinguish
between the different connections. This is also known as Network Address Port
Translation (NAPT).
NAT is useful for conserving public IP addresses and for hiding the internal network structure
from the Internet. It also provides some level of security by making it more difficult for external
devices to directly access devices on the private network.
2. To hide the internal network structure: NAT can be used to hide the internal network
structure from the Internet, as it replaces the private IP addresses of devices with a
public IP address.
3. To provide some level of security: NAT can provide some level of security by making
it more difficult for external devices to directly access devices on the private network.
4. To enable internet access: NAT is often used to enable devices on a private network
to connect to the Internet, as it allows these devices to use a single shared public IP
address to access the Internet.
5. To allow servers to be accessed from the Internet: Static NAT can be used to map a
specific private IP address to a specific public IP address, allowing servers or other
devices to be accessed from the Internet.
Here is an example of how DMZ, static IP, and NAT can improve network security in a
large company,
The DMZ is a network security area that sits between the large company's internal network and
the Internet. The DMZ contains servers that need to be accessed by external users, such as the
company's public website and email server. These servers are protected by a firewall, which
controls the incoming and outgoing traffic to and from the DMZ. If an attacker were to
compromise a server in the DMZ, they would not have direct access to the internal network.
Static IP addresses are used for servers and other devices that need to be accessed remotely or
need to maintain a consistent connection. By using static IP addresses for these devices, it is
easier to track and monitor their activity, as the IP address does not change. This can help to
identify and prevent security breaches.
NAT is used to translate the IP addresses and port numbers of network traffic as it passes
through a network. NAT can provide some level of security by making it more difficult for
external devices to directly access devices on the private network. It can also hide the internal
network structure from the Internet, making it harder for attackers to target specific devices.
In summary, using a DMZ, static IP addresses, and NAT can help to improve network security
by providing an additional layer of protection, making it easier to track and monitor activity,
and hiding the internal network structure from the Internet.
There are several tools that a company can utilize to improve the performance of their network
and security without compromising each other. Some of these tools include:
1. Network monitoring tools: These tools allow a company to monitor the performance
of their network in real-time, identify bottlenecks and potential issues, and take
corrective action to improve performance. Examples of network monitoring tools
include SolarWinds Network Performance Monitor, PRTG Network Monitor, and
Nagios.
2. Firewall and intrusion prevention systems: These tools allow a company to block
unauthorized access to their network and protect against cyber threats such as malware
and ransomware. Examples of firewall and intrusion prevention systems include Cisco
Firepower, Palo Alto Networks, and Check Point.
By implementing these and other tools, a company can improve the performance of their
network and security without compromising each other. It is important, however, to carefully
To uphold the integrity of the organization's IT policy, EMC Cyber could implement the
following virtual and physical security measures:
In addition to these measures, EMC Cyber could also consider implementing a robust
cybersecurity policy and training program to educate employees on how to recognize and
prevent cyber threats. This could include training on topics such as secure password
management, identifying phishing attacks, and safe browsing practices.
2.4.1 Evaluate at least three virtual and physical security measures that can
be implemented by EMC to uphold the integrity of organization’s IT policy.
Virtual security measures are those that are implemented and enforced through the use of
computer systems, software, and other digital technologies. These measures are designed to
protect against cyber threats and unauthorized access to systems and data.
b) Network segmentation: This involves dividing a network into smaller, more secure
subnetworks, or segments. This can help to limit the scope of a potential breach and make it
more difficult for an attacker to access sensitive information. Network segmentation can be
implemented through the use of virtual local area networks (VLANs) or firewall rules.
c) Encryption: This involves encoding data so that it can only be accessed by someone with
the appropriate decryption key. Encrypting data in transit (e.g., when it is being transmitted
between systems) and at rest (e.g. when it is stored on a server) can help to protect it from being
accessed by unauthorized parties.
d) Firewalls: Firewalls are a type of security measure that helps to protect a network from
malicious attacks. Firewalls act as a barrier between the internal network and the outside world,
blocking any malicious traffic from entering the network.
a) Access controls: This involves implementing measures to control who has physical access
to a facility or server room. This could include the use of security badges, keycards, or
biometric scanners. Access controls can help to prevent unauthorized individuals from gaining
physical access to systems and data.
b) Security cameras: This involves the use of surveillance cameras to monitor a facility or
server room. Security cameras can help to deter potential attackers and can provide evidence
in the event of a security breach.
d) Intrusion detection systems: Intrusion detection systems are a type of security measure
that helps to detect any unauthorized access to a system or building. These systems can be used
to alert security personnel in the event of a breach.
A network monitoring system is a software or hardware system that is designed to monitor the
performance of a computer network and alert the network administrator to potential issues or
problems. Network monitoring systems typically collect data on various aspects of network
performance, such as bandwidth utilization, response times, and the availability of network
resources. This data is then analyzed and used to identify potential issues and generate alerts
when performance thresholds are exceeded or when other problems are detected.
Network monitoring systems can monitor networks of all sizes, from small local area networks
(LANs) to large enterprise networks. They can be used to monitor various types of networks,
including local area networks (LANs), wide area networks (WANs), and cloud-based
networks. Network monitoring systems can also be used to monitor various types of network
devices, such as servers, routers, switches, and firewalls.
Overall, a network monitoring system is an important tool for ensuring the performance,
uptime, and security of a computer network. By continuously monitoring the network and
alerting the administrator to potential issues, a network monitoring system can help to improve
the overall efficiency and effectiveness of the network.
2. Increased uptime: Network monitoring systems can alert the company to potential
issues before they result in an outage or disruption of service. This can help to increase
the overall uptime of the network, ensuring that employees and customers have
consistent and reliable access to the resources they need.
3. Enhanced security: Network monitoring systems can detect potential security threats,
such as malware or unauthorized access, and alert the company to take appropriate
action. This can help to improve the overall security of the network and prevent data
breaches or other security incidents.
There are many tools available for monitoring a network. Some popular options include:
2. Nagios: This is an open-source network monitoring tool that provides alerts when
things go wrong and alerts when they get better.
3. Zabbix: This is another open-source network monitoring tool that allows you to
monitor the availability and performance of your network devices and servers.
5. PRTG Network Monitor: This is a commercial network monitoring tool that allows
you to monitor your network devices, servers, and applications in real-time.
These are just a few examples of the many tools available for network monitoring. It's worth
considering company’s specific needs and budget when selecting a tool that's right for the
company.
Risk assessment
Risk assessment is the process of identifying, analyzing, and evaluating the potential risks that
an organization or project may face. It is a crucial step in risk management, which is the process
of identifying, assessing, and prioritizing risks in order to minimize their impact on an
organization or project. The goal of risk assessment is to identify potential threats and
vulnerabilities, as well as the likelihood and potential impact of each risk. This information is
used to prioritize the risks and determine the appropriate course of action. This may involve
implementing controls to mitigate the risk, transferring the risk through insurance or other
means, or accepting the risk as part of doing business.
Risk assessment is an ongoing process that should be regularly reviewed and updated to ensure
that risks are being effectively managed. It is important to involve all relevant stakeholders in
the risk assessment process, as they may have valuable insights and perspectives on the risks
facing the organization.
Overall, risk assessment is an important tool for helping organizations to identify and mitigate
potential risks, and to make more informed decisions about how to proceed.
Here are some suitable risk assessment and integrated enterprise risk management (ERM)
procedures that EMC Cyber could follow when developing a solution for Lockhead Aerospace:
1. Identify the risks: The first step in the risk assessment process is to identify the
potential risks that the solution may face. This can be done through a thorough analysis
of the manufacturing process and the specific web based IoT applications that will be
implemented. EMC Cyber should consider factors such as the sensitivity of the data
being processed, the potential for cyber-attacks, and the impact on the business if the
solution were to fail.
2. Analyze the risks: Once the risks have been identified, they should be analyzed to
determine the likelihood and potential impact of each risk. This can be done through
the use of risk assessment tools and techniques such as probability and impact matrices.
3. Evaluate the risks: The next step is to evaluate the identified risks to determine the
appropriate course of action. This may involve implementing controls to mitigate the
risk, transferring the risk through insurance or other means, or accepting the risk as part
of doing business. EMC Cyber should consider the specific requirements of the client,
including their use of ISO standards, when evaluating the risks.
4. Plan the solution: Based on the results of the risk assessment, EMC Cyber should plan
a solution that addresses the identified risks and meets the client's needs. This should
5. Implement the solution: The final step is to implement the solution according to
standard software engineering principles. This should involve the development of a
project plan that outlines the specific tasks and milestones required to complete the
project, as well as the resources and budget needed to support it. EMC Cyber should
also establish clear policies and procedures for monitoring and reviewing the solution
to ensure that it remains effective over time.
A risk assessment matrix is a tool used to identify and assess potential risks to an organization.
It typically consists of a grid with the likelihood of a risk occurring on one axis and the impact
of the risk on the other axis. The intersection of these two factors is then used to determine the
overall risk level.
For example, a risk assessment matrix might have likelihood ratings of "rare," "unlikely,"
"likely," and "almost certain," and impact ratings of "minor," "moderate," "significant," and
"critical." The overall risk level is then determined by considering both the likelihood and
impact of the risk. Risks with a high likelihood and high impact would be considered high
priority and would require immediate attention. Risks with a low likelihood and low impact
would be considered low priority and may not require immediate attention.
The specific criteria and ratings used in a risk assessment matrix will depend on the
organization and the types of risks being considered. The matrix can be used to prioritize risks
and help organizations allocate resources to address the most pressing risks first.
1. Planning: The audit team will define the scope of the audit, identify the resources
needed, and develop a plan for the audit.
2. Preparation: The audit team will gather information about the organization's IT
systems, processes, and infrastructure, and identify any potential risks or
vulnerabilities.
3. Testing: The audit team will use various techniques to test the organization's security
controls, such as scanning networks for vulnerabilities, testing system configurations,
and reviewing access controls.
4. Reporting: The audit team will compile a report detailing their findings and
recommendations for improving the organization's security posture.
5. Follow-up: The organization will review the audit report and implement any
recommended changes to improve their security posture.
There are several types of IT security audits that can be conducted, depending on the focus and
scope of the audit:
6. Penetration test: A penetration test, also known as a "pen test," simulates an attack on
an organization's systems to identify vulnerabilities that an attacker could exploit.
8. Cloud security audit: A cloud security audit assesses the security of an organization's
data and systems in a cloud computing environment.
There are several reasons why organizations should conduct IT security audits and the
advantages of doing so:
Data protection procedures are internal policies and procedures that organizations put in place
to protect data and ensure that it is used responsibly. These may include policies for handling
and storing data, access controls to limit who can access data, and incident response plans for
responding to data breaches. Data protection procedures may be required by law or industry
regulations, or they may be implemented voluntarily by organizations to protect their own data
and the data of their customers or clients.
Data protection laws and procedures have several uses and advantages:
1. Protect privacy: Data protection laws and procedures protect the privacy of individuals
by regulating the collection, use, and storage of personal data. This helps prevent
organizations from collecting or using personal data in ways that may be intrusive or
unethical.
2. Prevent data breaches: Data protection laws and procedures help prevent data
breaches by requiring organizations to implement appropriate security controls and
procedures to protect data. This can help reduce the risk of unauthorized access to or
disclosure of sensitive data.
4. Comply with regulations: Data protection laws and regulations may be required by
law or industry standards. By implementing data protection measures, organizations
can ensure that they follow these regulations.
6. Protect data: Data protection measures help protect the integrity and confidentiality of
data, ensuring that it is not accessed or disclosed without proper authorization. This can
help organizations protect sensitive information, such as intellectual property or
customer data.
Data protection acts, such as the General Data Protection Regulation (GDPR) or the California
Consumer Privacy Act (CCPA), can affect a company like EMC Cyber in several ways:
1. Compliance: EMC Cyber will need to ensure that they are compliant with data
protection laws and regulations when collecting, using, and storing personal data. This
may require implementing specific security controls and procedures to protect personal
data.
2. Risk assessment: EMC Cyber will need to assess the risks to personal data and take
appropriate measures to mitigate those risks. This may include conducting data
protection impact assessments (DPIAs) or implementing data protection by design and
default principles.
3. Data subject rights: EMC Cyber will need to respect the rights of data subjects,
including the right to access, rectify, erase, and restrict the processing of personal data.
They will also need to provide information to data subjects about how their personal
data is being collected and used.
4. Notification of data breaches: In the event of a data breach, EMC Cyber may be
required to notify relevant authorities and potentially affected individuals.
By following data protection laws and regulations, EMC Cyber can help ensure the security
and privacy of personal data and protect against data breaches. This can help build trust with
clients and customers and reduce the risk of financial and reputational consequences.
ISO 31000 is an international standard for risk management. It provides principles and
guidelines for managing risk in a systematic and consistent manner and can be applied to a
wide range of organizations and sectors.
3. Risk management should be tailored to the needs of the organization and be consistent
with other processes and practices.
The standard also provides guidelines for implementing a risk management process, including
risk assessment, risk evaluation, risk treatment, and risk review.
An IT security audit can have several impacts on organizational security, both positive and
negative:
1. Identify vulnerabilities: One of the main benefits of an IT security audit is that it can
help organizations identify vulnerabilities in their systems, processes, and infrastructure
that could be exploited by attackers. By identifying these vulnerabilities, organizations
can take steps to mitigate them, improving their overall security posture.
2. Improve security posture: An IT security audit can help organizations improve their
overall security posture by identifying weaknesses and recommending ways to
1. Gaps in protection: If IT security measures are not aligned with organizational policy,
there may be gaps in protection that could be exploited by attackers. For example, if an
organization's policy requires that all data be encrypted, but the IT security measures in
place do not include data encryption, there is a gap in protection that could allow data
to be accessed or disclosed without proper authorization.
3. Reduced trust: If an organization's IT security measures are not in line with its stated
policies, customers, stakeholders, and employees may lose trust in the organization.
This can impact the organization's reputation and may lead to a loss of business.
To ensure that IT security is aligned with organizational policy, it is important for organizations
to regularly review and update their policies, as well as their IT security measures, to ensure
that they are consistent and effective.
A security policy is a document that outlines an organization's approach to security. It sets out
the principles and guidelines that the organization follows to protect its systems, networks,
data, and people from threats and vulnerabilities.
1. Access control: The policies and procedures for granting and revoking access to
systems, networks, and data.
2. Network security: The measures in place to protect the organization's network from
external threats, such as firewall configurations and intrusion prevention systems.
3. Data protection: The measures in place to protect the organization's data, including
data encryption and backup procedures.
4. Asset management: The policies and procedures for managing the organization's
assets, including hardware, software, and data.
5. Incident response: The procedures for responding to security incidents, such as data
breaches or system failures.
6. Training and awareness: The measures in place to educate employees about security
risks and how to protect the organization's systems and data.
A security policy should be tailored to the needs of the organization and reviewed and updated
regularly to ensure that it remains effective in protecting against current and emerging threats.
Policy Statement: EMC Cyber is committed to protecting the security and confidentiality of
our clients' systems, networks, and data. To meet this commitment, we have implemented a
range of security measures and procedures to safeguard against threats and vulnerabilities.
Scope: This policy applies to all employees, contractors, and third-party service providers
working with EMC Cyber. It also applies to all systems, networks, and data owned or managed
by EMC Cyber.
Policy Requirements:
1. Access control: Access to systems, networks, and data will be granted on a need-to-
know basis and will be reviewed and updated regularly. Strong passwords and other
authentication measures will be used to protect against unauthorized access.
2. Network security: EMC Cyber will implement and maintain appropriate network
security measures, such as firewalls and intrusion prevention systems, to protect against
external threats.
3. Data protection: EMC Cyber will use encryption and other security measures to
protect client data in transit and at rest. Backups will be conducted regularly to ensure
that data can be recovered in the event of a disaster.
4. Asset management: EMC Cyber will maintain an inventory of all hardware, software,
and data assets and will implement appropriate controls to ensure their security.
5. Incident response: EMC Cyber will have a plan in place to respond to security
incidents, including data breaches and system failures. This plan will include
procedures for reporting incidents and conducting investigations.
6. Training and awareness: EMC Cyber will provide regular training and awareness
programs to educate employees about security risks and how to protect the
organization's systems and data.
This policy will be reviewed and updated regularly to ensure that it remains effective in
protecting against current and emerging threats.
Having a security policy is important for EMC Cyber for several reasons:
1. Provides guidance: A security policy provides guidance for employees and contractors
on how to protect the organization's systems, networks, and data. It helps to ensure that
everyone is working towards the same security goals and is aware of their
responsibilities in protecting the organization's assets.
3. Increases security: A well-crafted security policy can help to identify and address
potential vulnerabilities and threats, which can increase the overall security of the
organization.
4. Promotes compliance: A security policy can help EMC Cyber to comply with
regulatory and industry requirements, such as data protection laws and standards like
ISO 31000.
5. Reduces risk: Implementing a security policy can help to reduce the risk of security
incidents, such as data breaches or unauthorized access to systems. This can help to
protect the organization's reputation and bottom line.
Overall, a security policy is a valuable tool for EMC Cyber in helping to protect the
organization's systems, networks, and data and ensuring that it meets the needs and
expectations of its clients and stakeholders.
4.2 Develop and present a disaster recovery plan for EMC Cyber
A disaster recovery plan is a set of procedures and policies that outline how an organization
should respond to and recover from a disaster or disruption. A disaster can be any event that
disrupts the normal operations of an organization, such as a natural disaster, cyber-attack, or
power outage. The purpose of a disaster recovery plan is to ensure that the organization is
prepared to respond to and recover from a disaster in a timely and effective manner.
A disaster recovery plan typically includes procedures for backing up and restoring data,
maintaining critical business functions, communicating with employees and stakeholders, and
transitioning to alternative work locations. It may also include procedures for testing and
training employees on the disaster recovery plan. The goal of a disaster recovery plan is to
minimize the impact of a disaster on the organization and ensure that it is able to return to
normal operations as quickly as possible
The standard covers a wide range of topics related to information security, including risk
management, access control, data protection, and incident management. It is designed to help
organizations establish and maintain an effective information security management system
(ISMS) and to protect against threats such as unauthorized access, data breaches, and cyber-
attacks.
A disaster recovery plan is a set of procedures and policies that outline how an organization
should respond to and recover from a disaster or disruption. Here is a sample disaster recovery
plan for EMC Cyber:
Purpose: The purpose of this disaster recovery plan is to ensure that EMC Cyber is prepared
to respond to and recover from any disaster or disruption that could affect its operations.
Scope: This plan applies to all systems, networks, and data owned or managed by EMC Cyber.
It also applies to all employees, contractors, and third-party service providers working with
EMC Cyber.
When developing a disaster recovery plan for EMC Cyber according to the ISO/IEC
17799:2005 standard, the following main components should be included:
5. Alternate work locations: The plan should include provisions for relocating
employees to alternate work locations if necessary, including information on
transportation, housing, and equipment.
6. Testing and training: The disaster recovery plan should be tested regularly to ensure
that it is effective, and employees should be trained on their roles and responsibilities
in the event of a disaster.
In addition to these main components, the disaster recovery plan should also include a detailed
list of resources and procedures for responding to and recovering from a disaster, as well as a
timeline for implementing each step. The plan should be reviewed and updated regularly to
ensure that it is up to date and effective.
The stakeholders in an organization are individuals or groups that have an interest or concern
in the organization. They can be internal stakeholders, such as employees and management, or
external stakeholders, such as customers, suppliers, shareholders, and regulators.
In the context of information security, the roles of the stakeholders in the organization are
critical because they can have a significant impact on the security of the organization's
information assets. For example:
• Employees: Employees play a key role in the security of the organization's information
assets, as they are responsible for following the established policies and procedures and
for reporting any security incidents or breaches.
• Suppliers: Suppliers can also have an impact on the security of the organization's
information assets, as they may have access to sensitive information or systems. It is
important for the organization to have secure processes in place for managing
relationships with suppliers.
In order to successfully implement the security policy and disaster recovery plan, it is critical
that all stakeholders in the organization are involved and fully understand their roles and
responsibilities. This includes management, employees, IT staff, and any third-party service
providers.
Management needs to ensure that the policy and plan are clearly communicated and understood
by all employees, and that sufficient resources are allocated for their implementation.
Employees need to be educated on their role in following the policy and procedures, and IT
staff need to be responsible for implementing and maintaining the technical controls and
systems in place to support the policy and plan.
Third-party service providers, such as EMC Cyber, need to be involved in the development
and implementation of the policy and plan, and need to understand their responsibilities in
maintaining the security of the organization's systems and data.
Overall, it is important that all stakeholders are fully aware of their role in maintaining the
security of the organization, and that they work together to effectively implement and follow
the security policy and disaster recovery plan.
To implement the security audit recommendations, the following steps can be taken:
2. Communicate the findings of the security audit and the proposed recommendations to
all stakeholders, ensuring that they understand the importance of implementing these
measures.
3. Develop a plan for implementing the recommendations, including a timeline and budget
for any necessary resources or upgrades.
5. Regularly review and monitor the effectiveness of the implemented security measures
to ensure that they are effective in protecting the organization's assets and data.
To evaluate the suitability of the tools used in an organizational policy, there are several factors
to consider:
1. Relevance: The tools should be relevant to the goals of the policy. For example, if the
policy is focused on data protection, the tools should be related to data security.
2. Effectiveness: The tools should be effective at achieving the desired results. For
example, if the policy aims to prevent data breaches, the tools should be able to detect
and prevent such breaches.
3. Ease of use: The tools should be easy to use for the intended audience. If the tools are
too complex or difficult to use, they may not be adopted or used effectively.
4. Maintenance: The tools should be easy to maintain and update. If they require frequent
maintenance or updates, they may not be practical for long-term use.
5. Cost: The cost of the tools should be reasonable and in line with the budget of the
organization.
By considering these factors, organizations can determine if the tools they are using in their
policy are suitable for their needs.
Organizational policies typically outline the rules and guidelines that employees and
stakeholders should follow in order to achieve specific goals and objectives. These policies
may include a range of tools, such as training programs, risk assessments, and incident response
plans, that are designed to help ensure compliance and mitigate potential risks.
When evaluating the suitability of the tools used in an organizational policy, it is important to
consider a number of factors. These may include the effectiveness of the tools in achieving the
desired outcomes, the level of employee buy-in and engagement with the tools, the resources
required to implement and maintain the tools, and any potential negative impacts or unintended
consequences that may arise as a result of their use. It may also be useful to consider the
alignment of the tools with the overall goals and values of the organization, as well as with any
relevant industry standards or regulations.
www.logsign.com. (n.d.). What Is the CIA Triad and Why Is It Important for Cybersecurity?
- Logsign. [online] Available at: https://www.logsign.com/blog/what-is-the-cia-triad-and-
why-is-it-important-for-cybersecurity/.
Unitrends (2021). The CIA Triad and Its Importance in Data Security. [online] Unitrends.
Available at: https://www.unitrends.com/blog/cia-triad-confidentiality-integrity-
availability#:~:text=The%20CIA%20triad%20is%20vital.
Default. (n.d.). Network Address Translation Definition | How NAT Works | Computer
Networks | CompTIA. [online] Available at: https://www.comptia.org/content/guides/what-is-
network-address-translation#:~:text=What%20Is%20NAT%3F.
GeeksforGeeks. (2022). Relationship Between VPN and Firewall. [online] Available at:
https://www.geeksforgeeks.org/relationship-between-vpn-and-firewall/.
IBM (n.d.). What is a disaster recovery (DR) plan. [online] www.ibm.com. Available at:
https://www.ibm.com/uk-en/services/business-continuity/disaster-recovery-
plan#:~:text=A%20disaster%20recovery%20(DR)%20plan%20is%20a%20formal%20docum
ent%20created.
International Organization for Standardization (2018). ISO 31000 Risk management. [online]
ISO. Available at: https://www.iso.org/iso-31000-risk-management.html.
Keary, T. (2018). 2019 Best FREE Network Monitoring Tools | 25+ Free & Premium Tools.
[online] Comparitech.com. Available at: https://www.comparitech.com/net-admin/network-
monitoring-tools/.
NGINX (2018). What Is Load Balancing? How Load Balancers Work. [online] NGINX.
Available at: https://www.nginx.com/resources/glossary/load-balancing/.
Proofpoint. (2022). What Is a VPN? - Meaning, What It Does & More | Proofpoint AU.
[online] Available at: https://www.proofpoint.com/au/threat-
reference/vpn#:~:text=A%20Virtual%20Private%20Network%20(VPN.
Static vs. Dynamic IP Addresses. (n.d.). Static vs. Dynamic IP Addresses. [online] Available
at: https://www.avast.com/c-static-vs-dynamic-ip-
addresses#:~:text=A%20static%20IP%20address%20is.
Varghese, J. (2020). IT Security Audit: Types, Importance and Methodology. [online] Astra
Security Blog. Available at: https://www.getastra.com/blog/security-audit/it-security-audit/.