Professional Documents
Culture Documents
A-067880-1628317685222-92301-G.K Ashen - 97 - Security - Unit 05
A-067880-1628317685222-92301-G.K Ashen - 97 - Security - Unit 05
GK Ashen
Unit05 Security
Assignment 01 1|Page
Confirm action completed
Remedial action taken
Give details:
GK Ashen
Unit05 Security
Assignment 01 2|Page
Higher Nationals - Summative Assignment Feedback Form
Student Name/ID G.K Ashen Imal – COL/A-067880
GK Ashen
Unit05 Security
Assignment 01 3|Page
Pearson
Higher Nationals in
Computing
Unit 5 : Security
GK Ashen
Unit05 Security
Assignment 01 4|Page
General Guidelines
1. A Cover page or title page – You should always attach a title page to your assignment. Use previous
page as your cover sheet and make sure all the details are accurately filled.
2. Attach this brief as the first section of your assignment.
3. All the assignments should be prepared using a word processing software.
4. All the assignments should be printed on A4 sized papers. Use single side printing.
5. Allow 1” for top, bottom , right margins and 1.25” for the left margin of each page.
1. The font size should be 12 point, and should be in the style of Time New Roman.
2. Use 1.5 line spacing. Left justify all paragraphs.
3. Ensure that all the headings are consistent in terms of the font size and font style.
4. Use footer function in the word processor to insert Your Name, Subject, Assignment No, and
Page Number on each page. This is useful if individual sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to help editing your
assignment.
Important Points:
1. It is strictly prohibited to use textboxes to add texts in the assignments, except for the compulsory
information. eg: Figures, tables of comparison etc. Adding text boxes in the body except for the
before mentioned compulsory information will result in rejection of your work.
2. Carefully check the hand in date and the instructions given in the assignment. Late submissions
will not be accepted.
3. Ensure that you give yourself enough time to complete the assignment by the due date.
4. Excuses of any nature will not be accepted for failure to hand in the work on time.
5. You must take responsibility for managing your own time effectively.
6. If you are unable to hand in your assignment on time and have valid reasons such as illness, you
may apply (in writing) for an extension.
7. Failure to achieve at least PASS criteria will result in a REFERRAL grade .
8. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will then
be asked to complete an alternative assignment.
9. If you use other people’s work or ideas in your assignment, reference them properly using
HARVARD referencing system to avoid plagiarism. You have to provide both in-text citation and a
reference list.
10. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be
reduced to A REFERRAL or at worst you could be expelled from the course
GK Ashen
Unit05 Security
Assignment 01 5|Page
Student Declaration
I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as
my own without attributing the sources in the correct way. I further understand what it means to copy
another’s work.
GK Ashen
Unit05 Security
Assignment 01 6|Page
Assignment Brief
Student Name /ID Number G.K Ashen Imal – COL/A-067880
Submission Format:
The submission should be in the form of an individual written report written in a concise, formal business style
using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as
appropriate, and all work must be supported with research and referenced using Harvard referencing system.
Please provide in- text citation and an end list of references using Harvard referencing system.
Section 4.2 of the assignment required to do a 15 minutes presentation to illustrate the answers.
GK Ashen
Unit05 Security
Assignment 01 7|Page
Assignment Brief and Guidance:
Scenario
‘EMC Cyber’ is a reputed cyber security company based in Colombo Sri Lanka that is delivering security
products and services across the entire information technology infrastructure. The company has a
number of clients both in Sri Lanka and abroad, which includes some of the top-level companies of the
world serving in multitude of industries. The company develops cyber security software including
firewalls, anti-virus, intrusion detection and protection, and endpoint security. EMC Cyber is tasked
with protecting companies’ networks, clouds, web applications and emails. They also offer advanced
threat protection, secure unified access, and endpoint security. Further they also play the role of
consulting clients on security threats and how to solve them. Additionally the company follows
different risk management standards depending on the company, with the ISO 31000 being the most
prominent.
One of the clients of EMC Cyber, Lockhead Aerospace manufacturing which is a reputed aircraft
manufacturer based in the US, has tasked the company to investigate the security implications of
developing IOT based automation applications in their manufacturing process. The client has requested
EMC to further audit security risks of implementing web based IOT applications in their manufacturing
process and to propose solutions. Further, Lockhead uses ISO standards and has instructed EMC to use
the ISO risk management standards when proposing the solution.
The director of the company understands such a system would be the target for cyber-attacks. As you
are following a BTEC course which includes a unit in security, the director has asked you to investigate
and report on potential cyber security threats to their web site, applications and infrastructure. After
the investigation you need to plan a solution and how to implement it according standard software
engineering principles.
GK Ashen
Unit05 Security
Assignment 01 8|Page
Activity 01
Assuming the role of External Security Analyst, you need to compile a report focusing on following
elements to the board of EMC Cyber’;
1.1 Identify the CIA Triad concept and evaluate why and how the CIA Triad could be utilize to EMC
Cyber in order to improve the organization’s security.
1.2 Identify types of security risks EMC Cyber is subject to its present setup and the impact that they
would make on the business itself. Evaluate at least three physical and virtual security risks identified
and suggest the security measures that can be implemented in order to improve the organization’s
security.
1.3 Develop and describe security procedures for EMC Cyber to minimize the impact of issues
discussed in section (1.1) by assessing and rectifying the risks.
Activity 02
2.1 Identify how EMC Cyber and its clients will be impacted by improper/ incorrect configurations
that are applicable to firewalls and VPN solutions. IT security can include a network monitoring
system. Discuss how EMC cyber can benefit by implementing a network monitoring system with
supporting reasons.
2.2 Explain how the following technologies would benefit EMC Cyber and its Clients by facilitating a
‘trusted network’. (Support your answer with suitable examples).
i) DMZ
ii) Static IP
iii)NAT
2.3 Identify and evaluate the tools that can be utilized by EMC cyber to improve the network and
security performance without compromising each other. Evaluate at least three virtual and physical
GK Ashen
Unit05 Security
Assignment 01 9|Page
security measures that can be implemented by EMC to uphold the integrity of organization’s IT
policy.
Activity 03
3.1 Discuss suitable risk assessment integrated enterprise risk management procedures for EMC
Cyber solutions and the impact an IT security audit will have on safeguarding organization and its
clients. Furthermore, your discussion should include how IT security can be aligned with an
organizational IT policy and how misalignment of such a policy can impact on organization’s security.
(This can include one or more of the following: network change management, audit control, business
continuance/disaster recovery plans, potential loss of data/business, intellectual property, Data
Protection Act; Computer Misuse Act; ISO 31000 standards.)
3.2 Explain the mandatory data protection laws and procedures which will be applied to data storage
solutions provided by EMC Cyber. You should also summarize ISO 31000 risk management
methodology.
Activity 04
4.1 Design an organizational security policy for EMC Cyber to minimize exploitations and misuses
while evaluating the suitability of the tools used in an organizational policy.
4.2 Develop and present a disaster recovery plan for EMC Cyber according to the ISO/IEC 17799:2005
or similar standard which should include the main components of an organizational disaster recovery
plan with justifications. Discuss how critical the roles of the stakeholders in the organization to
successfully implement the security policy and the disaster recovery plan you recommended as a part
of the security audit.
(Students should produce a 15 minutes PowerPoint presentation which illustrates the answer for
this section including justifications and reason for decisions and options used).
GK Ashen
Unit05 Security
Assignment 01 10 | P a g e
Acknowledgment
I take this opportunity to thank who support me this assignment success. specially Miss. Piyumi
Fernando and other some kind of supported lectures and also my friends. so, I Acknowledge this
assignment my lecture Miss. Piyumi Fernando
GK Ashen
Unit05 Security
Assignment 01 11 | P a g e
Security
Unit 5
GK Ashen
Unit05 Security
Assignment 01 12 | P a g e
Contents
Figure ............................................................................................................................................ 15
Tables ............................................................................................................................................ 15
Activity 01 ..................................................................................................................................... 16
Identify the CIA Triad concept and evaluate why and how the CIA Triad could be utilizing to
EMC Cyber in order to improve the organization’s security. .................................................... 16
What is security in IT field ..................................................................................................... 16
Defining a CIA triangle .......................................................................................................... 16
Identify the types of security vulnerabilities that affect EMC Cyber's current structure and the
business they operate.................................................................................................................. 17
Type of security risk ............................................................................................................... 17
Assess at least three identified physical and virtual security risks and suggest actionable
security measures to improve the security of the organization. ................................................. 18
Establish and describe security procedures for EMC cyber to minimize the impact of the issues
discussed in Section (1.2) on Risk Assessment and Correction. ................................................ 20
Activity 02 ..................................................................................................................................... 21
Identify how EMC Cyber and its clients are affected by inappropriate / incorrect configurations
applicable to firewalls and VPN solutions. IT security may include a network monitoring
system. Discuss the possible benefits of EMC cyber utilization by implementing a network
monitoring system with supportive reasons. .............................................................................. 21
Discuss the advantages of putting network monitoring systems in place. ................................. 24
Explain how the following technologies facilitate a 'trusted network' for EMC Cyber and its
clients. (Support your answer with appropriate examples) ........................................................ 25
Identify and evaluate EMC cyber tools that can be used to improve network and security
performance without harming each other................................................................................... 28
Assess at least three virtual and physical security measures that can be implemented by the
EMC to enhance the integrity of the organization's IT policy. .................................................. 30
Activity 03 ..................................................................................................................................... 32
Appropriate Risk Assessment for EMC Cyber Solutions Discuss the impact of integrated
enterprise risk management practices and IT security auditing on the organization and its
clients' security. Further, your discussion should include how IT security can be aligned with a
corporate IT policy and how non-compliance with such policy affects the security of the
organization. ............................................................................................................................... 32
Describe the mandatory data protection rules and procedures applicable to the data storage
solutions provided by EMC Cyber. You should also summarize the ISO 31000 risk
management system. .................................................................................................................. 37
GK Ashen
Unit05 Security
Assignment 01 13 | P a g e
Activity 04 ..................................................................................................................................... 39
Establish a corporate security policy for EMC Cyber to minimize exploitation and misuse when
assessing the suitability of tools used in corporate policy. ........................................................ 39
Prepare and submit a Disaster Recovery Plan for EMC Cyber in accordance with ISO / IEC
17799: 2005 or a similar standard, which should justifiably include the key elements of a
reasonable Disaster Recovery Plan. ........................................................................................... 50
Develop and Submit a disaster recovery plan for EMC Cyber .................................................. 61
Discuss the Disaster Recovery Plan you have recommended as part of the Security Audit and
the crucial role of the organization's stakeholders in the successful implementation of the
Defense Policy............................................................................................................................ 76
Conclusion .................................................................................................................................... 79
Gantt Chart................................................................................................................................... 80
Reference ...................................................................................................................................... 81
GK Ashen
Unit05 Security
Assignment 01 14 | P a g e
Figure
Tables
GK Ashen
Unit05 Security
Assignment 01 15 | P a g e
Activity 01
Identify the CIA Triad concept and evaluate why and how the CIA Triad could be utilizing
to EMC Cyber in order to improve the organization’s security.
What is security in IT field
IT security is a series of cybersecurity strategies that avoid unauthorized entry into
organization, including computers, networks and data. Maintains sensitive
information's integrity and confidentiality and blocks access for sophisticated
hackers.
• Privacy: Access or modification of data should only be allowed by authorized users and processes
•Integrity: No one should be able to improperly edit data either unintentionally or maliciously, as
long as it is retained in its original state.
• Accessibility: Access to data should be possible for authorized users whenever required.
Confidentiality of CIA
The protection of sensitive, private information against unauthorized access by people in today's
world is critical. Privacy must be protected if certain access levels for information can be defined
and enforced. In some situations, it involves the division of data into different collections organized
by who needs access to information and how sensitive that information is, i.e. the amount of damage
that has been sustained by violation of confidentiality.
Some of the most common confidentiality management solutions include access controller lists,
encryption of file and volume and permissions for Unix files.
GK Ashen
Unit05 Security
Assignment 01 16 | P a g e
Integrity of the CIA
It is a critical component of the CIA Triad designed to safeguard information from any
unauthorized party against deletion or modifications, and it ensures that the damages can be
reversed if an authorized person changes which should not have been done.
This is the final part of the CIA Triad and refers to your actual data availability. For information to
be protected and accessible when needed, authentication mechanisms, access channels, and
systems must all function properly.
Computing resources with architectures designed specifically to improve availability are high
availability systems. Based on the specific HA system concept, which can target hardware failures,
upgrades or power outages, or manage multiple network connections in the event of multiple
network crashes. This can help improve availability.
These are things mainly talking about CIA. So these things can apply EMC Cyber company to
improve the organization’s security.
Identify the types of security vulnerabilities that affect EMC Cyber's current structure and
the business they operate.
Type of security risk
Vulnerability
Vulnerability is a cybersecurity term that refers to a bug or vulnerability in a system that could be
attacked. Vulnerabilities can be security procedures, system design, system implementation, internal
control, and so on.
Types of vulnerabilities:
1. Media vulnerabilities
2. Physical vulnerabilities
3. Hardware vulnerabilities
4. Software vulnerabilities
5. Natural vulnerabilities
6. Human vulnerabilities
7. Communication vulnerabilities
GK Ashen
Unit05 Security
Assignment 01 17 | P a g e
Threat
Anyone capable of maliciously exploiting a computer system or using a vulnerability is considered a
threat. Damages occur in the form of data or system damage, data disclosure, data modification or
service denial. Attacks against computer systems, networks, etc., can cause threats
Risk
Risk can be defined as the likelihood that a particular threat will exploit a particular vulnerability.
Risk is the function of threats that take advantage of the risk of property acquisition, damage or
destruction. Thus, threats (real, ideological or intrinsic) may exist, but there is no risk if there is no
damage. Likewise, you have a risk, but if you are not a threat, you are not at risk.
This formula can understand about connection between asset, threat, vulnerabilities and risk.
Risk = Asset + Threat + Vulnerability
Assess at least three identified physical and virtual security risks and suggest actionable
security measures to improve the security of the organization.
As a cyber service provider, there are some security risks that EMC Cyber faces in its current set-
up, which discusses the impact of business risks.
EMC Cyber has implemented a login and access control system to specify who has access and how
much control they have. At some point, access control systems can be compromised due to damage
to the design, forgetting to log out, stealing essays or user credentials. These factors may cause any
unauthorized users to gain access to the system, which could danger privacy and the security of
stored data. Many users store sensitive information and mutual asset, which can have disastrous
consequences.
GK Ashen
Unit05 Security
Assignment 01 18 | P a g e
Unauthorized modification of data or code from the system
There may be competitors, developers or internal personal threats that attempt to remove or copy
the data or code without authorization of EMC Cyber. Data and code may be subject to damage,
disclosure, modification and a number of regulatory actions, compromising the privacy and security
of such intruders.
GK Ashen
Unit05 Security
Assignment 01 19 | P a g e
Establish and describe security procedures for EMC cyber to minimize the impact of the
issues discussed in Section (1.2) on Risk Assessment and Correction.
As a solution for above bad experience EMC Cyber company can increase their security features.
Security features for computing has lot of methods for to increase security features. Following are
few of them,
Most firewalls are simple - they usually check the source and destination of a packet, that's all.
More advanced firewalls introduce persistent packet checking, which checks the integrity of file
packets for persistent issues before a packet can accept or reject it. So, EMC Cyber can use this
system to protect data and information. Specially, it mainly can prevent unauthorized connections
and malicious software from entering your network in EMC Cyber.
Businesses need to meet various IT security compliance standards for a variety of ways to track
and record infiltration efforts. Therefore, the use of IDS event logging solutions is a must for any
business that wishes to meet compliance standards. Some cyber providers provide IDS monitoring,
and all of their users are required to update their security rules in order to manage threat signals
and malicious IP addresses discovered by their firewalls. EMC Cyber service can use this system
to manage system event logging. As well as, intrusion detection systems are used to detect
anomalies with the aim of catching hackers before they do real damage to an EMC network.
Although having a powerful perimeter firewall can prevent external attacks, internal attacks are
still a major threat. Basic security without internal firewalls to control access to sensitive data and
applications cannot be considered secure. EMC cyber can prevent external attack by using this.
Specially, it prevents to damage to destruction of data or code inside or outside the system.
4. Data-at-Rest Encryption
It is important to encrypt the data stored in your cloud infrastructure in order to prevent
unauthorized access to your most sensitive data. Strong encryption can reduce the risk of using
stolen data against your company, users or clients, so you have the opportunity to alert them so
GK Ashen
Unit05 Security
Assignment 01 20 | P a g e
they can take steps to protect their identities. Encryption is the best for data securing to EMC cyber
company. Its helps to protect the system from unauthorized access
The physical hardware used to run a cyber environment represents one last opportunity for hackers
and industrial spies to steal your most important data. Hackers have free reign to steal data or upload
malware directly to your systems when they have direct access to the hardware that runs the cyber.
Data center avoid this problem. EMC can use for physical security. Its, help to protect the system
from Unauthorized modification of data or code from the system in EMC Cyber and as well as to
protect naturally happening risks.
Activity 02
Identify how EMC Cyber and its clients are affected by inappropriate / incorrect
configurations applicable to firewalls and VPN solutions. IT security may include a network
monitoring system. Discuss the possible benefits of EMC cyber utilization by implementing a
network monitoring system with supportive reasons.
Firewall
A firewall is a network security device that monitors inbound and outbound network traffic and
decides whether certain types of specific traffic should be allowed or prohibited based on a set of
security rules.
• Proxy firewall
• Next-generation firewall
VPN
The programming of a secure and encrypted connection over an unsecured network, such as the public
Internet, is known as a virtual private network (VPN). A VPN works with a shared public infrastructure,
while protecting privacy through security procedures and tunneling protocols. Actually, protocols
encrypt data at the sending end, decrypt data at the receiving end, and send data through a "tunnel" that
GK Ashen
Unit05 Security
Assignment 01 21 | P a g e
properly encrypted data cannot "access.". Not only is there an additional level of security data, but also
involves creating and receiving network addresses.
We can identify VPN types such as
• Remote access VPN
• Site-to-site VPN
• Mobile VPN
• Hardware VPN
GK Ashen
Unit05 Security
Assignment 01 22 | P a g e
Manual Updates vs Automation The VPN Subsystem is unable to communicate.
Firewall configuration and updating are A Cisco VPN client reports this error when the local
simplified and more effective with automation. service is not running or the client is not connecting
If you don't want to manually configure your to a network. This problem is frequently resolved by
firewall or update settings and firewall rules, you restarting the VPN service and/or troubleshooting the
can automate these processes. This creates a local network connection.
consistent firewall and implementation
experience, and allows you to set specific
processes and guidelines to follow each time.
Issues with Security Logging The Remote Peer Is No Longer Responding
Security logs detail the incoming and going A Cisco VPN client reports this error when an active
outgoing web traffic on your network. One of the VPN connection is disabled due to a network failure
biggest mistakes you can make with your or when a firewall interrupts access to the required
firewall is to not check and review security files ports.
regularly. These logs can show you any security-
related issues and explain any changes to your
firewall settings.
Inconsistent Authentication Requirements Because the domain's username and/or password
Authentication is another major firewall are invalid, access is denied.
configuration issue. If you have a network that When attempting to authenticate a Windows VPN,
spans multiple sites, it is important to have the user may enter the wrong name or password. For
consistent authentication standards across your computers that are part of a Windows domain, the
business. When authentication criteria do not logon domain must be specified correctly.
match, when one authentication is weaker than
the other, weak authentication is more
susceptible to attack.
Table 1 in proper/incorrect configuration of firewalls and VPNs
Configure a misconfigured firewall does not provide the expected security, which can open the
network to attacks from outsiders. Access to the network for unauthorized external network traffic,
Poor network communication, performance, and behavior may affect poor performance and
network performance. Clients may have difficulty accessing data from center data centers. Because
GK Ashen
Unit05 Security
Assignment 01 23 | P a g e
of the high risk of losing sensitive data and physical assets in the wrong hands, clients are at risk,
and legal fees are imposed on EMC Cyber.
Inappropriate configuration of VPN will not provide the expected network and connection. An
inefficient and unsafe service may affect a client's dissatisfaction with EMC cyber, so they may
decide to seek out alternative Cyber service providers that overdrawn EMC Cyber. Data hackers
can sabotage the central data system. Loses encryption can be losing data packets on a VPN server
that can lead to application unavailability.
Instead of waiting until things go bad, diagnose and resolve equipment issues in a short amount of
time. This helps save money, time and resources and maintains the trust of clients
By depicting real-time network performance data in an easy-to-read interface, it can help identify
causes of human error, configuration issues, etc., So, that EMC Cyber can stay ahead. Network
monitoring enables you to get to the bottom of problems using real-time network maps and
automatically resolve issues with the help of network automation tools. Identifying security threats
is a possibility in a network monitoring system. Network monitoring systems provide a historical
insight into how equipment overtime works. So, EMC Cyber can find the latest equipment and
keep the network up-to-date with the latest technology
GK Ashen
Unit05 Security
Assignment 01 24 | P a g e
Explain how the following technologies facilitate a 'trusted network' for EMC Cyber and its
clients. (Support your answer with appropriate examples)
i) DMZ
ii) Static IP
iii)NAT
DMZ
A DMZ, also known as a perimeter network or a screened subnetwork in computer networks, is a
physical or logical subnet that divides the local area network (LAN) from other unreliable
networks, most often the Internet. External interview servers, resources, and services are located in
the DMZ. Therefore, they can be accessed from the Internet, but cannot reach the rest of the internal
LAN. This adds another layer of security to the LAN by limiting hackers' ability to access internal
servers and data over the Internet.
There are certain benefits of DMZ towards EMC Cyber and its clients as follows.
• The DMZ serves as an isolated network between the public and private networks. This
configuration contributes to the addition of an extra layer of protection to the private
network.
• DMZ reduces the probability of hackers in direct access to the servers and data of EMC
Cyber via the internet.
• The DMZ safeguards sensitive organizational systems and resources.
GK Ashen
Unit05 Security
Assignment 01 25 | P a g e
Static IP
A static IP address is an IP address that is manually configured for a device, not from the address
assigned by the DHCP server. Because it does not change, it is called static.
Dynamic Host Configuration Protocol (DHCP) is a system management protocol that allows the
users of network services such as DNS/NTP and any UDP/TCP communication protocols to
automate device configuration processes on IP networks.
Static IP has many advantages over EMC Cyber and its clients. Such as,
GK Ashen
Unit05 Security
Assignment 01 26 | P a g e
• Small interruptions will not terminate the servicers; therefore, stability is great.
NAT
The purpose of Network Address Translation (NAT) is to safeguard IP addresses. This enables
private IP networks to connect to the Internet using unregistered IP addresses. Before packets are
transmitted to another network, NAT operates on a router and converts private addresses into (not
globally unique) global to lawful addresses in the private network.
NAT has many advantages over EMC Cyber and its clients. Such as,
• Since EMC Cyber uses a single IP to communicate with the external world, no one can
track the network. Limits the amount of IP addresses an organization needs.
• Hosts on a NAT network get extra security, because the administrator does not want to
reach out to external people
• Above explanations provide evidences on how DMZ, Static IP and NAT benefit EMC
Cyber and its clients by facilitating a ‘trusted network’.
A DMZ Static IP and NAT implementation in a network can improve a company's overall network
safety.
Deploying DMZ adds another corporate network security layer. The proper implementation of
DMZ ensures that the organization has an additional protection layer that allows it to identify and
reduce risks before reaching the internal network or behind the firewall, which is the location for
critical assets.
GK Ashen
Unit05 Security
Assignment 01 27 | P a g e
The DMZ in a network can improve the security of the network
On the home network, a DMZ can be built between the local area network and the router by adding
a dedicated firewall. This structure, while expensive, can help prevent advanced attacks from
protecting internal devices better from possible external attacks.
DMZ implementation Static IP and NAT can enhance network security in a network
It provides greater DNS support when the servers are mapped to a DNS server when using static
IP, as the main advantages in terms of network security are static IP addresses. Improves
geolocation since the physical location can be mapped to static IP.
Identify and evaluate EMC cyber tools that can be used to improve network and security
performance without harming each other.
Here are 6 network security tools and techniques to assist EMC in doing just that:
Access control
• If threat actors are unable to gain access to the EMC network, the amount of damage they
can cause will be severely limited.
• However, be aware that, in addition to preventing unauthorized access, even authorized
users can pose a threat.
• Accessibility control increases network security by restricting users' access and resources,
thereby restricting only those parts of the network that are directly related to their functions.
GK Ashen
Unit05 Security
Assignment 01 28 | P a g e
Anti-malware software
• Viruses, Trojans, worms, key loggers, spyware, and other types of malware are designed to
spread through computer systems and infect networks.
• Anti-malware software is a type of network security software that detects and prevents the
spread of malicious programs.
• Anti-malware and antivirus software can also help with malware removal and network
damage reduction.
Application security
• Applications are a defensive vulnerability that can be exploited for many attackers.
• Application security aids in the establishment of security parameters for any applications
that may be important to the security of EMC network.
Email security
• Email security focuses on addressing human-related security flaws. Email security can be
used to identify potentially dangerous emails, as well as to block attacks and prevent the
sharing of sensitive information.
Firewalls
• Firewalls work similarly to gates, securing the boundaries between your network and the
internet.
• Firewalls control network traffic by allowing authorized traffic to pass while blocking non-
authorized traffic.
GK Ashen
Unit05 Security
Assignment 01 29 | P a g e
Assess at least three virtual and physical security measures that can be implemented by the
EMC to enhance the integrity of the organization's IT policy.
Physical security is the foundation for our overall strategy when it comes to IT security. However,
some businesses may be distracted by the more advanced features of software-based security
products and overlook the importance of ensuring that the network and its components are
physically secure. So we will see how match that EMC cyber.
Of course, the best lock in the world won't do you any good if you don't use it, so you'll need
policies requiring that those doors be locked whenever the room is unoccupied, as well as who has
the key or key code to get in.
Someone with physical access to the servers, switches, routers, cables, and other devices in your
server room can do a lot of damage.
GK Ashen
Unit05 Security
Assignment 01 30 | P a g e
In addition, these can be seen as examples
4. Make certain that the most vulnerable devices are kept in the closed room.
5. Use rack mount servers
6. Pack up the backups
7. Keep in mind that network security begins with physical security.
8. If an intruder is able to physically access your network and computers, no amount of
firewalls will keep them out. So lock as well
Virtualization security is a broad concept that encompasses a variety of approaches to assessing,
implementing, monitoring, and managing security in a virtualization infrastructure / environment.
• Security controls and procedures are implemented granularly at each virtual machine.
• Attacks and vulnerabilities surfaced from the underlying physical device are used to secure
virtual machines, virtual networks, and other virtual appliances.
• Ensure that each virtual machine is under your control and authority.
• Security policy creation and implementation across the infrastructure / environment Virtual
Networks add a complexity layer to the underlying real networks. To avoid problem creation,
follow these three virtual network security measures.
GK Ashen
Unit05 Security
Assignment 01 31 | P a g e
Activity 03
Appropriate Risk Assessment for EMC Cyber Solutions Discuss the impact of integrated
enterprise risk management practices and IT security auditing on the organization and its
clients' security. Further, your discussion should include how IT security can be aligned
with a corporate IT policy and how non-compliance with such policy affects the security of
the organization.
We call it risk management because it's the process of recognizing, assessing, and controlling
threats to a company's capital and profits. Financial instability, legal liabilities, strategic
management failures, accidents, and natural calamities are just a few of the potential hazards.
Threats to IT security and data-related risks have risen to the top of the priority list for digitized
businesses.
As an example, the ISO 31000 principles offer businesses of any size or target sector frameworks
for improving risk management processes. The ISO 31000 is designed to "improve the likelihood
of achieving objectives, improve the identification of opportunities and threats, and efficiently
allocate and use resources for risk treatment," according to the ISO website. Although ISO 31000
cannot be used for certification, it can assist organizations in conducting internal or external risk
audits and comparing their risk management practices to internationally recognized benchmarks.
A security risk assessment identifies, evaluates, and implements key application security controls.
It also focuses on preventing security flaws and vulnerabilities in applications.
GK Ashen
Unit05 Security
Assignment 01 32 | P a g e
Risk assessment procedure
EMC Cyber
Purpose: Identifying risks and strategies to overcome the identified risks faced by the EMC Cyber and its
clients
Completed by: GK Ashen Date:7th of July 2021
Identified Current Comments/ Strategic to prevent or to Responsible
methodologies of Concerns minimize the effect of the person
risks
handling the risk risk & How to manage the
risk
Unauthorized • Usage of • System is opened • Implementing two-factor Network
use of the security for attacks of the authentication Administrator
system software to outsiders • Use of strong passwords
block • Malware and • Using access control
unauthorized virus attacks may mechanism
access occur
• Using • Client will be
password very
protection disappointment
Unauthorized • Usage of • Network going to • Use digital signature System
modification security be untrusted • Encrypting data engineer and
of data or software for status • Use bio metric network
code from the protection • Sensitive data methodologies administrator
the system of data and would be
the code damaged
• Client will be
very
disappointment
Damage to • Monitoring • Finacle lost • Maintaining proper Management
destruction devices using • System down environment. (cooling network
of physical CCTV and • Client would be system like wise) administrator
system assets other facilities embarrassed • Use asset management
and system
environments • Insurance policy
GK Ashen
Unit05 Security
Assignment 01 33 | P a g e
• Use protection methods
for avoid nature disaster
Cyber • Cyber threats • Data loses, • Apply anti-virus software System
Threats (malware, altering can be and handle a firewall. Administrator,
virus, Trojan occurring • Company software Security expert
horse and update.
etc...) • Reinforce the network by
the firewalls
• Virus guard install to
protect from internet
threats
• Installing backup database
to store data
Strategy Risk • The risks • This can lead to • Having a good Management
associated company down management and take
with a good decisions
particular • Use strategic information
company system to get strategic
strategy. decisions
By outsourcing IT services to handle EMC security audit, EMC organization can have a more
formidable IT system in place. Database management, resource planning, chain network
organization, and other core EMC Cyber functions may be included in an IT security audit. The
following are specific solutions that cover a security audit.
• Security auditors identify the types of data EMC have, how it flows in and out of EMC
organization, and who has access to it. The auditing team can also lay the groundwork for
any necessary improvements or enforcement. Data is one of your most valuable assets, and
it necessitates stringent security measures.
• The IT system is complex, with hardware, software, data, and procedures all playing a role.
Expert IT outsourcing services can determine if your system has any potential problem
areas. They can check to see if EMC's hardware or software tools are properly configured
and functioning. They may also retrace previous security incidents that may have exposed
EMC's security's flaws.
GK Ashen
Unit05 Security
Assignment 01 34 | P a g e
• The auditing process begins with a pre-audit, during which auditors gather information from
previous audits. It determines whether or not you need to change EMC Cyber's security
policies and standards. By the end of the audit, they'll have a good idea EMC company has
adequate security measures in place and that they're being followed consistently.
• An IT security audit can assist you in determining the best security tools for EMC company.
It gives advice on how to use information technology to improve EMC's security. The
audit's security experts can tell you whether you're underspending or overspending on your
IT system.
Three Advantages of an Information Security Audit for EMC Cyber
3. Data Security
GK Ashen
Unit05 Security
Assignment 01 35 | P a g e
The following are the three main goals that security policies should achieve. (Deeply discus in activity 01)
1. Confidentiality - Concerns about protecting IT assets and networks from unauthorized users
2. Integrity- ensures that changes to IT assets are made in a controlled and authorized manner.
3. Availability- ensures the continuous access to IT assets and network by authorized users.
Failure of the following security policies or conflict of events with expected and desired security
will mainly affect the confidentiality, integrity and availability of IT assets and lead to network
unpleasant experiences,
GK Ashen
Unit05 Security
Assignment 01 36 | P a g e
Describe the mandatory data protection rules and procedures applicable to the data storage
solutions provided by EMC Cyber. You should also summarize the ISO 31000 risk
management system.
There are few mandatory data protection laws and procedures which are applicable to the data
storage solutions provided by EMC Cyber such as,
GK Ashen
Unit05 Security
Assignment 01 37 | P a g e
Data Protection Act of 2018
If your company handles any type of personal information about people, you must comply with the
Data Protection Act 2018. This was previously known as the Data Protection Act of 1998, but it
was updated in 2018 to comply with GDPR.
You should be aware of the rules that the Act imposes on how you obtain, store, share, and use
personal data. By adhering to these guidelines, you can ensure that your company handles data
securely and protects the privacy of its customers and employees.
ISO/IEC 27002:2013
ISO/IEC 27002:2013 provides guidelines for organizational information security standards and
information security management practices such as control selection, implementation, and
management while taking the organization's information security risk environment into account (s)
GK Ashen
Unit05 Security
Assignment 01 38 | P a g e
Activity 04
Establish a corporate security policy for EMC Cyber to minimize exploitation and misuse
when assessing the suitability of tools used in corporate policy.
SECURITY POLICY
EMC CYBER
EMC CYBER
COLOMBO
SRI LANKA
DATE 07/15/2021
GK Ashen
Unit05 Security
Assignment 01 39 | P a g e
Table of contents.
GK Ashen
Unit05 Security
Assignment 01 40 | P a g e
1. Introduction
Company internal and external audience responsible for the client’s data. they should be
need to protect so they used the security policies. This might include the EMC Cyber
company network, its physical building. It can be identifying the potential threats. If the
document focuses on cyber security, threats could include those from the inside, such as
possibility that disgruntled employees will steal personal information or launch an internal
virus on the EMC company's network or hacker from outside the company could penetrate
the system and cause loss of data, change data, or steal it.
Finally, physical damage to computer systems could occur, above fact we must throughout
of the company EMC modern technologies already used
1.1 Purpose
1.2 Scope
All parties to the service provided by EMC Cyber, such as customers and employees, are
subject to the security policy set forth herein.
1.3 History
GK Ashen
Unit05 Security
Assignment 01 41 | P a g e
1.4 Responsibilities
Roles Responsibilities
Chief Information • Accountable for all aspects of information security at the
Officer Organization.
Information • In charge of the IT infrastructure's security.
Security Officer • Make security threats, vulnerabilities, and risks a priority.
• Create, implement, and update Security Policy documents.
• Make certain that security training programs are in place.
• Ensure that your IT infrastructure is compliant with security
policies.
• Respond to incidents involving information security.
• Assist with disaster recovery plans.
Information • Assist with security requirements for their specific area; determine
Owners privileges and access rights to resources within their areas.
IT Security Team • Implements and manages information technology security.
• Implements resource privileges and access rights.
• Backs up security policies.
Users • Comply with security policies.
• Inform the authorities about any attempted security breaches.
Table 4 Responsibilities
• Only the Information Security Officer may grant exceptions to the policies outlined in this
document. In such cases, specific procedures for handling requests and authorization for
exceptions may be put in place.
• When a policy exception is invoked, an entry must be made in a security log specifying the
date and time, a description of the exception, the reason for the exception, and how the risk
was managed.
• All IT services should be used in accordance with the technical and security requirements
defined in the service design.
• Infringements on the policies outlined in this document may result in disciplinary action. In
some serious cases, they may even result in prosecution.
GK Ashen
Unit05 Security
Assignment 01 42 | P a g e
2. Access Policy
2.1 Purpose
The EMC IT Access Control Policy goal is to ensure that all access to information assets is properly
authorized, and that access permissions are updated and reviewed on a regular basis.
2.2 Scope
All access to EMC's information assets is subject to this IT Access Control Policy. This IT Access
Control Policy, as well as the IT Acceptable Use Policy, must be followed by all users who have
access to EMC's information systems. The same principles will govern access to physical and non-
physical assets.
GK Ashen
Unit05 Security
Assignment 01 43 | P a g e
3. IT Assets Policy
3.1 Purpose
The purpose of the IT Asset Management Policy is to protect the company against loss
and security incidents, to lower the EMC company's risk profile to external and internal
pressures, to state commitment to legal compliance, and to lower costs and improve
productivity through more efficient and effective asset management.IT Asset Management
that is effective IT Asset Management is a fundamental policy that serves as a foundation for
other IT policies. Policies governing operations and information security.
3.2 Scope
This policy applies to all employees and non-employees who own, care for, or use EMC IT
Assets, as well as entities that manage, deploy, or support EMC IT Assets either internally
or externally to the EMC intranet.
• IT assets must be used only in connection with the business activities to which they have
been assigned and/or authorized.
• All IT assets must be classified into one of the Organization's security categories, based on
the current business function to which they are assigned.
• Every user is responsible for the upkeep and proper use of the IT assets to which they have
been assigned.
• IT assets policy The authorized persons in the EMC may monitor equipment, systems and
network traffic at any time, for safety and network maintenance purposes by means of the
InfoSec Audit Policies.
• All IT assets must be housed in locations with security access restrictions, environmental
conditions, and layout that adhere to the security classification and technical specifications
of the assets in question.
GK Ashen
Unit05 Security
Assignment 01 44 | P a g e
4. Password Control Policy
4.1 Purpose
Access controls for identification and authentication are critical in helping to protect
information systems and the data they contain. The purpose of this policy is to define the
EMC's access control and password management requirements, procedures, and protocols.
4.2 Scope
The scope of this policy includes all EMC employees, users, and contractors who use,
create, deploy, or support application and system software. Regardless of ownership, this
policy applies to all computer assets and software.
• Any system that handles sensitive data must be secured with a password-based access
control system.
• Each user must have a unique, private identity in order to access IT network services.
• Identities should be created and managed centrally. It is encouraged to use a single sign-
on to access multiple services.
• Individual users, not groups, should be able to be authenticated.
• Passwords should not be stored in plain text or in any form that is easily reversible.
• Should have some kind of role management so that one user can take over the role of
another without knowing the password.
GK Ashen
Unit05 Security
Assignment 01 45 | P a g e
5. Employee policy
5.1 Purpose
Employee policies are designed to help EMC tie together its mission, vision, values, and culture
into easily accessible documents that all employees can understand.
5.2 Scope
All the employee of the EMC
Handling the tools used to access the services provided by EMC can lead to numerous security
threats. Therefore, the tools used to access the services of EMC must do the following,
• encryption facility
• Password management software
• Security software such as anti-virus guards
If the above strategies are difficult to follow, you should contact the network administrator for
technical assistance.
GK Ashen
Unit05 Security
Assignment 01 46 | P a g e
6. Outsourcing Policy
6.1 Purpose
Outsourcing entails the use of a third-party service provider in any number of operational
functions to perform ongoing activities (including short-term agreements) that would normally
be performed by EMC personnel. This policy is intended to mitigate the risks associated with
outsourcing contracts.
6.2 Scope
This policy applies to all EMC management and staff involved in the procurement of
outsourced services.
• The service provider's ability to meet the EMC's performance service levels and comply
with its obligations.
• Multiple outsourcing agreements that expose EMC to potential risk with a single service
provider must be avoided.
• Background checks are required or recommended for outsourcing service providers, and
they must follow all component state laws, regulations, and statutes.
• When service providers act on systems with student Personally Identifiable Information,
they comply with appropriate disclosure and FERPA notifications, public transparency
requirements, and acknowledgements (PII).
• EMC policy, regulations, state laws, and laws require proper contractual agreements with
the service provider.
GK Ashen
Unit05 Security
Assignment 01 47 | P a g e
7. Password Control Policy
7.1 Purpose
The goal of this policy is to establish a standard for creating strong passwords for EMC Cyber,
protecting those passwords, and changing them on a regular basis.
7.2 Scope
This policy applies to any employee who has access to the EMC network, or any system account
(or password support or any other type of required access) on any EMC website that does not
store. General EMC information.
8.2 Scope
The EMC's email system, including desktop and/or web-based email applications, server-side
applications, email relays, mobile devices, and associated hardware, is covered by this policy.
It includes every e-mail sent from the system as well as any e-mail received from outside
sources. Email accounts that can be accessed through the EMC network. This policy applies to
all employees.
GK Ashen
Unit05 Security
Assignment 01 48 | P a g e
And it applies to all uses of corporate IT resources, including, but not limited to, computers.
systems, email, the network, data on any of these systems, and corporate Internet connection
8.3 Policy Definitions
• Because email is an insecure method of communication, information that is considered
confidential or proprietary to the EMC should not be sent via email without proper
encryption, regardless of the recipient.
• EMC has a policy of not opening email attachments from unknown senders or when they
are unexpected.
• Users may have personal email accounts in addition to the EMC-provided account, which
the EMC recognizes.
• All business-related email must be sent through the corporate email system. It is forbidden
for users to send business email from an email account that is not provided by EMC.
• Email should be kept and backed up in accordance with any applicable policies, such as the
Data Classification Policy, Confidential Data Policy, Backup Policy, and Retention Policy,
among others.
9. Glossary
Term Definition
Access The process that allows users to access IT services, data, or other
Management assets.
Asset Any skill or resource. Anything that could aid in the delivery of a
service is included in a service provider's assets.
Outsourcing Using a third-party provider to manage IT services.
Policy Management expectations and intentions must be formalized. Policies
are used to guide decisions and to ensure the consistent and appropriate
development and implementation of processes, standards, roles,
activities, and IT infrastructure, among other things.
Table 5 Glossary
SPONSOR ACCEPTANCE
Approved by the Project Sponsor:
GK Ashen
Unit05 Security
Assignment 01 49 | P a g e
Prepare and submit a Disaster Recovery Plan for EMC Cyber in accordance with ISO /
IEC 17799: 2005 or a similar standard, which should justifiably include the key elements of
a reasonable Disaster Recovery Plan.
Introduction
A disaster recovery (DR) plan is a formal document created by a company that contains detailed
instructions on how to respond to unplanned events such as natural disasters, power outages,
cyberattacks, and other disruptive events. The plan includes strategies for mitigating disaster effects
so that a company can keep operating – or quickly resume key operations.
Disruptions can result in lost revenue, harmed brands, and dissatisfied customers. Furthermore, the
longer the recovery time, the greater the negative business impact. As a result, regardless of the
cause of the disruption, a good disaster recovery plan should enable rapid recovery.
GK Ashen
Unit05 Security
Assignment 01 50 | P a g e
2. Plan for your equipment.
In the Example, when a major storm is approaching, it is critical that you have a plan in place
to protect your equipment. All equipment must be removed from the floor, moved into a room
with no windows, and securely wrapped in plastic so that no water can get to it. It is obviously
preferable to completely seal equipment to keep it safe from flooding, but in cases of extreme
flooding, this is not always possible, likewise we need to some plan.
4. Backup check.
Check that EMC backup is running, and include a full local backup of all servers and data in
our disaster recovery plan. Run them as early as possible, and make sure they're backed up to a
location that won't be harmed by the disaster. It's also a good idea to keep that backup on an
external hard drive that you can take with you offsite in case something goes wrong.
GK Ashen
Unit05 Security
Assignment 01 51 | P a g e
is being repaired. EMC should also check with EMC's phone and internet providers about
restoration and access.
GK Ashen
Unit05 Security
Assignment 01 52 | P a g e
E M C C Y B E R
Disaster
Recovery Plan.
Unit 05
Security Assignment.
EMC Cyber,
Colombo,
Sri Lanka.
GK Ashen
Unit05 Security
Assignment 01 53 | P a g e
Revision History
Objectives
In the event of a disaster, this document explains the process and disaster recovery procedures in
place at EMC Cyber. A disaster can be a natural disaster or any other failure that causes downtime
in the Production Environment.
In the event of a disaster, the goal of this document is to ensure minimal downtime, data integrity,
and availability.
This document outlines the processes and procedures that will assist us in overcoming the disaster
with minimal disruption to our organization's operations.
GK Ashen
Unit05 Security
Assignment 01 54 | P a g e
Key person contact info
Disaster Recovery Executive Management Team
GK Ashen
Unit05 Security
Assignment 01 55 | P a g e
External/ Vendor Contact list
Name/Title Contact option Contact number
Landlord/ Property Manager Work
Mobile
Email
Power Company Work
Mobile
Email
Telecom Carrier 01 Work
Mobile
Email
Hardware Supplier 01 Work
Mobile
Email
Sever supplier Work
Mobile
Email
Workstation Supplier 01 Work
Mobile
Email
Office /supplies Work
Mobile
Email
Insurance Work
Mobile
Email
Table 9 External/ Vendor Contact list
GK Ashen
Unit05 Security
Assignment 01 56 | P a g e
DR Incident Management Flow
GK Ashen
Unit05 Security
Assignment 01 57 | P a g e
Disaster Recovery Infrastructure Diagram
GK Ashen
Unit05 Security
Assignment 01 58 | P a g e
Disaster Assessment
Fire 3 4
Tornado 5
Electrical storms 5
Act of terrorism 5
Act of sabotage 5
Redundant UPS system with auto standby
generator that is tested weekly and
Electrical power
3 4 remotely monitored 24 hours a day, 7
Failure
days a week. UPSs are also monitored
remotely.
GK Ashen
Unit05 Security
Assignment 01 59 | P a g e
Incident Management Process
1. The incident occurred and was deleted as a result of the monitoring procedures in place.
2. Sort the incident into categories.
3. The Incident Report Template was opened and the incident details and progress were updated.
4. The key person has been informed.
5. To avoid panic, regular updates about the situation are sent to affected people every 30
minutes.
6. In the event of a primary location disaster:
• People must be guided to a safe location by the facilities team;
• Application users must be notified of any outages;
• Secondary key contacts must be notified;
• Emergency services must be contacted; and
• User and acceptance tests must be performed.
• Recover any lost or corrupted data.
• Fail back of failed applications is carried out.
7. In the event of a hardware or application failure, the respective owners are notified.
8. Disaster recovery procedures are implemented.
9. Once the problem with the primary hardware or application has been resolved, fail back is
performed.
10. User and acceptance tests are carried out
11. The application's performance is monitored 24 hours a day, seven days a week.
12. Affected individuals are informed of the resolution and next steps.
13. The incident has been resolved
14. Any recommendations made by the group, along with the incident report, are forwarded to
upper management in order to streamline the process even further.
GK Ashen
Unit05 Security
Assignment 01 60 | P a g e
Develop and Submit a disaster recovery plan for EMC Cyber
GK Ashen
Unit05 Security
Assignment 01 61 | P a g e
Figure 8 Contents slide 2
GK Ashen
Unit05 Security
Assignment 01 62 | P a g e
Figure 9 introduction slide 3
GK Ashen
Unit05 Security
Assignment 01 63 | P a g e
Figure 10 What is the DRP slide 4
GK Ashen
Unit05 Security
Assignment 01 64 | P a g e
Figure 11Natural and Man-made disaster slide 5
GK Ashen
Unit05 Security
Assignment 01 65 | P a g e
Figure 12 Change to disaster slide 6
GK Ashen
Unit05 Security
Assignment 01 66 | P a g e
Figure 13 Disaster on EMC cyber slide 7
GK Ashen
Unit05 Security
Assignment 01 67 | P a g e
Figure 14 DRP of EMC Cyber slide 8
GK Ashen
Unit05 Security
Assignment 01 68 | P a g e
Figure 15 EMC DRP slide 9
GK Ashen
Unit05 Security
Assignment 01 69 | P a g e
Figure 16 EMC DRP slide 10
GK Ashen
Unit05 Security
Assignment 01 70 | P a g e
Figure 17 EMC DRP slide 11
GK Ashen
Unit05 Security
Assignment 01 71 | P a g e
Figure 18 Main component slide 12
GK Ashen
Unit05 Security
Assignment 01 72 | P a g e
Figure 21Figure 21Explain components slide14
GK Ashen
Unit05 Security
Assignment 01 73 | P a g e
Figure 22 Reference slide 16
GK Ashen
Unit05 Security
Assignment 01 74 | P a g e
Figure 24 Thanks slide 18
GK Ashen
Unit05 Security
Assignment 01 75 | P a g e
Discuss the Disaster Recovery Plan you have recommended as part of the Security Audit
and the crucial role of the organization's stakeholders in the successful implementation of
the Defense Policy.
Shareholders are groups of people who are interested in the development and development of an
organization or company. These partners can be divided into two parts:
Stakeholders Role
Creditors Need to pay back the loan limited time frame to the company
Directors • Mainly in charge of the company's strategic goals and plans. Analyzing and
tracking its employees' progress toward achieving the set objectives and
targets.
• Involving the decision making process in the company.
• Involve the risk management process in the company its importance for the
company security
• The audit function's effectiveness is being monitored.
• Need to know the cyber security
Owners • Monitoring the external communication of EMC Cyber and also involve in
management reviews and implementing strategies on data security.
GK Ashen
Unit05 Security
Assignment 01 76 | P a g e
Employees • Employees invest a significant amount of money and time in the company,
and they play an important role in the company's strategy, tactics, and
operations.
Shareholders
• Shareholders make a monetary investment in the business.
• Supporting the company decision making process
• Involve the security policies.
External Stakeholders
External
Role
stakeholders
Customers • Recognizing and optimizing operations to best meet the needs of an
organization's core customer base.
• Significant part of managing a business. Maintaining a strong
community requires interaction with customers via social media,
emails, storefronts, user testing groups, and service and product
delivery.
Unions • Point out staff-related issues and communicate with the management of
the organization
Suppliers • As key external stakeholders, suppliers are strongly intertwined in
organizations.
• Maintaining a strong relationship with this stakeholder group requires
timely payments, shipments, communication, and operational
processes.
• Provide high quality resources or services to EMC Cyber at
reasonable cost in accordance with the security measures adopted by
the organization.
Government • Governments levy taxes on businesses and thus have a vested interest
in their success.
GK Ashen
Unit05 Security
Assignment 01 77 | P a g e
• Given the profit motive involved, governments can be considered
primary stakeholders.
• In addition, the government provides regulatory oversight, ensuring
that business representatives adhere to accounting procedures, ethical
practices, and legal concerns with care.
Others • Other parties, such as the press and the media, help communicate
between the organization and its partners.
Table 12 External Stakeholders
• Demand that the auditor's report accurately reflects your company's risks
The stakeholder expectations are that auditors should play an effective role in reducing, if not
eliminating, corruption. the auditors, whose professing makes them concentrate on documentary
or physical evidence, often find it hard to gather such evidence.
From the tables above, we can clearly see how partners and their different roles affect the
performance of EMC Cyber. This is why these are very useful for implementing audit
recommendation for EMC Cyber. Finally, I outline the general achievements of those concerned
and their roles.
• These roles can lead to effective decision-making, which ensures effective utilization of
investments, resources, physical, human and time
• Employees help build trust among employees.
• Making policies to improve company security options
GK Ashen
Unit05 Security
Assignment 01 78 | P a g e
• Policies can be implemented to ensure the safety and betterment of the organization, its staff
and clients
• Assist in identifying the best options in risk management for the organization.
Conclusion
As I'm following a BTEC course, I analyzed various types of threats that could affect the
performance of EMC Cyber. And the report above, I have several security procedures to prevent
them. In addition, I presented solutions with examples of all the company's system and network
vulnerabilities. With the new security procedures, I have introduced for EMC Cyber, the company
can achieve many benefits, and with the company's disaster recovery plan, it can easily prevent
the disasters they face. So, based on my knowledge and experience, I think I have created a
successful report for EMC Cyber highlighting various factors related to security. I will identify
how the erroneous / incorrect configurations that affect firewalls and VPN solutions affect EMC
Cyber and its clients, and how DMS, static IP and NAT can benefit EMC Cyber and its clients by
facilitating a trusted network. The two activities highlight the advantages of activating network
monitoring systems. Activity four is focused on security policy, disaster management, presentation
and the roles that various stakeholders play in EMC Cyber to implement the organization's security
audit recommendations.
GK Ashen
Unit05 Security
Assignment 01 79 | P a g e
Gantt Chart
GK Ashen
Unit05 Security
Assignment 01 80 | P a g e
Reference
CISCO (2014). Network Address Translation (NAT) FAQ. [online] Cisco. Available at:
https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/26704-nat-faq-
00.html. [Accessed 17 Jun. 2021].
Blog. (2020). DHCP vs Static IP: What’s the Difference? [online] Available at:
https://community.fs.com/blog/dhcp-vs-static-ip-differences.html. [Accessed 25 Jun. 2021].
www.google.com. (n.d.). how NAT%2C Static Ip%2C DMZ will contribute to form a trusted
network - Google Search. [online] Available at:
https://www.google.com/search?q=how+NAT%2C+Static+Ip%2C+DMZ+will+contribute+to+f
orm+a+trusted+network&oq=how+NAT%2C+Static+Ip%2C+DMZ+will+contribute+to+form+
a+trusted+network&aqs=chrome..69i57j69i60.891j0j4&sourceid=chrome&ie=UTF-8 [Accessed
29 Jun. 2021].
Daniels, D. (2019). 14 Network Security Tools and Techniques to Know. [online] Gigamon Blog.
Available at: https://blog.gigamon.com/2019/06/13/what-is-network-security-14-tools-and-
techniques-to-know/.[Accessed 07 July. 2021].
Shinder, D. (2018). 10 physical security measures every organization should take. [online]
TechRepublic. Available at: https://www.techrepublic.com/blog/10-things/10-physical-security-
measures-every-organization-should-take/.[Accessed 07 July. 2021].
GK Ashen
Unit05 Security
Assignment 01 81 | P a g e
Techopedia.com. (n.d.). What is Virtualization Security? - Definition from Techopedia. [online]
Available at: https://www.techopedia.com/definition/30243/virtualization-security [Accessed 6
Jul. 2021].
BCS, 2007. Data Protection Act 1998 overview | BCS - The Chartered Institute for IT. [online]
Available at: <https://www.bcs.org/content-hub/data-protection-act-1998-overview/> [Accessed
22Jul. 2021].
GK Ashen
Unit05 Security
Assignment 01 82 | P a g e
Grading Rubric
GK Ashen
Unit05 Security
Assignment 01 83 | P a g e
P5 Discuss risk assessment procedures.
GK Ashen
Unit05 Security
Assignment 01 84 | P a g e
GK Ashen
Unit05 Security
Assignment 01 85 | P a g e
GK Ashen
Unit05 Security
Assignment 01 86 | P a g e