Task 2 Activity 1 - Security Plan - Docx - Security Plan Background

Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email: Info@tkl.edu.au www.tkl.edu.au
Assessment Task 1: Knowledge Test
Provide your response to each question in the box below.
Q1: Explain each of the following symmetric key algorithms in 50-100 and list at
least two (2) usages for each of symmetric key algorithms.
1) AES-The AES Encryption algorithm (also known as the Rijndael

algorithm) is a symmetric block cipher algorithm with a block/chunk size
of 128 bits. It converts these individual blocks using keys of 128, 192,
and 256 bits. Once it encrypts these blocks, it joins them together to
form the ciphertext. It is based on a substitution-permutation network,
also known as an SP network
2) DES-The DES (Data Encryption Standard) algorithm is a symmetric-key

block cipher created in the early 1970s by an IBM team and adopted by
the National Institute of Standards and Technology (NIST). The
algorithm takes the plain text in 64-bit blocks and converts them into
ciphertext using 48-bit keys
3) Triple DES- Triple DES (3DES or TDES), officially the Triple Data
Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block
cipher, which applies the DES cipher algorithm three times to each data
block. The Data Encryption Standard's (DES) 56-bit key is no longer
considered adequate in the face of modern cryptanalytic techniques and
supercomputing power.
4) Blowfish - Blowfish is a symmetric-key block cipher, designed in 1993 by

Bruce Schneier and included in many cipher suites and encryption
products. Blowfish provides a good encryption rate in software, and no
effective cryptanalysis of it has been found to date.
ICTNWK537 Student Assessment Task V1.0 Page 1 of 68

Q2: Explain each of the below mention encryption types in 80-150 words:
1) Public Key-Public-key cryptography, or asymmetric cryptography, is the

field of cryptographic systems that use pairs of related keys. Each key pair
consists of a public key and a corresponding private key. Key pairs are
generated with cryptographic algorithms based on mathematical
problems termed one-way functions.
2) Secret Key-Secret-key cryptography is also called symmetric cryptography

because the same key is used to both encrypt and decrypt the data. Using
the key one party sends the other a message transformed from its original
(plaintext) into its encrypted form (ciphertext) and the other party
reverses this process to reveal the original, and the process repeats
3) Hash key-The hashing key is the raw data in which to be hashed. The
hashing algorithm is the algorithm which performs a function to convert
the hash key to the hash value. the hash value is what is produced as a
result of the hash key being passed into the hashing algorithm.
Q3: Explain the functioning of “Digital signatures” in 100-150 words.
Digital signatures work by proving that a digital message or document was not modified—intentionally or
unintentionally—from the time it was signed. Digital signatures do this by generating a unique hash of the
message or document and encrypting it using the sender's private key.

Q4: Explain two (2) features of digital signatures. Write 100-150 for each function.
The three core security services provided by digital signatures are:
Signer authentication. Proof of who actually signed the document i.e. digital signatures linking the user's
signature to an actual identifiable entity.
Data integrity. Proof that the document has not been changed since signing. ...
Non-repudiation.
Q5: Answer the below questions related to timestamp.

5A) Explain two (2) functions of timestamp. Explain each in 50-100 words.
5B) Summarise two features of timestamp.
5A)Timestamps are used for a wide variety of synchronization purposes, such as marking the exact date and time
at which a particular event occurred. A timestamp containing a date as a calendar date and a time as a time of day.
5 B)
Timestamps are used for keeping records of information online or on a computer. A timestamp displays when
certain information was created, exchanged, modified or deleted. The following are examples of how timestamps
are used: Computer files may contain a timestamp that shows when the file was last changed.
Q6: What do you understand by the term “Encryption strength”? Satisfactory response
Yes ☐ No ☐
Encryption strength is often described in terms of the size of the keys used to perform the encryption: in general,
longer keys provide stronger encryption. Key length is measured in bits.

Q7: Explain each of following terms in Satisfactory response
1. Message digest 5 (MD5) Yes ☐ No ☐
2. Secure hash algorithm (SHA)
3. Public key infrastructure (PKI)
4. Pretty good privacy (PGP)
5. GNU privacy guard (GnuPG)
1.MD5 (message-digest algorithm) is a cryptographic protocol used for authenticating messages as well as content
verification and digital signatures. MD5 is based on a hash function that verifies that a file you sent matches the file
received by the person you sent it to. Previously, MD5 was used for data encryption, but now it’s used primarily for
authentication.
2. SHA stands for secure hashing algorithm. SHA is a modified version of MD5 and used for hashing data and
certificates. A hashing algorithm shortens the input data into a smaller form that cannot be understood by using
bitwise operations, modular additions, and compression functions.
3. Public Key Infrastructure (PKI) is a system of processes, technologies, and policies that allows you to encrypt
and/or sign data. With PKI, you can issue digital certificates that authenticate the identity of users, devices, or
services.
4. pretty Good Privacy is an encryption program that provides cryptographic privacy and authentication for data
communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole
disk partitions and to increase the security of e-mail communications
5. GNU Privacy Guard is a free-software replacement for Symantec's PGP cryptographic software suite. The
software is compliant with RFC 4880, the IETF standards-track specification of OpenPGP. Modern versions of PGP
are interoperable with GnuPG and other OpenPGP-compliant systems

Q8: Explain the importance of reviewing helpdesk records to troubleshoot encryption Satisfactory response
issues. Explain in 40-80 words.
Yes ☐ No ☐
Major security breaches at some organizations have remained undiscovered for many months, during
which time the attackers have been able to make off with vast amounts of highly confidential data. Early
detection is crucial.
The help desk or service desk is the main interface between the IT organization and the people who use y IT
services. This means people who work on the service desk are uniquely placed to understand what is happening
within user community. If they are appropriately trained, they can be a first line of defence against many
potential security breaches.
Q9: What important information will you collect by reviewing system logs for Satisfactory response
encryption issues and compromises. Write your response in 50-100 words.
Yes ☐ No ☐
From a security point of view, the purpose of a log is to act as a red flag when something bad is happening.
Reviewing logs regularly could help identify malicious attacks on your system.

Q10: Explain each the following security threat in 50-100 words. Satisfactory response
1) Eavesdropping- Eavesdropping is the act of secretly or stealthily listening Yes ☐ No ☐

to the private conversation or communications of others without their
consent in order to gather information
2) Data Interception- Refers to the obstruction of data transmission to and

from the device, and remotely altering the messages.
3) Data corruption - Data corruption refers to any unwanted change that

happens to a file during storage, transmission, or processing. A corrupted
file can become unusable, inaccurate, unreadable, or in some way
inaccessible to a user or a related app.
4) Data falsification - Manipulating research data with the intention of giving

a false impression.
5) Authentication issues. - Authentication is the act of proving an assertion,

such as the identity of a computer system user. In contrast with
identification, the act of indicating a person or thing's identity,
authentication is the process of verifying that identity

Q11: Explain the term “Transmission Control Protocol” and its application in 150-200 Satisfactory response
words.
Yes ☐ No ☐
The Transmission Control Protocol is one of the main protocols of the Internet protocol suite. It originated in the
initial network implementation in which it complemented the Internet Protocol. Therefore, the entire suite is
commonly referred to as TCP/IP.
Q12: Explain the following terms. (Each in 50-150 words). Satisfactory response
1. Wired Equivalent Privacy (WEP) Yes ☐ No ☐
2. Wi-Fi Protected access (WPA)
3. Wi-Fi Protected access 2 (WPA2)
1.The wired equivalent privacy, or WEP, is part of the IEEE 802.11 standard designed to keep traffic sent
through wireless networks more secure. It was created to help prevent cyberattacks, such as man-in-the-
middle (MiiM) attacks, from being successful.
WEP uses a static key of 10 or 26 hexadecimal digits to encrypt data. In the late 1990s and early 2000s, it was
widely used and often the primary security choice router configuration tool offered to users.
Wired equivalent privacy has since been superseded by WPA (Wi-Fi protected access) and then WPA2, which was
designed to address the security vulnerabilities that WEP presented. WPA uses a dynamic key and message
integrity checks to ensure a higher level of cybersecurity.

2. Wi-Fi Protected Access, Wi-Fi Protected Access II, and Wi-Fi Protected Access 3 are the three security and
security certification programs developed after 2000 by the Wi-Fi Alliance to secure wireless computer network.
3. Wi-Fi Protected Access 2 (WPA2) is the final version of WPA agreed on by the Wi-Fi Alliance; it implements all
aspects of the ratified 802.11i security standard and is mandatory in the Wi-Fi certification process.
Q13: Explain each of the following certificate related infrastructure in 50-150 words? Satisfactory response
1) Certificate authorities Yes ☐ No ☐
2) Registration authorities
3) Repository services
1) A certificate authority (CA) is a trusted entity that issues Secure Sockets Layer (SSL) certificates. These digital
certificates are data files used to cryptographically link an entity with a public key. Web browsers use them to
authenticate content sent from web servers, ensuring trust in content delivered online.
2) A registration authority (RA) is an authority in a network that verifies user requests for a digital certificate and
tells the certificate authority (CA) to issue it.
3). The Repository Infrastructure (RI) is designed to allow different kinds of users (researchers, academics,
technicians, museum users, web users, etc) to store, query and retrieve digital objects which have been produced
by digi- tizing physical objects or by processing other digital objects.
Q14: List three (3) most common asymmetric key algorithms and summarise their Satisfactory response
usages in 40-80 words
Yes ☐ No ☐
Standard asymmetric encryption algorithms are RSA, Diffie-Hellman, ECC, El Gamal, and DSA.
1. RSA is considered one of the most secure (and commonly used) asymmetric key encryption algorithms. It's
virtually uncrackable using modern computers
2.The Diffie-Hellman key exchange was one of the most important developments in public-key
cryptography and it is still frequently implemented in a range of today’s different security
protocols.
It allows two parties who have not previously met to securely establish a key which they can use to secure their
communications
3.DSA stands for Digital Signature Algorithm. It is a cryptographic algorithm used to generate digital signatures,
authenticate the sender of a digital message, and prevent message tampering. DSA works by having two keys: a
private key owned by the sender and a public key held by the receiver

Q15: What do you understand by reply attacks? Write your response in 100-150 Satisfactory response
words.
Yes ☐ No ☐
A replay attack (also known as a repeat attack or playback attack) is a form of network attack in which valid data
transmission is maliciously or fraudulently repeated or delayed.[1] This is carried out either by the originator or
by an adversary who intercepts the data and re-transmits it, possibly as part of a spoofing attack by IP
packet substitution. This is one of the lower-tier versions of a man-in-the-middle attack. Replay attacks are
usually passive in nature.
Q16: List and explain five (5) security problems and challenges arise due to Satisfactory response
organisational issues?
Yes ☐ No ☐
Information Security threats can be many like Software attacks, theft of intellectual property, identity theft, theft
of equipment or information, sabotage, and information extortion.
Please write more from-
https://www.geeksforgeeks.org/threats-to-information-security/

Q17: Summarise the features and functions of access control permission in 100-200 Satisfactory response
words.
Yes ☐ No ☐
Access control identifies users by verifying various login credentials, which can include usernames and passwords,
PINs, biometric scans, and security tokens. Many access control systems also include multifactor authentication
(MFA), a method that requires multiple authentication methods to verify a user's identity.
Q18: Explain the functioning and features of the following in 100-200 words for each. Satisfactory response
A. Symmetrical Encryption Yes ☐ No ☐
B. Asymmetrical Encryption

A. Symmetric encryption is a type of encryption where only one key (a secret key) is used to both encrypt and
decrypt electronic data. The entities communicating via symmetric encryption must exchange the key so that it can
be used in the decryption process
B. Asymmetric cryptography, also known as public-key cryptography, is a process that uses a

pair of related keys -- one public key and one private key -- to encrypt and decrypt a message and
protect it from unauthorized access or use.
A public key is a cryptographic key that can be used by any person to encrypt a message so that
it can only be decrypted by the intended recipient with their private key. A private key -- also
known as a secret key -- is shared only with key's initiator.
When someone wants to send an encrypted message, they can pull the intended recipient's public key from a
public directory and use it to encrypt the message before sending it. The recipient of the message can then decrypt
the message using their related private key.
Q19: Summarise the features and functions of “One-way encryption”? Satisfactory response
Yes ☐ No ☐

The one-way function, Hash-Based Message Authentication Code with Secure Hashing Algorithm 1 (HMAC-SHA1),
is run over the header and payload with a secret key. The sender writes the HMAC-SHA1 hash into the
authentication tag, and the receiver runs the same computation and checks its result against the tag.
Q20: List two techniques to analyse data security requirements. Satisfactory response
Yes ☐ No ☐
perimeter security and authentication framework, authorization and access, data privacy, and audit and reporting.
Authentication – Required for guarding access to the system, its data, and services
Q21: What are the essential information should include in a security plan. List any Satisfactory response
three (3).
Yes ☐ No ☐
The basic tenets of information security are confidentiality, integrity and availability. Every element of the
information security program must be designed to implement one or more of these principles. Together they are
called the CIA Triad.

TASK 2 PROJECT
Scenario:
“Southern Star” company is providing public, private, hybrid and community cloud services to many companies
across the world and offering following services:
 IaaS (Infrastructure-as-a-Service)
 PaaS (Platform-as-a-Service)
 SaaS (Software-as-a-Service)
 Storage, Database, Information, Process, Application, Integration, Security, Management, Testing-as-a-

service
To provide above mentioned cloud services, “Southern Star” company has following infrastructure in their data
centre.
 Eight (8) Servers out of these Six (6) are connected to network and Two (2) are kept as backup
 Twelve (12) Network switches with 24 port support (Nine (9) Switches are connected to network are three (3)
are kept as back up)
 Six (6) Routers (4 Routers are hosing NBN connection and two (2) of them are kept as back up)
 Five (5) wireless access point connected to network to provide Wi-Fi connectivity throughout data centre.
 Twenty (20) SAN (Storage area network) storage area devices to store client’s data
 Fifty (50) desktop computers
“Shan Publications” is a premium client of “Southern Star”. “Shan publication” use cloud services offered by
“Southern Star” to store the drafts of unpublished poems, books and blueprints of printed books. One day as they
were downloading the drafts of some books to publish, they found that some of their data is missing from the server
and raised the complaint about missing data to “Southern Star”. As per the agreement “Southern Star” is liable for
client data security and company do not want to lose their client base.
Southern Star is now investigating the problem, and one of the senior consultant (Lee) is allocated to this project. Lee
is working in the company from last 10 years and has an extensive amount of experience in network, cloud and data
security.
David is a general manager of the Southern star and looking after all the operation of the organisation.

Roles and responsibilities of Lee:
 Planning, implementing and upgrading security measures and controls
 Establishing plans and protocols to protect digital files and information systems against unauthorized access,
modification and/or destruction
 Maintaining data and monitor security access
 Performing vulnerability testing, risk analyses and security assessments
 Conducting internal and external security audits
 Anticipating security alerts, incidents and disasters and reduce their likelihood
 Managing network, intrusion detection and prevention systems
 Analysing security breaches to determine their root cause
 Recommending and install appropriate tools and countermeasures
 Defining, implementing and maintaining corporate security policies
 Training fellow employees in security awareness and procedures
 Coordinating security plans with outside vendors
After an initial investigation of the data loss problem, Lee has found below concerns in the southern star network
infrastructure:
 No data encryption service
 Data security concerns
 Data permission not planned
 Additional hardware to manage the data

Activity 1: (Analysing and documenting data security requirement)
After reviewing the scenario, you need to analyse the data loss problem and need to prepare a security plan including
 Background of the security plan
 Issues identified in the network
 How to resolve each issue
 What hardware and software required
 How identified software and hardware aligned with the solutions
 How and when data backup will be prepared
 Transmission security
 Network database security
You may need to research related to security plan on the internet. You must complete below security plan as a part
of the activity.

Security Plan Template – 1
Background
“Southern Star” company is providing public, private, hybrid and community cloud services to many companies
across the world and offering following services:
 IaaS (Infrastructure-as-a-Service)
 PaaS (Platform-as-a-Service)
 SaaS (Software-as-a-Service)
“Shan Publications” is a premium client of “Southern Star”. One day as they were downloading the drafts of some
books to publish, they found that some of their data is missing from the server and raised the complaint about
missing data to “Southern Star
Issues identified in the network
After an initial investigation of the data loss problem, Lee has found below concerns in the southern star network
infrastructure:
 No data encryption service
 Data security concerns
 Data permission not planned
 Additional hardware to manage the data
How to resolve each issue
Data loss prevention and security can be resolved by the use of Client-Server model. A domain named

SoutherStar.com.au can be created where the Shan publication can securely store their ebooks under a folder and
that folder can also be encrypted.
2 way authentication can be generated in the client-server model so that only the valid users will have valid
access.
What hardware and software required?
Windows Server 2022
Windows 11 pro
Authentication
Encryption Software
Disk encryption software .e.g. Bit Locker
Hardware Acer, Dell, HP as per budget.

All Networking devices passwords will be encrypted as shown above.

The above screen shot shows the successful installation of domain controller and domain name is Soutern-
Star.com.au

The above screen shot shows the shared folder where E books will be saved and only valid users will have valid
access.

The screen shot shows the tool to encrypt the files which need to be transmitted over the internet.

How identified software and hardware be aligned with the solutions- All hardware will be compatible with the
required software. We can check the hardware compatibility list in the following website
https://learn.microsoft.com/en-us/windows-server/get-started/hardware-requirements
Transmission Security
File Transfer: Name Version Vendor
 Encryption Software Used: BitLocker 1511 Microsoft
 Network Monitoring tools Microsoft Network monitor 3.4 Microsoft
 Virus Scanning software Total AV 2.0 Total AV
 Data Transfer authentication HTTPS N/A N/A

method
Code Green 3.2 Digital

 Network Based DLP
Guardian
Email: Gmail N/A Google
SYMBOLS/Character and N/A N/A

numeric
Complexity requirements N/A

(minimum 8 )
 Service Provider
Setup of 2 domain controllers
 Password Strength Criteria with the backup
Network Database
 Domain Security
reputation
Access Control Fire Wall and user access control Cisco Latest Version
will be provided by the use of networking
Access Control list on the devices as devices, Cisco ios.
well on the data/Files/folders. Windows,
Windows Server
Linux OS
2022 & Windows
11 Pro
Authentication Username and passwords will be AD will be As above

managed by the use of Active installed on
Directory (AD) the latest
Windows
OS
(Windows
Server
2022)
Encryption method BitLocker will be installed in the Latest Microsoft.

domain “SouthernStar.com.au” version of
using Group Policy Management BitLocker as
per
Windows
OS.
Backups Regular backup will take place in Backup Microsoft

encrypted drive. Tools of
Server
Manager of
Windows
domain

Performance Criteria/Performance Checklist

Your task must address the following performance criteria/ performance checklist.
S N/S Trainer/Assessor to complete

To be assessed as satisfactory (S) in this
(Comment and feedback to students)
assessment task the participant needs to
demonstrate competency in the following
critical aspects of evidence
a) Understood company’s requirements of  

data security
b) Analyse data security requirements  
c) Prepared a data security plan include all  

the information maintained in the
template
 Not satisfactory
The student’s performance was:

 Satisfactory
Feedback to student:
Observer signature

Activity 2: (Review encryption technologies and costs)
Note: This activity is in continuation of activity 1.
After completing the security plan, you are required to review a range of encryption software on the internet and
complete below Technology cost template.
After completing the template, you are required to send email to David(Trainer/assessor) including technology cost
document for approval. Email must include:
 Subject
 Body
 Explain that which option is the best and why we should use it.
Technology Cost Template
Encryption Vendor Encryption Rank (from 1

Software Applicability -5)
S. No Price Remarks
(Network/
Database)
IBM Multi-Cloud
1. IBM Multi- IBM Data Encryption https:// 3 Protect
expands its
Cloud Data www.ibm workloads from
support for file,
Encryption- folder, and .com/ internal threats
volume cloud/
IBM Multi- encryption Apply cloud
beyond the
pricing
Cloud Data Microsoft™ native app
Encryption Windows™ and development
(MDE) is a Linux operating
systems by Simplify
comprehensi offering agents
ve data that are management
security compatible with
the AIX Get it on IBM Z
product that operating
is powered system. This Get it on IBM
by SPx® capability helps
you to leverage LinuxONE
technology a single
encryption Extend
solution in an
encryption
environment

that may have a
combination of everywhere
Windows, Linux,
and AIX
operating
Maintain image
systems in integrity
addition to cloud
object store Build securely
encryption and
NFS encryption. with trusted
With version CI/CD
2.3, you can
now install
encryption
agents on AIX
operating
systems in the
same manner
that agents are
deployed on
Windows or
Linux
environments.
This capability
provides you
with consistent
control over
protection of
your data in a
mixed operating
system
environment.
NordLocker is
2. nCrypted NordLocker a file encryption
https:// 2 An end-to-end
Cloud software integr nordlock encrypted cloud
ated with end- er.com/ such as
e.g. to-end plans/ NordLocker
encrypted cloud
storage. It is helps you
Nord Locker
available protect your
on Windows an data from a
d macOS.
variety of
NordLocker is
developed threats.
by Nord Whether used
Security, a for personal or
company
behind business data,
the NordVPN vi secure cloud
rtual private storage protects
network, and is
the users from
based in the
UK and the
Netherlands.[3]
data exposure,
loss, theft, and
NordLocker
uses malware.
a freemium bus
iness model,
where users
are offered a
free account
with unlimited
local file
encryption and
a set amount of
cloud storage
with sync and b
ackup features.
More cloud
storage is
available via
a paid
subscription.
3. BoxCryptor BoxCryptor Boxcryptor https:// 1 Mentioned in

supports almost www.saa the Applicability
every cloud sworthy.c column.
storage provider om/
that is out product/
there. This gives boxcrypt
you the or/
freedom of pricing#:
choice. Choose ~:text=Bo
the best, the xcryptor
cheapest or the %20has
one that your %203%20
friends use. You different
do not have to %20plans
consider server ,Individua
locations or ls)%20at
whether any %20%249
third parties 6.00%20
could access per
your data. With %20year.
Boxcryptor
these factors
simply do not
matter because
only you can
access your files
in the cloud.
Boxcryptor
works great
with Dropbox,
Google Drive,
and OneDrive
among many
others
4. AxCrypt AxCrypt With AxCrypt https:// 4 Already

Business, you axcrypt.n mentioned in
AxCrypt now also have access et/ applicability
offers file to our Password pricing/ column.
security for Management –
companies where you can
and store and
organisations manage
– with 256- passwords and
bit AES codes securely.
encryption. AxCrypt is
multilingual,
supporting
English, Dutch,
French,
German, Italian,
Korean,
Mandarin,
Polish,
Portuguese,
Russian,
Spanish,
Swedish,
Turkish and
more to come.
and more to
follow. With the
AxCrypt mobile

app, you can

encrypt and
decrypt files on
your phone,
from anywhere
and at any time
5. CryptoExpert Crypto CryptoExpert 8 http:// 2 Already

8 Expert was especially www.cry mentioned in
designed to ptoexper applicability
provide secure t- column.
data vaults to online.co
owners of m/
laptops/desktop order/
s and guarantee volume-
ultimate data pricing.sh
security. tml
Implementing
numerous
innovations
along with fast
on-the-fly
operation,
CryptoExpert
provides higher
security, better
reliability and
easier usability
than the
transparent
NTFS encryption
system
implemented in
the Windows
built-in
Encrypted File
System. The
secure vaults
appear as
regular hard
disks to all

Windows
applications and
no one can
unlock vault
without a
password.



a) Conducted research on internet for  

encryption software
b) Completed attached Technology Cost  

Template
c) Sent an email to David (Trainer/assessor)  

for approval including:
 Subject
 Body
 Explain that which option is the best
and why we should use it.

 Satisfactory
Observer signature

Assessment Results Sheet

Outcome First attempt:
Outcome (make sure to tick the correct checkbox):
Satisfactory (S) ☐ or Not Satisfactory (NS) ☐
Date: _______(day)/ _______(month)/ ____________(year)
Feedback:
Second attempt:

Feedback:
Trainer/Assessor Name
Trainer/Assessor I hold:
Declaration
☐ Vocational competencies at least to the level being delivered
☐ Current relevant industry skills
☐ Current knowledge and skills in VET, and undertake
☐ Ongoing professional development in VET
I declare that I have conducted an assessment of this student’s submission. The

assessment tasks were deemed current, sufficient, valid and reliable. I declare that I
have conducted a fair, valid, reliable, and flexible assessment. I have provided
feedback to the student.
Trainer/Assessor
Signature
Date

Assessment method-based instructions and guidelines: Project

Assessment type
 Project
Instructions provided to the student:
Assessment task description:
 This is the third (3) assessment task you must successfully complete to be deemed competent in this
unit of competency.
 This assessment task is a project.
 You are required to implement secure encryption technologies in this assessment task.
 You will receive your feedback within two (2) weeks, and you will be notified by your trainer/assessor
when your results are available.
 You must attempt all activities of the project for your trainer/assessor to assess your competence in
this assessment task.
Applicable conditions:
 This skill test is untimed and is conducted as an open book assessment (this means you are able to
refer to your textbook or other learner materials during the test).
 You will be assessed independently on this assessment task.
 No marks or grades are allocated for this assessment task. The outcome of the task will be Satisfactory
or Not Satisfactory.
 As you complete this assessment task, you are predominately demonstrating your skills, techniques
and knowledge to your trainer/assessor.
 Your trainer/assessor may ask you relevant questions during this assessment task
Resubmissions and reattempts:
 Where a student’s answers are deemed not satisfactory after the first attempt, a resubmission attempt
will be allowed.
 The student may speak to their trainer/assessor if they have any difficulty in completing this task and
require reasonable adjustments.
 For more information, please refer to the Training Organisation’s Student Handbook.
Location:

 This assessment task may be completed in:
☐ a classroom
☐ learning management system (i.e. Moodle),
☐ workplace,
☐ simulated work environment,
☐ or an independent learning environment.
 Your Trainer/Assessor will provide you with further information regarding the location for completing
this assessment task.
Purpose of the assessment
The purpose of this assessment task is to implement secure encryption technologies in a range of contexts and
industry settings.
 Skills to create and document a security plan for the encryption of at least two applications or
solutions.
 Skills to carry out and evaluate encryption of applications or solutions,
 Skills to analyse enterprise data security requirements,
 Skills to determine encryption methods.
Task instructions
 This is an individual assessment.
 To ensure your responses are satisfactory you should consult a range of learning resources and other
information such as handouts, textbooks, learner resources etc.
 Your writing must be concise, to the point, not provide irrelevant information and according to the
word limit given.
 You must write your responses in your own words.
 You will be required to complete all parts of this assessment task.
Assessment environment
The assessment can be completed in one of the following assessment environments:

 Online environment
 Simulated environment/ Classroom environment
 Workplace environment

The above screen shot shows the drive encryption.


Online Environment
Assessment task instructions
 The purpose of this assessment task is to select, implement and monitor secure file encryption technologies
on a computer network or local environment.
 The training organisation must ensure that the online assessment environment is in accordance with the
requirements specified.
 The training organisation will assign a supervisor to the student.
 The training organisation will provide the resources required to complete the assessment task.
 The student must use the templates provided to document their responses.
 The student must follow the word-limits specified in the templates.
 The trainer/assessor must assess the student using the performance checklist provided.
Online environment requirements
Assessment task environment
This assessment task will be completed in an online environment prepared by your training organisation.
All required resources to complete the assessment task will be discussed with the student before they commence
the assessment. The online environment is very much like a learning environment where a student is able to
practice, use and operate appropriate industrial equipment, techniques, practices under realistic workplace
conditions.
Requirements for the online assessment environment
The trainer/assessor will ensure that the online assessment environment is set up to complete this assessment
task.
The online environment consists of:
 A learning management system where the student will be required to complete their job-related tasks and
activities
 The standard operating/workplace procedures related to the tasks and activities.
 The trainer/assessor will provide the student with assistance throughout the assessment activity.
The online environment must meet the following criteria:
Opportunities for the student to: Yes/No/NA
Follow standard operating/workplace procedures
Use up-to-date software and equipment

Work within stated timelines to meet deadlines
Gain experience in the challenges and complexities of dealing with multiple tasks
Experience prioritising competing tasks and dealing with contingencies
The environment to work with others in a team
Online assessment environment sufficient to communicate, contribute and participate in tasks and
activities.
Assessment environment sufficient to work independently and manage workload
Resources, tools, and equipment requirements
The following resources, tools and equipment required to complete the assessment task will be discussed with the
student before they commence the assessment:
 Workplace personnel/stakeholders to participate in the questioning session requires active participation in

a range of creative thinking activities
o Please refer to the roles and responsibilities section for more information
o This should be organised by the training organisation either via, LMS, telephone conferences,
video conferencing or anything of a similar nature
 a site where encryption installation may be conducted
 a live network
 servers
 industry standard encryption software
 industry standard encryption tools
 organisational security and encryption deliverables.
Online assessment scenario
You are required to select, implement and monitor secure file encryption technologies on a computer network or
local environment. You are required to read and understand a predetermined issue and/or situation and
participate in a number of assessment activities.

The following are the goals and objectives to complete this assessment task:
 Determine encryption methods

 Identify enterprise data security needs according to computer network and organisational needs
 Obtain and review available range of encryption technologies and determine options according to
computer network and organisational needs
 Plan and document proposed encryption implementation strategy and submit to required personnel
 Seek and respond to proposed encryption plan feedback from required personnel according to
organisational needs
 Carry out encryption
 Implement encryption technology to enterprise system according to vendor specifications
 Analyse and document effect of encryption technologies on required user roles and responsibilities
 Submit encryption technologies analysis report and inform user impact to required users and
organisational personnel
 Finalise encryption technologies
 Evaluate implementation of encryption technologies according to encryption analysis report
 Determine function and performance of encryption technologies
 Seek user feedback on function and performance of encryption technologies
 Document encryption issues and compromises and submit to organisational help desk support
A supervisor will be assigned to you by your training organisation. The supervisor can answer your questions
related to understanding the requirements associated with the assessment task. The supervisor will act according
to job role and responsibilities.
The supervisor can be your trainer or assessor or a different trainer or assessor or a staff member (including
mentors) from the training organisation.
Roles and responsibilities
As part of your job role, you have the following job responsibilities:
 Interprets and analyses technical data to determine security requirements.

 Identifies and interprets technical compromises from help desk records.
 Prepares workplace documentation that incorporates an evaluation of technical information using
specialised and cohesive language.
 Determines the required form, channel and mode of communication for a specific purpose, according to
own role.
 Uses a combination of formal, logical planning processes and an increasingly intuitive knowledge of
context to determine data security threats, risks and countermeasures.
 Initiates standard procedures when responding to familiar problems to troubleshoot, debug and correct
connectivity and security issues.
 Follows explicit and implicit protocols and meets expectations associated with own role.
 Demonstrates knowledge of the purposes, specific functions and key features of industry standard digital

systems and tools.

 Operates industry standard digital systems and tools effectively to complete routine tasks.
 Manages and maintains data securely and actively monitors technology, notifying others if security
becomes compromised.
Task requirements
This assessment task requires you to select, implement and monitor secure file encryption technologies on a
computer network or local environment. The assessment activities are mentioned within the assessment task.

Simulated Environment

 The training organisation must ensure that the simulated assessment environment is in accordance with the
 The training organisation will assign a supervisor to the student.
 The training organisation will provide the resources required to complete the assessment task.
Simulated environment requirements
This assessment task will be completed in a simulated environment prepared by your training organisation.
The simulated environment will provide you with all the required resources (such as the equipment and
participants, etc.) to complete the assessment task. The simulated environment is very much like a learning
environment where a student is able to practice, use and operate appropriate industrial equipment, techniques,
practices under realistic workplace conditions.
Requirements for the simulated assessment environment
The trainer/assessor will ensure that the simulated assessment environment is sufficient to complete this
assessment task.
The simulated environment consists of:
 The training organisation as the workplace where the student will be required to complete their job-
related tasks and activities
 The standard operating/workplace procedures related to the training organisation
 The trainer/assessor will provide the student with assistance throughout the assessment activity.
The simulated environment must meet the following criteria:
Opportunities for the student to: Yes/No/NA

Simulated environment to work with others in a team
Simulated environment sufficient to communicate, contribute and participate in tasks and

activities.
Simulated environment sufficient to work independently and manage workload
The following resources, tools and equipment will be made available by the training organisation at the simulated
workplace to complete this assessment task:

 a live network
 servers
Simulated assessment scenario




own role.
systems and tools.

Task requirements

Workplace Environment
 The training organisation must ensure that the workplace assessment environment is in accordance with the
 The workplace will assign a supervisor to the student.
 The trainer/assessor can also act as a supervisor to the student as well.
 The workplace will provide the resources required to complete the assessment task.
Workplace requirements
This assessment task will be completed in your workplace.
The requirements for the workplace environment
The assessment task can be completed in the workplace if the student is currently working or has access to a
workplace meeting the assessment criteria.
The workplace must meet the following criteria:
Opportunities for students to: Yes/No/NA
Workplace environment to work with others in a team

Workplace environment to sufficient to communicate, contribute and participate in tasks and

activities.
Workplace sufficient to work independently and manage workload
The following resources, tools and equipment must be available at the workplace to complete this assessment
task:

 a live network
 servers
Workplace scenario




own role.
systems and tools.
Task requirements


Assessment Task 3: Project
Scenario:
Activity 1 (Installing encryption software)
This activity is continuation of assessment task 2. You are required to participate in a practical demonstration task.
You need to complete this activity in 1 to 2 hours.
Note: For This activity RTO/Assessor will provide you the following:
 A site where encryption installation may be conducted
 A live network
 Servers
 Encryption software
 Encryption tools.
You have received a final approval from David to start the encryption project, so you must perform the installation of
encryption software and tools on the live network.
Assume yourself as “Lee” and install database encryption software and tools.
You need to install encryption software on IT Server. You need to Perform installation of database “Encryption”
software by adhering below mention conditions.
a) Use secure protocol for data transfer

b) Create a digital key certificate for client and server
c) Use secure network protocols
d) Set admin password
Student must follow vendor instruction to install the software.
Your trainer and assessor will observe you during the activity and complete the performance checklist.
Answer : We have installed the encryption software BitLocker in Windows domain using Active Directory


The screen shot shows the installation of Bitlocker in Windows domain.




a) Installed encryption software and tools  
b) Followed vendor instructions for  

installation
c) Configured management services  
d) Set admin credentials  
e) Generate digital ID’s  
f) Define user roles in encryption  
g) Created digital Certificate for data  

exchange
h) Use secure Network protocol  

 Satisfactory
Observer signature

Activity 2: (Analysing effect of encryption on user roles)
Assume that Lee has implemented the encryption software successfully. As a part of his responsibilities, he needs to
analyse the effect of user roles and responsibilities.
Assume yourself as Lee and you are required to analyse the effect of user roles and responsibilities in encryption and
complete the following “security plan” template.
Security plan – 2
Role Description/effect
Enterprise Intended for administrators who control the Enterprise and require administrative rights to all
Administrator groups, users, devices, and policies regardless of where they reside.
Group or Policy Intended for administrators who control any assigned group or policy.
Administrator
Enterprise Intended for Help Desk personnel who provide remote assistance when users forget their
Authenticator Endpoint Encryption password or have a technical problem. Enterprise Authenticators have
configurable privileges for the Enterprise.
Group or Policy Intended for Help Desk personnel with the same privileges as the Enterprise Authenticator
Authenticator except for being limited to the assigned group or policy only.
User Intended for basic end users with no special privileges. The user role cannot log on to Endpoint
Encryption management consoles.



a) Identified the roles of Enterprise Administrator  
b) Identified responsibilities of Group or  

Policy Administrator
c) Identified roles of Enterprise Authenticator  
d) Identified responsibilities Group or Policy  

Authenticator
e) Identified Responsibilities of User  
f) Document user responsibilities in the given  

template

 Satisfactory

Observer signature

Activity 3: (Role Play - Informing users about their roles)
o Time allowed for this activity is 10-15 minutes.
Assume that you are still playing the role of Lee and participate in the following role play.
The purpose of the role play is to inform users about new encryption technology and how it works. Explain the
effects of new encryption technology on user responsibilities. You need to use the template that you have developed
in the assessment activity 2 (Assessment task 3) to explain the effects of new encryption technology on user
responsibilities for the following users:
o Policy administrator
o Enterprise Authenticator
o Policy authenticator
o User
Your trainer/assessor will act as enterprise administrator and will ask you the following questions:
1. Security limitations of all the roles
2. Explanation of the features included in the “Enterprise administrator” role
Following the role play, complete minutes of meeting template with details of what was discussed.

Minutes of Meeting
Name of the company: Southern Star Cloud Services
Meeting Objective:
inform users about new encryption technology and how it works
Attendees:
Lee
IT Manager-
CEO-
Venue:
Room 4, Level 7 , TKL, 159 Church St, Parramatta, NSW
Date: 23/02/2023
Time : 2 pm to 3 pm
No. Points Discussed Actions Suggested Target Date
1 Security issues regarding the ebooks Installation of Windows 25/02/2023

of Shan publications domain
2 Encryption technologies Installation of

Encryption Software e.g.
BitLocker
3 Inform the users about the Inform by email and

encryption webinar
4 Feedback from the users Improvement from the

feedback
Signature of attendee 1: Signature of attendee 2:

Signature of attendee 3: Signature of attendee 4:



a) Strat roleplay with greetings  
b) Explain the User roles and responsibilities  

confidentially
c) Use simple language to explain technical  

terminology
d) Explain the roles to individuals  
e) Body Language during Presentation  

including:
 Eye contact
 Tone
 Gesture

 Satisfactory

Observer signature
Activity 4: (Analysing functioning of “Encryption software”)
Assuming that you have implemented the encryption technology and tools in a live server in the previous assessment
activities, you are required to monitor the encryption in this activity. You need to complete this task in 1 to 2 hours.
In this activity you need to monitor the functioning of “Encryption software” by perform following tasks in a live
server.
1. Analyse the implementation of encryption technology to confirm its functioning by:
o Monitoring digital signature
o Monitoring Data Encryption Compromising Network Performance
o Monitoring network performance
2. Analyse helpdesk records for errors occurred and security compromises in encryption and print these
records as a part of this activity.
3. Check local computer security logs for encryption issues and print it as a part of this activity.
4. You need write a note on encryption issue and security compromises included error logs and network
performance issues identified in the task and submit to your trainer/assessor.
Your trainer will observe you during the activity and complete the performance checklist.

1. Digital signature and
The above screen shot shows the performance monitor.
We can verify the log files to find any issues regarding the encryption.

We can Open Event Viewer and review the logs under Applications and Services Logs > Microsoft > Windows:
BitLocker-API.


a) Analyse the implementation of encryption  

technology to confirm its functioning by
including:
 Check digital signature

 Check Data Encryption Compromising

Network Performance
 Check network performance
b) Analyse helpdesk record for errors  

occurred and security compromises and
submitted to the trainer/assessor
c) Check local computer security logs for  

encryption issues and submitted to the
trainer/assessor
d) Prepared a note on encryption issue and  

compromises included error logs and
network performance issues identified in
the task and submit to your
trainer/assessor

 Satisfactory
Observer signature
Assessment Results Sheet

Outcome First attempt:
Feedback:

Second attempt:

Feedback:
Trainer/Assessor Name
Trainer/Assessor I hold:
Declaration
☐ Vocational competencies at least to the level being delivered
☐ Current relevant industry skills
☐ Current knowledge and skills in VET, and undertake
☐ Ongoing professional development in VET
I declare that I have conducted an assessment of this student’s submission. The

assessment tasks were deemed current, sufficient, valid and reliable. I declare that I
have conducted a fair, valid, reliable, and flexible assessment. I have provided
feedback to the student.
Trainer/Assessor
Signature
Date

Task 2 Activity 1 - Security Plan - Docx - Security Plan Background

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Task 2 Activity 1 - Security Plan - Docx - Security Plan Background

Uploaded by

Copyright:

Available Formats

Training for Knowledge & Livelihood (TKL college)

Assessment Task 1: Knowledge Test

Provide your response to each question in the box below.

1) AES-The AES Encryption algorithm (also known as the Rijndael

2) DES-The DES (Data Encryption Standard) algorithm is a symmetric-key

4) Blowfish - Blowfish is a symmetric-key block cipher, designed in 1993 by

ICTNWK537 Student Assessment Task V1.0 Page 1 of 68

1) Public Key-Public-key cryptography, or asymmetric cryptography, is the

2) Secret Key-Secret-key cryptography is also called symmetric cryptography

Q3: Explain the functioning of “Digital signatures” in 100-150 words.

ICTNWK537 Student Assessment Task V1.0 Page 2 of 68

The three core security services provided by digital signatures are:

Q5: Answer the below questions related to timestamp.

ICTNWK537 Student Assessment Task V1.0 Page 3 of 68

5B) Summarise two features of timestamp.

ICTNWK537 Student Assessment Task V1.0 Page 4 of 68

Q7: Explain each of following terms in Satisfactory response

1. Message digest 5 (MD5) Yes ☐ No ☐

2. Secure hash algorithm (SHA)

3. Public key infrastructure (PKI)

4. Pretty good privacy (PGP)

5. GNU privacy guard (GnuPG)

ICTNWK537 Student Assessment Task V1.0 Page 5 of 68

ICTNWK537 Student Assessment Task V1.0 Page 6 of 68

1) Eavesdropping- Eavesdropping is the act of secretly or stealthily listening Yes ☐ No ☐

2) Data Interception- Refers to the obstruction of data transmission to and

3) Data corruption - Data corruption refers to any unwanted change that

4) Data falsification - Manipulating research data with the intention of giving

5) Authentication issues. - Authentication is the act of proving an assertion,

ICTNWK537 Student Assessment Task V1.0 Page 7 of 68

1. Wired Equivalent Privacy (WEP) Yes ☐ No ☐

2. Wi-Fi Protected access (WPA)

3. Wi-Fi Protected access 2 (WPA2)

ICTNWK537 Student Assessment Task V1.0 Page 8 of 68

1) Certificate authorities Yes ☐ No ☐

by digi- tizing physical objects or by processing other digital objects.

ICTNWK537 Student Assessment Task V1.0 Page 10 of 68

Please write more from-

ICTNWK537 Student Assessment Task V1.0 Page 11 of 68

A. Symmetrical Encryption Yes ☐ No ☐

ICTNWK537 Student Assessment Task V1.0 Page 12 of 68

B. Asymmetric cryptography, also known as public-key cryptography, is a process that uses a

ICTNWK537 Student Assessment Task V1.0 Page 13 of 68

ICTNWK537 Student Assessment Task V1.0 Page 14 of 68

 Storage, Database, Information, Process, Application, Integration, Security, Management, Testing-as-a-

 Fifty (50) desktop computers

ICTNWK537 Student Assessment Task V1.0 Page 15 of 68

Roles and responsibilities of Lee:

 Planning, implementing and upgrading security measures and controls

 Maintaining data and monitor security access

 Performing vulnerability testing, risk analyses and security assessments

 Conducting internal and external security audits

 Managing network, intrusion detection and prevention systems

 Analysing security breaches to determine their root cause

 Recommending and install appropriate tools and countermeasures

 Defining, implementing and maintaining corporate security policies

 Training fellow employees in security awareness and procedures

 Coordinating security plans with outside vendors

 No data encryption service

 Data security concerns

 Data permission not planned

 Additional hardware to manage the data

ICTNWK537 Student Assessment Task V1.0 Page 16 of 68

Date: ___(day)/ _(month)/ __________(year)