Download IT Security Assessment: Risks, Solutions, and Best Practices - Prof. Pantheris and more Study notes Network Technologies and TCP/IP in PDF only on Docsity!
Higher National Certificate/Diploma in Computing
Assignment Brief (RQF)
Learner Declaration
I certify that the work submitted for this assignment is my own and research sources are fully
acknowledged.
Student Signature: Date:………………………..
Student Name/ID Number: Dayan Sankalpa / MG
Unit Number and Title: 5 – Security
Academic Year: 2020
Unit Assessor: Samudika^ De^ Silva
Assignment Title: Security Policy Guide
Issue Date: 21 stAugust 2020
Submission Date: 22 ndSeptember 2020
Internal Verifier Name: Gajhanan V.
Date: 3/9/
Assignment Brief (RQF)
Assignment Feedback
Formative Feedback: Assessor to Student
Action Plan
Summative feedback
Feedback: Student to Assessor
Assessor Signature Date
Student Signature Date
Assignment Brief (RQF)
Task 1
Create a presentation on Security legislation, technology solutions and the management associated with operating effective IT security procedures.
A review of different security technologies supported with the tools and software
used to develop effective IT security practice in an organisation.
Task 2
In preparation for this task you will prepare a report considering:
The security risks faced by the company.
How data protection regulations and ISO risk management standards apply to IT security.
The potential impact that an IT security audit might have on the security of the organisation.
The responsibilities of students and staff in relation to security.
Task 3
Following your report, you will now design a security policy, while considering the components to be included and a justification for their inclusion.
Task 4
In addition to your security policy, you will evaluate the proposed tools used within the policy and how they align with IT security.
Assignment Brief (RQF)
Learning Outcomes and Assessment Criteria
Pass Merit Distinction
LO1 Assess risks to IT security
D1 Evaluate a minimum of three of physical and virtual security measures that can be employed to ensure the integrity of organisational IT security.
P1 Identify types of security risks to organisations.
P2 Describe organisational security procedures
M1 Propose a method to assess and treat IT security risks.
LO2 Describe IT security solutions
P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and third party VPNs.
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security.
M2 Discuss three benefits to implement network monitoring systems with supporting reasons.
LO3 Review mechanisms to control organisational IT security
D2 Consider how IT security can be aligned with organisational policy, detailing the security impact of any misalignment.
P5 Discuss risk assessment procedures.
P6 Explain data protection processes and regulations as applicable to an organisation.
M3 Summarise the ISO 31000 risk management methodology and its application in IT security.
M4 - Discuss possible impacts to organisational security resulting from an IT security audit.
LO4 Manage organisational security.
D3 - Evaluate the suitability of the tools used in an organisational policy.
P7 - Design and implement a security policy for an organisation.
P8 - List the main components of an organisational disaster recovery plan, justifying the reasons for inclusion.
M5 - Discuss the roles of stakeholders in the organisation to implement security audit recommendations.
Table of Figures
Figure 1: The risk management process ............................................................................................... 17
- Task
- Task
- 1.0 Top security threats can impact your company’s growth
- 2.0 ISO risk management standards apply to IT security
- 2.1 Who was ISO 31000 developed by?
- 2.2 What are the benefits of ISO 31000?
- 2.3 How does it work?
- 2.4 The risk management process
- 3.0 IT Security Audit
- 3.1 What is an IT Security Audit?
- 3.2 benefits of running security audits.
- 4.0 The responsibilities of students and staff in relation to security.
- Task
- Task
- 4.1 Connecting Devices to the Network
- 4.2 Penalty for Security Violation
- 4.3 monitoring use of computer systems
- 4.4 Access Control
- References
- Task
Task 2
1.0 Top security threats can impact your company’s growth
Vulnerabilities in your company’s infrastructure will compromise each of your current monetary state of affairs and endanger its future. Firms everyplace are trying into potential solutions to their security problems, because the international State of data Security® Survey 2017 reveals.
The integration looks to be the target that CSOs and CIOs are try towards. Obtaining all the ducks during a row may paint a clearer image in terms of security risks and vulnerabilities – which is, indeed, a must-have. Thus amid this turbulent context, firms urgently got to incorporate cybersecurity measures as a key quality. It’s not near to the school, it’s regarding business continuity. If you're involved together with your company’s safety, there are solutions to keeping your assets secure. The primary step is to acknowledge the prevailing cybersecurity risks that expose your organization to malicious hackers.
1.1 Not understanding what generates corporate cyber security risks
Companies typically fail to know “their vulnerability to attack, the worth of their important assets, and also the profile or sophistication of potential attackers”. This issue came up at the 2015 World Economic Forum and it'll in all probability still be relevant for a couple of additional years. Security risks aren't invariably obvious. The classes below will give some steerage for a deliberate effort to map and conceive to mitigate them within the future.
1.2 Lack of a cyber-security policy
Security standards are a requirement for any company that will business today and needs to thrive at it. Cyber criminals aren’t solely targeting firms within the finance or school sectors. They’re threatening every single company out there. The increasing frequency of high-profile security breaches has created C-level management a lot of alerts to the matter.
This can be a very important step, however one among several. External attacks are frequent and therefore the money prices of external attacks are important. The 505 enterprises and money establishments surveyed fully-fledged a median of over one cyber-attack every month and spent a median of just about $3.5 million annually to alter attacks.
1.3 No information security training
Employee coaching and awareness are vital to your company’s safety. In fact, five hundredth of corporations believes security coaching for each new and current worker may be a priority, in keeping with Dell’s protective of the organization against the unknown – a brand new generation of threats. The specialists’ recommendation is to require a fast look into the foremost common file varieties that cyber attackers use to penetrate your system.
