Higher Nationals

Internal verification of assessment decisions –

BTEC (RQF)
INTERNAL VERIFICATION – ASSESSMENT DECISIONS
Program title BTEC Higher National Diploma in Computing

Assessor Internal Verifier

Unit 05: Security
Unit(s)
EMC Cyber
Assignment title

Student’s name
List which assessment Pass Merit Distinction
criteria the Assessor has
awarded.
INTERNAL VERIFIER CHECKLIST

Do the assessment criteria awarded

match those shown in the assignment
brief? Y/N

Is the Pass/Merit/Distinction grade

awarded justified by the assessor’s
Y/N
comments on the student work?
Has the work been assessed
accurately? Y/N

Is the feedback to the student:

Give details:

• Constructive?
Y/N
• Linked to relevant assessment
criteria? Y/N

• Identifying opportunities for

improved performance?
Y/N
• Agreeing actions? Y/N

Does the assessment decision need

amending? Y/N

Assessor signature Date

Internal Verifier signature Date

Program Leader signature (if
required) Date

1
Yenusha Dilakshi NEG00130331 Security
 2
Yenusha Dilakshi NEG00130331 Security
 Confirm action completed
Remedial action taken

Give details:

Assessor signature Date

Internal Verifier
signature Date

Program Leader signature (if

required) Date

Yenusha Dilakshi NEG00130331 Security

Higher Nationals - Summative Assignment Feedback Form
Student Name/ID
Unit 05: Security
Unit Title

Assignment Number 1 Assessor

Date Received
Submission Date 1st submission
Date Received 2nd
Re-submission Date submission
Assessor Feedback:

LO1. Assess risks to IT security

Pass, Merit & Distinction P1 P2 M1 D1

Descripts

LO2. Describe IT security solutions.

Pass, Merit & Distinction P3 P4 M2 D1

Descripts

LO3. Review mechanisms to control organisational IT security.

Pass, Merit & Distinction P5 P6 M3 M4 D2

Descripts

LO4. Manage organisational security.

Pass, Merit & Distinction P7 P8 M5 D3

Descripts

Grade: Assessor Signature: Date:

Resubmission Feedback:

Grade: Assessor Signature: Date:

Internal Verifier’s Comments:

Yenusha Dilakshi NEG00130331 Security

 Signature & Date:
* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and grades decisions have
been agreed at the assessment board

Pearson
Higher Nationals in
Computing
Unit 5: Security

Yenusha Dilakshi NEG00130331 Security

 6

Yenusha Dilakshi NEG00130331 Security

General Guidelines

1. A Cover page or title page – You should always attach a title page to your assignment. Use previous page as
your cover sheet and make sure all the details are accurately filled.
2. Attach this brief as the first section of your assignment.
3. All the assignments should be prepared using a word processing software.
4. All the assignments should be printed on A4 sized papers. Use single side printing.
5. Allow 1” for top, bottom, right margins and 1.25” for the left margin of each page.

Word Processing Rules

1. The font size should be 12 point, and should be in the style of Time New Roman.
2. Use 1.5 line spacing. Left justify all paragraphs.
3. Ensure that all the headings are consistent in terms of the font size and font style.
4. Use footer function in the word processor to insert Your Name, Subject, Assignment No, and Page Number
on each page. This is useful if individual sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to help editing your assignment.

Important Points:

1. It is strictly prohibited to use textboxes to add texts in the assignments, except for the compulsory
information. eg: Figures, tables of comparison etc. Adding text boxes in the body except for the before
mentioned compulsory information will result in rejection of your work.
2. Carefully check the hand in date and the instructions given in the assignment. Late submissions will not be
accepted.
3. Ensure that you give yourself enough time to complete the assignment by the due date.
4. Excuses of any nature will not be accepted for failure to hand in the work on time.
5. You must take responsibility for managing your own time effectively.
6. If you are unable to hand in your assignment on time and have valid reasons such as illness, you may apply
(in writing) for an extension.
7. Failure to achieve at least PASS criteria will result in a REFERRAL grade.
8. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will then be asked
to complete an alternative assignment.
9. If you use other people’s work or ideas in your assignment, reference them properly using HARVARD
referencing system to avoid plagiarism. You have to provide both in-text citation and a reference list.
10. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be reduced to A
REFERRAL or at worst you could be expelled from the course

Yenusha Dilakshi NEG00130331 Security

 8

Yenusha Dilakshi NEG00130331 Security

Student Declaration

I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as my own
without attributing the sources in the correct way. I further understand what it means to copy another’s work.

1. I know that plagiarism is a punishable offence because it constitutes theft.

2. I understand the plagiarism and copying policy of the Edexcel UK.
3. I know what the consequences will be if I plagiarize or copy another’s work in any of the assignments for this
program. .
4. I declare therefore that all work presented by me for every aspects of my program, will be of my own, and
where I have made use of another’s work, I will attribute the source in the correct way.
5. I acknowledge that the attachment of this document, signed or not, constitutes a binding agreement
between myself and Pearson UK.
6. I understand that my assignment will not be considered as submitted if this document is not attached to the
main submission.

Student’s Signature: Date:

(Provide E-mail ID) (Provide Submission Date)

Yenusha Dilakshi NEG00130331 Security

Assignment Brief
Student Name /ID Number

Unit Number and Title Unit 5- Security

Academic Year 2020/2021

Unit Tutor

Assignment Title EMC Cyber

Issue Date

Submission Date

IV Name & Date

Submission Format:

The submission should be in the form of an individual written report written in a concise, formal business style
using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as
appropriate, and all work must be supported with research and referenced using Harvard referencing system.
Please provide in- text citation and an end list of references using Harvard referencing system.

Section 4.2 of the assignment required to do a 15 minutes presentation to illustrate the answers.

Unit Learning Outcomes:

LO1 Assess risks to IT security.

LO2 Describe IT security solutions.

LO3 Review mechanisms to control organisational IT security.

LO4 Manage organisational security.

10

Yenusha Dilakshi NEG00130331 Security

 Assignment Brief and Guidance:

11

Yenusha Dilakshi NEG00130331 Security

 Scenario

‘EMC Cyber’ is a reputed cyber security company based in Colombo Sri Lanka that is delivering
security products and services across the entire information technology infrastructure. The company
has a number of clients both in Sri Lanka and abroad, which includes some of the top-level companies
of the world serving in multitude of industries. The company develops cyber security software
including firewalls, anti-virus, intrusion detection and protection, and endpoint security. EMC Cyber is
tasked with protecting companies’ networks, clouds, web applications and emails. They also offer
advanced threat protection, secure unified access, and endpoint security. Further they also play the
role of consulting clients on security threats and how to solve them. Additionally the company follows
different risk management standards depending on the company, with the ISO 31000 being the most
prominent.

One of the clients of EMC Cyber, Lockhead Aerospace manufacturing which is a reputed aircraft
manufacturer based in the US, has tasked the company to investigate the security implications of
developing IOT based automation applications in their manufacturing process. The client has
requested EMC to further audit security risks of implementing web based IOT applications in their
manufacturing process and to propose solutions. Further, Lockhead uses ISO standards and has
instructed EMC to use the ISO risk management standards when proposing the solution.

The director of the company understands such a system would be the target for cyber-attacks. As you
are following a BTEC course which includes a unit in security, the director has asked you to investigate
and report on potential cyber security threats to their web site, applications and infrastructure. After
the investigation you need to plan a solution and how to implement it according standard software
engineering principles.

12

Yenusha Dilakshi NEG00130331 Security

 Activity 01

Assuming the role of External Security Analyst, you need to compile a report focusing on following
elements to the board of EMC Cyber’;

1.1 Identify the CIA Triad concept and evaluate why and how the CIA Triad could be utilize to EMC
Cyber in order to improve the organization’s security.

1.2 Identify types of security risks EMC Cyber is subject to its present setup and the impact that they
would make on the business itself. Evaluate at least three physical and virtual security risks identified
and suggest the security measures that can be implemented in order to improve the organization’s
security.

1.3 Develop and describe security procedures for EMC Cyber to minimize the impact of issues
discussed in section (1.1) by assessing and rectifying the risks.

Activity 02

2.1 Identify how EMC Cyber and its clients will be impacted by improper/ incorrect configurations
that are applicable to firewalls and VPN solutions. IT security can include a network monitoring
system. Discuss how EMC cyber can benefit by implementing a network monitoring system with
supporting reasons.

2.2 Explain how the following technologies would benefit EMC Cyber and its Clients by facilitating a
‘trusted network’. (Support your answer with suitable examples).

i) DMZ

ii) Static IP

iii)NAT

2.3 Identify and evaluate the tools that can be utilized by EMC cyber to improve the network and
security performance without compromising each other. Evaluate at least three virtual and physical
security measures that can be implemented by EMC to uphold the integrity of organization’s IT

13

Yenusha Dilakshi NEG00130331 Security

 policy.

Activity 03

3.1 Discuss suitable risk assessment integrated enterprise risk management procedures for EMC
Cyber solutions and the impact an IT security audit will have on safeguarding organization and its
clients. Furthermore, your discussion should include how IT security can be aligned with an
organizational IT policy and how misalignment of such a policy can impact on organization’s security.

(This can include one or more of the following: network change management, audit control, business
continuance/disaster recovery plans, potential loss of data/business, intellectual property, Data
Protection Act; Computer Misuse Act; ISO 31000 standards.)

3.2 Explain the mandatory data protection laws and procedures which will be applied to data storage
solutions provided by EMC Cyber. You should also summarize ISO 31000 risk management
methodology.

Activity 04

4.1 Design an organizational security policy for EMC Cyber to minimize exploitations and misuses
while evaluating the suitability of the tools used in an organizational policy.

4.2 Develop and present a disaster recovery plan for EMC Cyber according to the ISO/IEC 17799:2005
or similar standard which should include the main components of an organizational disaster recovery
plan with justifications. Discuss how critical the roles of the stakeholders in the organization to
successfully implement the security policy and the disaster recovery plan you recommended as a part
of the security audit.

14

Yenusha Dilakshi NEG00130331 Security

 (Students should produce a 15 minutes PowerPoint presentation which illustrates the answer for
this section including justifications and reason for decisions and options used).

15

Yenusha Dilakshi NEG00130331 Security

Grading Rubric

Grading Criteria Achieved Feedback

LO1 Assess risks to IT security

P1 Identify types of security risks to organizations.

P2 Describe organizational security procedures.

M1 Propose a method to assess and treat IT security risks.

LO2 Describe IT security solutions

P3 Identify the potential impact to IT security of incorrect

configuration of firewall policies and third-party VPNs.

P4 Show, using an example for each, how implementing a DMZ, static

IP and NAT in a network can improve Network Security.
M2 Discuss three benefits to implement network monitoring systems
with supporting reasons.
D1 Evaluate a minimum of three of physical and virtual security
measures that can be employed to ensure the integrity of
organizational IT security.
LO3 Review mechanisms to control organizational IT
security
P5 Discuss risk assessment procedures.

Yenusha Dilakshi NEG00130331 Security

16
P6 Explain data protection processes and regulations as applicable to
an organization.

M3 Summaries the ISO 31000 risk management methodology and its

application in IT security.
M4 Discuss possible impacts to organizational security resulting from
an IT security audit.
D2 Consider how IT security can be aligned with organizational
Policy, detailing the security impact of any misalignment.
LO4 Manage organizational security

P7 Design and implement a security policy for an organization.

P8 List the main components of an organizational disaster recovery

plan, justifying the reasons for inclusion.
M5 Discuss the roles of stakeholders in the organization to implement
security audit recommendations.
D3 Evaluate the suitability of the tools used in an organizational policy.

Yenusha Dilakshi NEG00130331 Security

17
Yenusha Dilakshi NEG00130331 Security
18
Acknowledgement

I would like to use this occasion to convey my sincere thanks to my great lecture Miss.Ann
Roshain, for her important advice, mentorship, and support throughout this assignment. Her
dedication to teaching and to our educational process has been truly inspiring. I would like to
thank the Esoft organization for giving me this opportunity to reveal my talent through the
task.

Thank You!

Yenusha Dilakshi

19
Yenusha Dilakshi NEG00130331 Security
Activity 01

P1 Identify types of security risks to organizations.

1.1 IT security

The methods and devices used by businesses to safeguard information are referred to as
information security (or InfoSec). This involves the configuration of the policies that prohibit
illegal access to either personal or company data. Information security (InfoSec) is a rapidly
expanding and changing discipline that encompasses a variety of topics, including testing,
auditing, and infrastructure and network security.

Sensitive data is protected by information security from unauthorized actions such as

examination, alteration, recording, interruption, or destruction. The objective is to guarantee

20
Yenusha Dilakshi NEG00130331 Security
the security and privacy of sensitive data, including financial information, intellectual
property, and account information for customers.

Data loss, data manipulation, and theft of confidential information are all effects of security
events. Attacks can cause delays in business operations, harm a company's reputation, and
cost money.

Threats and Attacks are two essential phenomena from a security perspective.

1.1.1 Definition for Threats

A threat is a potential security risk that might use a system's or asset's weakness to its
advantage. The threat's source might be unintentional, environmental, due to human
carelessness or failure, or it could be caused by failure. There are many different kinds of
security risks, including interruption, interception, fabrication, and modification.

Whether done intentionally or inadvertently, a threat is anything that can access, damage, or
destroy an asset through taking advantage of a vulnerability. Three groups of threats can be
identified:

• Natural disaster instances include storms, floods, and tornadoes.

• Dangers that are unintentional, such when an employee accesses inaccurate data.

• Examples of purposeful threats include spyware, viruses, adware providers, and rogue
employee behavior.

Definition for Attacks

An attack is a deliberate, illegal activity against a system. Organizations are supposed to be

protected against hostile assaults via information security. Attacks can be divided into two
categories. They are active attacks and passive attacks. The emphasis is on identifying,
mitigating, and recovering from active assaults because they are thought to be harder to
prevent. Strong security measures make it simpler to thwart passive assaults.

21
Yenusha Dilakshi NEG00130331 Security
1.1.2 Key security concepts

Security experts assess risks and vulnerabilities based on their potential effects on the data,
applications, and vital systems more specifically, their confidentiality, integrity, and
availability that make up an organization. The security team creates a set of security rules
based on that assessment to lower risk in their environment.

Confidentiality

Keeps data private or hidden are referred to as confidentiality. In reality, it involves

restricting access to data in order to avoid illegal exposure. Usually, this entails making sure
that only those with the proper authorization have access to certain resources and that
unauthorized individuals are actively stopped from gaining access. For instance, the
employee payroll database should only be accessible to approved Payroll personnel.
Furthermore, further, stricter restrictions on the specific information that those authorized
users are permitted access to may exist within a group of authorized users. Another
illustration: Online shoppers have a right to assume that any personal information they
provide a company—like their credit card number, contact information, or shipping address
—will be safeguarded against unlawful access or disclosure. (Walkowski, 2019)

There are several ways to break confidentiality, including through direct assaults intended to
obtain unauthorized access to databases, systems, and applications in order to steal or alter
data. A few examples include escalating system privileges by an attacker, electronic
eavesdropping (through a man-in-the-middle attack), network reconnaissance, and other sorts
of scanning. However, unintended breaches of confidentiality can also occur as a
consequence of human mistake, negligence, or insufficient security measures. Examples
include sharing user accounts, not encrypting data (during processing, transmission, and
storage), physical eavesdropping (also known as shoulder surfing), inadequate, nonexistent,
or weak authentication procedures, and theft of physical tools and storage devices.
(Walkowski, 2019)

Data classification and labeling, stringent access controls and authentication procedures,
encryption of data during processing, in transit, and during storage, steganography, remote

22
Yenusha Dilakshi NEG00130331 Security
wipe capabilities, and adequate education and training for all users of the data are all
examples of countermeasures to protect confidentiality. (Walkowski, 2019)

Integrity

Integrity is a term used to describe something's ability to be full or complete. Integrity in

information security refers to ensuring that data has not been altered and can, thus, be trusted.
It is true, dependable, and accurate. Customers who shop online, for instance, anticipate
accurate product and price information as well as the permanence of all other information,
including quantity, cost, and availability, even after they have placed an order. Customers of
financial services need to be confident that their account balances and personal information
are secure. Integrity assurance entails safeguarding data while it is being used, while it is
being transferred (such as during the sending of an email or the uploading or downloading of
a file), and while it is being kept, whether on a laptop, a portable storage device, at the data
center, or in the cloud. (Walkowski, 2019)

Integrity can be compromised intentionally, unintentionally, through human error,

carelessness, coding errors, or insufficient policies, procedures, and protection mechanisms.
As with confidentiality, integrity can be compromised directly through an attack vector (such
as tampering with intrusion detection systems, changing configuration files, or changing
system logs to evade detection). (Walkowski, 2019)

Encryption, hashing, digital signatures, and digital certificates are some of the defenses
against data integrity. , intrusion detection systems, auditing, version control, and strong
authentication mechanisms and access controls. Trusted certificate authorities (CAs) issue
digital certificates to organizations to prove their identity to users of websites, much like how
a passport or driver's license can be used to prove a person's identity. (Walkowski, 2019)

Consider the fact that integrity is synonymous with the idea of non-repudiation, or the
inability to contradict anything. When emails are signed digitally, for instance, neither the
sender nor the recipient can dispute that a message was sent. Integrity is helped by non-
repudiation. (Walkowski, 2019)

Availability

23
Yenusha Dilakshi NEG00130331 Security
If systems, applications, and data cannot be accessed when required by authorized users, they
are of limited use to a business and its clients. Simply said, availability refers to the state of
networks, systems, and applications. It guarantees that when resources are required,
authorized users will have prompt, dependable access to them. (Walkowski, 2019)

Availability can be compromised by a variety of factors, including faulty hardware or

software, lost power, natural calamities, and human error. The denial-of-service attack, in
which the performance of a system, website, online application, or web service is
purposefully and deliberately reduced, or the system becomes totally unavailable, is probably
the most well-known assault that poses a danger to availability.

(Walkowski, 2019)

1.1.3 How to improve security by using CIA triads with EMC cyber

Figure 1 CIA Trade

Source (Walkowski, 2019)
Introduction to CIA

24
Yenusha Dilakshi NEG00130331 Security
"CIA" in the context of information security (InfoSec) does not refer to a certain well-known
US intelligence organization. These three letters symbolize for the CIA triad—
confidentiality, integrity, and availability.

These three ideas work together to create the foundation of every organization's security
framework; in addition, they (should) serve as the aims of any security program. The CIA
triad has become so fundamental to data security that whenever data leaks, systems are
attacked, users fall for phishing scams, accounts are taken over, websites are nefariously
taken down, or any other security incidents happen.

Importance of CIA triad

The main framework for creating security systems and guidelines for corporations is the CIA
triad. As a result, the CIA trinity is essential in protecting your data from evolving cyber
threats. An organization is said to have failed in properly applying one or more of these
principles when a security event, such as data theft or a security breach, happens. The CIA
trinity is essential to information security because it improves security posture, assists firms
in remaining compliant with complicated requirements, and maintains business continuity.

Challenges for the CIA triad

Due to the ever-growing volume of data that has to be protected, big data presents particular
difficulties for the CIA paradigm. More devices, producing data in a wider range of forms,
are being added to the stream as technology develops. Responsible monitoring may
sometimes be a secondary concern because the primary objective of handling large data is
frequently to gather and evaluate all of the available information.

Privacy and security on the Internet of Things present unique difficulties. More internet-
enabled gadgets are released into the market every year, some of which may still be
vulnerable due to outdated software or passwords. Despite the fact that many devices don't
communicate highly sensitive information, an attacker might nonetheless acquire enough data
from each endpoint, analyze it, and maybe divulge information you'd rather keep secret.

25
Yenusha Dilakshi NEG00130331 Security
EMC Cyber can assist its clients in protecting their data, ensuring the integrity of their
systems, and maintaining the availability of their services by putting these and other security
measures based on the CIA triad into place. Additionally, EMC Cyber can guarantee that its
solutions are efficient and in line with industry best practices by adhering to ISO risk
management standards.

1.2 Identify the different categories of security threats and the effects they might have
on the company as a whole.

Organizational risks

There are several types of business risk. It relates to any situation that can make it difficult for
you to accomplish your professional goals or objectives. Depending on your plan, business
risk may be internal or external (such as the global economy).

Different risk types require different approaches to management and treatment. Before you
think about how to handle the risk, you need know exactly what kind of risk you are facing.

Types of organizational risks

o Reputation risk
o Financial risk
o Operational risk
o Strategic risk
o Technology risk

1.2.1 Security risks

An information security risk is essentially anything on your machine that might harm it, steal
your data, or let someone else use it without your knowledge or permission. Malware, a
catch-all word for several subtypes of harmful software, is only one of many distinct things
that might pose a risk to computers. Although computer viruses are the sort of malicious
software that comes to mind when we think of threats to computer security, there are also

26
Yenusha Dilakshi NEG00130331 Security
worms, Trojan horses, spyware, ransomware, and other forms of bad software. Risks can also
come from improper computer product configuration and risky computing practices.

Organizations are increasingly prioritizing cybersecurity risk as they embrace digital

transformation and use cutting-edge technology solutions to boost productivity and promote
corporate success. Many businesses are also becoming more dependent on third- and fourth-
party providers and programs. These tools can help businesses succeed, but they also bring in
new dangers and widen your digital assault surface.

Failure to properly understand the risk associated with employing these additional resources
is one of the most common mistakes made by firms. Organizations may more actively
manage and reduce risks before they become major problems when everyone involved is
aware of what to watch out for and what to do should an issue occur.

These are the main types of security risks.

 Virtual security risks

 Physical security risks

 Virtual security risk

Risk may rise as a result of IT difficulties managing the virtual security's extra complexity. In
a virtualized environment, it is harder to track workloads and programs as they move between
servers, making it more difficult to monitor security configurations and policies. Furthermore,
the ease of setting up virtual PCs might lead to security problems.

Below are some of most common types of virtual security risks.

1. Ransomware
2. Phishing
3. DDoS Attacks
4. Zero-day Exploit
5. Man-in-the-middle-Attacks

27
Yenusha Dilakshi NEG00130331 Security
Ransomware

Figure 2 Ransomware
Source (reddy, 2021)

Ransomware is a variety of malware that prevents a person or organization from accessing

certain computer data. When data are encrypted and a ransom is demanded for the decryption
key, cyber attackers force companies into a scenario where paying the ransom is the quickest
and least costly way to regain access to their files. Several iterations have added additional
features, such data theft, to further persuade malware sufferers to the ransom.

The most obvious and renowned malware family is ransomware, which has swiftly gained
popularity. Recent ransomware attacks have disrupted public services in cities, hindered

28
Yenusha Dilakshi NEG00130331 Security
hospitals' capacity to deliver essential services, and done severe harm to a number of
enterprises.

Phishing

Figure 3 Phishing
Source (Gaines, 2022)

Phishing is a sort of cybersecurity assault in which threat actors send communications

purporting to be a reliable individual or organization. Phishing communications trick the user
into doing things like downloading harmful software, clicking on dangerous links, or
disclosing private data like login credentials. One of the most typical forms of social
engineering, which is a broad phrase for attempts to influence or deceive computer users, is
phishing. A threat vector employed in practically all security events, social engineering is
becoming more and more prevalent. Phishing and other forms of social engineering are

29
Yenusha Dilakshi NEG00130331 Security
frequently used in conjunction with other security risks including malware, code injection,
and network assaults.

Distributed Danial-of-Service (DDoS) Attack

Figure 4 DDoS Attack

Source (Scialabba, 2017)

When a server is the target of a DDoS assault, the attacker effectively floods it with traffic in
an effort to disrupt and maybe even bring it down. The most advanced firewalls can
recognize and respond to classic denial-of-service assaults, however a DDoS assault can
saturate the target with traffic by using a lot of compromised devices.

Zero-day exploit

30
Yenusha Dilakshi NEG00130331 Security
In order to take advantage of a flaw in well-known software applications and operating
systems before a fix is made available, hackers target businesses that utilize such products
and develop what is known as a "zero-day exploit."

Man-in-the-middle-attacks

A man-in-the-middle attack (MITM) occurs when an attacker deceives two parties into
communicating with each other in order to spy on the targets, get sensitive data or login
credentials, or maybe even change the discussion. Since most email and chat systems utilize
end-to-end encryption, which prohibits third parties from manipulating with the data that is
transferred across the network, regardless of whether the network is secure or not, MITM
attacks are becoming less prevalent.

 Physical security risks

An event that can inflict loss or bodily injury to the computer systems could be started by a
physical threat. The protection of people, equipment, applications, protocols, and data against
physical incidents and conditions that might cause significant losses or harm to a business,
departments, or organization is referred to as physical security. This includes protection from
theft, robbery, terrorism, fire, and other natural calamities.

These are the types of physical security risks.

1. Unauthorized Access
2. Computer viruses
3. Vandalism
4. Accidents

Unauthorized Access

Unauthorized access to sensitive data is one of the most frequent security threats associated
with computerized information systems. The major issue arises from unauthorized users, or

31
Yenusha Dilakshi NEG00130331 Security
hackers, who employ modern technology and their expertise to break into or exhaust
seemingly protected devices. Instead of the term "hacker," those who enter data systems for
destructive purposes are sometimes referred to as "crackers." (Ginni, 2022)

Computer Viruses

A virus called is a particularly nasty program that is designed to infiltrate a computer without
the user's knowledge or consent and has the capacity to replicate itself in order to spread
farther. Some viruses do only minor damage, while others can seriously impair programs and
the way the system is implemented. (Ginni, 2022)

Vandalism

Information system security is seriously threatened by maliciously damaging hardware,

software, or data. Because the organization will momentarily be unable to use one of its
resources, destruction poses a threat. The overall performance of the organization can be
significantly impacted by even relatively slight damage to a system's component. (Ginni,
2022)

Accidents

Over time, both the surroundings and the staff's attitude and disposition will have an impact
on accidental abuse or damage. Information system security is more vulnerable to human
mistake than to intentional human threats. However, the majority of mishaps that pose
substantial risks to the information system security are preventable. (Ginni, 2022)

1.2.2 Security measures

There are a number of security measures that may be put in place to strengthen EMC Cyber's
security and safeguard the private data of their clients. These measurements consist of:

 Network Segmentation: A computer network can be segmented into smaller

subnetworks, each with its own set of security measures. The danger of a significant
breach is decreased by segmenting the network such that any compromise in one
segment won't impact the other portions. Firewalls, routers, or virtual LANs can be
used to accomplish this.

32
Yenusha Dilakshi NEG00130331 Security
  Regular Software Updates: Security patches that fix flaws that attackers can exploit
are frequently included in software upgrades. To lessen the danger of assaults, EMC
Cyber has to make sure that all of its systems and software are current with the most
recent security fixes.
 Access Control: Access control is a safety feature that makes sure only authorized
individuals have access to sensitive data. To prevent unwanted access to its systems,
EMC Cyber has to establish access control methods such strong passwords,
multifactor authentication, and role-based access control.
 Employee Training: In a company's security chain, employees are frequently the
weakest link. EMC Cyber should regularly teach its staff on security best practices,
such as spotting phishing emails and generating secure passwords.
 Encryption: To prevent unwanted access, data is encrypted by a procedure in which a
secret code is created. All sensitive data, both in transit and at rest, should be
encrypted by EMC Cyber to prevent data breaches.
 Incident Response Plan: In the case of a security breach, the procedures to be done are
outlined in an incident response plan. In order to respond to security issues quickly
and effectively and lessen the impact of the breach, EMC Cyber should have an
incident response strategy in place.
These security measures will help EMC Cyber strengthen their security posture and better
safeguard the private data of their clients.

P2 Describe organizational security procedures.

1.3 Security procedure

A security process is a series of instructions or rules that specify how to handle and react to
security incidents or threats. It is a systematic approach to security management that aids
businesses in identifying, evaluating, and managing security risks to safeguard their
resources, data, and personnel. Security policies, which are broad declarations outlining the
organization's security goals, benchmarks, and principles, serve as the foundation for most
security processes.

33
Yenusha Dilakshi NEG00130331 Security
Detailed instructions on how to carry out particular security-related duties or activities are
provided by security procedures. A security protocol could, for instance, specify the
procedures to be taken when an employee departs the firm to guarantee that all access to the
company's systems and data is removed. A wide variety of security-related concerns,
including access control, incident management, data protection, physical security, and
business continuity, can be covered by security processes.

For managing security risks and ensuring the safety of an organization's resources, data, and
employees, effective security procedures are crucial. They assist in making sure that everyone
in the company is aware of the security responsibilities that are placed upon them as well as
the proper and efficient responses to security incidents and threats.

Here are some common organizational security procedures.

1. Access Control Procedures

2. Incident Response Procedures
3. Security Awareness and Training Procedures
4. Physical Security Procedures
5. Network Security Procedures

M1 Propose a method to assess and treat IT security risks.

1.4 Security procedures for EMC Cyber

Depending on the unique requirements and dangers of the company, organizational security
policies for EMC Cyber can be further enhanced with additional information and processes.
Here are a few instances when the process can be enhanced.

Use a firewall

EMC Cyber can strengthen the security of its company by implementing a firewall, which is
a crucial security tool. A firewall is a network security device that keeps track of and filters
inbound and outgoing network data in accordance with pre-established security standards.
EMC Cyber can manage network access and stop illegal access to confidential data or
systems by utilizing a firewall.

34
Yenusha Dilakshi NEG00130331 Security
Application-level gateways, stateful inspection firewalls, and packet-filtering firewalls are
just a few of the different kinds of firewalls that are accessible. Based on the organization's
unique security needs, a particular firewall model will be used. An organization that manages
a lot of online traffic, for instance, might benefit more from an application-level gateway
firewall, whereas a smaller organization might be satisfied with a packet-filtering firewall.

In addition to installing a firewall, EMC Cyber should make sure that the firewall is
frequently updated with the newest security patches and settings to ensure that it is offering
the greatest level of security. Additionally, regular inspection of firewall records can aid in
the early detection of any potential security issues, enabling prompt reaction and prevention.
By utilizing a firewall, EMC Cyber can significantly lower the risk of unauthorized entry and
lessen the effects of a security mishap.

Password management

To develop secure passwords specific to EMC Cyber systems and apps, all workers must
comply. Encourage staff members to utilize password managers to manage their credentials
and mandate frequent password changes.

Physical security

Only allow authorized people access to the server rooms and physical facilities of EMC
Cyber. Use motion detectors, video cameras, and other security systems to keep an eye on the
area.

Incident response

Create and record an incident response plan outlining the actions to be performed in the case
of a security breach. The steps in this strategy should cover contacting stakeholders, isolating
the impacted systems, and doing a post-incident study.

Employee training

35
Yenusha Dilakshi NEG00130331 Security
Hold frequent training sessions to inform staff members of the value of security and to keep
them informed of the most recent dangers and best practices. Make it mandatory for all
workers to sign a document attesting to their comprehension of EMC Cyber's security
guidelines.

Third - party security

Create processes to make sure that any contractors or third-party suppliers that have access to
EMC Cyber's systems and data follow the organization's security policies and practices.

Data backup and recovery

Ensure that vital data can be restored in the case of a disaster or cyberattack by implementing
a strong data backup and recovery plan. To assure the efficacy of the backup and recovery
procedure, test it frequently.

EMC Cyber can make sure that its systems and data are secured from a variety of security
threats and that the organization is well-prepared to handle any events by putting these
security processes into place and improving them as necessary.

Activity 2

P3 Identify the potential impact to IT security of incorrect configuration of firewall

policies and third-party VPNs.

2.1 IT security solution

A system of hardware, software, and services referred to as an IT security solution is created

to safeguard a company's digital assets and systems against online dangers. IT security
solutions are intended to stop unauthorized access, data theft, and other harmful actions that
might jeopardize the confidentiality, integrity, and availability of an organization's
information. Firewalls, intrusion detection and prevention systems, antivirus and anti-
malware software, encryption, access restrictions, and security audits and assessments may be
some of these solutions. IT security solutions are a crucial part of an organization's entire IT

36
Yenusha Dilakshi NEG00130331 Security
infrastructure and are crucial for protecting sensitive data and guaranteeing business
continuity.

2.1.2 Introduction to VPN

Figure 5 VPN
Source (Mitchell, 2019)

Virtual Private Network is referred to as VPN. It is a technology that enables a private

network, such an organization's internal network, and a distant user or device to communicate
securely and encrypted across a public network, like the internet. A VPN establishes a virtual
tunnel that gives users access to private network resources as if they were physically present
on the network. This technology is frequently used by remote workers or employees to access
business resources safely from locations other than the office, as well as by people to
safeguard their online security and privacy when surfing the internet. VPNs may also be used
to get around geographic limitations and access material that may be prohibited in particular
areas or nations. (Mitchell, 2019)

37
Yenusha Dilakshi NEG00130331 Security
VPNs come in a variety of forms, each with unique benefits and drawbacks. These are the
most popular varieties:

1. Remote Access VPN: With this kind of VPN, users may safely connect to a private
network online from a distant place. Employees who need to access corporate
resources while away from the office frequently utilize remote access VPNs.
2. Site-to-site VPN: A secure internet connection between two or more networks is
made possible by this kind of VPN. Businesses with several locations frequently use
site-to-site VPNs to provide their staff members access to network resources and data
as if they were on the same local network.
3. Mobile VPN: This kind of VPN is made especially for portable electronics like
smartphones and tablets. Remote employees who want access to corporate resources
while on the move frequently utilize mobile VPNs.
4. SSL VPN: This kind of VPN offers safe access to web-based programs and services
using safe Sockets Layer (SSL) encryption. Remote access to web-based applications
and resources is frequently provided using SSL VPNs.
5. IPsec VPN: This kind of VPN offers safe access to private networks over the internet
using Internet Protocol Security (IPsec) encryption. Businesses frequently employ
IPsec VPNs to establish secure site-to-site and remote access VPN connections.
2.1.2.1 Benefits and Challenges of using VPN

Benefits

o Enhanced Security:
To protect conversations over the internet, VPNs employ encryption techniques. Sensitive
information is kept secret by being protected from being intercepted and read by
unauthorized persons.

o Remote Access:
VPNs provide for remote access to a company's network resources, enabling employees to
access corporate information and resources from afar. For workers who must do remote or
mobile work, this can increase productivity and job flexibility.

o Cost-effective:

38
Yenusha Dilakshi NEG00130331 Security
Especially for smaller businesses that require the connection of distant sites or lone users,
VPNs might be a more affordable option than leased lines.

o Geo-restrictions bypass:
By concealing the user's IP address and enabling them to look as though they are accessing
the material from a different location, VPNs can get around geo-restrictions on particular
websites or content.

Challenges

o Speed and Performance:

Sometimes using a VPN may slow down internet speeds, which will affect user experience.
This is particularly valid when connecting to far-off places or while utilizing a legacy VPN
protocol.

o Complexity:
It can be difficult to set up and configure a VPN, especially for small organizations without a
dedicated IT team. It might also be difficult to guarantee that all software and hardware are
VPN-compatible.

o Security Risks:
There is always a chance of data breaches and hacker efforts, even if VPNs can offer
increased protection. Businesses must make sure that their VPNs are setup and protected
appropriately to avoid unwanted access because VPNs are not impervious to assaults.

o Maintenance and Management:

In order to keep VPNs safe and functional, they need constant monitoring and upkeep,
including frequent upgrades and patches. For smaller businesses without specialized IT
employees, this can be a time-consuming operation.

2.1.2.2 Potential impact to IT security of incorrect configuration of third-party VPNs.

39
Yenusha Dilakshi NEG00130331 Security
Unauthorized Access

Unauthorized access to the company's network may occur if a VPN is improperly setup.
Because of this illegal access, hackers may be able to get access to sensitive information or
vital systems, leading to data breaches, financial loss, and reputational harm.

Data interception

Attackers may be able to intercept sensitive data being transferred through a VPN connection
if the VPN is setup improperly. Sensitive data, such as private company information,
customer data, and financial information, may become public as a result of this.

Malware infections

Incorrectly setup third-party VPNs can potentially lead to malware attacks. Malware may be
used by hackers to compromise sensitive data, cause data loss, and harm a company's
reputation by infecting the VPN client or the network.

Denial of Service Attacks

Denial of Service (DoS) attacks against a company's network can also be launched via a VPN
that has been improperly configured. System outages, data loss, and financial losses might
ensue from this.

Compliance Violation

An improperly setup VPN might lead to compliance issues if a business is subject to

compliance rules. Legal repercussions, penalties, and reputational harm may follow.

40
Yenusha Dilakshi NEG00130331 Security
2.1.3 Introduction to Firewall

Figure 6 firewall

Source (Basu, 2022)

A firewall is a network security tool that monitors and regulates incoming and outgoing
network traffic in accordance with pre-established security rules. It serves as a firewall
between an internal network and the Internet or other untrusted networks, allowing only
allowed communication to flow through and prohibiting unwanted traffic. Any network
security plan must include firewalls, which can be either hardware, software, or a
combination of both. They aid in preventing unwanted access to a network, safeguarding
against malware and other online dangers, and assisting enterprises in maintaining regulatory
compliance. (Basu, 2022)

These are the different types of firewall:

41
Yenusha Dilakshi NEG00130331 Security
Packet-filtering Firewall

Each data packet that traverses the network is examined by these firewalls, which filter it in
accordance with pre-established criteria such source and destination IP addresses and ports.
(Yasar & Lutkevich, 2023)

Stateful inspection Firewall

These firewalls keep track of the connections that pass through them and utilize that data to
decide whether to accept or reject incoming traffic. (Yasar & Lutkevich, 2023)

Proxy Firewall

All traffic must go via these firewalls, which serve as a bridge between two network
destinations. They have the ability to monitor and alter network traffic to offer extra security
features like content filtering and antivirus screening. (Yasar & Lutkevich, 2023)

Next-generation Firewall

These firewalls include a number of security capabilities into a single unit, including virus
protection, application control, and intrusion prevention. (Yasar & Lutkevich, 2023)

Virtual Firewall

These firewalls safeguard virtual computers or cloud-based services while operating in a

virtualized environment. (Yasar & Lutkevich, 2023)

2.1.3.1 Benefits and Challenges of using Firewall policies

Benefits

Network Security:

Filtering traffic and limiting access to particular network resources are two ways that firewall
policies may assist prevent unwanted access to a network. Against malware and other
harmful assaults, this can offer protection.

42
Yenusha Dilakshi NEG00130331 Security
Access Control:

Access to specified network resources, such as websites or programs, can be restricted using
firewall policies. Access to sensitive data, such as customer or financial information, can be
restricted using this.

Compliance:

By making sure that access to sensitive information is restricted and that network traffic is
being tracked, firewall policies may assist enterprises in meeting regulatory and compliance
obligations.

Increased Visibility:

Firewall policies can boost network traffic visibility, enabling enterprises to spot possible
security risks and react to security incidents faster.

Challenges

Configuration:

The configuration of firewall policies can be difficult, and they need constant upkeep and
revision. Incorrect setup can provide false positives or false negatives, which might leave the
network open to attack or have an adverse effect on business operations.

Complexity:

In order to handle firewall policies successfully, one needs a high level of technical
knowledge. Small businesses that may not have dedicated IT employees may find this
difficult.

Performance:

43
Yenusha Dilakshi NEG00130331 Security
The performance of a network can be affected by firewall policies, particularly if they are set
up to restrict a lot of traffic. Managing this may be difficult and have an influence on the user
experience.

False Positives and Negative:

The management of false positives or false negatives produced by firewall policies might be
difficult. False positives can affect corporate productivity and operations, and false negatives
can expose the network to danger.

2.1.3.2 Potential impact to IT security of incorrect configuration of firewall policies

Network performance

The performance of a network can be affected by firewall policies. A network may

experience network slowdown and valid traffic blocking if the restrictions are overly severe.
Conversely, if they are too lax, they can let an excessive amount of traffic, which would
cause congestion and performance problems.

Compliance Issues

Compliance with regulations like HIPAA and PCI DSS depends heavily on firewall policies.
A failure to comply with the rules by the company might result in legal troubles and financial
fines if the policies are not set up properly.

Configuration errors

A configuration issue brought on by improper firewall policies may also result in security
lapses. A rule, for instance, may provide unauthorized access to sensitive information if it is
not configured properly.

Inadequate Protection

44
Yenusha Dilakshi NEG00130331 Security
It's possible that the firewall policies won't offer enough defense against outside threats if
they're not configured appropriately. These weaknesses are open to attack by hackers and
cyberterrorists who can use them to obtain unauthorized access to sensitive information and
systems.

False sense of security

In some circumstances, improper firewall policies might make consumers feel insecure. They
could believe their systems are secure when, in fact, they might be open to intrusions.

P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a
network can improve Network Security.

1. DMZ
2. Static IP
3. NAT

2.2.1 Demilitarized Zone (DMZ)

45
Yenusha Dilakshi NEG00130331 Security
Figure 7 DMZ
Source (Lutkevich, 2021)

DMZ (Demilitarized Zone) is a network security concept that establishes a buffer zone
between a trusted internal network and an untrusted external network, such as the internet.
Publicly accessible resources, such as web servers or email servers, are situated on a distinct
network segment that is segregated from the internal network in this zone.

By reducing the possible effect of security breaches, DMZ implementation helps EMC Cyber
and its clients increase the security of their networks. A hacker who obtains access to the
DMZ's resources will be cut off from the inside network, which houses sensitive data and
important assets. This makes it harder for the hacker to access additional resources and move
laterally within the network.

Consider EMC Cyber as the host of a public-facing website that is reachable over the
internet. The chance of an attacker obtaining access to sensitive data is decreased by
separating the web server from the internal network and placing it in the DMZ. All
unauthorized traffic is barred from the web server by the DMZ, which serves as a firewall.

In conclusion, the DMZ is a crucial element in network security because it adds a layer of
security between the trusted internal network and the untrusted external network.

46
Yenusha Dilakshi NEG00130331 Security
2.2.2 Static Internet Protocol (Static IP)

Figure 8 Static IP
Source (Netha, 2020)

A computer or other device on a network is given a fixed address called a static IP (Internet
Protocol). A static IP address does not alter when a device connects to a network, in contrast
to dynamic IP addresses that do. As a result, devices may connect with one another
consistently via the network.

Using static IP addresses can have a number of advantages for fostering a trusted network in
the case of EMC Cyber and its clients. The first benefit is that it may aid in locating and
authenticating networked devices, ensuring that only authorized devices are given access to
critical data. Second, it can make monitoring and maintaining the network easier since
devices can be quickly located and followed thanks to their distinctive static IP addresses.

For instance, if EMC Cyber has a customer that needs access to confidential information on
their network, they can provide that client's device a static IP address. By ensuring that only
that particular device can access the sensitive data, this lowers the possibility of unwanted

47
Yenusha Dilakshi NEG00130331 Security
access by bad actors. The static IP address may also be used to track down the source of
security issues or breaches so that the necessary precautions can be taken to avoid them in the
future.

Overall, the use of static IP addresses can enhance network security by giving devices a
reliable and secure method of communication and by making network management and
monitoring easier.

2.2.3 Network Address Translation (NAT)

Figure 9 NAT
Source (Shukla, 2021)

Network Address Translation (NAT) is a technique that enables many devices on a network
to communicate with the internet using a single IP address. NAT may facilitate a trustworthy
network in the following ways, which will assist EMC Cyber and its clients:

48
Yenusha Dilakshi NEG00130331 Security
Improve Network Security: A network administrator can set up the firewall to only let traffic
that originates from the internal network by utilizing NAT. In other words, unless it is a
response to a request made by a device on the internal network, all incoming communication
is prohibited. This lessens the possibility of cyberattacks and helps prevent unwanted entry.

Simplified Network Management: When connecting to the internet, NAT enables several
devices on a network to share the same IP address. As a result, there are fewer IP addresses to
handle, which makes network administration simpler. As a result, IP addresses may be used
more effectively.

Cost Savings: NAT can also save costs by enabling businesses to utilize private IP addresses
that cannot be routed via the internet. This eliminates the need for each device on the network
to obtain a public IP address, which may be pricey.

For instance, if EMC Cyber implements NAT, every device on their internal network can use
private IP addresses, and the only device with a public IP address is the router that connects
the internal network to the internet. As a result, managing fewer IP addresses simplifies
network administration for EMC Cyber and lowers the cost of public IP addresses. By only
permitting incoming traffic that is a response to a request made by a device on the internal
network, NAT may also increase network security.

M2 Discuss three benefits to implement network monitoring systems with supporting

reasons.

2.3 Network Monitoring System

A network monitoring system, often known as an NMS, is a software or hardware platform

that gives network administrators control over and monitoring of their computer networks. It
offers in-the-moment monitoring and analysis of network activity, devices, and applications
to make sure the network is operating effectively and securely.

The NMS gathers data from multiple network devices and provides it in one place for
analysis and troubleshooting. It can keep an eye on a number of network-related factors,

49
Yenusha Dilakshi NEG00130331 Security
including bandwidth utilization, device condition, security risks, and application
performance.

To interact with network devices and gather data, NMSs frequently employ protocols like the
Simple Network Management Protocol (SNMP). When a device or program has a problem or
when a threshold is surpassed, they can produce alerts. The NMS may then be used by
network managers to investigate the problem and take the necessary steps.

2.3.1 Types of Network Monitoring

To monitor network activity and performance, many kinds of network monitoring systems
are employed. The following are a few of the common types:

Packet Sniffers

These are software programs that record network traffic statistics and offer in-depth details
about specific packets. They may be applied to assess network performance, keep an eye on
network security, and solve network problems.

Flow-Based Monitoring

This kind of network monitoring focuses on the movement of data among switches and
routers. It can assist in finding problems with network performance, traffic patterns, and
bandwidth use.

Event-Based Monitoring

This kind of monitoring is focused on gathering and processing data from network devices
that provide alerts and notifications when specific things happen, such a network outage or
security breach.

Endpoint Monitoring

This sort of network monitoring concentrates on specific network-connected devices, such as

servers, workstations, and mobile devices. It can support the detection of security risks and
guarantee that security regulations are followed.

Application Performance Monitoring

50
Yenusha Dilakshi NEG00130331 Security
This kind of network monitoring focuses on the functionality of certain programs that are
operating there. It may be used to find and fix performance problems that might be affecting
users.

2.3.2 Benefits of Network Monitoring System

Improved Network Performance

An NMS can assist in locating and resolving problems with network latency, congestion, and
capacity. Real-time network monitoring allows for the immediate identification and
resolution of any possible bottlenecks, faults, or problems before they have a negative
influence on the network's performance.

Enhanced Security

A network monitoring system may identify and notify IT security professionals of any
unusual activity or possible security concerns in the network, including malware, attempted
hacking, and unauthorized access. It may also detect and prevent illegal access while
monitoring traffic to ensure that security regulations are being followed.

Increased Availability

An NMS can keep track of network equipment, servers, software, and other crucial
infrastructure elements and notify administrators of any problems that may result in service
interruptions or downtime. Organizations may increase their network's availability and
uptime by proactively addressing these concerns.

Better Capacity Planning

Systems for network monitoring can offer insightful data on resource usage, network traffic
patterns, and capacity planning. As a result, resource allocation is optimized and prospective
network capacity concerns are identified by IT teams.

Improved Compliance

An NMS may assist firms in adhering to industry rules and standards like HIPAA, PCI DSS,
and SOX by monitoring network activity and traffic. This can assist in avoiding penalties and
legal action brought about by non-compliance.

51
Yenusha Dilakshi NEG00130331 Security
2.3.3 Network Monitoring System in EMC cyber

Any firm must have a network monitoring system in place to make sure that its network is
always operational and to rapidly identify and fix any network-related problems. Putting in
place a network monitoring system has a number of advantages for EMC Cyber.

First, a network monitoring system may assist EMC Cyber in quickly identifying any
possible security risks or assaults. The system continuously scans network traffic in order to
spot and notify administrators of any unusual or malicious activities. This might aid in
avoiding service disruption or property damage from cyberattacks.

Second, a network monitoring system can help EMC Cyber in enhancing the performance
and dependability of their network. The technology can assist in locating and resolving
problems that can be affecting network performance by offering thorough insights into
network traffic. This may help guarantee that the network performs at its best and offers
consumers dependable offerings.

Third, a network monitoring system can assist EMC Cyber in adhering to legal compliance
standards. Network security and data privacy are subject to severe rules in many different
businesses. EMC Cyber may make sure that it complies with these regulations and avert any
potential financial or legal consequences by putting in place a network monitoring system.

In conclusion, a network monitoring system is an essential part of the IT architecture of every

company. By putting in place such a system, EMC Cyber may enhance customer services
while also enhancing security, network performance, and compliance

D1 Evaluate a minimum of three of physical and virtual security measures that can be
employed to ensure the integrity of organizational IT security.

52
Yenusha Dilakshi NEG00130331 Security
2.4 Security Measures

In order to avoid, identify, and address security risks and threats, security measures are the
procedures or plans implemented. In addition to administrative controls like security policies,
access restrictions, and staff training programs, these measures may also include
technological controls like firewalls, encryption, and intrusion detection systems. In order to
prevent unauthorized access, use, disclosure, interruption, alteration, or destruction of an
organization's assets, including its information, systems, and physical infrastructure, security
measures are put in place.

2.4.1 Physical Security Measures

Physical security measures are the steps used to protect a company's physical assets, such as
its employees, machinery, and property. These controls are intended to avoid unauthorized
access, physical asset loss, theft, and damage. Access controls, security cameras, alarms,
barriers, and guards are a few examples of physical security measures. Numerous physical
assets, such as structures, cars, data centers, and machinery, can be protected using these
tactics.

The entire security plan of an organization should include physical security measures. They
can lessen vulnerabilities, fend against prospective attacks, and lessen the effects of security
events. Organizations may make sure they can function well and continue to offer their
clients necessary services by safeguarding their physical assets.

There are some physical security measures that can be employed to ensure the integrity of
organizational IT security.

Access Controls

Access controls entail limiting physical access to IT resources, including data centers, server
rooms, and network closets, to only authorized individuals. Smart cards, security cameras,
and biometric scanners are a few examples of access control technologies that may be used to
do this. Access restrictions are crucial to avoiding theft, sabotage, and physical harm to
hardware as well as illegal access to IT infrastructure.

Environmental controls

53
Yenusha Dilakshi NEG00130331 Security
Environmental controls are used to safeguard IT infrastructure from environmental dangers
including fire, floods, humidity, and temperature. These controls include environmental
monitoring systems, water detection sensors, and fire suppression systems. Environmental
controls are essential for ensuring that the IT infrastructure is not jeopardized by natural or
environmental disasters.

Physical barriers

Installing physical barriers, such as walls, fences, and gates, will help prevent unlawful entry
to the property. Security guards or security apparatus like cameras, alarms, and sensors can
be used to reinforce these barriers. Physical barriers guarantee that only authorized workers
may access the IT infrastructure, preventing unwanted intrusion.

2.4.2 Virtual Security Measure

Virtual security measures are ones that are used in software or at the network level to fend off
online dangers. The privacy, availability, and integrity of digital assets and data are protected
by these safeguards. Firewalls, intrusion detection and prevention systems, antivirus and anti-
malware software, data encryption, and user access controls are some instances of virtual
security measures.

Here are three virtual security measures that can be employed to ensure the integrity of
organizational IT security.

Encryption

Sensitive information is encoded using encryption to prevent unauthorized parties from

reading it. Even if it is intercepted by hackers or other nefarious actors, this security feature
guarantees that data transferred over the network remains private and secret.

Two-factor Authentication

By requesting two different forms of identification from users before granting access to the
network or certain apps, two-factor authentication (2FA) offers an extra layer of protection.
This might encompass both something the person is aware of (like a password) and
something they own (like a smart card or mobile device).

54
Yenusha Dilakshi NEG00130331 Security
Intrusion detection and prevention

Intrusion detection and prevention systems (IDPS) keep an eye on network traffic for any
indications of questionable behavior and can instantly deny access or issue alerts when
possible threats are found. In order to lessen the effects of any security breaches, these
solutions can assist businesses in recognizing and responding to cyberattacks in real-time.

Activity 03

P5 Discuss risk assessment procedures.

3.1. Risk Assessment

The process of finding, assessing, and evaluating possible risks that might have a negative
influence on the operations, assets, or people of an organization is known as risk assessment.
Identifying risks, evaluating their likelihood and possible effect, and developing ways to
reduce or manage those risks are the goals of risk assessment.

Identification of possible threats and vulnerabilities, evaluation of the likelihood and potential
impact of such threats, and assessment of the efficacy of current measures to reduce those
risks are all parts of the risk assessment process. Information is often gathered from a variety
of sources, such as past data, industry best practices, and professional opinions. The risk
assessment team may create an organization-wide risk profile based on this data, highlighting
the most important risks and their possible effects.

Any comprehensive risk management program must include risk assessment because it
enables organizations to identify and prioritize risks and more efficiently allocate resources to
reduce or manage those risks. Organizations may lessen the possibility and effect of
unfavorable occurrences, safeguard their assets and operations, and assure business continuity

55
Yenusha Dilakshi NEG00130331 Security
in the face of unforeseen events by recognizing possible risks and establishing methods to
manage them. (Cole, 2021)

Assessing risks relating to the hardware, software, and other elements of an organization's IT
infrastructure is part of this process.

 Hardware Risk Assessment

An organization's IT infrastructure uses hardware devices, and hardware risk assessment is
the process of identifying and assessing potential risks related to those equipment. This
evaluation is done to find risks like data breaches, system failures, and cyber-attacks that are
tied to the physical and technical characteristics of hardware. Identifying and reducing any
potential risks connected to hardware that might jeopardize the confidentiality, integrity, and
accessibility of a company's important data is the goal of hardware risk assessment.

Identification and analysis of hardware security features, including firewalls, routers,

switches, servers, storage devices, and endpoints, are part of hardware risk assessment. In
order to confirm that hardware configurations adhere to the organization's security standards
and needs, the evaluation also incorporates hardware configuration analysis. For instance, a
company may employ intrusion detection systems (IDS) to watch network traffic for
indications of intrusions or other unwanted activity. In this instance, the hardware risk
assessment would gauge how well the IDS was able to identify and stop security occurrences.

An organization's entire risk management plan must include a hardware risk assessment. It
assists in locating possible security holes in the hardware infrastructure of the company and
prioritizing the execution of necessary security measures to reduce risks. A business may
lessen the possibility of a hardware-related security breach and safeguard its crucial assets
from cyber threats by carrying out a thorough hardware risk assessment.

 Software Risk Assessment

The process of determining possible dangers that could be caused by software vulnerabilities,
flaws, or errors is known as software risk assessment. It entails assessing the possibility of

56
Yenusha Dilakshi NEG00130331 Security
these risks materializing as well as their possible effects on the software, system, and
organization as a whole.

Identification, prioritization, and development of a plan for risk mitigation are the major
objectives of software risk assessment. Several methods, including vulnerability scanning,
penetration testing, code review, and risk modeling, can be used to accomplish this.

Utilizing software tools to find and assess potential software vulnerabilities is known as
vulnerability scanning. In a more complex kind of testing called penetration testing, an
attacker attempts to utilize flaws in the software to obtain unauthorized access or do harm.
Examining the software code to find flaws or coding problems is known as code review. A
technique for evaluating risks based on likelihood and potential impact is risk modeling.

Software risk assessment is crucial because software flaws may result in major repercussions
including data loss, security breaches, and other issues. Organizations may lessen the chance
of security events and safeguard sensitive data by recognizing and managing risks.
Additionally, performing routine software risk assessments can assist businesses in
maintaining compliance with laws and industry standards.

P6 Explain data protection processes and regulations as applicable to an organization.

3.2 Data Protection

Data protection refers to the procedures and methods used to secure digital information from
loss, theft, corruption, and illegal access. It entails protecting data at every stage of its
existence, from creation to destruction, processing to storage. Data protection attempts to
guarantee the privacy, security, and availability of data as well as compliance with legal and
regulatory standards pertaining to such issues. Data protection measures might include rules
and processes for managing sensitive data, access restrictions, encryption, backups, disaster
recovery plans, and disaster recovery plans.

57
Yenusha Dilakshi NEG00130331 Security
3.2.1 Data protection act of 1998

The UK's Data Protection Act of 1998 is the legislation that controls how personal data is
handled. It lays forth guidelines that businesses must adhere to while gathering, preserving,
and using personal data about people. The legislation strives to safeguard people's rights to
privacy and protection in connection to their personal data. (Jordan & Avila, 2021)

o Why was the data protection act developed?

A framework for the protection of personal data in the UK was created with the help of the
Data Protection Act. It was passed in order to abide with the European Union Data Protection
Directive, which mandates that every EU member state have a thorough data protection
system in place.

The Act was created to safeguard people's rights regarding their personal data. Individuals
should be granted the right to see their personal data, to have any erroneous data updated, and
to object to the use of their data under specific conditions.

o Where can we see it in real world?

Any organization in the UK that handles personal data is subject to the Data Protection Act.
Businesses, governmental entities, charities, and other organizations are included in this. The
Information Commissioner's Office (ICO), which has the authority to conduct investigations
and pursue enforcement actions against entities that violate the laws, is responsible for
enforcing the act.

The following are some examples of real-world scenarios in which the Data Protection Act
may be applicable:

i. A bank that maintains the private data of its clients

ii. A shop online who keeps track of its consumers' personal information
iii. A healthcare practitioner who manages patients' personal data.

58
Yenusha Dilakshi NEG00130331 Security
 o How does the Act work?
The Data Protection Act lays out certain guidelines that businesses must adhere to while
processing personal data. These guidelines mandate that personal data be:

i. Fairly and legally processed

ii. Gathered for specific, definite, and legal objectives
iii. Sufficient, pertinent, and reasonable in relation to those objectives
iv. Up to date and accurate
v. Stored just as long as required
vi. Complied with data subjects' rights throughout processing
vii. Safeguarded by suitable organizational and technological measures
viii. Not exported without adequate protection from the European Economic Area (EEA)

Additionally, the Act grants people specific rights regarding their personal data. These consist
of the following:

i. Utilize their personal information

ii. Correcting erroneous data
iii. They object to specific uses of their data being made.
iv. In certain situations, have their data deleted
v. The right to data portability, or the capacity to transfer one controller's control over
one's data to another

o Who’s involved?
All companies that process personal data in the UK are subject to the Data Protection Act.
This comprises data processors (those who handle personal data on behalf of data controllers)
and data controllers (those who decide the purposes and means of processing personal data).

People can contribute to data protection as well. They have a right to know what personal
information about them is being processed, and in some cases, they have a right to object to
such processing. If they think their rights under the Act have been violated, they may also file
a complaint with the ICO.

59
Yenusha Dilakshi NEG00130331 Security
 o Data protection act of 1998 in EMC cyber
The Data Protection Act of 1998 must be followed in order for EMC Cyber, a business
dealing with sensitive data and information, to guarantee that the data of its clients is secured.
This implies that the business must make sure that it abides by the principles and regulations
outlined in the Act when it comes to the collection, processing, storage, and disposal of
personal data.

The Data Protection Act can serve as a foundation for EMC Cyber's information security
policies and practices, ensuring that they are compliant with the Act's obligations. To prevent
unwanted access to or loss of personal data, the organization can also put in place safeguards
including access limits, encryption, and frequent data backups.

The Act may also serve as a foundation for EMC Cyber's data protection training programs,
ensuring that all of its staff members are aware of the significance of safeguarding personal
data and the repercussions of not doing so. To guarantee compliance with the Act and
pinpoint areas for improvement, the business can also perform routine audits and reviews of
its data protection processes.

3.2.2 Computer Misuse Act of 1990

Unauthorized access to a computer system or the modification of data without authority are
both prohibited by the UK's Computer Misuse Act of 1990. The legislation was put up in an
effort to combat the rising incidence of computer-related crime and safeguard against the
misuse of computer systems and the data they contain. The legislation includes offenses
including hacking, viruses, and denial-of-service assaults and is applicable to everyone who
utilizes computer systems, whether for personal or professional reasons. (McCallion, 2019)

The law is divided into three sections, with Part 1 dealing with illegal access to computer
material, Part 2 dealing with unauthorized access with the aim to conduct or assist in a crime,
and Part 3 dealing with the development and dissemination of computer viruses. In

60
Yenusha Dilakshi NEG00130331 Security
accordance with the law, it is also unlawful to produce or distribute tools that can be used to
perpetrate computer crimes. (McCallion, 2019)

Law enforcement organizations are responsible for enforcing the Computer Misuse Act,
which carries harsh consequences for violations, such as fines and incarceration.
Cyberattacks and data breaches may cause firms to suffer serious financial and reputational
harm in addition to criminal fines. (McCallion, 2019)

In order to safeguard against the misuse of computer systems and guarantee the protection of
sensitive data, compliance with the Computer Misuse Act is crucial for companies like EMC
Cyber. To do this, it is necessary to put in place the right security safeguards, including
firewalls, intrusion detection systems, and access restrictions, in order to stop illegal access as
well as to identify and address any risks. Additionally, it entails making sure that staff
members have received training in secure computing procedures and are aware of their legal
obligations under the act.

3.2.3 General Data Protection Regulation

The European Union (EU) introduced the General Data Protection Regulation (GDPR),
sometimes known as the "GDPR," in May 2018. In order to guarantee that personal data is
gathered, processed, and kept in a way that is legitimate, transparent, and secure, the
legislation strives to protect the privacy and personal data of EU individuals.

As it deals with the private information of EU citizens, GDPR compliance is essential for
EMC Cyber. Any business that manages or processes the personal data of EU citizens must
comply with the regulation, regardless of where it is based. This applies to EMC Cyber and
its customers, who may have businesses or clientele in the EU.

To protect the personal data it manages, EMC Cyber must make sure that it has the
appropriate organizational and technical safeguards in place, such as encryption, access
restrictions, and data retention guidelines. A Data Protection Officer (DPO) must be
appointed by the business to monitor GDPR compliance, keep track of processing operations,
and carry out routine risk assessments.

61
Yenusha Dilakshi NEG00130331 Security
A breach of GDPR might lead to significant penalties, legal action, and reputational harm for
EMC Cyber. Therefore, it is crucial that the business abide by the GDPR requirements and
take the necessary precautions to protect the personal data of EU citizens as well as its
clients.

M3 Summaries the ISO 31000 risk management methodology and its application in IT
security.

3.3 Definition of ISO 31000

The International Organization for Standardization (ISO) created the risk management
standard known as ISO 31000 to offer a framework for managing risks in businesses of all
shapes and sizes. It offers a methodical strategy to identifying, evaluating, and managing
risks that may hinder an organization's capacity to accomplish its goals. The standard
underlines how crucial it is for risk management to be incorporated into an organization's
broader governance, management, and decision-making processes. (Posey, 2021)

3.3.1 ISO 31000 in EMC Cyber

In EMC Cyber, ISO 31000 can be used to IT security to help identify and manage risks that
could affect the privacy, accuracy, and accessibility of data and information systems. The risk
management process is organized and incorporates the following steps.

 Establishing the context: This entails defining the scope and goals of the risk
management process as well as the internal and external elements that may have an
impact on the organization's capacity to fulfill its objectives.
 Risk identification: The organization's information and information systems must be
evaluated for possible threats.
 Risk analysis: In order to assess the importance of detected risks, it is necessary to
consider their likelihood and possible effect.

62
Yenusha Dilakshi NEG00130331 Security
  Risk evaluation: To evaluate the amount of risk and to rank hazards for treatment, the
findings of the risk analysis are compared to predetermined risk criteria.
 Risk treatment: To minimize or eliminate risks, this entails choosing and putting into
practice proper risk management techniques.
 Risk monitoring and review: This entails regularly assessing and analyzing the
efficacy of risk management methods and making the appropriate adjustments.

M4 Discuss possible impacts to organizational security resulting from an IT security

audit.

3.4.1 Positive Impacts

1. Improved Security Posture: An organization's security posture may be improved by

filling up any vulnerabilities found by an IT security audit, which also serves as a road
map for doing so. The risk of security events and breaches can be decreased by
implementing the audit recommendations, which can result in a better security
posture.
2. Better Compliance: An IT security audit may determine if a company complies with
security laws and guidelines like HIPAA, GDPR, or PCI DSS. Organizations may
save money and protect their reputations by complying with regulations.
3. Enhanced Risk Management: Organizations may spend resources and put
mitigation strategies in place by using an IT security audit to help them identify and
prioritize threats. This may lead to a more proactive and successful approach to risk
management.
4. Increased Awareness: An IT security audit can increase employee understanding of
security threats, rules, and practices. Employees may become more watchful and

63
Yenusha Dilakshi NEG00130331 Security
 proactive in identifying and notifying security issues as a result, fostering a culture of
security awareness.
5. Improved Incident Response: An organization's incident response strategy may be
evaluated as part of an IT security audit, which can also help pinpoint opportunities
for improvement. A strong incident response strategy may lessen the effects of
security events, cutting downtime and expenses.

Examples from real world

o During an IT security examination that Target carried out in 2013, flaws in its
payment systems were found. By addressing these vulnerabilities, the significant data
breach that took place later that year would have been avoided.
o Atlanta's city government performed an IT security audit in 2017 and used the
findings to strengthen its security posture. As a result, the city was able to recover
from a ransomware assault that took place in 2018 more rapidly.

3.4.2 Negative Impacts

1. Disruption to normal operations: IT security audits frequently demand substantial

resources and might interfere with daily company activities, which may affect the
organization's output and capacity to fulfill deadlines.
2. False sense of security: After an IT security audit, some companies could feel
overconfident and believe that all of the problems have been resolved and that they
are adequately secured. Although they may feel secure, there may still be weaknesses,
and this could leave them open to attack.
3. Exposure of sensitive information: Sensitive information may be viewed and shared
with outside auditors during an IT security audit, which might put the business at
danger if it is handled improperly or is hacked.

64
Yenusha Dilakshi NEG00130331 Security
 4. Uncovering of previously unknown vulnerabilities: When conducting an audit, it
may become apparent that there are security flaws or vulnerabilities that were not
previously known. If these flaws are not fixed right away, they could be used by
hackers.
5. Cost implication: The cost of employing external auditors or consultants, as well as
the cost of putting the required security measures into place to address detected
vulnerabilities, might be high depending on the extent and complexity of the IT
security audit.

Examples from Real world

o The U.S. Office of Personnel Management carried out an IT security audit in 2015
that exposed serious flaws in its systems. Millions of federal workers and contractors'
sensitive personal information was later stolen by hackers who took advantage of
these weaknesses.
o Capital One carried out an IT security audit in 2019 that exposed a firewall
vulnerability. Later on, hackers used this flaw to obtain the personal data of over 100
million clients.

D2 Consider how IT security can be aligned with organizational policy, detailing the
security impact of any misalignment.

3.5. Security policy misalignments

Inconsistencies between an organization's claimed security policies and its actual security
practices are known as security policy misalignment. In other words, the organization's
assets, such as data, hardware, and software, may be at risk because security rules are not
being followed or properly executed. This mismatch may result from a failure to comprehend
the policies, from insufficient training, or from willful non-compliance.

65
Yenusha Dilakshi NEG00130331 Security
3.5.1 Implication of Security policy misalignment considering EMC cyber

 Firewall
Certain types of traffic could not be adequately filtered or prevented if the security policy and
firewall settings are out of sync, leaving the network open to assaults. For instance, if the
firewall rule set does not match the security policy's need to prohibit all incoming traffic from
a certain country, then attackers from that country may be able to enter the network without
authorization.

 Password Management
Weak passwords that are simple to guess or crack by attackers might be used if the security
policy and password management procedures are not in sync. If, for instance, users are not
obliged to abide by the security policy's requirements that passwords be at least 8 characters
long and contain a combination of upper- and lower-case letters, digits, and symbols, then
their passwords could be open to attack.

 Physical Security
Unauthorized access to sensitive areas or equipment may occur as a result of a mismatch
between the security policy and physical security measures. An attacker could be able to
physically access the servers and steal or destroy data, for instance, if the security policy
stipulates that all servers must be kept in a secured room with limited access but the server
room door is routinely left unlocked or the lock is simple to defeat.

 Incident Response
Responses to security issues may be delayed or ineffective if the security policy and incident
response processes are not aligned. For instance, if workers are unaware of the security
policies mandate that all security events be reported to the security team within 24 hours or

66
Yenusha Dilakshi NEG00130331 Security
are unsure of how to do so, incidents may go unreported or may be reported too late to stop
additional harm.

 Data Backup and Recovery

A misalignment between the security policy and data backup and recovery practices might
result in data loss or downtime. For example, if the security policy demands that all data be
backed up daily, but backups are not really made or are not verified routinely, then data may
be lost in the case of a system failure or disaster.

 Employee Training
Employees may not be aware of or comprehend security threats and recommended practices
if there is a misalignment between the security policy and employee training. For instance, if
the security policy requires that all workers complete annual security training, but some
employees choose not to attend or do not take the training seriously, they may be more
vulnerable to phishing scams or other social engineering assaults.

[Space left intentionally]

67
Yenusha Dilakshi NEG00130331 Security
Activity 04

P7 Design and implement a security policy for an organization.

4.1 Information Security Policy

A detailed statement of an organization's strategy for safeguarding its information assets is

found in an information security policy. It acts as a guide for adopting security controls,
practices, and regulations to protect sensitive data from unauthorized access, alteration, or
destruction. Data categorization, access control, incident response, and adherence to pertinent
laws and regulations are just a few of the information security-related topics covered by the
policy. It sets the basis for a proactive and unified approach to information security
throughout the company and offers a framework for guaranteeing the confidentiality,
integrity, and availability of information.

4.1.1 Purpose of an Information Security Policy

An information security policy's main goal is to make all stakeholders aware of the
organization's expectations and needs for safeguarding its information assets. It gives
multiple Purposes:

o Risk Management
The policy aids in the organization's identification, evaluation, and management of
information security threats. It offers a methodical technique for finding weaknesses and
putting in place suitable controls to reduce risks. The policy guarantees that risks are
adequately addressed and lowers the possibility of security incidents or breaches by
specifying risk management methods and responsibilities.

68
Yenusha Dilakshi NEG00130331 Security
 o Compliance and Legal Obligation
The policy guarantees that the firm complies with pertinent information security laws,
regulations, and industry standards. It highlights the organization's commitment to
safeguarding confidential information and makes sure that security precautions comply with
applicable laws. The organization's reputation as a reliable institution is maintained and legal
and regulatory consequences are avoided by adhering to the policy.

o Employee Awareness and Responsibilities

Employees are encouraged to adopt a security-conscious culture thanks to the policy. It
explains their roles in safeguarding information assets and offers instructions for their daily
tasks. The policy fosters adherence to best practices and security standards by setting clear
expectations for employees and helping them appreciate the significance of information
security.

o Incident Response and Recovery

The policy outlines how to deal with and recover from security incidents. It describes the
duties held by those involved in incident response, including reporting protocols, incident
investigations, and recovery methods. The firm is able to reduce the effects of security events
because of the policy's organized approach, which also makes it easier to respond quickly and
effectively.

o Consistency and Standardization

The policy encourages consistency in the use of security controls and processes throughout
the company. It creates a uniform set of rules and procedures that each employee must adhere
to, ensuring that information security protections are constantly used. This promotes a
uniform and coordinated approach to information security, lowering the possibility of
inconsistencies or gaps in security practices and facilitating a prompt and efficient response.

69
Yenusha Dilakshi NEG00130331 Security
 [Space left intentionally]

4.1.2 Information Security Policy for EMC cyber

70
Yenusha Dilakshi NEG00130331 Security
Figure 10 Security Policy
Source (Author’s work)

71
Yenusha Dilakshi NEG00130331 Security
Figure 11 Security Policy
Source (Author’s work)

72
Yenusha Dilakshi NEG00130331 Security
Figure 12 Security Policy
Source (Author’s work)

73
Yenusha Dilakshi NEG00130331 Security
 74
Yenusha Dilakshi NEG00130331 Security
 75
Yenusha Dilakshi NEG00130331 Security
Figure 13 Security Policy
Source (Author’s work)
P8 List the main components of an organizational disaster recovery plan, justifying the
reasons for inclusion

4.2 Disaster Recovery Plan

A disaster recovery plan is a thorough and organized framework that specifies the
approaches, steps, and tools required for a company to recover and restore its vital IT
infrastructure, systems, and data in the case of an unfavorable incidence or catastrophe.

The focus on IT infrastructure and data recovery, as well as the need of having established
predetermined plans and procedures, are highlighted as major components of a DRP in this
definition. Furthermore, it emphasizes how a DRP is made to deal with any disruptive
occurrence that can have an effect on an organization's operations rather than only certain
kinds of catastrophes. (Brush & Crocetti, 2022)

4.2.1 The Goals of Disaster Recovery Plan

 Minimize Downtime
A DRP's main objective is to reduce downtime and interruptions to crucial company activities
in the event of a disaster or disruptive occurrence. Organizations may lessen the financial and
operational effects of extended downtime by having a well-defined strategy in place that
allows them to swiftly restore their systems and resume normal operations.

 Ensure Business Continuity

A DRP strives to maintain crucial company activities, services, and functions both during and
after a disaster. It focuses on identifying and prioritizing crucial assets, systems, and data to
guarantee their accessibility and performance, enabling the organization to keep providing
services to consumers, fulfilling commitments, and sustaining productivity.

 Protect Data and Assets

76
Yenusha Dilakshi NEG00130331 Security
Protecting the organization's data, information assets, and intellectual property is another goal
of a DRP. To avoid data loss, illegal access, or compromise during a catastrophe, the strategy
includes methods to back up and restore data, establish suitable security controls, and
preserve important assets.

 Mitigate Risks
A DRP identifies possible dangers and weak spots that might cause disasters and offers
methods to reduce such dangers. Organizations may lessen the likelihood and effect of
catastrophes, increasing overall resilience, by identifying and putting into place preventative
measures, performing risk assessments, and developing response protocols.

 Ensure Compliance
A DRP ensures the firm stays compliant even in the face of a disaster by taking into
consideration pertinent laws, regulations, and industry standards. In addition to addressing
any legal or regulatory requirements during the recovery process, it also contains safeguards
for ensuring data privacy, safeguarding customer information, and maintaining
confidentiality.

4.2.2 Presentation of Disaster Recovery Plan for EMC cyber

77
Yenusha Dilakshi NEG00130331 Security
Figure 14 Disaster Recovery Plan
Source (Author’s work)

Figure 15 Disaster Recovery Plan

Source (Author’s work)

78
Yenusha Dilakshi NEG00130331 Security
Figure 16 Disaster Recovery Plan
Source (Author’s work)

Figure 17 Disaster Recovery Plan

Source (Author’s work)

79
Yenusha Dilakshi NEG00130331 Security
Figure 18 Disaster Recovery Plan
Source (Author’s work)

Figure 19 Disaster Recovery Plan

Source (Author’s work)

80
Yenusha Dilakshi NEG00130331 Security
Figure 20 Disaster Recovery Plan
Source (Author’s work)

Figure 21 Disaster Recovery Plan

81
Yenusha Dilakshi NEG00130331 Security
Source (Author’s work)

Figure 22 Disaster Recovery Plan

Source (Author’s work)

82
Yenusha Dilakshi NEG00130331 Security
Figure 23 Disaster Recovery Plan
Source (Author’s work)

Figure 24 Disaster Recovery Plan

Source (Author’s work)

83
Yenusha Dilakshi NEG00130331 Security
M5 Discuss the roles of stakeholders in the organization to implement security audit
recommendations.

4.3 Definition of stakeholders

Stakeholders are individuals, groups, or other entities who have a direct or indirect interest in
a certain project, organization, or effort. They are those who are affected, either directly or
indirectly, by the entity in question's choices, deeds, and results. Special Justification: Think
of a big puzzle with several connecting pieces. Each piece symbolizes a stakeholder, a person
who is interested in the solution to the puzzle. These stakeholders may be internal, such as the
staff and management, or external, such as clients, vendors, shareholders, and the general
public. They could hold different opinions, expectations, and interests that might influence
and affect the organization's plans, policies, and activities. Similar to how a jigsaw needs all
the parts to form a whole image, companies need on the engagement and support of their
stakeholders to flourish and succeed. Stakeholders can offer insightful opinions, resources,
knowledge, and support, but they can also present hazards and difficulties if their wants and
issues are not effectively addressed. Therefore, recognizing, including, and managing
stakeholders is crucial for efficient decision-making, teamwork, and an organization's long-
term viability.

4.3.1 Roles of stakeholders

Internal Stakeholders

Internal stakeholders are people or groups who are directly involved with and engaged in the
activities, goals, and outcomes. They actively participate in both the daily operations and
decision-making processes. Consider internal stakeholders as the heart of the company. They
are the staff members, supervisors, and executives who collaborate to achieve shared goals
while utilizing their resources, talents, and knowledge to fuel the growth of the company.
Different roles are assumed by internal stakeholders, such as:

84
Yenusha Dilakshi NEG00130331 Security
  Employees: They serve as the foundation of the company, carrying out
responsibilities, offering knowledge and skills, and achieving the goals set forth by
the company. With unique tasks and contributions, they could work in several
departments or roles.
 Managers and Executives: For the organization, they provide leadership, direction,
and advice. They create objectives, distribute resources, and evaluate performance in
addition to making strategic decisions. Their contribution is essential to making sure
the company runs smoothly and successfully.
 Board of Directors: They check on how the organization works, making sure that it
abides by the law and moral principles. Board members bring a variety of
perspectives, talents, and experiences to the table, and it is their responsibility to
oversee operations, make critical choices, and protect the organization's interests.

External Stakeholders

External stakeholders are people or organizations outside the organization that are interested
in or have influence over its operations and outcomes. Although they are not actively
involved in day-to-day operations, they can have a big effect on the organization's
performance. They are people and groups who are affected by or have the potential to be
affected by the organization's activities and decisions. External Stakeholders could involve:

 Customers: They are the people who get the products or services provided by the
organization. The success of the company depends on their contentment and loyalty.
Customers offer input, fuel demand, and have an impact on an organization's
reputation.
 Suppliers: They give the business the necessary products, services, or resources it
needs to run. A trustworthy supply chain, high-quality goods or services, and
attractive terms are all guaranteed by developing strong connections with suppliers.

85
Yenusha Dilakshi NEG00130331 Security
  Investors: They are people or organizations that have made financial contributions to
the organization. Shareholders are interested in the organization's long-term success
and financial performance as well as a return on their investment.
 Government and Regular Bodies: They create the rules, laws, and criteria that
organizations must follow. Governmental bodies maintain and enforce compliance,
making sure the company works within the law and adheres to industry-specific
standards.
 Community and Society: The organization functions in a broader social environment
and may have an effect on the neighborhood or society as a whole. Positive
connections and a good reputation are fostered through comprehending and resolving
the needs and concerns of the community.

4.3.2 Security audit recommendations for stakeholders.

Top Management

 Create a vision and plan for the organization's use of cybersecurity that is strong and
unambiguous.
 Give cybersecurity efforts the money and resources they need.
 Make sure cybersecurity is considered during decision-making and the entire
company plan.
 Promote a security-awareness culture across the whole business to set a tone of
leadership and accountability.
 Keep your risk management frameworks, cybersecurity rules, and processes up to
date.
 To carry out recurring security audits and assessments, consult with outside
professionals.
 Utilize industry conferences and information sharing networks to stay up to date on
new cybersecurity risks, trends, and best practices.

86
Yenusha Dilakshi NEG00130331 Security
Middle Management

 Provide their particular teams with concrete goals and objectives that reflect the
organization's vision for cybersecurity.
 Make certain that staff members have access to sufficient tools and training to carry
out their cybersecurity duties.
 Cybersecurity policies, processes, and legal requirements are monitored and enforced.
 Limit illegal access to sensitive information by putting in place efficient access
controls and privilege management systems.
 Encourage staff to swiftly report security concerns or events by fostering a culture of
open communication and reporting.
 Conduct routine security awareness training for the staff they are in charge of.
 Develop incident response strategies in conjunction with senior management, then
verify their viability through tabletop exercises.

Operational Management

 Establish and maintain reliable authentication and authorization procedures for system
and data access.
 Review and update security configurations and patch management procedures on a
regular basis.
 To detect and quickly respond to security events, monitor and analyze security logs
and alerts.
 To find and fix possible system and network problems, conduct frequent vulnerability
assessments and penetration tests.
 To reduce the possibility of application vulnerabilities, make sure secure development
standards are followed and do code reviews.
 Put in place and enforce secure data management and disposal protocols.
 Employees should get continuing instruction and assistance on security best practices
relevant to their operational tasks.

87
Yenusha Dilakshi NEG00130331 Security
D3 Evaluate the suitability of the tools used in an organizational policy.

4.1 Tools and Techniques

4.4.1 Biometrics

Biometrics is a technology that authenticates and verifies people's identities by using

distinctive physical or behavioral traits like fingerprints, face recognition software, or iris
patterns. Due to the difficulty in replicating or forging these qualities, it offers a high level of
security. Organizations that need strict access control and want to be sure that only authorized
users may access critical systems or data should use biometric solutions. However, issues
including the organization's particular objectives, the scalability and dependability of the
technology, and the possible influence on user privacy all play a role in how suitable
biometric solutions are.

4.4.2 MFA (Multi-Factor Authentication)

Users must present various forms of identity in order to access systems or data when using
multi-factor authentication as a security mechanism. It usually combines two or more
elements, such as a password, a smart card or token, or a user's physical characteristics
(biometrics). MFA improves security by introducing a second line of defense in addition to a
password. It is appropriate for businesses looking to improve their authentication procedures
and lower the danger of illegal access. The applicability of MFA technologies is dependent
on elements including the organization's risk appetite, the sensitiveness of the data being
secured, and the user experience. Choosing MFA solutions that are user-friendly,
manageable, and interoperable with the organization's current systems is crucial.

4.4.3 Security Information and Event Management (SIEM)

To identify and address security vulnerabilities, SIEM technologies gather and examine
security event data from several sources, including network devices, servers, and apps. To
find possible security dangers and abnormalities, they offer real-time monitoring, correlation,

88
Yenusha Dilakshi NEG00130331 Security
and analysis of log data. SIEM products are appropriate for businesses that need consolidated
visibility into their security posture as well as the ability to quickly identify and address
security problems. The effectiveness of SIEM solutions depends on a number of variables,
including the size of the business, the complexity of its IT infrastructure, and the availability
of qualified staff to handle and analyze the alerts and reports generated.

4.4.4 Vulnerability Assessment and Penetration Testing (VAPT)

The IT systems and infrastructure of a company are examined and evaluated for
vulnerabilities using VAPT technologies. Tools for vulnerability assessment scan systems for
recognized vulnerabilities and produce a report outlining the flaws that require attention.
Tools for penetration testing imitate actual assaults in order to evaluate the efficiency of
security measures and find potential points of entry for hostile actors. VAPT products are
appropriate for businesses that wish to proactively find and fix security flaws. The usefulness
of VAPT technologies depends on elements including the organization's risk tolerance, the
complexity of its IT infrastructure, and the accessibility of qualified personnel to conduct and
understand the evaluations and tests.

4.4.5 Endpoint Protection

Endpoint security products are made to safeguard specific devices, including laptops, desktop
computers, and mobile phones, from a variety of dangers, such as malware, ransomware, and
illegal access. These products include capabilities including firewall protection, intrusion
detection, antivirus protection, and data loss prevention. Endpoint protection is appropriate
for businesses that wish to guarantee uniform security across all endpoints and have a
significant number of devices connected to their networks. The effectiveness of endpoint
protection products is based on a variety of variables, including the organization's device
landscape, the solution's scalability, and its compatibility with various operating systems and
device types.

89
Yenusha Dilakshi NEG00130331 Security
 [Space left intentionally]

References
Walkowski, D. (2019) What is the CIA triad?, F5 Labs. Available at:
https://www.f5.com/labs/learning-center/what-is-the-cia-triad (Accessed: 02 May 2023).

Ginni (2022) What are the physical threats in information security, What are the Physical
Threats in Information Security. Available at: https://www.tutorialspoint.com/what-are-the-
physical-threats-in-information-security (Accessed: 20 May 2023).

Thomas, M. (2020) What are the benefits of VPN? how vpns protect you , bluehostblog .
Available at: https://www.bluehost.com/blog/staying-protected-will-a-vpn-make-you-more-
secure-online/?irpid=101 (Accessed: 20 May 2023).

90
Yenusha Dilakshi NEG00130331 Security
Yasar, K. and Lutkevich, B. (2023) What is a firewall and why do I need one?: Definition
from TechTarget, Security. Available at:
https://www.techtarget.com/searchsecurity/definition/firewall (Accessed: 15 May 2023).

Slattery, T. and Gillis, A.S. (2022) What is network monitoring?, Networking. Available at:
https://www.techtarget.com/searchnetworking/definition/network-
monitoring#:~:text=Network%20monitoring%20collects%20and%20reports,a%20variety
%20of%20network%20problems. (Accessed: 15 May 2023).

Cole, B. (2021) What is a risk assessment? - definition from whatis.com, Security. Available
at: https://www.techtarget.com/searchsecurity/definition/risk-assessment (Accessed: 19 May
2023).

reddy, kushwanth (2021) Rise of ransomware attacks during covid-19 pandemic,

GeeksforGeeks. Available at: https://www.geeksforgeeks.org/rise-of-ransomware-attacks-
during-covid-19-pandemic/ (Accessed: 14 May 2023).

Gaines, C. (2022) Biggest phishing scams of 2021 [ + how to avoid], Managed IT Services,
Copiers, Telephony. Available at: https://www.soscanhelp.com/blog/top-phishing-scams-of-
2021 (Accessed: 13 May 2023).

Mitchell, A. (2019) How does a VPN work?, Security Boulevard. Available at:
https://securityboulevard.com/2019/03/how-does-a-vpn-work/ (Accessed: 20 May 2023).

91
Yenusha Dilakshi NEG00130331 Security
Jordan , L. and Avila, S. (2021) Data protection act 1998 overview, BCS. Available at:
https://www.bcs.org/articles-opinion-and-research/data-protection-act-1998-overview/
(Accessed: 21 May 2023).

McCallion, J. (2019) What is the computer misuse act?, ITPro. Available at:
https://www.itpro.com/it-legislation/28174/what-is-the-computer-misuse-act (Accessed: 21
May 2023).

Posey, B. (2021) What is the ISO 31000 risk management standard?, Security. Available at:
https://www.techtarget.com/searchsecurity/definition/ISO-31000-Risk-Management
(Accessed: 23 May 2023).

Brush, K. and Crocetti, P. (2022) What is a disaster recovery plan (DRP) and how do you
write one?, Disaster Recovery. Available at:
https://www.techtarget.com/searchdisasterrecovery/definition/disaster-recovery-plan
(Accessed: 25 May 2023).

92
Yenusha Dilakshi NEG00130331 Security
Yenusha Dilakshi NEG00130331 Security
93