Professional Documents
Culture Documents
Male Assignment Example
Male Assignment Example
Piyumi Fernando
Assessor Internal Verifier
Unit 05: Security
Unit(s)
EMC Cyber
Assignment title
G.K. Ashen Imal
Student’s name
List which assessment criteria Pass Merit Distinction
the Assessor has awarded.
GK Ashen Unit05
Security
Assignment 01 2|Page
D2
LO4. Manage organisation
al security.
Pass, Merit & Distinction
Descripts P7 P8 M5 D3
Pearson
Higher Nationals in
Computing
GK Ashen
Unit05 Security
Assignment 01 3|Page
Unit 5 : Security
GK Ashen
Unit05 Security
1. A Cover page or title page – You should always attach a title page to your assignment. Use
previous page as your cover sheet and make sure all the details are accurately filled.
2. Attach this brief as the first section of your assignment.
3. All the assignments should be prepared using a word processing software.
4. All the assignments should be printed on A4 sized papers. Use single side printing.
5. Allow 1” for top, bottom , right margins and 1.25” for the left margin of each page.
1. The font size should be 12 point, and should be in the style of Time New Roman.
2. Use 1.5 line spacing. Left justify all paragraphs.
3. Ensure that all the headings are consistent in terms of the font size and font style.
4. Use footer function in the word processor to insert Your Name, Subject, Assignment No, and
Page Number on each page. This is useful if individual sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to help editing your
assignment.
Important Points:
1. It is strictly prohibited to use textboxes to add texts in the assignments, except for the
compulsory information. eg: Figures, tables of comparison etc. Adding text boxes in the body
except for the before mentioned compulsory information will result in rejection of your work.
2. Carefully check the hand in date and the instructions given in the assignment. Late submissions
will not be accepted.
3. Ensure that you give yourself enough time to complete the assignment by the due date.
4. Excuses of any nature will not be accepted for failure to hand in the work on time.
5. You must take responsibility for managing your own time effectively.
6. If you are unable to hand in your assignment on time and have valid reasons such as illness, you
may apply (in writing) for an extension.
7. Failure to achieve at least PASS criteria will result in a REFERRAL grade .
8. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will then
be asked to complete an alternative assignment.
9. If you use other people’s work or ideas in your assignment, reference them properly using
HARVARD referencing system to avoid plagiarism. You have to provide both in-text citation and a
reference list.
10. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be
reduced to A REFERRAL or at worst you could be expelled from the course
Student Declaration
I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as
my own without attributing the sources in the correct way. I further understand what it means to copy
another’s work.
GK Ashen
Unit05 Security
Assignment 01 5|Page
5. I acknowledge that the
attachment of this document, signed or not, constitutes a binding agreement between myself
and Pearson UK.
6. I understand that my assignment will not be considered as submitted if this document is not
attached to the main submission.
Student’s Signature:
(Provide E-mail ID)
gk.ashen99@gmail.com
GK Ashen Unit05
Security
Assignment 01 6|Page
Assignment Brief
Student Name /ID Number G.K Ashen Imal – COL/A-067880
Submission Format:
The submission should be in the form of an individual written report written in a concise, formal business style
using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as
appropriate, and all work must be supported with research and referenced using Harvard referencing system.
Please provide in- text citation and an end list of references using Harvard referencing system.
Section 4.2 of the assignment required to do a 15 minutes presentation to illustrate the answers.
GK Ashen
Unit05 Security
Assignment 01 7|Page
Assignment Brief and Guidance:
Scenario
‘EMC Cyber’ is a reputed cyber security company based in Colombo Sri Lanka that is delivering
security products and services across the entire information technology infrastructure. The company
has a number of clients both in Sri Lanka and abroad, which includes some of the top-level companies
of the world serving in multitude of industries. The company develops cyber security software
including firewalls, anti-virus, intrusion detection and protection, and endpoint security. EMC Cyber is
tasked with protecting companies’ networks, clouds, web applications and emails. They also offer
advanced threat protection, secure unified access, and endpoint security. Further they also play the
role of consulting clients on security threats and how to solve them. Additionally the company follows
different risk management standards depending on the company, with the ISO 31000 being the most
prominent.
One of the clients of EMC Cyber, Lockhead Aerospace manufacturing which is a reputed aircraft
manufacturer based in the US, has tasked the company to investigate the security implications of
developing IOT based automation applications in their manufacturing process. The client has
requested EMC to further audit security risks of implementing web based IOT applications in their
manufacturing process and to propose solutions. Further, Lockhead uses ISO standards and has
instructed EMC to use the ISO risk management standards when proposing the solution.
The director of the company understands such a system would be the target for cyber-attacks. As you
are following a BTEC course which includes a unit in security, the director has asked you to investigate
and report on potential cyber security threats to their web site, applications and infrastructure. After
the investigation you need to plan a solution and how to implement it according standard software
engineering principles.
GK Ashen
Unit05 Security
Assignment 01 8|Page
Activity 01
Assuming the role of External Security Analyst, you need to compile a report focusing on following
elements to the board of EMC Cyber’;
1.1 Identify the CIA Triad concept and evaluate why and how the CIA Triad could be utilize to EMC
Cyber in order to improve the organization’s security.
1.2 Identify types of security risks EMC Cyber is subject to its present setup and the impact that they
would make on the business itself. Evaluate at least three physical and virtual security risks identified
and suggest the security measures that can be implemented in order to improve the organization’s
security.
1.3 Develop and describe security procedures for EMC Cyber to minimize the impact of issues
discussed in section (1.1) by assessing and rectifying the risks.
Activity 02
2.1 Identify how EMC Cyber and its clients will be impacted by improper/ incorrect configurations that
are applicable to firewalls and VPN solutions. IT security can include a network monitoring system.
Discuss how EMC cyber can benefit by implementing a network monitoring system with supporting
reasons.
2.2 Explain how the following technologies would benefit EMC Cyber and its Clients by facilitating a
2.3 Identify and evaluate the tools that can be utilized by EMC cyber to improve the network and
security performance without compromising each other. Evaluate at least three virtual and physical
security measures that can be implemented by EMC to uphold the integrity of organization’s IT policy.
GK Ashen
Unit05 Security
Assignment 01 9|Page
Activity 03
3.1 Discuss suitable risk assessment integrated enterprise risk management procedures for EMC
Cyber solutions and the impact an IT security audit will have on safeguarding organization and its
clients. Furthermore, your discussion should include how IT security can be aligned with an
organizational IT policy and how misalignment of such a policy can impact on organization’s security.
(This can include one or more of the following: network change management, audit control, business
continuance/disaster recovery plans, potential loss of data/business, intellectual property, Data
Protection Act; Computer Misuse Act; ISO 31000 standards.)
3.2 Explain the mandatory data protection laws and procedures which will be applied to data storage
solutions provided by EMC Cyber. You should also summarize ISO 31000 risk management
methodology.
Activity 04
4.1 Design an organizational security policy for EMC Cyber to minimize exploitations and misuses
while evaluating the suitability of the tools used in an organizational policy.
4.2 Develop and present a disaster recovery plan for EMC Cyber according to the ISO/IEC 17799:2005
or similar standard which should include the main components of an organizational disaster recovery
plan with justifications. Discuss how critical the roles of the stakeholders in the organization to
successfully implement the security policy and the disaster recovery plan you recommended as a part
of the security audit.
(Students should produce a 15 minutes PowerPoint presentation which illustrates the answer for
this section including justifications and reason for decisions and options used).
Acknowledgment
GK Ashen
Unit05 Security
Assignment 01 10 | P a g e
I take this opportunity to thank who support me this assignment success. specially Miss. Piyumi
Fernando and other some kind of supported lectures and also my friends. so, I Acknowledge this
assignment my lecture Miss. Piyumi Fernando
GK Ashen
Unit05 Security
Assignment 01 11 | P a g e
Security
Unit 5
Contents
Figure ............................................................................................................................................ 15
Tables ............................................................................................................................................ 15
GK Ashen
Unit05 Security
Assignment 01 12 | P a g e
Activity 01 .....................................................................................................................................
16
Identify the CIA Triad concept and evaluate why and how the CIA Triad could be utilizing to
EMC Cyber in order to improve the organization’s security. .................................................... 16
What is security in IT field ..................................................................................................... 16
Defining a CIA triangle .......................................................................................................... 16
Identify the types of security vulnerabilities that affect EMC Cyber's current structure and the
business they operate. .................................................................................................................
17
Type of security risk ............................................................................................................... 17
Assess at least three identified physical and virtual security risks and suggest actionable
security measures to improve the security of the organization. .................................................
18
Establish and describe security procedures for EMC cyber to minimize the impact of the issues
discussed in Section (1.2) on Risk Assessment and Correction. ................................................
20
Activity 02 .....................................................................................................................................
21
Identify how EMC Cyber and its clients are affected by inappropriate / incorrect configurations
applicable to firewalls and VPN solutions. IT security may include a network monitoring
system. Discuss the possible benefits of EMC cyber utilization by implementing a network
monitoring system with supportive reasons. ..............................................................................
21 Discuss the advantages of putting network monitoring systems in
place. ................................. 24
Explain how the following technologies facilitate a 'trusted network' for EMC Cyber and its
clients. (Support your answer with appropriate examples) ........................................................
25
Identify and evaluate EMC cyber tools that can be used to improve network and security
performance without harming each other. ..................................................................................
28
Assess at least three virtual and physical security measures that can be implemented by the
EMC to enhance the integrity of the organization's IT policy. .................................................. 30
Activity 03 .....................................................................................................................................
32
Appropriate Risk Assessment for EMC Cyber Solutions Discuss the impact of integrated
enterprise risk management practices and IT security auditing on the organization and its
clients' security. Further, your discussion should include how IT security can be aligned with a
corporate IT policy and how non-compliance with such policy affects the security of the
organization. ...............................................................................................................................
32
GK Ashen
Unit05 Security
Assignment 01 13 | P a g e
Describe the mandatory data protection rules and procedures applicable to the data storage
solutions provided by EMC Cyber. You should also summarize the ISO 31000 risk
management system. ..................................................................................................................
37 Activity
04 ..................................................................................................................................... 39
Establish a corporate security policy for EMC Cyber to minimize exploitation and misuse when
assessing the suitability of tools used in corporate policy. ........................................................ 39
Prepare and submit a Disaster Recovery Plan for EMC Cyber in accordance with ISO / IEC
17799: 2005 or a similar standard, which should justifiably include the key elements of a
reasonable Disaster Recovery Plan. ...........................................................................................
50 Develop and Submit a disaster recovery plan for EMC
Cyber .................................................. 61
Discuss the Disaster Recovery Plan you have recommended as part of the Security Audit and
the crucial role of the organization's stakeholders in the successful implementation of the
Defense Policy. ...........................................................................................................................
76 Conclusion ....................................................................................................................................
79 Gantt Chart...................................................................................................................................
80
Reference ...................................................................................................................................... 81
Figure
GK Ashen
Unit05 Security
Assignment 01 14 | P a g e
72 Figure 19 Explain components slide
13 ......................................................................................... 72
Figure 20 Explain components slide 15 .........................................................................................
73 Figure 21Figure 21Explain components
slide14 ........................................................................... 73
Figure 22 Reference slide 16 ......................................................................................................... 74
Figure 23 Question slide 17 ...........................................................................................................
74 Figure 24 Thanks slide
18 .............................................................................................................. 75 Figure 25 Internal and
external Stakeholders ................................................................................ 76
Figure 26 Gantt chart .....................................................................................................................
80
Tables
Activity 01
Identify the CIA Triad concept and evaluate why and how the CIA Triad could be utilizing
to EMC Cyber in order to improve the organization’s security.
What is security in IT field
IT security is a series of cybersecurity strategies that avoid
unauthorized entry into organization, including computers,
networks and data. Maintains sensitive information's integrity
and confidentiality and blocks access for sophisticated hackers.
• Privacy: Access or modification of data should only be allowed by authorized users and
processes
•Integrity: No one should be able to improperly edit data either unintentionally or maliciously, as
long as it is retained in its original state.
• Accessibility: Access to data should be possible for authorized users whenever required.
Confidentiality of CIA
The protection of sensitive, private information against unauthorized access by people in today's
world is critical. Privacy must be protected if certain access levels for information can be defined
and enforced. In some situations, it involves the division of data into different collections
organized by who needs access to information and how sensitive that information is, i.e. the
amount of damage that has been sustained by violation of confidentiality.
Some of the most common confidentiality management solutions include access controller lists,
encryption of file and volume and permissions for Unix files.
It is a critical component of the CIA Triad designed to safeguard information from any
unauthorized party against deletion or modifications, and it ensures that the damages can be
reversed if an authorized person changes which should not have been done.
This is the final part of the CIA Triad and refers to your actual data availability. For information
to be protected and accessible when needed, authentication mechanisms, access channels, and
systems must all function properly.
Computing resources with architectures designed specifically to improve availability are high
availability systems. Based on the specific HA system concept, which can target hardware
failures, upgrades or power outages, or manage multiple network connections in the event of
multiple network crashes. This can help improve availability.
GK Ashen
Unit05 Security
Assignment 01 16 | P a g e
These are things mainly talking about CIA. So these things can apply EMC Cyber company to
improve the organization’s security.
Identify the types of security vulnerabilities that affect EMC Cyber's current structure and
the business they operate.
Type of security risk
Vulnerability
Vulnerability is a cybersecurity term that refers to a bug or vulnerability in a system that could be
attacked. Vulnerabilities can be security procedures, system design, system implementation, internal
control, and so on.
Types of vulnerabilities:
1. Media vulnerabilities
2. Physical vulnerabilities
3. Hardware vulnerabilities
4. Software vulnerabilities
5. Natural vulnerabilities
6. Human vulnerabilities
7. Communication vulnerabilities
Threat
Anyone capable of maliciously exploiting a computer system or using a vulnerability is considered a
threat. Damages occur in the form of data or system damage, data disclosure, data modification or
service denial. Attacks against computer systems, networks, etc., can cause threats Risk
Risk can be defined as the likelihood that a particular threat will exploit a particular vulnerability.
Risk is the function of threats that take advantage of the risk of property acquisition, damage or
destruction. Thus, threats (real, ideological or intrinsic) may exist, but there is no risk if there is no
damage. Likewise, you have a risk, but if you are not a threat, you are not at risk.
This formula can understand about connection between asset, threat, vulnerabilities and risk.
Risk = Asset + Threat + Vulnerability
Assess at least three identified physical and virtual security risks and suggest actionable
security measures to improve the security of the organization.
As a cyber service provider, there are some security risks that EMC Cyber faces in its current
setup, which discusses the impact of business risks.
GK Ashen
Unit05 Security
Assignment 01 17 | P a g e
2. Unauthorized modification of data or code from the system 3. Damage to
EMC Cyber has implemented a login and access control system to specify who has access and
how much control they have. At some point, access control systems can be compromised due to
damage to the design, forgetting to log out, stealing essays or user credentials. These factors may
cause any unauthorized users to gain access to the ssystem, which could danger privacy and the
security of stored data. Many users store sensitive information and mutual asset, which can have
disastrous consequences.
.
Unauthorized modification of data or code from the system
There may be competitors, developers or internal personal threats that attempt to remove or copy
the data or code without authorization of EMC Cyber. Data and code may be subject to damage,
disclosure, modification and a number of regulatory actions, compromising the privacy and
security of such intruders.
GK Ashen
Unit05 Security
Assignment 01 18 | P a g e
If above things happening below lost are coming forward,
Establish and describe security procedures for EMC cyber to minimize the impact of the
issues discussed in Section (1.2) on Risk Assessment and Correction.
As a solution for above bad experience EMC Cyber company can increase their security features.
Security features for computing has lot of methods for to increase security features. Following are
few of them,
Most firewalls are simple - they usually check the source and destination of a packet, that's all.
More advanced firewalls introduce persistent packet checking, which checks the integrity of file
packets for persistent issues before a packet can accept or reject it. So, EMC Cyber can use this
system to protect data and information. Specially, it mainly can prevent unauthorized connections
and malicious software from entering your network in EMC Cyber.
Businesses need to meet various IT security compliance standards for a variety of ways to track
and record infiltration efforts. Therefore, the use of IDS event logging solutions is a must for any
business that wishes to meet compliance standards. Some cyber providers provide IDS
monitoring, and all of their users are required to update their security rules in order to manage
threat signals and malicious IP addresses discovered by their firewalls. EMC Cyber service can
use this system to manage system event logging. As well as, intrusion detection systems are used
to detect anomalies with the aim of catching hackers before they do real damage to an EMC
network.
GK Ashen
Unit05 Security
Assignment 01 19 | P a g e
3. Individual applications and databases have their own internal firewalls.
Although having a powerful perimeter firewall can prevent external attacks, internal attacks are
still a major threat. Basic security without internal firewalls to control access to sensitive data and
applications cannot be considered secure. EMC cyber can prevent external attack by using this.
Specially, it prevents to damage to destruction of data or code inside or outside the system.
4. Data-at-Rest Encryption
It is important to encrypt the data stored in your cloud infrastructure in order to prevent
unauthorized access to your most sensitive data. Strong encryption can reduce the risk of using
stolen data against your company, users or clients, so you have the opportunity to alert them so
they can take steps to protect their identities. Encryption is the best for data securing to EMC
cyber company. Its helps to protect the system from unauthorized access
The physical hardware used to run a cyber environment represents one last opportunity for
hackers and industrial spies to steal your most important data. Hackers have free reign to steal
data or upload malware directly to your systems when they have direct access to the hardware
that runs the cyber. Data center avoid this problem. EMC can use for physical security. Its, help to
protect the system from Unauthorized modification of data or code from the system in EMC
Cyber and as well as to protect naturally happening risks.
Activity 02
Identify how EMC Cyber and its clients are affected by inappropriate / incorrect
configurations applicable to firewalls and VPN solutions. IT security may include a network
monitoring system. Discuss the possible benefits of EMC cyber utilization by implementing
a
network monitoring system with supportive reasons.
Firewall
A firewall is a network security device that monitors inbound and outbound network traffic and decides
whether certain types of specific traffic should be allowed or prohibited based on a set of security rules.
• Proxy firewall
GK Ashen
Unit05 Security
Assignment 01 20 | P a g e
• Stateful inspection firewall
• Next-generation firewall
VPN
The programming of a secure and encrypted connection over an unsecured network, such as the public
Internet, is known as a virtual private network (VPN). A VPN works with a shared public
infrastructure, while protecting privacy through security procedures and tunneling protocols. Actually,
protocols encrypt data at the sending end, decrypt data at the receiving end, and send data through a
"tunnel" that properly encrypted data cannot "access.". Not only is there an additional level of security
data, but also involves creating and receiving network addresses.
We can identify VPN types such as
• Remote access VPN
• Site-to-site VPN
• Mobile VPN
• Hardware VPN
GK Ashen
Unit05 Security
Assignment 01 21 | P a g e
Not Updating Rules Consistently Couldn't establish a connection with the remote
This does not mean that once the rules are computer
defined and set, your firewall does not need to Preventing the VPN client from making a working
be regularly monitored and updated. As your connection even though the server can be reached is
a firewall or port configuration issue
business network grows and shifts, so should
your firewall. Your IT team should review and
update your firewall for every new device and
user.
GK Ashen
Unit05 Security
Assignment 01 22 | P a g e
Inconsistent Authentication Requirements Because the domain's username and/or password
Authentication is another major firewall are invalid, access is denied.
configuration issue. If you have a network that
spans multiple sites, it is important to have When attempting to authenticate a Windows VPN,
consistent authentication standards across your the user may enter the wrong name or password. For
business. When authentication criteria do not computers that are part of a Windows domain, the
match, when one authentication is weaker than logon domain must be specified correctly.
the other, weak authentication is more
susceptible to attack.
Configure a misconfigured firewall does not provide the expected security, which can open the
network to attacks from outsiders. Access to the network for unauthorized external network
traffic, Poor network communication, performance, and behavior may affect poor performance
and network performance. Clients may have difficulty accessing data from center data centers.
Because of the high risk of losing sensitive data and physical assets in the wrong hands, clients
are at risk, and legal fees are imposed on EMC Cyber.
Inappropriate configuration of VPN will not provide the expected network and connection. An
inefficient and unsafe service may affect a client's dissatisfaction with EMC cyber, so they may
decide to seek out alternative Cyber service providers that overdrawn EMC Cyber. Data hackers
can sabotage the central data system. Loses encryption can be losing data packets on a VPN
server that can lead to application unavailability.
GK Ashen
Unit05 Security
Assignment 01 23 | P a g e
• Identify security threats
Instead of waiting until things go bad, diagnose and resolve equipment issues in a short amount of
time. This helps save money, time and resources and maintains the trust of clients
By depicting real-time network performance data in an easy-to-read interface, it can help identify
causes of human error, configuration issues, etc., So, that EMC Cyber can stay ahead. Network
monitoring enables you to get to the bottom of problems using real-time network maps and
automatically resolve issues with the help of network automation tools. Identifying security
threats is a possibility in a network monitoring system. Network monitoring systems provide a
historical insight into how equipment overtime works. So, EMC Cyber can find the latest
equipment and keep the network up-to-date with the latest technology
Explain how the following technologies facilitate a 'trusted network' for EMC Cyber and its
clients. (Support your answer with appropriate examples)
i) DMZ
ii) Static IP iii)NAT
DMZ
A DMZ, also known as a perimeter network or a screened subnetwork in computer networks, is a
physical or logical subnet that divides the local area network (LAN) from other unreliable
networks, most often the Internet. External interview servers, resources, and services are located
in the DMZ. Therefore, they can be accessed from the Internet, but cannot reach the rest of the
internal LAN. This adds another layer of security to the LAN by limiting hackers' ability to
access internal servers and data over the Internet.
There are certain benefits of DMZ towards EMC Cyber and its clients as follows.
• The DMZ serves as an isolated network between the public and private networks. This
configuration contributes to the addition of an extra layer of protection to the private
network.
GK Ashen
Unit05 Security
Assignment 01 24 | P a g e
• DMZ reduces the probability of hackers in direct access to the servers and data of EMC
Cyber via the internet.
• The DMZ safeguards sensitive organizational systems and resources.
Static IP
A static IP address is an IP address that is manually configured for a device, not from the address
assigned by the DHCP server. Because it does not change, it is called static.
Dynamic Host Configuration Protocol (DHCP) is a system management protocol that allows the
users of network services such as DNS/NTP and any UDP/TCP communication protocols to
automate device configuration processes on IP networks.
GK Ashen
Unit05 Security
Assignment 01 25 | P a g e
Static IP Without the need for changes It is more costly than a dynamic IP address,
manually - for web servers since the ISP often charges extra costs for static
and e-mail servers - the IP addresses. Additional security and manual
address does not change with configuration are also required, adding
the time. complexity in the connection of large numbers
of devices.
Static IP has many advantages over EMC Cyber and its clients. Such as,
NAT
The purpose of Network Address Translation (NAT) is to safeguard IP addresses. This enables
private IP networks to connect to the Internet using unregistered IP addresses. Before packets are
transmitted to another network, NAT operates on a router and converts private addresses into (not
globally unique) global to lawful addresses in the private network.
NAT has many advantages over EMC Cyber and its clients. Such as,
• Since EMC Cyber uses a single IP to communicate with the external world, no one can
track the network. Limits the amount of IP addresses an organization needs.
• Hosts on a NAT network get extra security, because the administrator does not want to
reach out to external people
• Above explanations provide evidences on how DMZ, Static IP and NAT benefit EMC
Cyber and its clients by facilitating a ‘trusted network’.
GK Ashen
Unit05 Security
Assignment 01 26 | P a g e
Figure 3 Network address translation (NAT)
A DMZ Static IP and NAT implementation in a network can improve a company's overall
network safety.
Deploying DMZ adds another corporate network security layer. The proper implementation of
DMZ ensures that the organization has an additional protection layer that allows it to identify and
reduce risks before reaching the internal network or behind the firewall, which is the location for
critical assets.
On the home network, a DMZ can be built between the local area network and the router by
adding a dedicated firewall. This structure, while expensive, can help prevent advanced attacks
from protecting internal devices better from possible external attacks.
DMZ implementation Static IP and NAT can enhance network security in a network
It provides greater DNS support when the servers are mapped to a DNS server when using static
IP, as the main advantages in terms of network security are static IP addresses. Improves
geolocation since the physical location can be mapped to static IP.
Identify and evaluate EMC cyber tools that can be used to improve network and security performance
without harming each other.
GK Ashen
Unit05 Security
Assignment 01 27 | P a g e
Tools and Techniques for Network Security
The EMC network is vulnerable to threats of all shapes and sizes. The biggest threat to most
businesses isn't random cybercriminals, but well-funded attackers. EMC network security strategy
must be capable of dealing with the various methods that these actors may employ.
Here are 6 network security tools and techniques to assist EMC in doing just that:
Access control
• If threat actors are unable to gain access to the EMC network, the amount of damage they
can cause will be severely limited.
• However, be aware that, in addition to preventing unauthorized access, even authorized
users can pose a threat.
• Accessibility control increases network security by restricting users' access and resources,
thereby restricting only those parts of the network that are directly related to their
functions.
Anti-malware software
• Viruses, Trojans, worms, key loggers, spyware, and other types of malware are designed
to spread through computer systems and infect networks.
• Anti-malware software is a type of network security software that detects and prevents the
spread of malicious programs.
• Anti-malware and antivirus software can also help with malware removal and network
damage reduction.
Application security
• Applications are a defensive vulnerability that can be exploited for many attackers.
• Application security aids in the establishment of security parameters for any applications
that may be important to the security of EMC network.
GK Ashen
Unit05 Security
Assignment 01 28 | P a g e
Email security
• Email security focuses on addressing human-related security flaws. Email security can be
used to identify potentially dangerous emails, as well as to block attacks and prevent the
sharing of sensitive information.
Firewalls
• Firewalls work similarly to gates, securing the boundaries between your network and the
internet.
• Firewalls control network traffic by allowing authorized traffic to pass while blocking
nonauthorized traffic.
Assess at least three virtual and physical security measures that can be implemented by the
EMC to enhance the integrity of the organization's IT policy.
Physical security is the foundation for our overall strategy when it comes to IT security. However,
some businesses may be distracted by the more advanced features of software-based security
products and overlook the importance of ensuring that the network and its components are
physically secure. So we will see how match that EMC cyber.
GK Ashen
Unit05 Security
Assignment 01 29 | P a g e
Of course, the best lock in the world won't do you any good if you don't use it, so you'll need
policies requiring that those doors be locked whenever the room is unoccupied, as well as who
has the key or key code to get in.
Someone with physical access to the servers, switches, routers, cables, and other devices in your
server room can do a lot of damage.
4. Make certain that the most vulnerable devices are kept in the closed room.
5. Use rack mount servers
6. Pack up the backups
7. Keep in mind that network security begins with physical security.
8. If an intruder is able to physically access your network and computers, no amount of
firewalls will keep them out. So lock as well
Virtualization security is a broad concept that encompasses a variety of approaches to assessing,
implementing, monitoring, and managing security in a virtualization infrastructure / environment.
GK Ashen
Unit05 Security
Assignment 01 30 | P a g e
• Security controls and procedures are implemented granularly at each virtual machine.
• Attacks and vulnerabilities surfaced from the underlying physical device are used to
secure virtual machines, virtual networks, and other virtual appliances.
• Ensure that each virtual machine is under your control and authority.
• Security policy creation and implementation across the infrastructure / environment
Virtual
Networks add a complexity layer to the underlying real networks. To avoid problem creation,
follow these three virtual network security measures.
Activity 03 Appropriate Risk Assessment for EMC Cyber Solutions Discuss the impact of
integrated
enterprise risk management practices and IT security auditing on the organization and its clients'
security. Further, your discussion should include how IT security can be aligned with a corporate
IT policy and how non-compliance with such policy affects the security of the organization.
We call it risk management because it's the process of recognizing, assessing, and controlling
threats to a company's capital and profits. Financial instability, legal liabilities, strategic
management failures, accidents, and natural calamities are just a few of the potential hazards.
Threats to IT security and data-related risks have risen to the top of the priority list for digitized
businesses.
GK Ashen
Unit05 Security
Assignment 01 31 | P a g e
As an example, the ISO 31000 principles offer businesses of any size or target sector frameworks
for improving risk management processes. The ISO 31000 is designed to "improve the likelihood
of achieving objectives, improve the identification of opportunities and threats, and efficiently
allocate and use resources for risk treatment," according to the ISO website. Although ISO 31000
cannot be used for certification, it can assist organizations in conducting internal or external risk
audits and comparing their risk management practices to internationally recognized benchmarks.
A security risk assessment identifies, evaluates, and implements key application security controls.
It also focuses on preventing security flaws and vulnerabilities in applications.
GK Ashen
Unit05 Security
Assignment 01 32 | P a g e
Unauthorized • Usage of • System is opened • Implementing two-factor Network
use of the security for attacks of the authentication Administrator
system software to outsiders • Use of strong passwords
block • Malware and • Using access control
unauthorized virus attacks may mechanism
access occur
• Using password • Client will be very
protection disappointment
Unauthorized • Usage of security • Network going to • Use digital signature System engineer
modification of software for be untrusted status • Encrypting data and network
data or code the protection • Sensitive data • Use bio metric administrator
from of data and the would be damaged methodologies
the system • Client will be very
code
disappointment
GK Ashen
Unit05 Security
Assignment 01 33 | P a g e
• protect from internet
threats
Installing backup database
to store data
Strategy Risk • The risks • This can lead to • Having a good Management
associated company down management and take
with a good decisions
particular • Use strategic information
company system to get strategic
strategy. decisions
By outsourcing IT services to handle EMC security audit, EMC organization can have a more
formidable IT system in place. Database management, resource planning, chain network
organization, and other core EMC Cyber functions may be included in an IT security audit. The
following are specific solutions that cover a security audit.
• Security auditors identify the types of data EMC have, how it flows in and out of EMC
organization, and who has access to it. The auditing team can also lay the groundwork for
any necessary improvements or enforcement. Data is one of your most valuable assets,
and it necessitates stringent security measures.
• The IT system is complex, with hardware, software, data, and procedures all playing a
role. Expert IT outsourcing services can determine if your system has any potential
problem areas. They can check to see if EMC's hardware or software tools are properly
configured and functioning. They may also retrace previous security incidents that may
have exposed EMC's security's flaws.
• The auditing process begins with a pre-audit, during which auditors gather information
from previous audits. It determines whether or not you need to change EMC Cyber's
security policies and standards. By the end of the audit, they'll have a good idea EMC
company has adequate security measures in place and that they're being followed
consistently.
• An IT security audit can assist you in determining the best security tools for EMC
company. It gives advice on how to use information technology to improve EMC's
GK Ashen
Unit05 Security
Assignment 01 34 | P a g e
security. The audit's security experts can tell you whether you're underspending or
overspending on your IT system.
Three Advantages of an Information Security Audit for EMC Cyber
3. Data Security
The following are the three main goals that security policies should achieve. (Deeply discus in activity 01)
1. Confidentiality - Concerns about protecting IT assets and networks from unauthorized users
2. Integrity- ensures that changes to IT assets are made in a controlled and authorized manner.
3. Availability- ensures the continuous access to IT assets and network by authorized users.
GK Ashen
Unit05 Security
Assignment 01 35 | P a g e
Failure of the following security policies or conflict of events with expected and desired security
will mainly affect the confidentiality, integrity and availability of IT assets and lead to network
unpleasant experiences,
Describe the mandatory data protection rules and procedures applicable to the data storage
solutions provided by EMC Cyber. You should also summarize the ISO 31000 risk
management system.
There are few mandatory data protection laws and procedures which are applicable to the data
storage solutions provided by EMC Cyber such as,
GK Ashen
Unit05 Security
Assignment 01 36 | P a g e
• Data Protection Act of 2018
• Computer Misuse Act of 1990
• The General Data Protection Regulation (GDPR)
• ISO/IEC 27002:2013
ISO 3100 risk management methodology
practices to internationally recognized benchmarks. Figure 4 ISO 31000 Risk Management Process
If your company handles any type of personal information about people, you must comply with
the Data Protection Act 2018. This was previously known as the Data Protection Act of 1998, but
it was updated in 2018 to comply with GDPR.
GK Ashen
Unit05 Security
Assignment 01 37 | P a g e
You should be aware of the rules that the Act imposes on how you obtain, store, share, and use
personal data. By adhering to these guidelines, you can ensure that your company handles data
securely and protects the privacy of its customers and employees.
ISO/IEC 27002:2013
ISO/IEC 27002:2013 provides guidelines for organizational information security standards and
information security management practices such as control selection, implementation, and
management while taking the organization's information security risk environment into account
(s)
Activity 04
Establish a corporate security policy for EMC Cyber to minimize exploitation and misuse
when assessing the suitability of tools used in corporate policy.
GK Ashen
Unit05 Security
Assignment 01 38 | P a g e
SECURITY POLICY EMC
CYBER
EMC CYBER
COLOMBO
SRI LANKA
DATE 07/15/2021
GK Ashen
Unit05 Security
Assignment 01 39 | P a g e
Table of contents.
1. Introduction 8. Email Policy
1. 1.Purpose 9. Glossary
1.2.Scope
1.3.History
1.4.Responsibilities
2. Access Policy.
1. 1.Purpose
2.2.Scope
2.3.Policy Definitions
3. IT Assets Policy
1. 1.Purpose
3.2.Scope
3.3.Policy Definitions
4.2.Scope
4.3.Policy Definitions
5. Employee policy
1. 1.Purpose
5.2.Scope
5.3.Policy Definitions
6. Outsourcing Policy
1. 1.Purpose
6.2.Scope
6.3.Policy Definitions
7. Password Control Policy
1. 1.Purpose
7.2.Scope
7.3.Policy Definition
GK Ashen Unit05
Security
Assignment 01 40 | P a g e
1. Introduction
Company internal and external audience responsible for the client’s data. they should be
need to protect so they used the security policies. This might include the EMC Cyber
company network, its physical building. It can be identifying the potential threats. If the
document focuses on cyber security, threats could include those from the inside, such as
possibility that disgruntled employees will steal personal information or launch an
internal virus on the EMC company's network or hacker from outside the company could
penetrate the system and cause loss of data, change data, or steal it.
Finally, physical damage to computer systems could occur, above fact we must throughout
of the company EMC modern technologies already used
1.1 Purpose
1.2 Scope
All parties to the service provided by EMC Cyber, such as customers and employees, are
subject to the security policy set forth herein.
1.3 History
Version Description From To Author
1.0 Initial version 8/1/20xx 7/1/20xx John Doe
GK Ashen
Unit05 Security
Assignment 01 41 | P a g e
1.4 Responsibilities
Roles Responsibilities
Chief Information • Accountable for all aspects of information security at the
Officer Organization.
Information • In charge of the IT infrastructure's security.
Security Officer • Make security threats, vulnerabilities, and risks a priority.
• Create, implement, and update Security Policy documents.
• Make certain that security training programs are in place.
• Ensure that your IT infrastructure is compliant with security
policies.
• Respond to incidents involving information security.
• Assist with disaster recovery plans.
Information • Assist with security requirements for their specific area; determine
Owners privileges and access rights to resources within their areas.
IT Security Team • Implements and manages information technology security.
• Implements resource privileges and access rights.
• Backs up security policies.
Users • Comply with security policies.
• Inform the authorities about any attempted security breaches.
Table 4 Responsibilities
• Only the Information Security Officer may grant exceptions to the policies outlined in this
document. In such cases, specific procedures for handling requests and authorization for
exceptions may be put in place.
• When a policy exception is invoked, an entry must be made in a security log specifying the
date and time, a description of the exception, the reason for the exception, and how the risk
was managed.
• All IT services should be used in accordance with the technical and security requirements
defined in the service design.
• Infringements on the policies outlined in this document may result in disciplinary action. In
some serious cases, they may even result in prosecution.
GK Ashen
Unit05 Security
Assignment 01 42 | P a g e
2. Access Policy
2.1 Purpose
The EMC IT Access Control Policy goal is to ensure that all access to information assets is properly
authorized, and that access permissions are updated and reviewed on a regular basis.
2.2 Scope
All access to EMC's information assets is subject to this IT Access Control Policy. This IT Access
Control Policy, as well as the IT Acceptable Use Policy, must be followed by all users who have
access to EMC's information systems. The same principles will govern access to physical and
nonphysical assets.
3. IT Assets Policy
GK Ashen
Unit05 Security
Assignment 01 43 | P a g e
3.1 Purpose
The purpose of the IT Asset Management Policy is to protect the company against loss
and security incidents, to lower the EMC company's risk profile to external and internal
pressures, to state commitment to legal compliance, and to lower costs and improve
productivity through more efficient and effective asset management.IT Asset Management
that is effective IT Asset Management is a fundamental policy that serves as a foundation for
other IT policies. Policies governing operations and information security.
3.2 Scope
This policy applies to all employees and non-employees who own, care for, or use EMC
IT Assets, as well as entities that manage, deploy, or support EMC IT Assets either
internally or externally to the EMC intranet.
• IT assets must be used only in connection with the business activities to which they have been
assigned and/or authorized.
• All IT assets must be classified into one of the Organization's security categories, based on the
current business function to which they are assigned.
• Every user is responsible for the upkeep and proper use of the IT assets to which they have
been assigned.
• IT assets policy The authorized persons in the EMC may monitor equipment, systems and
network traffic at any time, for safety and network maintenance purposes by means of the
InfoSec Audit Policies.
• All IT assets must be housed in locations with security access restrictions, environmental
conditions, and layout that adhere to the security classification and technical specifications of
the assets in question.
GK Ashen
Unit05 Security
Assignment 01 44 | P a g e
Access controls for identification and authentication are critical in helping to protect
information systems and the data they contain. The purpose of this policy is to define the EMC's
access control and password management requirements, procedures, and protocols. 4.2 Scope
The scope of this policy includes all EMC employees, users, and contractors who use,
create, deploy, or support application and system software. Regardless of ownership, this
policy applies to all computer assets and software.
• Any system that handles sensitive data must be secured with a password-based access control
system.
• Each user must have a unique, private identity in order to access IT network services.
• Identities should be created and managed centrally. It is encouraged to use a single signon to
access multiple services.
• Individual users, not groups, should be able to be authenticated.
• Passwords should not be stored in plain text or in any form that is easily reversible.
• Should have some kind of role management so that one user can take over the role of another
without knowing the password.
5. Employee policy
5.1 Purpose
Employee policies are designed to help EMC tie together its mission, vision, values, and culture into
easily accessible documents that all employees can understand.
GK Ashen
Unit05 Security
Assignment 01 45 | P a g e
5.2 Scope
All the employee of the EMC
Handling the tools used to access the services provided by EMC can lead to numerous security
threats. Therefore, the tools used to access the services of EMC must do the following,
• encryption facility
• Password management software
• Security software such as anti-virus guards
If the above strategies are difficult to follow, you should contact the network administrator for
technical assistance.
6. Outsourcing Policy
6.1 Purpose
Outsourcing entails the use of a third-party service provider in any number of operational
functions to perform ongoing activities (including short-term agreements) that would
normally be performed by EMC personnel. This policy is intended to mitigate the risks
associated with outsourcing contracts.
GK Ashen
Unit05 Security
Assignment 01 46 | P a g e
6.2 Scope
This policy applies to all EMC management and staff involved in the procurement of outsourced
services.
• The service provider's ability to meet the EMC's performance service levels and comply with
its obligations.
• Multiple outsourcing agreements that expose EMC to potential risk with a single service
provider must be avoided.
• Background checks are required or recommended for outsourcing service providers, and they
must follow all component state laws, regulations, and statutes.
• When service providers act on systems with student Personally Identifiable Information, they
comply with appropriate disclosure and FERPA notifications, public transparency
requirements, and acknowledgements (PII).
• EMC policy, regulations, state laws, and laws require proper contractual agreements with the
service provider.
7.2 Scope
This policy applies to any employee who has access to the EMC network, or any system
account (or password support or any other type of required access) on any EMC website that
does not store. General EMC information.
GK Ashen
Unit05 Security
Assignment 01 47 | P a g e
7.3 Policy Definitions
• All system-level passwords must be changed every 90 days at the very least.
• All production system-level passwords must be included in the Information Security
• managed global password management database.
• At least once a year, all user-level passwords (email, web, desktop computer, etc.) must be
changed.
• Passwords for EMC should not be shared with anyone, including administrative assistants
or secretaries. All passwords must be treated as EMC data that is sensitive and confidential.
8. Email Policy
8.1 Purpose
The purpose of this policy is to outline the EMC's email system usage guidelines. This policy
will aid the Authority in lowering the risk of an email-related security incident, fostering good
internal and external business communications, and ensuring consistency.
8.2 Scope
The EMC's email system, including desktop and/or web-based email applications, server-side
applications, email relays, mobile devices, and associated hardware, is covered by this policy.
It includes every e-mail sent from the system as well as any e-mail received from outside
sources. Email accounts that can be accessed through the EMC network. This policy applies
to all employees.
And it applies to all uses of corporate IT resources, including, but not limited to, computers.
systems, email, the network, data on any of these systems, and corporate Internet connection
8.3 Policy Definitions
• Because email is an insecure method of communication, information that is considered
confidential or proprietary to the EMC should not be sent via email without proper encryption,
regardless of the recipient.
• EMC has a policy of not opening email attachments from unknown senders or when they are
unexpected.
• Users may have personal email accounts in addition to the EMC-provided account, which the
EMC recognizes.
GK Ashen
Unit05 Security
Assignment 01 48 | P a g e
• All business-related email must be sent through the corporate email system. It is forbidden for
users to send business email from an email account that is not provided by EMC.
• Email should be kept and backed up in accordance with any applicable policies, such as the
Data Classification Policy, Confidential Data Policy, Backup Policy, and Retention Policy,
among others. 9. Glossary
Term Definition
Access The process that allows users to access IT services, data, or other assets.
Management
Asset Any skill or resource. Anything that could aid in the delivery of a
service is included in a service provider's assets.
Outsourcing Using a third-party provider to manage IT services.
Policy Management expectations and intentions must be formalized. Policies
are used to guide decisions and to ensure the consistent and appropriate
development and implementation of processes, standards, roles,
activities, and IT infrastructure, among other things.
Table 5 Glossary
SPONSOR ACCEPTANCE
Approved by the Project Sponsor:
Introduction
A disaster recovery (DR) plan is a formal document created by a company that contains detailed
instructions on how to respond to unplanned events such as natural disasters, power outages,
cyberattacks, and other disruptive events. The plan includes strategies for mitigating disaster
effects so that a company can keep operating – or quickly resume key operations.
Disruptions can result in lost revenue, harmed brands, and dissatisfied customers. Furthermore,
the longer the recovery time, the greater the negative business impact. As a result, regardless of
the cause of the disruption, a good disaster recovery plan should enable rapid recovery.
GK Ashen
Unit05 Security
Assignment 01 49 | P a g e
Main component of disaster recovery plan.
1. Communication plan and role assignments.
2. Plan for your equipment.
3. Data continuity system.
4. Backup check.
5. Detailed asset inventory.
6. Vendor communication and service restoration plan.
GK Ashen
Unit05 Security
Assignment 01 50 | P a g e
should document our needs so that we can make backup and business continuity plans and
have a complete understanding of the needs and logistics surrounding those plans.
4. Backup check.
Check that EMC backup is running, and include a full local backup of all servers and data in
our disaster recovery plan. Run them as early as possible, and make sure they're backed up to
a location that won't be harmed by the disaster. It's also a good idea to keep that backup on an
external hard drive that you can take with you offsite in case something goes wrong.
GK Ashen
Unit05 Security
Assignment 01 51 | P a g e
E M C C Y B E R
Disaster
GK Ashen
Unit05 Security
Assignment 01 52 | P a g e
Recovery Plan.
Unit 05
Security Assignment.
EMC Cyber,
Colombo,
Sri Lanka.
Revision History
GK Ashen
Unit05 Security
Assignment 01 53 | P a g e
Objectives
In the event of a disaster, this document explains the process and disaster recovery procedures in
place at EMC Cyber. A disaster can be a natural disaster or any other failure that causes
downtime in the Production Environment.
In the event of a disaster, the goal of this document is to ensure minimal downtime, data integrity, and
availability.
This document outlines the processes and procedures that will assist us in overcoming the disaster
with minimal disruption to our organization's operations.
GK Ashen
Unit05 Security
Assignment 01 54 | P a g e
Network
Oracle Platforms
File & Print servers
Client Technologies &
Desktop support
Backup and Recovery
Table 8 Disaster Recovery Team Members
GK Ashen
Unit05 Security
Assignment 01 55 | P a g e
Email
Workstation Supplier 01 Work
Mobile
Email
Office /supplies Work
Mobile
Email
Insurance Work
Mobile
Email
Table 9 External/ Vendor Contact list
GK Ashen
Unit05 Security
Assignment 01 56 | P a g e
DR Incident Management Flow
GK Ashen
Unit05 Security
Assignment 01 57 | P a g e
Disaster Recovery Infrastructure Diagram
GK Ashen
Unit05 Security
Assignment 01 58 | P a g e
Disaster Assessment
Fire 3 4
Tornado 5
Electrical storms 5
Act of terrorism 5
Act of sabotage 5
Redundant UPS system with auto standby
generator that is tested weekly and
Electrical power
3 4 remotely monitored 24 hours a day, 7 days
Failure
a week. UPSs are also monitored
remotely.
1. The incident occurred and was deleted as a result of the monitoring procedures in place.
GK Ashen
Unit05 Security
Assignment 01 59 | P a g e
2. Sort the incident into categories.
3. The Incident Report Template was opened and the incident details and progress were updated.
4. The key person has been informed.
5. To avoid panic, regular updates about the situation are sent to affected people every 30 minutes.
6. In the event of a primary location disaster:
• People must be guided to a safe location by the facilities team;
• Application users must be notified of any outages;
• Secondary key contacts must be notified;
• Emergency services must be contacted; and • User and acceptance tests must be
performed.
• Recover any lost or corrupted data.
• Fail back of failed applications is carried out.
7. In the event of a hardware or application failure, the respective owners are notified.
8. Disaster recovery procedures are implemented.
9. Once the problem with the primary hardware or application has been resolved, fail back is
performed.
10. User and acceptance tests are carried out
11. The application's performance is monitored 24 hours a day, seven days a week.
12. Affected individuals are informed of the resolution and next steps.
13. The incident has been resolved
14. Any recommendations made by the group, along with the incident report, are forwarded to upper
management in order to streamline the process even further.
GK Ashen
Unit05 Security
Assignment 01 60 | P a g e
Develop and Submit a disaster recovery plan for EMC Cyber
GK Ashen
Unit05 Security
Assignment 01 61 | P a g e
Figure 8 Contents slide 2
GK Ashen
Unit05 Security
Assignment 01 62 | P a g e
Figure 9 introduction slide 3
GK Ashen
Unit05 Security
Assignment 01 63 | P a g e
Figure 10 What is the DRP slide 4
GK Ashen
Unit05 Security
Assignment 01 64 | P a g e
Figure 11Natural and Man-made disaster slide 5
GK Ashen
Unit05 Security
Assignment 01 65 | P a g e
Figure 12 Change to disaster slide 6
GK Ashen
Unit05 Security
Assignment 01 66 | P a g e
Figure 13 Disaster on EMC cyber slide 7
GK Ashen
Unit05 Security
Assignment 01 67 | P a g e
Figure 14 DRP of EMC Cyber slide 8
GK Ashen
Unit05 Security
Assignment 01 68 | P a g e
Figure 15 EMC DRP slide 9
GK Ashen
Unit05 Security
Assignment 01 69 | P a g e
Figure 16 EMC DRP slide 10
GK Ashen
Unit05 Security
Assignment 01 70 | P a g e
Figure 17 EMC DRP slide 11
GK Ashen
Unit05 Security
Assignment 01 71 | P a g e
Figure 18 Main component slide 12
GK Ashen
Unit05 Security
Assignment 01 72 | P a g e
Figure 21Figure 21Explain components slid e14
GK Ashen
Unit05 Security
Assignment 01 73 | P a g e
Figure 22 Reference slide 16
GK Ashen
Unit05 Security
Assignment 01 74 | P a g e
Figure 24 Thanks slide 18
GK Ashen
Unit05 Security
Assignment 01 75 | P a g e
Discuss the Disaster Recovery Plan you have recommended as part of the Security Audit and
the crucial role of the organization's stakeholders in the successful implementation of the
Defense Policy.
Shareholders are groups of people who are interested in the development and development of an
organization or company. These partners can be divided into two parts:
Owners • Monitoring the external communication of EMC Cyber and also involve in
management reviews and implementing strategies on data security.
GK Ashen
Unit05 Security
Assignment 01 76 | P a g e
Employees • Employees invest a significant amount of money and time in the company,
and they play an important role in the company's strategy, tactics, and
operations.
Shareholders
• Shareholders make a monetary investment in the business.
• Supporting the company decision making process
External Stakeholders
External
Role
stakeholders
Customers • Recognizing and optimizing operations to best meet the needs of an
organization's core customer base.
•
Significant part of managing a business. Maintaining a strong
community requires interaction with customers via social media,
emails, storefronts, user testing groups, and service and product
delivery.
Unions • Point out staff-related issues and communicate with the management of
the organization
•
Provide high quality resources or services to EMC Cyber at
reasonable cost in accordance with the security measures adopted by
the organization.
Government • Governments levy taxes on businesses and thus have a vested interest
in their success.
GK Ashen
Unit05 Security
Assignment 01 77 | P a g e
• Given the profit motive involved, governments can be considered
primary stakeholders.
•
In addition, the government provides regulatory oversight, ensuring
that business representatives adhere to accounting procedures,
ethical practices, and legal concerns with care.
Others • Other parties, such as the press and the media, help communicate
between the organization and its partners.
Table 12 External Stakeholders
• Demand that the auditor's report accurately reflects your company's risks
The stakeholder expectations are that auditors should play an effective role in reducing, if not
eliminating, corruption. the auditors, whose professing makes them concentrate on documentary
or physical evidence, often find it hard to gather such evidence.
From the tables above, we can clearly see how partners and their different roles affect the
performance of EMC Cyber. This is why these are very useful for implementing audit
recommendation for EMC Cyber. Finally, I outline the general achievements of those concerned
and their roles.
• These roles can lead to effective decision-making, which ensures effective utilization of
investments, resources, physical, human and time
• Employees help build trust among employees.
• Making policies to improve company security options
• Policies can be implemented to ensure the safety and betterment of the organization, its staff
and clients
GK Ashen
Unit05 Security
Assignment 01 78 | P a g e
• Assist in identifying the best options in risk management for the organization.
Conclusion
As I'm following a BTEC course, I analyzed various types of threats that could affect the
performance of EMC Cyber. And the report above, I have several security procedures to prevent
them. In addition, I presented solutions with examples of all the company's system and network
vulnerabilities. With the new security procedures, I have introduced for EMC Cyber, the
company can achieve many benefits, and with the company's disaster recovery plan, it can easily
prevent the disasters they face. So, based on my knowledge and experience, I think I have
created a successful report for EMC Cyber highlighting various factors related to security. I will
identify how the erroneous / incorrect configurations that affect firewalls and VPN solutions
affect EMC Cyber and its clients, and how DMS, static IP and NAT can benefit EMC Cyber and
its clients by facilitating a trusted network. The two activities highlight the advantages of
activating network monitoring systems. Activity four is focused on security policy, disaster
management, presentation and the roles that various stakeholders play in EMC Cyber to
implement the organization's security audit recommendations.
GK Ashen
Unit05 Security
Assignment 01 79 | P a g e
Gantt Chart
GK Ashen
Unit05 Security
Assignment 01 80 | P a g e
Reference
CISCO (2014). Network Address Translation (NAT) FAQ. [online] Cisco. Available at:
https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/26704-nat-
faq00.html. [Accessed 17 Jun. 2021].
SearchNetworking. (2019). What is VPN (virtual private network)? - Definition from WhatIs.com.
[online] Available at: https://searchnetworking.techtarget.com/definition/virtualprivate-network.
[Accessed 19 Jun. 2021].
Blog. (2020). DHCP vs Static IP: What’s the Difference? [online] Available at:
https://community.fs.com/blog/dhcp-vs-static-ip-differences.html. [Accessed 25 Jun. 2021].
www.google.com. (n.d.). how NAT%2C Static Ip%2C DMZ will contribute to form a trusted network
- Google Search. [online] Available at:
https://www.google.com/search?q=how+NAT%2C+Static+Ip%2C+DMZ+will+contribute+to+f
orm+a+trusted+network&oq=how+NAT%2C+Static+Ip%2C+DMZ+will+contribute+to+form+
a+trusted+network&aqs=chrome..69i57j69i60.891j0j4&sourceid=chrome&ie=UTF-8 [Accessed
29 Jun. 2021].
Daniels, D. (2019). 14 Network Security Tools and Techniques to Know. [online] Gigamon Blog.
Available at: https://blog.gigamon.com/2019/06/13/what-is-network-security-14-tools-
andtechniques-to-know/.[Accessed 07 July. 2021].
Shinder, D. (2018). 10 physical security measures every organization should take. [online]
TechRepublic. Available at: https://www.techrepublic.com/blog/10-things/10-physical-
securitymeasures-every-organization-should-take/.[Accessed 07 July. 2021].
GK Ashen
Unit05 Security
Assignment 01 81 | P a g e
Techopedia.com. (n.d.). What is Virtualization Security? - Definition from Techopedia. [online]
Available at: https://www.techopedia.com/definition/30243/virtualization-security [Accessed 6
Jul. 2021].
Entech (n.d.). 7 Key Elements of a Business Disaster Recovery Plan. [online] www.entechus.com.
Available at: https://www.entechus.com/blogs/7-key-elements-of-abusiness-disaster-recovery-
plan. [Accessed 21.Jul. 2021].
BCS, 2007. Data Protection Act 1998 overview | BCS - The Chartered Institute for IT. [online]
Available at: <https://www.bcs.org/content-hub/data-protection-act-1998-overview/> [Accessed
22Jul. 2021].
GK Ashen
Unit05 Security
Assignment 01 82 | P a g e
Grading Rubric
Grading Criteria Achieved Feedback
GK Ashen
Unit05 Security
Assignment 01 83 | P a g e
P5 Discuss risk assessment procedures.
Assignment 01 84 | P a g e
GK Ashen
Unit05 Security
Assignment 01 85 | P a g e
GK Ashen
Unit05 Security
Assignment 01 86 | P a g e