Higher Nationals

Internal verification of assessment decisions – BTEC (RQF)

INTERNAL VERIFICATION – ASSESSMENT DECISIONS
Programme title BTEC Higher National Diploma in Computing

Assessor Internal Verifier

Unit 05: Security
Unit(s)
EMC Cloud Solutions
Assignment title

Student’s name
List which assessment Pass Merit Distinction
criteria the Assessor has
awarded.
INTERNAL VERIFIER CHECKLIST

Do the assessment criteria awarded match

those shown in the assignment brief? Y/N

Is the Pass/Merit/Distinction grade awarded

justified by the assessor’s comments on the Y/N
student work?
Has the work been assessed
Y/N
accurately?
Is the feedback to the student:
Give details:

• Constructive?
Y/N
• Linked to relevant assessment
criteria? Y/N

• Identifying opportunities for

improved performance? Y/N

• Agreeing actions? Y/N

Does the assessment decision need

Y/N
amending?
Assessor signature Date

Internal Verifier signature Date

Programme Leader signature(if
Date
required)
 Confirm action completed
Remedial action taken

Give details:

Assessor signature Date

Internal Verifier
Date
signature
Programme Leader
Date
signature (if required)
Higher Nationals - Summative Assignment Feedback Form
Student Name/ID
Unit Title Unit 05: Security

Assignment Number 1 Assessor

Date Received 1st
Submission Date
submission
Date Received 2nd
Re-submission Date
submission
Assessor Feedback:

LO1. Assess risks to IT security

Pass, Merit & Distinction P1 P2 M1 D1

Descripts
LO2. Describe IT security solutions.

Pass, Merit & Distinction P3 P4 M2 D1

Descripts

LO3. Review mechanisms to control organisational IT security.

Pass, Merit & Distinction P5 P6 M3 M4 D2
Descripts

LO4. Manage organisational security.

Pass, Merit & Distinction P7 P8 M5 D3
Descripts

Grade: Assessor Signature: Date:

Resubmission Feedback:

Grade: Assessor Signature: Date:

Internal Verifier’s Comments:

Signature & Date:

* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and grades decisions have
been agreed at the assessment board.
Pearson
Higher Nationals in
Computing
Unit 5 : Security
General Guidelines
1. A Cover page or title page – You should always attach a title page to your assignment. Use previous page as
your cover sheet and be sure to fill the details correctly.
2. This entire brief should be attached in first before you start answering.
3. All the assignments should prepare using word processing software.
4. All the assignments should print in A4 sized paper, and make sure to only use one side printing.
5. Allow 1” margin on each side of the paper. But on the left side you will need to leave room for binging.

Word Processing Rules

1. Use a font type that will make easy for your examiner to read. The font size should be 12 point, and should be
in the style of Time New Roman.
2. Use 1.5 line word-processing. Left justify all paragraphs.
3. Ensure that all headings are consistent in terms of size and font style.
4. Use footer function on the word processor to insert Your Name, Subject, Assignment No, and Page Number
on each page. This is useful if individual sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to help edit your assignment.

Important Points:
1. Check carefully the hand in date and the instructions given with the assignment. Late submissions will not be
accepted.
2. Ensure that you give yourself enough time to complete the assignment by the due date.
3. Don’t leave things such as printing to the last minute – excuses of this nature will not be accepted for failure
to hand in the work on time.
4. You must take responsibility for managing your own time effectively.
5. If you are unable to hand in your assignment on time and have valid reasons such as illness, you may apply (in
writing) for an extension.
6. Failure to achieve at least a PASS grade will result in a REFERRAL grade being given.
7. Non-submission of work without valid reasons will lead to an automatic REFERRAL. You will then be asked to
complete an alternative assignment.
8. Take great care that if you use other people’s work or ideas in your assignment, you properly reference them,
using the HARVARD referencing system, in you text and any bibliography, otherwise you may be guilty of
plagiarism.
9. If you are caught plagiarising you could have your grade reduced to A REFERRAL or at worst you could be
excluded from the course.
Student Declaration

I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as my own
without attributing the sources in the correct way. I further understand what it means to copy another’s work.

1. I know that plagiarism is a punishable offence because it constitutes theft.

2. I understand the plagiarism and copying policy of the Edexcel UK.
3. I know what the consequences will be if I plagiaries or copy another’s work in any of the assignments for this
program.
4. I declare therefore that all work presented by me for every aspects of my program, will be my own, and where
I have made use of another’s work, I will attribute the source in the correct way.
5. I acknowledge that the attachment of this document signed or not, constitutes a binding agreement between
myself and Edexcel UK.
6. I understand that my assignment will not be considered as submitted if this document is not attached to the
attached.

Student’s Signature: Date:

(Provide E-mail ID) (Provide Submission Date)
Assignment Brief
Student Name /ID Number

Unit Number and Title Unit 5- Security

Academic Year 2017/2018

Unit Tutor

Assignment Title EMC Cloud Solutions

Issue Date

Submission Date

IV Name & Date

Submission Format:

The submission is in the form of an individual written report. This should be written in a concise, formal
business style using single spacing and font size 12. You are required to make use of headings, paragraphs
and subsections as appropriate, and all work must be supported with research and referenced using the
Harvard referencing system. Please also provide an end list of references using the Harvard referencing
system.

Unit Learning Outcomes:

LO1 Assess risks to IT security.

LO2 Describe IT security solutions.
LO3 Review mechanisms to control organisational IT security.
LO4 Manage organisational security.
Assignment Brief and Guidance:

EMC Cloud Solutions is reputed as the nation’s most reliable Cloud solution provider in Sri Lanka.
A number of high profile businesses in Sri Lanka including Esoft Metro Camps network, SME Bank Sri
Lanka and WEEFM are facilitated by EMC Cloud Solutions. EMC Cloud provides nearly 500 of its
customers with SaaS, PaaS & IaaS solutions with high capacity compute and storage options. Also EMC
is a selected contractor for Sri Lanka, The Ministry of Defense for hosting government and defense
systems.

EMC’s central data center facility is located at Colombo Sri Lanka along with its corporate head-office in
Bambalapitiya. Their premises at Bambalapitiya is a six story building with the 1st floor dedicated to sales
and customer services equipped with public wifi facility. Second-floor hosts HR, Finance and Training &
Development departments and the third-floor hosts boardroom and offices for senior executives along
with the IT and Data center department. Floor 4,5,6 hosts computer servers which make up the data
center.

With the rapid growth of information technology in Kandy area in recent years, EMC seeks opportunity to
extend its services to Kandy, Sri Lanka. As of yet, the organization still considers the nature of such
extension with what to implement, where is the suitable location and other essential options such as
security are actually being discussed.

You are hired by the management of EMC Solutions as a Security Expert to evaluate the security-related
specifics of its present system and provide recommendations on security and reliability related
improvements of its present system as well as to plan the establishment of the extension on a solid
security foundation.
Activity 01
Assuming the role of External Security Consultant, you need to compile a report focusing on following
elements to the board of EMC Cloud Solutions;
1.1 Identify types of security risks EMC Cloud is subject to, in its present setup and the impact, such
issues would create on the business itself.

1.2 Develop and describe security procedures for EMC Cloud to minimize the impact of issues discussed
in section (1.1) by assessing and treating the risks.

Activity 02
2.1 Discuss how EMC Cloud and its clients will be impacted by improper/ incorrect configurations which
are applicable to firewalls and VPN solutions.

2.2 Explain how following technologies would benefit EMC Cloud and its Clients by facilitating a
‘trusted network’. (Support your answer with suitable illustrations).
i) DMZ
ii) Static IP
iii)NAT
2.3 Discuss the benefits of implementing network monitoring systems.

Activity 03
3.1 Formulate a suitable risk assessment procedure for EMC Cloud solutions to safeguard itself and its
clients.

3.2 Explain the mandatory data protection laws and procedures which will be applied to data storage
solutions provided by EMC Cloud. You may also highlight on ISO 3100 risk management methodology.

3.3 Comment on the topic, ‘IT Security & Organizational Policy’

Activity 04
4.1 Develop a security policy for EMC Cloud to minimize exploitations and misuses while evaluating
the suitability of the tools used in an organizational policy.

4.2 Develop and present a disaster recovery plan for EMC Cloud for its all venues to ensure maximum
uptime for its customers (Student should produce a PowerPoint-based presentation which illustrates the
recovery plan within 15 minutes of time including justifications and reasons for decisions and options
used).

4.3 ‘Creditors, directors, employees, government and its agencies, owners /

shareholders, suppliers, unions, and the other parties the business draws its resources’ are the main
branches of any organization. Discuss the role of these groups to implement security audit
recommendations for the organization.
Grading Rubric
Grading Criteria Achieved Feedback

LO1 Assess risks to IT security

P1 Identify types of security risks to organisations.

P2 Describe organizational security procedures.

M1 Propose a method to assess and treat IT security risks.

LO2 Describe IT security solutions

P3 Identify the potential impact to IT security of incorrect

configuration of firewall policies and thirparty VPNs.

P4 Show, using an example for each, how implementing a DMZ,

static IP and NAT in a network can improve Network Security.
M2 Discuss three benefits to implement network monitoring
systems with supporting reasons.
D1 Investigate how a ‘trusted network’ may be part of an IT security
solution.

LO3 Review mechanisms to control organisational IT

security

P5 Discuss risk assessment procedures.

P6 Explain data protection processes and regulations as applicable
to an organisation.

M3 Summarise the ISO 31000 risk management methodology and its

application in IT security.
M4 Discuss possible impacts to organizational security resulting
from an IT security audit.
D2 Consider how IT security can be aligned with organisational
policy, detailing the security impact of any misalignment.
LO4 Manage organizational security

P7 Design and implement a security policy for an organisation.

P8 List the main components of an organisational disaster recovery

plan, justifying the reasons for inclusion.
M5 Discuss the roles of stakeholders in the organisation to
implement security audit recommendations.
D3 Evaluate the suitability of the tools used in an organisational
policy.