Male Assignment Example

Higher Nationals
Internal verification of assessment decisions – BTEC (RQF)

INTERNAL VERIFICATION – ASSESSMENT DECISIONS
Programme title BTEC Higher National Diploma in Computing
Piyumi Fernando
Assessor Internal Verifier
Unit 05: Security
Unit(s)
EMC Cyber
Assignment title
G.K. Ashen Imal
Student’s name
List which assessment criteria Pass Merit Distinction
the Assessor has awarded.
INTERNAL VERIFIER CHECKLIST

Do the assessment criteria awarded match
those shown in the assignment brief?
Y/N
Is the Pass/Merit/Distinction grade awarded
justified by the assessor’s comments on the
Y/N
student work?
Has the work been assessed accurately?
Y/N
Is the feedback to the student:

Give details:
• Constructive? Y/N
• Linked to relevant assessment criteria?
Y/N
• Identifying opportunities for improved
performance? Y/N
• Agreeing actions?
Y/N
Does the assessment decision need
amending? Y/N
Assessor signature Date
Internal Verifier signature Date

Programme Leader signature (if required)
Date
GK
Ashen Unit05
Security
Assignment 01 1|Page
Confirm action completed

Remedial action taken Give
details:
Assessor signature Date
Internal Verifier signature

Date
Programme Leader signature (if required)
Date
GK Ashen Unit05
Security
Higher Nationals - Summative Assignment Feedback Form

Student Name/ID G.K Ashen Imal – COL/A-067880
Unit Title Unit 05: Security
Assignment Number 1 Assessor Piyumi Fernando

08.08.2021 Date Received
Submission Date 1st submission
Date Received 2nd
Re-submission Date submission
Assessor Feedback:
LO1. Assess risks to IT security

Pass, Merit & Distinction
P1 P2 M1 D1
Descripts
LO2. Describe IT security s olutions.

P3 P4 M2 D1
Descripts
LO3. Review mechanisms to control organis ational IT security.

P5 P6 M3 M4
Descripts
D2
LO4. Manage organisation
al security.
Descripts P7 P8 M5 D3
Grade: Assessor Signature: Date:

Resubmission Feedback:
Grade: Assessor Signature: Date:

Internal Verifier’s Comments:
Signature & Date:

* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and grades
decisions have been agreed at the assessment board
Pearson
Higher Nationals in
Computing
GK Ashen
Unit05 Security
Unit 5 : Security
GK Ashen
Unit05 Security
Assignment 01 4 | P a g e General Guidelines
1. A Cover page or title page – You should always attach a title page to your assignment. Use
previous page as your cover sheet and make sure all the details are accurately filled.
2. Attach this brief as the first section of your assignment.
3. All the assignments should be prepared using a word processing software.
4. All the assignments should be printed on A4 sized papers. Use single side printing.
5. Allow 1” for top, bottom , right margins and 1.25” for the left margin of each page.
Word Processing Rules
1. The font size should be 12 point, and should be in the style of Time New Roman.
2. Use 1.5 line spacing. Left justify all paragraphs.
3. Ensure that all the headings are consistent in terms of the font size and font style.
4. Use footer function in the word processor to insert Your Name, Subject, Assignment No, and
Page Number on each page. This is useful if individual sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to help editing your
assignment.
Important Points:
1. It is strictly prohibited to use textboxes to add texts in the assignments, except for the
compulsory information. eg: Figures, tables of comparison etc. Adding text boxes in the body
except for the before mentioned compulsory information will result in rejection of your work.
2. Carefully check the hand in date and the instructions given in the assignment. Late submissions
will not be accepted.
3. Ensure that you give yourself enough time to complete the assignment by the due date.
4. Excuses of any nature will not be accepted for failure to hand in the work on time.
5. You must take responsibility for managing your own time effectively.
6. If you are unable to hand in your assignment on time and have valid reasons such as illness, you
may apply (in writing) for an extension.
7. Failure to achieve at least PASS criteria will result in a REFERRAL grade .
8. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will then
be asked to complete an alternative assignment.
9. If you use other people’s work or ideas in your assignment, reference them properly using
HARVARD referencing system to avoid plagiarism. You have to provide both in-text citation and a
reference list.
10. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be
reduced to A REFERRAL or at worst you could be expelled from the course
Student Declaration
I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as
my own without attributing the sources in the correct way. I further understand what it means to copy
another’s work.
1. I know that plagiarism is a punishable offence because it constitutes theft.

2. I understand the plagiarism and copying policy of the Edexcel UK.
3. I know what the consequences will be if I plagiarize or copy another’s work in any of the
assignments for this programme. .
4. I declare therefore that all work presented by me for every aspects of my programme, will be of
my own, and where I have made use of another’s work, I will attribute the source in the correct
way.
GK Ashen
Unit05 Security
5. I acknowledge that the
attachment of this document, signed or not, constitutes a binding agreement between myself
and Pearson UK.
6. I understand that my assignment will not be considered as submitted if this document is not
attached to the main submission.
08. 08. 2021 Date:

(Provide Submission Date)
Student’s Signature:
(Provide E-mail ID)
gk.ashen99@gmail.com
GK Ashen Unit05
Security
Assignment Brief
Student Name /ID Number G.K Ashen Imal – COL/A-067880
Unit Number and Title Unit 5- Security
Academic Year 2020/2021
Unit Tutor Piyumi Fernando

Assignment Title EMC Cyber
Issue Date 04.07.2021

Submission Date 08.08.2021
IV Name & Date
Submission Format:
The submission should be in the form of an individual written report written in a concise, formal business style
using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as
appropriate, and all work must be supported with research and referenced using Harvard referencing system.
Please provide in- text citation and an end list of references using Harvard referencing system.
Section 4.2 of the assignment required to do a 15 minutes presentation to illustrate the answers.
Unit Learning Outcomes:
LO1 Assess risks to IT security.
LO2 Describe IT security solutions.
LO3 Review mechanisms to control organisational IT security.
LO4 Manage organisational security.
GK Ashen
Unit05 Security
Assignment Brief and Guidance:
Scenario
‘EMC Cyber’ is a reputed cyber security company based in Colombo Sri Lanka that is delivering
security products and services across the entire information technology infrastructure. The company
has a number of clients both in Sri Lanka and abroad, which includes some of the top-level companies
of the world serving in multitude of industries. The company develops cyber security software
including firewalls, anti-virus, intrusion detection and protection, and endpoint security. EMC Cyber is
tasked with protecting companies’ networks, clouds, web applications and emails. They also offer
advanced threat protection, secure unified access, and endpoint security. Further they also play the
role of consulting clients on security threats and how to solve them. Additionally the company follows
different risk management standards depending on the company, with the ISO 31000 being the most
prominent.
One of the clients of EMC Cyber, Lockhead Aerospace manufacturing which is a reputed aircraft
manufacturer based in the US, has tasked the company to investigate the security implications of
developing IOT based automation applications in their manufacturing process. The client has
requested EMC to further audit security risks of implementing web based IOT applications in their
manufacturing process and to propose solutions. Further, Lockhead uses ISO standards and has
instructed EMC to use the ISO risk management standards when proposing the solution.
The director of the company understands such a system would be the target for cyber-attacks. As you
are following a BTEC course which includes a unit in security, the director has asked you to investigate
and report on potential cyber security threats to their web site, applications and infrastructure. After
the investigation you need to plan a solution and how to implement it according standard software
engineering principles.
GK Ashen
Unit05 Security
Activity 01
Assuming the role of External Security Analyst, you need to compile a report focusing on following
elements to the board of EMC Cyber’;
1.1 Identify the CIA Triad concept and evaluate why and how the CIA Triad could be utilize to EMC
Cyber in order to improve the organization’s security.
1.2 Identify types of security risks EMC Cyber is subject to its present setup and the impact that they
would make on the business itself. Evaluate at least three physical and virtual security risks identified
and suggest the security measures that can be implemented in order to improve the organization’s
security.
1.3 Develop and describe security procedures for EMC Cyber to minimize the impact of issues
discussed in section (1.1) by assessing and rectifying the risks.
Activity 02
2.1 Identify how EMC Cyber and its clients will be impacted by improper/ incorrect configurations that
are applicable to firewalls and VPN solutions. IT security can include a network monitoring system.
Discuss how EMC cyber can benefit by implementing a network monitoring system with supporting
reasons.
2.2 Explain how the following technologies would benefit EMC Cyber and its Clients by facilitating a
‘trusted network’. (Support your answer with suitable examples). i) DMZ
ii) Static IP iii)NAT
2.3 Identify and evaluate the tools that can be utilized by EMC cyber to improve the network and
security performance without compromising each other. Evaluate at least three virtual and physical
security measures that can be implemented by EMC to uphold the integrity of organization’s IT policy.
GK Ashen
Unit05 Security
Activity 03
3.1 Discuss suitable risk assessment integrated enterprise risk management procedures for EMC
Cyber solutions and the impact an IT security audit will have on safeguarding organization and its
clients. Furthermore, your discussion should include how IT security can be aligned with an
organizational IT policy and how misalignment of such a policy can impact on organization’s security.
(This can include one or more of the following: network change management, audit control, business
continuance/disaster recovery plans, potential loss of data/business, intellectual property, Data
Protection Act; Computer Misuse Act; ISO 31000 standards.)
3.2 Explain the mandatory data protection laws and procedures which will be applied to data storage
solutions provided by EMC Cyber. You should also summarize ISO 31000 risk management
methodology.
Activity 04
4.1 Design an organizational security policy for EMC Cyber to minimize exploitations and misuses
while evaluating the suitability of the tools used in an organizational policy.
4.2 Develop and present a disaster recovery plan for EMC Cyber according to the ISO/IEC 17799:2005
or similar standard which should include the main components of an organizational disaster recovery
plan with justifications. Discuss how critical the roles of the stakeholders in the organization to
successfully implement the security policy and the disaster recovery plan you recommended as a part
of the security audit.
(Students should produce a 15 minutes PowerPoint presentation which illustrates the answer for
this section including justifications and reason for decisions and options used).
Acknowledgment
GK Ashen
Unit05 Security
Assignment 01 10 | P a g e
I take this opportunity to thank who support me this assignment success. specially Miss. Piyumi
Fernando and other some kind of supported lectures and also my friends. so, I Acknowledge this
assignment my lecture Miss. Piyumi Fernando
G.K Ashen Imal (batch 97/A)
GK Ashen
Unit05 Security
Security
Unit 5
- G.K. Ashen Imal

- HND in Computing
- COL/A-067880
- HND-COM-97
Contents
Figure ............................................................................................................................................ 15
Tables ............................................................................................................................................ 15
GK Ashen
Unit05 Security
Activity 01 .....................................................................................................................................
16
Identify the CIA Triad concept and evaluate why and how the CIA Triad could be utilizing to
EMC Cyber in order to improve the organization’s security. .................................................... 16
What is security in IT field ..................................................................................................... 16
Defining a CIA triangle .......................................................................................................... 16
Identify the types of security vulnerabilities that affect EMC Cyber's current structure and the
business they operate. .................................................................................................................
17
Type of security risk ............................................................................................................... 17
Assess at least three identified physical and virtual security risks and suggest actionable
security measures to improve the security of the organization. .................................................
18
Establish and describe security procedures for EMC cyber to minimize the impact of the issues
discussed in Section (1.2) on Risk Assessment and Correction. ................................................
20
Activity 02 .....................................................................................................................................
21
Identify how EMC Cyber and its clients are affected by inappropriate / incorrect configurations
applicable to firewalls and VPN solutions. IT security may include a network monitoring
system. Discuss the possible benefits of EMC cyber utilization by implementing a network
monitoring system with supportive reasons. ..............................................................................
21 Discuss the advantages of putting network monitoring systems in
place. ................................. 24
Explain how the following technologies facilitate a 'trusted network' for EMC Cyber and its
clients. (Support your answer with appropriate examples) ........................................................
25
Identify and evaluate EMC cyber tools that can be used to improve network and security
performance without harming each other. ..................................................................................
28
Assess at least three virtual and physical security measures that can be implemented by the
EMC to enhance the integrity of the organization's IT policy. .................................................. 30
Activity 03 .....................................................................................................................................
32
Appropriate Risk Assessment for EMC Cyber Solutions Discuss the impact of integrated
enterprise risk management practices and IT security auditing on the organization and its
clients' security. Further, your discussion should include how IT security can be aligned with a
corporate IT policy and how non-compliance with such policy affects the security of the
organization. ...............................................................................................................................
32
GK Ashen
Unit05 Security
Describe the mandatory data protection rules and procedures applicable to the data storage
solutions provided by EMC Cyber. You should also summarize the ISO 31000 risk
management system. ..................................................................................................................
37 Activity
04 ..................................................................................................................................... 39
Establish a corporate security policy for EMC Cyber to minimize exploitation and misuse when
assessing the suitability of tools used in corporate policy. ........................................................ 39
Prepare and submit a Disaster Recovery Plan for EMC Cyber in accordance with ISO / IEC
17799: 2005 or a similar standard, which should justifiably include the key elements of a
reasonable Disaster Recovery Plan. ...........................................................................................
50 Develop and Submit a disaster recovery plan for EMC
Cyber .................................................. 61
Discuss the Disaster Recovery Plan you have recommended as part of the Security Audit and
the crucial role of the organization's stakeholders in the successful implementation of the
Defense Policy. ...........................................................................................................................
76 Conclusion ....................................................................................................................................
79 Gantt Chart...................................................................................................................................
80
Reference ...................................................................................................................................... 81
Figure
Figure 1 CIA Triad......................................................................................................................... 16

Figure 2 DMZ (Demilitarized Zone Networking) .........................................................................
25 Figure 3 Network address translation (NAT) ................................................................................
27 Figure 4 ISO 31000 Risk Management
Process ............................................................................ 37 Figure 5 DR Incident Management
Flow ...................................................................................... 57 Figure 6 Disaster Recovery
Infrastructure Diagram ...................................................................... 58 Figure 7 Recovery Plan
for EMC Cyber. Slide 1 .......................................................................... 61 Figure 8 Contents slide
2 ............................................................................................................... 62 Figure 9 introduction
slide 3 .......................................................................................................... 63 Figure 10 What is
the DRP slide 4 ................................................................................................. 64 Figure 11Natural
and Man-made disaster slide 5 .......................................................................... 65 Figure 12
Change to disaster slide 6 .............................................................................................. 66 Figure
13 Disaster on EMC cyber slide 7 ...................................................................................... 67
Figure 14 DRP of EMC Cyber slide 8 ...........................................................................................
68 Figure 15 EMC DRP slide
9 .......................................................................................................... 69 Figure 16 EMC DRP
slide 10 ........................................................................................................ 70
Figure 17 EMC DRP slide 11 ........................................................................................................ 71
Figure 18 Main component slide 12 ..............................................................................................
GK Ashen
Unit05 Security
72 Figure 19 Explain components slide
13 ......................................................................................... 72
Figure 20 Explain components slide 15 .........................................................................................
73 Figure 21Figure 21Explain components
slide14 ........................................................................... 73
Figure 22 Reference slide 16 ......................................................................................................... 74
Figure 23 Question slide 17 ...........................................................................................................
74 Figure 24 Thanks slide
18 .............................................................................................................. 75 Figure 25 Internal and
external Stakeholders ................................................................................ 76
Figure 26 Gantt chart .....................................................................................................................
80
Tables
Table 1 inproper/incorrect configuration of firewalls and VPNs ................................................. 23

Table 2 Static IP & DHCP compare ............................................................................................. 26
Table 3 Risk assessment procedure .............................................................................................. 34
Table 4 Responsibilities ................................................................................................................ 42
Table 5 Glossary ........................................................................................................................... 49
Table 6 Revision History .............................................................................................................. 54
Table 7 Disaster Recovery Executive Management Team ........................................................... 55
Table 8 Disaster Recovery Team Members .................................................................................. 55
Table 9 External/ Vendor Contact list .......................................................................................... 56
Table 10 Disaster Assessment ...................................................................................................... 59
Table 11 Internal Stakeholders ..................................................................................................... 77
Table 12 External Stakeholders .................................................................................................... 78
Activity 01
Identify the CIA Triad concept and evaluate why and how the CIA Triad could be utilizing
to EMC Cyber in order to improve the organization’s security.
What is security in IT field
IT security is a series of cybersecurity strategies that avoid
unauthorized entry into organization, including computers,
networks and data. Maintains sensitive information's integrity
and confidentiality and blocks access for sophisticated hackers.
Defining a CIA triangle

The CIA triad is a widely used model for security of information
that guides the efforts and policies of an organization to keep its
data safe. The model has nothing to do with the American
GK Ashen Figure 1 CIA Triad

Unit05 Security
Central Intelligence Agency; rather, the initials are based on the three
guiding principles of information security:
• Privacy: Access or modification of data should only be allowed by authorized users and
processes
•Integrity: No one should be able to improperly edit data either unintentionally or maliciously, as
long as it is retained in its original state.
• Accessibility: Access to data should be possible for authorized users whenever required.
Confidentiality of CIA
The protection of sensitive, private information against unauthorized access by people in today's
world is critical. Privacy must be protected if certain access levels for information can be defined
and enforced. In some situations, it involves the division of data into different collections
organized by who needs access to information and how sensitive that information is, i.e. the
amount of damage that has been sustained by violation of confidentiality.
Some of the most common confidentiality management solutions include access controller lists,
encryption of file and volume and permissions for Unix files.
Integrity of the CIA
It is a critical component of the CIA Triad designed to safeguard information from any
unauthorized party against deletion or modifications, and it ensures that the damages can be
reversed if an authorized person changes which should not have been done.
Availability of the CIA
This is the final part of the CIA Triad and refers to your actual data availability. For information
to be protected and accessible when needed, authentication mechanisms, access channels, and
systems must all function properly.
Computing resources with architectures designed specifically to improve availability are high
availability systems. Based on the specific HA system concept, which can target hardware
failures, upgrades or power outages, or manage multiple network connections in the event of
multiple network crashes. This can help improve availability.
GK Ashen
Unit05 Security
These are things mainly talking about CIA. So these things can apply EMC Cyber company to
improve the organization’s security.
Identify the types of security vulnerabilities that affect EMC Cyber's current structure and
the business they operate.
Type of security risk
Vulnerability
Vulnerability is a cybersecurity term that refers to a bug or vulnerability in a system that could be
attacked. Vulnerabilities can be security procedures, system design, system implementation, internal
control, and so on.
Types of vulnerabilities:
1. Media vulnerabilities
2. Physical vulnerabilities
3. Hardware vulnerabilities
4. Software vulnerabilities
5. Natural vulnerabilities
6. Human vulnerabilities
7. Communication vulnerabilities
Threat
Anyone capable of maliciously exploiting a computer system or using a vulnerability is considered a
threat. Damages occur in the form of data or system damage, data disclosure, data modification or
service denial. Attacks against computer systems, networks, etc., can cause threats Risk
Risk can be defined as the likelihood that a particular threat will exploit a particular vulnerability.
Risk is the function of threats that take advantage of the risk of property acquisition, damage or
destruction. Thus, threats (real, ideological or intrinsic) may exist, but there is no risk if there is no
damage. Likewise, you have a risk, but if you are not a threat, you are not at risk.
This formula can understand about connection between asset, threat, vulnerabilities and risk.
Risk = Asset + Threat + Vulnerability
Assess at least three identified physical and virtual security risks and suggest actionable
security measures to improve the security of the organization.
As a cyber service provider, there are some security risks that EMC Cyber faces in its current
setup, which discusses the impact of business risks.
1. Unauthorized access of the system
GK Ashen
Unit05 Security
2. Unauthorized modification of data or code from the system 3. Damage to
destruction of physical system assets and environments
4. Data or code inside or outside the system is damaged or destroyed.
5. Naturally happening risks
Unauthorized access of the system
EMC Cyber has implemented a login and access control system to specify who has access and
how much control they have. At some point, access control systems can be compromised due to
damage to the design, forgetting to log out, stealing essays or user credentials. These factors may
cause any unauthorized users to gain access to the ssystem, which could danger privacy and the
security of stored data. Many users store sensitive information and mutual asset, which can have
disastrous consequences.
.
Unauthorized modification of data or code from the system
There may be competitors, developers or internal personal threats that attempt to remove or copy
the data or code without authorization of EMC Cyber. Data and code may be subject to damage,
disclosure, modification and a number of regulatory actions, compromising the privacy and
security of such intruders.
Damage to destruction of physical system assets and environments

Damaged or corrupted hardware components, electrical shorts, and other unintentional or
intentional causes may cause the system to exit.
Data or code inside or outside the system is damaged or destroyed

The intruders may try to hack the network and access the data, expose, delete or modify the data.
The integrity of the data can lead to corruption.
Naturally happening risks

Financial loses and damages can be caused due to earthquakes, lightning strikes, and many other
natural conditions. It is possible to minimize the financial losses and the damage to the resources
despite the fact that these threats cannot be prevented or eliminated completely.
GK Ashen
Unit05 Security
If above things happening below lost are coming forward,
• Financial loses to the company

• Reduce the profitability
• Damaging the trust about service
• Customers seeking for alternative service providers
• Intellectual property and sensitive data are lost.
• Disappearing resources
• Resource, workspace, and network damages
• Involve EMC management in legal cases with agreement signed customers
Establish and describe security procedures for EMC cyber to minimize the impact of the
issues discussed in Section (1.2) on Risk Assessment and Correction.
As a solution for above bad experience EMC Cyber company can increase their security features.
Security features for computing has lot of methods for to increase security features. Following are
few of them,
1. Top-of-the-Line Perimeter Firewall
Most firewalls are simple - they usually check the source and destination of a packet, that's all.
More advanced firewalls introduce persistent packet checking, which checks the integrity of file
packets for persistent issues before a packet can accept or reject it. So, EMC Cyber can use this
system to protect data and information. Specially, it mainly can prevent unauthorized connections
and malicious software from entering your network in EMC Cyber.
2. Intrusion Detection Systems with Event Logging
Businesses need to meet various IT security compliance standards for a variety of ways to track
and record infiltration efforts. Therefore, the use of IDS event logging solutions is a must for any
business that wishes to meet compliance standards. Some cyber providers provide IDS
monitoring, and all of their users are required to update their security rules in order to manage
threat signals and malicious IP addresses discovered by their firewalls. EMC Cyber service can
use this system to manage system event logging. As well as, intrusion detection systems are used
to detect anomalies with the aim of catching hackers before they do real damage to an EMC
network.
GK Ashen
Unit05 Security
3. Individual applications and databases have their own internal firewalls.
Although having a powerful perimeter firewall can prevent external attacks, internal attacks are
still a major threat. Basic security without internal firewalls to control access to sensitive data and
applications cannot be considered secure. EMC cyber can prevent external attack by using this.
Specially, it prevents to damage to destruction of data or code inside or outside the system.
4. Data-at-Rest Encryption
It is important to encrypt the data stored in your cloud infrastructure in order to prevent
unauthorized access to your most sensitive data. Strong encryption can reduce the risk of using
stolen data against your company, users or clients, so you have the opportunity to alert them so
they can take steps to protect their identities. Encryption is the best for data securing to EMC
cyber company. Its helps to protect the system from unauthorized access
5. Data Centers with Strong Physical Security
The physical hardware used to run a cyber environment represents one last opportunity for
hackers and industrial spies to steal your most important data. Hackers have free reign to steal
data or upload malware directly to your systems when they have direct access to the hardware
that runs the cyber. Data center avoid this problem. EMC can use for physical security. Its, help to
protect the system from Unauthorized modification of data or code from the system in EMC
Cyber and as well as to protect naturally happening risks.
Activity 02
Identify how EMC Cyber and its clients are affected by inappropriate / incorrect
configurations applicable to firewalls and VPN solutions. IT security may include a network
monitoring system. Discuss the possible benefits of EMC cyber utilization by implementing
a
network monitoring system with supportive reasons.
Firewall
A firewall is a network security device that monitors inbound and outbound network traffic and decides
whether certain types of specific traffic should be allowed or prohibited based on a set of security rules.
According to Cisco systems, there are a few different types of firewalls.
• Proxy firewall
GK Ashen
Unit05 Security
• Stateful inspection firewall
• Unified threat management firewall
• Next-generation firewall
VPN
The programming of a secure and encrypted connection over an unsecured network, such as the public
Internet, is known as a virtual private network (VPN). A VPN works with a shared public
infrastructure, while protecting privacy through security procedures and tunneling protocols. Actually,
protocols encrypt data at the sending end, decrypt data at the receiving end, and send data through a
"tunnel" that properly encrypted data cannot "access.". Not only is there an additional level of security
data, but also involves creating and receiving network addresses.
We can identify VPN types such as
• Remote access VPN
• Site-to-site VPN
• Mobile VPN
• Hardware VPN
• Dynamic multipoint VPN

Improper/incorrect configuration of Improper/ incorrect configuration of VPN
firewalls
Lack of Firewall Rules Unable to Establish Connection
Ignoring configuring the initial firewall rules is The VPN client cannot reach the server. There are
the most common firewall configuration that several possible causes for this, including a VPN
endangers systems. When the firewalls are set server not properly connected to the network, a
up initially, the status of a link to any network that has been suspended, and a server or
destination remains, which means that traffic network that has become overloaded. If the VPN
from any destination can arrive. This open client's configuration settings are incorrect, an error
traffic renders a firewall unusable. When setting occurs.
up new firewalls, security teams often open
firewall access when determining the needs of
the system and users.
GK Ashen
Unit05 Security
Not Updating Rules Consistently Couldn't establish a connection with the remote
This does not mean that once the rules are computer
defined and set, your firewall does not need to Preventing the VPN client from making a working
be regularly monitored and updated. As your connection even though the server can be reached is
a firewall or port configuration issue
business network grows and shifts, so should
your firewall. Your IT team should review and
update your firewall for every new device and
user.
Manual Updates vs Automation The VPN Subsystem is unable to communicate.

Firewall configuration and updating are A Cisco VPN client reports this error when the local
simplified and more effective with automation. service is not running or the client is not connecting
If you don't want to manually configure your to a network. This problem is frequently resolved by
firewall or update settings and firewall rules, restarting the VPN service and/or troubleshooting
you can automate these processes. This creates the local network connection.
a consistent firewall and implementation
experience, and allows you to set specific
processes and guidelines to follow each time.
Issues with Security Logging The Remote Peer Is No Longer Responding

Security logs detail the incoming and going A Cisco VPN client reports this error when an active
outgoing web traffic on your network. One of VPN connection is disabled due to a network failure
the biggest mistakes you can make with your or when a firewall interrupts access to the required
firewall is to not check and review security files ports.
regularly. These logs can show you any
securityrelated issues and explain any changes
to your firewall settings.
GK Ashen
Unit05 Security
Inconsistent Authentication Requirements Because the domain's username and/or password
Authentication is another major firewall are invalid, access is denied.
configuration issue. If you have a network that
spans multiple sites, it is important to have When attempting to authenticate a Windows VPN,
consistent authentication standards across your the user may enter the wrong name or password. For
business. When authentication criteria do not computers that are part of a Windows domain, the
match, when one authentication is weaker than logon domain must be specified correctly.
the other, weak authentication is more
susceptible to attack.
Table 1 in proper/incorrect configuration of firewalls and VPNs
Configure a misconfigured firewall does not provide the expected security, which can open the
network to attacks from outsiders. Access to the network for unauthorized external network
traffic, Poor network communication, performance, and behavior may affect poor performance
and network performance. Clients may have difficulty accessing data from center data centers.
Because of the high risk of losing sensitive data and physical assets in the wrong hands, clients
are at risk, and legal fees are imposed on EMC Cyber.
Inappropriate configuration of VPN will not provide the expected network and connection. An
inefficient and unsafe service may affect a client's dissatisfaction with EMC cyber, so they may
decide to seek out alternative Cyber service providers that overdrawn EMC Cyber. Data hackers
can sabotage the central data system. Loses encryption can be losing data packets on a VPN
server that can lead to application unavailability.
Discuss the advantages of putting network monitoring systems in place.

Due to the benefits gained through the implementation of a network monitoring system, such as,
appliances configured and installed on the network require a 24/7 network monitoring system.
such as,
• Can stay ahead of outages
• Fix issues faster
• Gain immediate ROI (Return on Investment)
• Manage growing, changing networks
GK Ashen
Unit05 Security
• Identify security threats
• Justify equipment upgrades
• Report on SLAs (service level agreement)
Instead of waiting until things go bad, diagnose and resolve equipment issues in a short amount of
time. This helps save money, time and resources and maintains the trust of clients
By depicting real-time network performance data in an easy-to-read interface, it can help identify
causes of human error, configuration issues, etc., So, that EMC Cyber can stay ahead. Network
monitoring enables you to get to the bottom of problems using real-time network maps and
automatically resolve issues with the help of network automation tools. Identifying security
threats is a possibility in a network monitoring system. Network monitoring systems provide a
historical insight into how equipment overtime works. So, EMC Cyber can find the latest
equipment and keep the network up-to-date with the latest technology
Explain how the following technologies facilitate a 'trusted network' for EMC Cyber and its
clients. (Support your answer with appropriate examples)
i) DMZ
ii) Static IP iii)NAT
DMZ
A DMZ, also known as a perimeter network or a screened subnetwork in computer networks, is a
physical or logical subnet that divides the local area network (LAN) from other unreliable
networks, most often the Internet. External interview servers, resources, and services are located
in the DMZ. Therefore, they can be accessed from the Internet, but cannot reach the rest of the
internal LAN. This adds another layer of security to the LAN by limiting hackers' ability to
access internal servers and data over the Internet.
There are certain benefits of DMZ towards EMC Cyber and its clients as follows.
• The DMZ serves as an isolated network between the public and private networks. This
configuration contributes to the addition of an extra layer of protection to the private
network.
GK Ashen
Unit05 Security
• DMZ reduces the probability of hackers in direct access to the servers and data of EMC
Cyber via the internet.
• The DMZ safeguards sensitive organizational systems and resources.
Figure 2 DMZ (Demilitarized Zone Networking)
Static IP
A static IP address is an IP address that is manually configured for a device, not from the address
assigned by the DHCP server. Because it does not change, it is called static.
Dynamic Host Configuration Protocol (DHCP) is a system management protocol that allows the
users of network services such as DNS/NTP and any UDP/TCP communication protocols to
automate device configuration processes on IP networks.
Small compare of Static IP & DHCP

IP Address Advantages Disadvantage
DHCP No manual configuration is Since DHCP is a "hands-off" technology, there
required by DHCP to connect is a risk that someone will implant an
or access local devices. unauthorized DHCP server that will enable the
network to invade for unlawful purposes or lead
to a random network access without explicit
consent.
GK Ashen
Unit05 Security
Static IP Without the need for changes It is more costly than a dynamic IP address,
manually - for web servers since the ISP often charges extra costs for static
and e-mail servers - the IP addresses. Additional security and manual
address does not change with configuration are also required, adding
the time. complexity in the connection of large numbers
of devices.
Table 2 Static IP & DHCP compare
Static IP has many advantages over EMC Cyber and its clients. Such as,
• Speed and reliability

• Low cost and the simplicity in assigning and maintaining the network (not using DHCP
server)
• Suitable for dedicated servicers such as webservers, FTP and emails and configuring and
hosting servers
• Easily identifying
• Remote access is convenient and downtime of servers is reduced
• Small interruptions will not terminate the servicers; therefore, stability is great.
NAT
The purpose of Network Address Translation (NAT) is to safeguard IP addresses. This enables
private IP networks to connect to the Internet using unregistered IP addresses. Before packets are
transmitted to another network, NAT operates on a router and converts private addresses into (not
globally unique) global to lawful addresses in the private network.
NAT has many advantages over EMC Cyber and its clients. Such as,
• Since EMC Cyber uses a single IP to communicate with the external world, no one can
track the network. Limits the amount of IP addresses an organization needs.
• Hosts on a NAT network get extra security, because the administrator does not want to
reach out to external people
• Above explanations provide evidences on how DMZ, Static IP and NAT benefit EMC
Cyber and its clients by facilitating a ‘trusted network’.
GK Ashen
Unit05 Security
Figure 3 Network address translation (NAT)
A DMZ Static IP and NAT implementation in a network can improve a company's overall
network safety.
Deploying DMZ adds another corporate network security layer. The proper implementation of
DMZ ensures that the organization has an additional protection layer that allows it to identify and
reduce risks before reaching the internal network or behind the firewall, which is the location for
critical assets.
The DMZ in a network can improve the security of the network
On the home network, a DMZ can be built between the local area network and the router by
adding a dedicated firewall. This structure, while expensive, can help prevent advanced attacks
from protecting internal devices better from possible external attacks.
DMZ implementation Static IP and NAT can enhance network security in a network
It provides greater DNS support when the servers are mapped to a DNS server when using static
IP, as the main advantages in terms of network security are static IP addresses. Improves
geolocation since the physical location can be mapped to static IP.
Identify and evaluate EMC cyber tools that can be used to improve network and security performance
without harming each other.
GK Ashen
Unit05 Security
Tools and Techniques for Network Security
The EMC network is vulnerable to threats of all shapes and sizes. The biggest threat to most
businesses isn't random cybercriminals, but well-funded attackers. EMC network security strategy
must be capable of dealing with the various methods that these actors may employ.
Here are 6 network security tools and techniques to assist EMC in doing just that:
Access control
• If threat actors are unable to gain access to the EMC network, the amount of damage they
can cause will be severely limited.
• However, be aware that, in addition to preventing unauthorized access, even authorized
users can pose a threat.
• Accessibility control increases network security by restricting users' access and resources,
thereby restricting only those parts of the network that are directly related to their
functions.
Anti-malware software
• Viruses, Trojans, worms, key loggers, spyware, and other types of malware are designed
to spread through computer systems and infect networks.
• Anti-malware software is a type of network security software that detects and prevents the
spread of malicious programs.
• Anti-malware and antivirus software can also help with malware removal and network
damage reduction.
Application security
• Applications are a defensive vulnerability that can be exploited for many attackers.
• Application security aids in the establishment of security parameters for any applications
that may be important to the security of EMC network.
GK Ashen
Unit05 Security
Email security
• Email security focuses on addressing human-related security flaws. Email security can be
used to identify potentially dangerous emails, as well as to block attacks and prevent the
sharing of sensitive information.
Virtual private network (VPN)

• VPN tools are used to ensure that communication between secure networks and endpoint
devices is authenticated.
• For authentication, remote-access VPNs typically use IPsec or Secure Sockets Layer
(SSL), which creates an encrypted line that prevents eavesdropping by third parties.
Firewalls
• Firewalls work similarly to gates, securing the boundaries between your network and the
internet.
• Firewalls control network traffic by allowing authorized traffic to pass while blocking
nonauthorized traffic.
Assess at least three virtual and physical security measures that can be implemented by the
EMC to enhance the integrity of the organization's IT policy.
Physical security is the foundation for our overall strategy when it comes to IT security. However,
some businesses may be distracted by the more advanced features of software-based security
products and overlook the importance of ensuring that the network and its components are
physically secure. So we will see how match that EMC cyber.
1. Lock up the server room

Even before you lock down the servers, and even before you turn them on for the first time, you
should double-check that the server room door is securely locked.
GK Ashen
Unit05 Security
Of course, the best lock in the world won't do you any good if you don't use it, so you'll need
policies requiring that those doors be locked whenever the room is unoccupied, as well as who
has the key or key code to get in.
Someone with physical access to the servers, switches, routers, cables, and other devices in your
server room can do a lot of damage.
2. Set up a surveillance system

Even if the server room door is locked, someone could break in or someone with authorized
access could abuse their power. You'll need a way to keep track of who comes in and out, as well
as when they do so. We will be able to utilize a video surveillance camera, system incorporated
into the locking devices, so that a smart card, token, or biometric scan is necessary to access the
doors, and a record of the identity of each person who enters.
3. Protect the portables

Laptops and handheld computers are particularly vulnerable in terms of physical security. A thief
can easily steal the entire computer, including any data saved on the hard drive as well as any
saved network logon passwords. Employees who use laptops at their desks should either take
them with them when they leave or use a cable lock like the one offered by PC Guardian to
attach them to a permanent location.
In addition, these can be seen as examples
4. Make certain that the most vulnerable devices are kept in the closed room.
5. Use rack mount servers
6. Pack up the backups
7. Keep in mind that network security begins with physical security.
8. If an intruder is able to physically access your network and computers, no amount of
firewalls will keep them out. So lock as well
Virtualization security is a broad concept that encompasses a variety of approaches to assessing,
implementing, monitoring, and managing security in a virtualization infrastructure / environment.
Virtualization security typically entails procedures such as:
GK Ashen
Unit05 Security
• Security controls and procedures are implemented granularly at each virtual machine.
• Attacks and vulnerabilities surfaced from the underlying physical device are used to
secure virtual machines, virtual networks, and other virtual appliances.
• Ensure that each virtual machine is under your control and authority.
• Security policy creation and implementation across the infrastructure / environment
Virtual
Networks add a complexity layer to the underlying real networks. To avoid problem creation,
follow these three virtual network security measures.
1. Connection policies and address validation

2. Secure gateway access between networks
3. Connection access control
Activity 03 Appropriate Risk Assessment for EMC Cyber Solutions Discuss the impact of
integrated
enterprise risk management practices and IT security auditing on the organization and its clients'
security. Further, your discussion should include how IT security can be aligned with a corporate
IT policy and how non-compliance with such policy affects the security of the organization.
We call it risk management because it's the process of recognizing, assessing, and controlling
threats to a company's capital and profits. Financial instability, legal liabilities, strategic
management failures, accidents, and natural calamities are just a few of the potential hazards.
Threats to IT security and data-related risks have risen to the top of the priority list for digitized
businesses.
GK Ashen
Unit05 Security
As an example, the ISO 31000 principles offer businesses of any size or target sector frameworks
for improving risk management processes. The ISO 31000 is designed to "improve the likelihood
of achieving objectives, improve the identification of opportunities and threats, and efficiently
allocate and use resources for risk treatment," according to the ISO website. Although ISO 31000
cannot be used for certification, it can assist organizations in conducting internal or external risk
audits and comparing their risk management practices to internationally recognized benchmarks.
A security risk assessment identifies, evaluates, and implements key application security controls.
It also focuses on preventing security flaws and vulnerabilities in applications.
Risk assessment procedure

EMC Cyber
Purpose: Identifying risks and strategies to overcome the identified risks faced by the EMC Cyber and its
clients
Completed by: GK Ashen Date:7th of July 2021
Identified Current Comments/ Strategic to prevent or to Responsible
risks methodologies of Concerns minimize the effect of the person
handling the risk risk & How to manage the
risk
GK Ashen
Unit05 Security
Unauthorized • Usage of • System is opened • Implementing two-factor Network
use of the security for attacks of the authentication Administrator
system software to outsiders • Use of strong passwords
block • Malware and • Using access control
unauthorized virus attacks may mechanism
access occur
• Using password • Client will be very
protection disappointment
Unauthorized • Usage of security • Network going to • Use digital signature System engineer
modification of software for be untrusted status • Encrypting data and network
data or code the protection • Sensitive data • Use bio metric administrator
from of data and the would be damaged methodologies
the system • Client will be very
code
disappointment
Damage to • Monitoring • Finacle lost • Maintaining proper Management

destruction of devices using • System down environment. (cooling network
physical CCTV and • Client would be system like wise) administrator
system assets other facilities embarrassed • Use asset management
and system
environments • Insurance policy
Damage to • Usage of security • Hackers attacks • Configuring internal firewall Network

destruction of software • Important data systems Administrator
data or code changers • Use access control
inside or • Data lost mechanism
outside the
system
Naturally • Following • Computer and • Create insurance plan Management
happening weather servers damage • Maintaining backup another
risks reports • Assist lost place
• Building damage • Using Fiber optic cables
• Use protection methods
for avoid nature disaster
Cyber • Cyber threats • Data loses, • Apply anti-virus software System
Threats (malware, altering can be and handle a firewall. Administrator,
virus, Trojan occurring • Company software Security expert
horse and update.
etc...) • Reinforce the network by
the firewalls
• Virus guard install to
GK Ashen
Unit05 Security
• protect from internet
threats
Installing backup database
to store data
Strategy Risk • The risks • This can lead to • Having a good Management
associated company down management and take
with a good decisions
particular • Use strategic information
company system to get strategic
strategy. decisions
Table 3 Risk assessment procedure
What an IT Security Audit Does for EMC Cyber…
By outsourcing IT services to handle EMC security audit, EMC organization can have a more
formidable IT system in place. Database management, resource planning, chain network
organization, and other core EMC Cyber functions may be included in an IT security audit. The
following are specific solutions that cover a security audit.
• Security auditors identify the types of data EMC have, how it flows in and out of EMC
organization, and who has access to it. The auditing team can also lay the groundwork for
any necessary improvements or enforcement. Data is one of your most valuable assets,
and it necessitates stringent security measures.
• The IT system is complex, with hardware, software, data, and procedures all playing a
role. Expert IT outsourcing services can determine if your system has any potential
problem areas. They can check to see if EMC's hardware or software tools are properly
configured and functioning. They may also retrace previous security incidents that may
have exposed EMC's security's flaws.
• The auditing process begins with a pre-audit, during which auditors gather information
from previous audits. It determines whether or not you need to change EMC Cyber's
security policies and standards. By the end of the audit, they'll have a good idea EMC
company has adequate security measures in place and that they're being followed
consistently.
• An IT security audit can assist you in determining the best security tools for EMC
company. It gives advice on how to use information technology to improve EMC's
GK Ashen
Unit05 Security
security. The audit's security experts can tell you whether you're underspending or
overspending on your IT system.
Three Advantages of an Information Security Audit for EMC Cyber
1. Identify any gaps or noncompliance in current security systems/practices.
2. Obtain Tools and Training to Assist in Closing Discovered Gaps
3. Establish an Effective Retention/Destruction Schedule for All of Your Important
Documents for the more,
1. Checks susceptibility to threat
2. Evaluating the System
3. Data Security
4. Bolsters Controls, can be specified.
What is the security policy?

A security policy is a document that outlines the rules and procedures for computer network
access. This document governs how an organization manages, protects, and disseminates its
strategic information (corporate and client information) and provides the organization with a
framework for computer-network-based security.
A security policy covers all assets of the company and all threats to those assets. Policies should
be regularly updated and employees of the organization should be updated on the policies being
implemented in the organization. A security policy establishes the rules, regulations, and
procedures that each individual must follow in order to gain access to and use the organization's
IT resources.
The following are the three main goals that security policies should achieve. (Deeply discus in activity 01)
1. Confidentiality - Concerns about protecting IT assets and networks from unauthorized users
2. Integrity- ensures that changes to IT assets are made in a controlled and authorized manner.
3. Availability- ensures the continuous access to IT assets and network by authorized users.
GK Ashen
Unit05 Security
Failure of the following security policies or conflict of events with expected and desired security
will mainly affect the confidentiality, integrity and availability of IT assets and lead to network
unpleasant experiences,
• Unauthorized parties leaking, stealing, and misusing data.

• System failures and increased down time
• Dissatisfaction of the customers
• Legal charges on EMC Cyber since they have failed in providing a better and a secured
service to their customers
• Financial loses to both EMC Cyber and its customers
5 negative impacts of misaligned security strategies
• Adverse experiences for legitimate prospect/customer traffic

• Overwhelmed security teams
• Siloed data and lack of knowledge
• Cumbersome technology and business resistance
• Underutilized solutions and exposed applications
Describe the mandatory data protection rules and procedures applicable to the data storage
solutions provided by EMC Cyber. You should also summarize the ISO 31000 risk
management system.
There are few mandatory data protection laws and procedures which are applicable to the data
storage solutions provided by EMC Cyber such as,
• ISO 3100 risk management methodology

• Data Protection Act of 1998
GK Ashen
Unit05 Security
• Data Protection Act of 2018
• Computer Misuse Act of 1990
• The General Data Protection Regulation (GDPR)
• ISO/IEC 27002:2013
ISO 3100 risk management methodology
Organizations that follow ISO 31000 have a better

chance of achieving their goals,
identifying opportunities and threats, and
allocating resources for risk management more
effectively. ISO 31000, on the other hand, cannot be
used for certification, but it can be used to guide
internal or external auditing programs. It provides the
best principles for effective management and corporate
governance, as well as allowing organizations to
compare their risk management
practices to internationally recognized benchmarks. Figure 4 ISO 31000 Risk Management Process
Data Protection Act of 1998

Personal data recorded on computers or organized paper file systems regarding living people is
protected by the Data Protection Act of 1998. This law basically protects and regulates the legal
use and handling of data about living persons. The main purpose of this Act is to protect
individuals from misuse and misuse of information. The basic principles of the above rule are that
personal data must be reasonably and legally processed, adequate, relevant and not excessive, and
accurate and current should not be retained for longer than required.
Data Protection Act of 2018
If your company handles any type of personal information about people, you must comply with
the Data Protection Act 2018. This was previously known as the Data Protection Act of 1998, but
it was updated in 2018 to comply with GDPR.
GK Ashen
Unit05 Security
You should be aware of the rules that the Act imposes on how you obtain, store, share, and use
personal data. By adhering to these guidelines, you can ensure that your company handles data
securely and protects the privacy of its customers and employees.
Computer Misuse Act of 1990

The Computer Abuse Act 1990 (CMA) is a law passed by the United Kingdom Parliament in
1990. For computer crimes and Internet scams, the CMA is responsible for enforcing legislation
and regulations. The legislation was created to criminalize unauthorized access to computer
systems and to prevent serious criminals from using the computer in the commission of a criminal
offense, or to prevent access to data stored on the computer.
The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is one of the most extensive pieces of European
Union legislation in recent memory. It was passed to harmonize data protection legislation across
the EU and to give people in the growing digital economy more control over how their personal
data is used.
ISO/IEC 27002:2013
ISO/IEC 27002:2013 provides guidelines for organizational information security standards and
information security management practices such as control selection, implementation, and
management while taking the organization's information security risk environment into account
(s)
Activity 04
Establish a corporate security policy for EMC Cyber to minimize exploitation and misuse
when assessing the suitability of tools used in corporate policy.
GK Ashen
Unit05 Security
SECURITY POLICY EMC
CYBER
EMC CYBER
COLOMBO
SRI LANKA
DATE 07/15/2021
GK Ashen
Unit05 Security
Table of contents.
1. Introduction 8. Email Policy
1. 1.Purpose 9. Glossary
1.2.Scope
1.3.History
1.4.Responsibilities
1.5.General Policy Definitions
2. Access Policy.
1. 1.Purpose
2.2.Scope
2.3.Policy Definitions
3. IT Assets Policy
1. 1.Purpose
3.2.Scope
4. Password Control Policy

1. 1.Purpose
4.2.Scope
5. Employee policy
1. 1.Purpose
5.2.Scope
6. Outsourcing Policy
1. 1.Purpose
6.2.Scope
1. 1.Purpose
7.2.Scope
7.3.Policy Definition
GK Ashen Unit05
Security
1. Introduction
Company internal and external audience responsible for the client’s data. they should be
need to protect so they used the security policies. This might include the EMC Cyber
company network, its physical building. It can be identifying the potential threats. If the
document focuses on cyber security, threats could include those from the inside, such as
possibility that disgruntled employees will steal personal information or launch an
internal virus on the EMC company's network or hacker from outside the company could
penetrate the system and cause loss of data, change data, or steal it.
Finally, physical damage to computer systems could occur, above fact we must throughout
of the company EMC modern technologies already used
1.1 Purpose
The information security objectives and strategies of an organization are described in a

security policy. The primary goal of a security policy is to protect people and information,
define and authorize the consequences of violations, and set the rules for expected user
behavior.
1.2 Scope
All parties to the service provided by EMC Cyber, such as customers and employees, are
subject to the security policy set forth herein.
1.3 History
Version Description From To Author
1.0 Initial version 8/1/20xx 7/1/20xx John Doe
GK Ashen
Unit05 Security
1.4 Responsibilities
Roles Responsibilities
Chief Information • Accountable for all aspects of information security at the
Officer Organization.
Information • In charge of the IT infrastructure's security.
Security Officer • Make security threats, vulnerabilities, and risks a priority.
• Create, implement, and update Security Policy documents.
• Make certain that security training programs are in place.
• Ensure that your IT infrastructure is compliant with security
policies.
• Respond to incidents involving information security.
• Assist with disaster recovery plans.
Information • Assist with security requirements for their specific area; determine
Owners privileges and access rights to resources within their areas.
IT Security Team • Implements and manages information technology security.
• Implements resource privileges and access rights.
• Backs up security policies.
Users • Comply with security policies.
• Inform the authorities about any attempted security breaches.
Table 4 Responsibilities
1.5 General Policy Definitions
• Only the Information Security Officer may grant exceptions to the policies outlined in this
document. In such cases, specific procedures for handling requests and authorization for
exceptions may be put in place.
• When a policy exception is invoked, an entry must be made in a security log specifying the
date and time, a description of the exception, the reason for the exception, and how the risk
was managed.
• All IT services should be used in accordance with the technical and security requirements
defined in the service design.
• Infringements on the policies outlined in this document may result in disciplinary action. In
some serious cases, they may even result in prosecution.
GK Ashen
Unit05 Security
2. Access Policy
2.1 Purpose
The EMC IT Access Control Policy goal is to ensure that all access to information assets is properly
authorized, and that access permissions are updated and reviewed on a regular basis.
2.2 Scope
All access to EMC's information assets is subject to this IT Access Control Policy. This IT Access
Control Policy, as well as the IT Acceptable Use Policy, must be followed by all users who have
access to EMC's information systems. The same principles will govern access to physical and
nonphysical assets.
2.3 Policy Definitions

• Within EMC, all information assets must be "owned" by a named individual.
• A process for user access requests that specifies the steps to be followed when creating or
changing user access must be defined, documented, reviewed, and updated on an annual basis.
This procedure must cover network, application, and database access, as well as any other
third-party access.
• Only systems or roles necessary for the user's work function shall be granted access. The
management of privilege creep is addressed by regular maintenance.
• Additional access controls, including smart card, token or other supplemental two or three-
factor authentication checks, are required when dictates when passwords/phrases must be
supplemented by
• EMC Cyber company system can be log authorized peoples only.
Login steps
Step 1 first need the scan the finger print
Step 2 enter username and password
Step 3 two-step verification
Must be pass these steps to login the system.
3. IT Assets Policy
GK Ashen
Unit05 Security
3.1 Purpose
The purpose of the IT Asset Management Policy is to protect the company against loss
and security incidents, to lower the EMC company's risk profile to external and internal
pressures, to state commitment to legal compliance, and to lower costs and improve
productivity through more efficient and effective asset management.IT Asset Management
that is effective IT Asset Management is a fundamental policy that serves as a foundation for
other IT policies. Policies governing operations and information security.
3.2 Scope
This policy applies to all employees and non-employees who own, care for, or use EMC
IT Assets, as well as entities that manage, deploy, or support EMC IT Assets either
internally or externally to the EMC intranet.
• IT assets must be used only in connection with the business activities to which they have been
assigned and/or authorized.
• All IT assets must be classified into one of the Organization's security categories, based on the
current business function to which they are assigned.
• Every user is responsible for the upkeep and proper use of the IT assets to which they have
been assigned.
• IT assets policy The authorized persons in the EMC may monitor equipment, systems and
network traffic at any time, for safety and network maintenance purposes by means of the
InfoSec Audit Policies.
• All IT assets must be housed in locations with security access restrictions, environmental
conditions, and layout that adhere to the security classification and technical specifications of
the assets in question.

4.1 Purpose
GK Ashen
Unit05 Security
Access controls for identification and authentication are critical in helping to protect
information systems and the data they contain. The purpose of this policy is to define the EMC's
access control and password management requirements, procedures, and protocols. 4.2 Scope
The scope of this policy includes all EMC employees, users, and contractors who use,
create, deploy, or support application and system software. Regardless of ownership, this
policy applies to all computer assets and software.
• Any system that handles sensitive data must be secured with a password-based access control
system.
• Each user must have a unique, private identity in order to access IT network services.
• Identities should be created and managed centrally. It is encouraged to use a single signon to
access multiple services.
• Individual users, not groups, should be able to be authenticated.
• Passwords should not be stored in plain text or in any form that is easily reversible.
• Should have some kind of role management so that one user can take over the role of another
without knowing the password.
5. Employee policy
5.1 Purpose
Employee policies are designed to help EMC tie together its mission, vision, values, and culture into
easily accessible documents that all employees can understand.
GK Ashen
Unit05 Security
5.2 Scope
All the employee of the EMC
Handling the tools used to access the services provided by EMC can lead to numerous security
threats. Therefore, the tools used to access the services of EMC must do the following,
• Use strong password protection

• Use good quality security software
• Keep EMC’s security software up to date.
• Use a secure network to access EMC services.
To strengthen security, EMC
• encryption facility
• Password management software
• Security software such as anti-virus guards
If the above strategies are difficult to follow, you should contact the network administrator for
technical assistance.
6. Outsourcing Policy
6.1 Purpose
Outsourcing entails the use of a third-party service provider in any number of operational
functions to perform ongoing activities (including short-term agreements) that would
normally be performed by EMC personnel. This policy is intended to mitigate the risks
associated with outsourcing contracts.
GK Ashen
Unit05 Security
6.2 Scope
This policy applies to all EMC management and staff involved in the procurement of outsourced
services.
• The service provider's ability to meet the EMC's performance service levels and comply with
its obligations.
• Multiple outsourcing agreements that expose EMC to potential risk with a single service
provider must be avoided.
• Background checks are required or recommended for outsourcing service providers, and they
must follow all component state laws, regulations, and statutes.
• When service providers act on systems with student Personally Identifiable Information, they
comply with appropriate disclosure and FERPA notifications, public transparency
requirements, and acknowledgements (PII).
• EMC policy, regulations, state laws, and laws require proper contractual agreements with the
service provider.

7.1 Purpose
The goal of this policy is to establish a standard for creating strong passwords for EMC Cyber,
protecting those passwords, and changing them on a regular basis.
7.2 Scope
This policy applies to any employee who has access to the EMC network, or any system
account (or password support or any other type of required access) on any EMC website that
does not store. General EMC information.
GK Ashen
Unit05 Security
• All system-level passwords must be changed every 90 days at the very least.
• All production system-level passwords must be included in the Information Security
• managed global password management database.
• At least once a year, all user-level passwords (email, web, desktop computer, etc.) must be
changed.
• Passwords for EMC should not be shared with anyone, including administrative assistants
or secretaries. All passwords must be treated as EMC data that is sensitive and confidential.
8. Email Policy
8.1 Purpose
The purpose of this policy is to outline the EMC's email system usage guidelines. This policy
will aid the Authority in lowering the risk of an email-related security incident, fostering good
internal and external business communications, and ensuring consistency.
8.2 Scope
The EMC's email system, including desktop and/or web-based email applications, server-side
applications, email relays, mobile devices, and associated hardware, is covered by this policy.
It includes every e-mail sent from the system as well as any e-mail received from outside
sources. Email accounts that can be accessed through the EMC network. This policy applies
to all employees.
And it applies to all uses of corporate IT resources, including, but not limited to, computers.
systems, email, the network, data on any of these systems, and corporate Internet connection
• Because email is an insecure method of communication, information that is considered
confidential or proprietary to the EMC should not be sent via email without proper encryption,
regardless of the recipient.
• EMC has a policy of not opening email attachments from unknown senders or when they are
unexpected.
• Users may have personal email accounts in addition to the EMC-provided account, which the
EMC recognizes.
GK Ashen
Unit05 Security
• All business-related email must be sent through the corporate email system. It is forbidden for
users to send business email from an email account that is not provided by EMC.
• Email should be kept and backed up in accordance with any applicable policies, such as the
Data Classification Policy, Confidential Data Policy, Backup Policy, and Retention Policy,
among others. 9. Glossary
Term Definition
Access The process that allows users to access IT services, data, or other assets.
Management
Asset Any skill or resource. Anything that could aid in the delivery of a
service is included in a service provider's assets.
Outsourcing Using a third-party provider to manage IT services.
Policy Management expectations and intentions must be formalized. Policies
are used to guide decisions and to ensure the consistent and appropriate
development and implementation of processes, standards, roles,
activities, and IT infrastructure, among other things.
Table 5 Glossary
SPONSOR ACCEPTANCE
Approved by the Project Sponsor:
__________________________________________ Date: ___________________

EMC Cyber
EMC Cyber Policy
Prepare and submit a Disaster Recovery Plan for EMC Cyber in accordance with ISO / IEC
17799: 2005 or a similar standard, which should justifiably include the key elements of a
reasonable Disaster Recovery Plan.
Introduction
A disaster recovery (DR) plan is a formal document created by a company that contains detailed
instructions on how to respond to unplanned events such as natural disasters, power outages,
cyberattacks, and other disruptive events. The plan includes strategies for mitigating disaster
effects so that a company can keep operating – or quickly resume key operations.
Disruptions can result in lost revenue, harmed brands, and dissatisfied customers. Furthermore,
the longer the recovery time, the greater the negative business impact. As a result, regardless of
the cause of the disruption, a good disaster recovery plan should enable rapid recovery.
GK Ashen
Unit05 Security
Main component of disaster recovery plan.
1. Communication plan and role assignments.
2. Plan for your equipment.
3. Data continuity system.
4. Backup check.
5. Detailed asset inventory.
6. Vendor communication and service restoration plan.
1. Communication plan and role assignments.

Communication is critical in the aftermath of a disaster. A plan is necessary because it ensures
that all employees are on the same page and that all communication is clearly outlined.
Employee contact information should be updated in all documents, and employees should
understand their role in the days following the disaster. If you don't have a technical resource
to help you sort through everything, assignments like setting up workstations, assessing
damage, redirecting phones, and other tasks will be required.
2. Plan for your equipment.

In the Example, when a major storm is approaching, it is critical that you have a plan in place
to protect your equipment. All equipment must be removed from the floor, moved into a room
with no windows, and securely wrapped in plastic so that no water can get to it. It is
obviously preferable to completely seal equipment to keep it safe from flooding, but in cases
of extreme flooding, this is not always possible, likewise we need to some plan.
3. Data continuity system.

As we develop our disaster recovery plan, we will want to investigate exactly what our
business (EMC) requires to function. We need to know exactly what our organization requires
in terms of operations, finances, supplies, and communication. Whether we are a large
consumer business that needs to fulfill shipments and communicate with our customers about
those shipments, or a small business to business organization with multiple employees, we
GK Ashen
Unit05 Security
should document our needs so that we can make backup and business continuity plans and
have a complete understanding of the needs and logistics surrounding those plans.
4. Backup check.
Check that EMC backup is running, and include a full local backup of all servers and data in
our disaster recovery plan. Run them as early as possible, and make sure they're backed up to
a location that won't be harmed by the disaster. It's also a good idea to keep that backup on an
external hard drive that you can take with you offsite in case something goes wrong.
5. Detailed asset inventory.

EMC should have a detailed inventory of workstations, their components, servers, printers,
scanners, phones, tablets, and other technologies that EMC and its employees use on a daily
basis in an EMC disaster preparation plan. (This will help you with insurance claims after a
major disaster by providing your adjuster with a simple list (with photos) of any inventory
you have.)
6. Vendor communication and service restoration plan

In the example, after a storm passes, EMC will want to get back up and running as soon as
possible. As part of the EMC plan, ensure that vendor communication is included. Check with
your local power provider to determine the likelihood of power surges or outages while the
area is being repaired. EMC should also check with EMC's phone and internet providers
about restoration and access.
GK Ashen
Unit05 Security
E M C C Y B E R
Disaster
GK Ashen
Unit05 Security
Recovery Plan.
Unit 05
Security Assignment.
EMC Cyber,
Colombo,
Sri Lanka.
Revision History
Version Data approved Modified by Pages affected Description of

Changes Made
Original 1.0 08.07.2021 All First Release
Table 6 Revision History
Introduction to EMC Cyber

EMC Cyber is a well-known cyber security firm based in Colombo, Sri Lanka, that provides
security products and services for the entire IT infrastructure. There are a number of clients in Sri
Lanka and abroad, including top-level companies in a wide range of industries, to the company.
GK Ashen
Unit05 Security
Objectives
In the event of a disaster, this document explains the process and disaster recovery procedures in
place at EMC Cyber. A disaster can be a natural disaster or any other failure that causes
downtime in the Production Environment.
In the event of a disaster, the goal of this document is to ensure minimal downtime, data integrity, and
availability.
This document outlines the processes and procedures that will assist us in overcoming the disaster
with minimal disruption to our organization's operations.
Key person contact info

Disaster Recovery Executive Management Team
Manager/ Director Area of Responsibility Contact information
W.P.A de Silva Chief Information Officer silva@emccyber.lk
L. Pushpanathan Associate CIO Applications pushpe@emccber.lk
M.N. Senewirathne Manager Application Hosting senewi.nm@gmail.com

Table 7 Disaster Recovery Executive Management Team
Disaster Recovery Team Members

Manager Group lead IT Expert
Data center Sampath Kumara Nisha de Silva Nilupul Wasanatha
Windows
Storage
Virtualization
GK Ashen
Unit05 Security
Network
Oracle Platforms
File & Print servers
Client Technologies &
Desktop support
Backup and Recovery
Table 8 Disaster Recovery Team Members
External/ Vendor Contact list

Name/Title Contact option Contact number
Landlord/ Property Manager Work
Mobile
Email
Power Company Work
Mobile
Email
Telecom Carrier 01 Work
Mobile
Email
Hardware Supplier 01 Work
Mobile
Email
Sever supplier Work
Mobile
GK Ashen
Unit05 Security
Email
Workstation Supplier 01 Work
Mobile
Email
Office /supplies Work
Mobile
Email
Insurance Work
Mobile
Email
Table 9 External/ Vendor Contact list
GK Ashen
Unit05 Security
DR Incident Management Flow
Figure 5 DR Incident Management Flow
GK Ashen
Unit05 Security
Disaster Recovery Infrastructure Diagram
Figure 6 Disaster Recovery Infrastructure Diagram
GK Ashen
Unit05 Security
Disaster Assessment
Rating of Rating of Brief Description of possible remedial

Disaster Potential
probability impact actions and consequences
The first floor houses all critical

Flood 3 4
equipment.
Fire 3 4
Tornado 5
Electrical storms 5
Act of terrorism 5
Act of sabotage 5
Redundant UPS system with auto standby
generator that is tested weekly and
Electrical power
3 4 remotely monitored 24 hours a day, 7 days
Failure
a week. UPSs are also monitored
remotely.
Loss of Two T1 trunks are routed differently into

communications 4 4 the building. Voice network resilience and
network services WAN redundancy
Table 10 Disaster Assessment
The chance: 1=Total destruction, 5=Less annoyance. 5=Very High, 5=Total destruction
Facilities Emergency Contact Numbers

Main Security Office number 0112232323569
From off bank 01123654789
110 - Fire and Rescue Service.
112 - Police Emergency Service (Mobile)
117 - Disaster Management Call Centre.
119 - Police Emergency Service.
Incident Management Process
1. The incident occurred and was deleted as a result of the monitoring procedures in place.
GK Ashen
Unit05 Security
2. Sort the incident into categories.
3. The Incident Report Template was opened and the incident details and progress were updated.
4. The key person has been informed.
5. To avoid panic, regular updates about the situation are sent to affected people every 30 minutes.
6. In the event of a primary location disaster:
• People must be guided to a safe location by the facilities team;
• Application users must be notified of any outages;
• Secondary key contacts must be notified;
• Emergency services must be contacted; and • User and acceptance tests must be
performed.
• Recover any lost or corrupted data.
• Fail back of failed applications is carried out.
7. In the event of a hardware or application failure, the respective owners are notified.
8. Disaster recovery procedures are implemented.
9. Once the problem with the primary hardware or application has been resolved, fail back is
performed.
10. User and acceptance tests are carried out
11. The application's performance is monitored 24 hours a day, seven days a week.
12. Affected individuals are informed of the resolution and next steps.
13. The incident has been resolved
14. Any recommendations made by the group, along with the incident report, are forwarded to upper
management in order to streamline the process even further.
GK Ashen
Unit05 Security
Develop and Submit a disaster recovery plan for EMC Cyber
Figure 7 Recovery Plan for EMC Cyber. Slide 1
GK Ashen
Unit05 Security
Figure 8 Contents slide 2
GK Ashen
Unit05 Security
Figure 9 introduction slide 3
GK Ashen
Unit05 Security
Figure 10 What is the DRP slide 4
GK Ashen
Unit05 Security
Figure 11Natural and Man-made disaster slide 5
GK Ashen
Unit05 Security
Figure 12 Change to disaster slide 6
GK Ashen
Unit05 Security
Figure 13 Disaster on EMC cyber slide 7
GK Ashen
Unit05 Security
Figure 14 DRP of EMC Cyber slide 8
GK Ashen
Unit05 Security
Figure 15 EMC DRP slide 9
GK Ashen
Unit05 Security
GK Ashen
Unit05 Security
GK Ashen
Unit05 Security
Figure 18 Main component slide 12
Figure 19 Explain components slide 13
GK Ashen
Unit05 Security
Figure 21Figure 21Explain components slid e14
Figure 20 Explain components slide 15
GK Ashen
Unit05 Security
Figure 22 Reference slide 16
Figure 23 Question slide 17
GK Ashen
Unit05 Security
Figure 24 Thanks slide 18
GK Ashen
Unit05 Security
Discuss the Disaster Recovery Plan you have recommended as part of the Security Audit and
the crucial role of the organization's stakeholders in the successful implementation of the
Defense Policy.
Shareholders are groups of people who are interested in the development and development of an
organization or company. These partners can be divided into two parts:
1. Internal (partners interested in company strategy, project planning and

process)
2. External (partners who are not invested in the organization).
According to these two categories, I distinguished the internal and external partners of the EMC
cyber from the task list.
Internal Stakeholders Figure 25 Internal and external Stakeholders

Stakeholders Role
Creditors Need to pay back the loan limited time frame to the company
Directors • Mainly in charge of the company's strategic goals and plans. Analyzing and
tracking its employees' progress toward achieving the set objectives and
targets.
• Involving the decision making process in the company.
• Involve the risk management process in the company its importance for the
company security
• The audit function's effectiveness is being monitored. • Need to know the
cyber security
Owners • Monitoring the external communication of EMC Cyber and also involve in
management reviews and implementing strategies on data security.
GK Ashen
Unit05 Security
Employees • Employees invest a significant amount of money and time in the company,
and they play an important role in the company's strategy, tactics, and
operations.
Shareholders
• Shareholders make a monetary investment in the business.
• Supporting the company decision making process
• Involve the security policies.
Table 11 Internal Stakeholders
External Stakeholders
External
Role
stakeholders
Customers • Recognizing and optimizing operations to best meet the needs of an
organization's core customer base.
•
Significant part of managing a business. Maintaining a strong
community requires interaction with customers via social media,
emails, storefronts, user testing groups, and service and product
delivery.
Unions • Point out staff-related issues and communicate with the management of
the organization
Suppliers • As key external stakeholders, suppliers are strongly intertwined in

organizations.
• Maintaining a strong relationship with this stakeholder group

requires timely payments, shipments, communication, and
operational processes.
•
Provide high quality resources or services to EMC Cyber at
reasonable cost in accordance with the security measures adopted by
the organization.
Government • Governments levy taxes on businesses and thus have a vested interest
in their success.
GK Ashen
Unit05 Security
• Given the profit motive involved, governments can be considered
primary stakeholders.
•
In addition, the government provides regulatory oversight, ensuring
that business representatives adhere to accounting procedures,
ethical practices, and legal concerns with care.
Others • Other parties, such as the press and the media, help communicate
between the organization and its partners.
Table 12 External Stakeholders
How to manage a successful audit

• Annual audits can be used to establish a security baseline.
• Spell out your objectives.
• Choose auditors with "real" security experience.
• Involve business unit managers early.
• Ensure that auditors rely on their experience rather than checklists.
• Demand that the auditor's report accurately reflects your company's risks
The stakeholder expectations are that auditors should play an effective role in reducing, if not
eliminating, corruption. the auditors, whose professing makes them concentrate on documentary
or physical evidence, often find it hard to gather such evidence.
From the tables above, we can clearly see how partners and their different roles affect the
performance of EMC Cyber. This is why these are very useful for implementing audit
recommendation for EMC Cyber. Finally, I outline the general achievements of those concerned
and their roles.
• These roles can lead to effective decision-making, which ensures effective utilization of
investments, resources, physical, human and time
• Employees help build trust among employees.
• Making policies to improve company security options
• Policies can be implemented to ensure the safety and betterment of the organization, its staff
and clients
GK Ashen
Unit05 Security
• Assist in identifying the best options in risk management for the organization.
Conclusion
As I'm following a BTEC course, I analyzed various types of threats that could affect the
performance of EMC Cyber. And the report above, I have several security procedures to prevent
them. In addition, I presented solutions with examples of all the company's system and network
vulnerabilities. With the new security procedures, I have introduced for EMC Cyber, the
company can achieve many benefits, and with the company's disaster recovery plan, it can easily
prevent the disasters they face. So, based on my knowledge and experience, I think I have
created a successful report for EMC Cyber highlighting various factors related to security. I will
identify how the erroneous / incorrect configurations that affect firewalls and VPN solutions
affect EMC Cyber and its clients, and how DMS, static IP and NAT can benefit EMC Cyber and
its clients by facilitating a trusted network. The two activities highlight the advantages of
activating network monitoring systems. Activity four is focused on security policy, disaster
management, presentation and the roles that various stakeholders play in EMC Cyber to
implement the organization's security audit recommendations.
GK Ashen
Unit05 Security
Gantt Chart
Figure 26 Gantt chart
GK Ashen
Unit05 Security
Reference
CISCO (2014). Network Address Translation (NAT) FAQ. [online] Cisco. Available at:
https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/26704-nat-
faq00.html. [Accessed 17 Jun. 2021].
Cisco (2008). What Is a Firewall? [online] Cisco. Available at:

https://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-firewall.html. [Accessed 18
Jun. 2021].
SearchNetworking. (2019). What is VPN (virtual private network)? - Definition from WhatIs.com.
[online] Available at: https://searchnetworking.techtarget.com/definition/virtualprivate-network.
[Accessed 19 Jun. 2021].
Rouse, M. (2019). What is DMZ (networking)? - Definition from WhatIs.com. [online]

SearchSecurity. Available at: https://searchsecurity.techtarget.com/definition/DMZ. [Accessed 24
Jun. 2021].
https://www.facebook.com/lifewire (2019). Static IP Addresses: Everything You Need to Know.

[online] Lifewire. Available at: https://www.lifewire.com/what-is-a-static-ip-address-2626012.
HelpSystems (2014). Top 7 Benefits of Network Monitoring. [online] Helpsystems.com.

Available at: https://www.helpsystems.com/resources/articles/top-benefits-network-monitoring.
Blog. (2020). DHCP vs Static IP: What’s the Difference? [online] Available at:
https://community.fs.com/blog/dhcp-vs-static-ip-differences.html. [Accessed 25 Jun. 2021].
www.google.com. (n.d.). how NAT%2C Static Ip%2C DMZ will contribute to form a trusted network
- Google Search. [online] Available at:
https://www.google.com/search?q=how+NAT%2C+Static+Ip%2C+DMZ+will+contribute+to+f
orm+a+trusted+network&oq=how+NAT%2C+Static+Ip%2C+DMZ+will+contribute+to+form+
a+trusted+network&aqs=chrome..69i57j69i60.891j0j4&sourceid=chrome&ie=UTF-8 [Accessed
29 Jun. 2021].
Daniels, D. (2019). 14 Network Security Tools and Techniques to Know. [online] Gigamon Blog.
Available at: https://blog.gigamon.com/2019/06/13/what-is-network-security-14-tools-
andtechniques-to-know/.[Accessed 07 July. 2021].
Shinder, D. (2018). 10 physical security measures every organization should take. [online]
TechRepublic. Available at: https://www.techrepublic.com/blog/10-things/10-physical-
securitymeasures-every-organization-should-take/.[Accessed 07 July. 2021].
GK Ashen
Unit05 Security
Techopedia.com. (n.d.). What is Virtualization Security? - Definition from Techopedia. [online]
Available at: https://www.techopedia.com/definition/30243/virtualization-security [Accessed 6
Jul. 2021].
Entech (n.d.). 7 Key Elements of a Business Disaster Recovery Plan. [online] www.entechus.com.
Available at: https://www.entechus.com/blogs/7-key-elements-of-abusiness-disaster-recovery-
plan. [Accessed 21.Jul. 2021].
BCS, 2007. Data Protection Act 1998 overview | BCS - The Chartered Institute for IT. [online]
Available at: <https://www.bcs.org/content-hub/data-protection-act-1998-overview/> [Accessed
22Jul. 2021].
GK Ashen
Unit05 Security
Grading Rubric
Grading Criteria Achieved Feedback
LO1 Assess risks to IT security
P1 Identify types of security risks to organisations.

P2 Describe organizational security procedures.
M1 Propose a method to assess and treat IT security risks.
LO2 Describe IT security solutions
P3 Identify the potential impact to IT security of incorrect

configuration of firewall policies and thirparty VPNs.
P4 Show, using an example for each, how implementing a DMZ,

static IP and NAT in a network can improve Network Security.
M2 Discuss three benefits to implement network monitoring
systems with supporting reasons.
D1 Evaluate a minimum of three of physical and virtual security
measures that can be employed to ensure the integrity of
organisational IT security.
LO3 Review mechanisms to control organisational IT security
GK Ashen
Unit05 Security
P5 Discuss risk assessment procedures.
P6 Explain data protection processes and regulations as applicable to

an organisation.
M3 Summarise the ISO 31000 risk management methodology and its

application in IT security.
M4 Discuss possible impacts to organizational security resulting from
an IT security audit.
D2 Consider how IT security can be aligned with organisational
policy, detailing the security impact of any misalignment.
LO4 Manage organizational security
P7 Design and implement a security policy for an organisation.
P8 List the main components of an organisational disaster recovery

plan, justifying the reasons for inclusion.
M5 Discuss the roles of stakeholders in the organisation to
implement security audit recommendations.
D3 Evaluate the suitability of the tools used in an organisational
policy.
GK Ashen
Unit05 Security
GK Ashen
Unit05 Security
GK Ashen
Unit05 Security

Male Assignment Example

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Male Assignment Example

Uploaded by

Copyright:

Available Formats

Higher Nationals

Internal verification of assessment decisions – BTEC (RQF)

Programme title BTEC Higher National Diploma in Computing

INTERNAL VERIFIER CHECKLIST

Is the feedback to the student:

Assessor signature Date

Internal Verifier signature Date

Confirm action completed

Assessor signature Date

Internal Verifier signature

Higher Nationals - Summative Assignment Feedback Form

Unit Title Unit 05: Security

Assignment Number 1 Assessor Piyumi Fernando

LO1. Assess risks to IT security

LO2. Describe IT security s olutions.

LO3. Review mechanisms to control organis ational IT security.

Grade: Assessor Signature: Date:

Grade: Assessor Signature: Date:

Signature & Date:

Assignment 01 4 | P a g e General Guidelines

Word Processing Rules

1. I know that plagiarism is a punishable offence because it constitutes theft.

08. 08. 2021 Date:

Unit Number and Title Unit 5- Security

Academic Year 2020/2021

Unit Tutor Piyumi Fernando

Issue Date 04.07.2021

IV Name & Date

Unit Learning Outcomes:

LO1 Assess risks to IT security.

LO2 Describe IT security solutions.

LO3 Review mechanisms to control organisational IT security.

LO4 Manage organisational security.

‘trusted network’. (Support your answer with suitable examples). i) DMZ

ii) Static IP iii)NAT

G.K Ashen Imal (batch 97/A)

- G.K. Ashen Imal

Figure 1 CIA Triad......................................................................................................................... 16

Table 1 inproper/incorrect configuration of firewalls and VPNs ................................................. 23

Defining a CIA triangle

GK Ashen Figure 1 CIA Triad

Integrity of the CIA

Availability of the CIA

1. Unauthorized access of the system

destruction of physical system assets and environments

4. Data or code inside or outside the system is damaged or destroyed.

5. Naturally happening risks

Unauthorized access of the system

Damage to destruction of physical system assets and environments

Data or code inside or outside the system is damaged or destroyed

Naturally happening risks

• Financial loses to the company

1. Top-of-the-Line Perimeter Firewall

2. Intrusion Detection Systems with Event Logging

5. Data Centers with Strong Physical Security

According to Cisco systems, there are a few different types of firewalls.

• Unified threat management firewall

• Dynamic multipoint VPN

Manual Updates vs Automation The VPN Subsystem is unable to communicate.

Issues with Security Logging The Remote Peer Is No Longer Responding

Table 1 in proper/incorrect configuration of firewalls and VPNs

Discuss the advantages of putting network monitoring systems in place.

• Can stay ahead of outages

• Fix issues faster

________________________ Date: _