UNIVERSITY OF GREENWICH

ASSIGNMENT 1
1623

Nguyen Nhat Thanh – GCS210101

12-14-2022
 ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5: Security

Submission date Date Received 1st submission

Re-submission Date Date Received 2nd submission

Student Name Student ID

Nguyen Nhat Thanh GCS210101

Class Assessor name

GCS1003A

Student declaration

I certify that the assignment submission is entirely my work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.

Student’s signature

Grading grid

P1 P2 P3 P4 M1 M2 D1
 Summative Feedback:  Resubmission Feedback:

Grade: Assessor Signature: Date:

Lecturer Signature:
 Table of Contents

List of Figures.......................................................................................................................................................................4
INTRODUCTION ..............................................................................................................................................................5
TASK 1 - IDENTIFY TYPES OF SECURITY THREATS TO ORGANIZATIONS. GIVE AN EXAMPLE OF A
RECENTLY PUBLICIZED SECURITY BREACH AND DISCUSS ITS CONSEQUENCES (P1) .........................6
1. Define threats: Software assaults, loss of intellectual property, identity theft, theft of equipment or information,
sabotage, and information extortion are all examples of information security threats....................................................6
2. Identify threats agents to organizations ....................................................................................................................6
3. List the type of threats that organizations will face...................................................................................................8
4. What are the recent security breaches? List and give examples with dates............................................................12
5. Propose a method to assess and treat IT security risks (M1) ..................................................................................18
TASK 2 - DESCRIBE AT LEAST 3 ORGANIZATIONAL SECURITY PROCEDURES (P2) ..............................20
1. Definition .................................................................................................................................................................20
2. Discussion on Incidence response policy ................................................................................................................20
3. Discussion on Acceptable Use Policy .....................................................................................................................23
4. Discussion on Remote Access Policy ......................................................................................................................24
TASK 3 - IDENTIFY THE POTENTIAL IMPACT TO ITS SECURITY OF INCORRECT CONFIGURATION
OF FIREWALL POLICIES AND IDS (P3) ..................................................................................................................25
A. Firewall ...................................................................................................................................................................25
1. Firewall Definition ..............................................................................................................................................25
2. How Does A Firewall Provide Security To A Network? ......................................................................................28
B. IDS ..........................................................................................................................................................................29
1. IDS Definition ......................................................................................................................................................29
2. IDS Usage ............................................................................................................................................................30
3. How Does IDS Work ............................................................................................................................................30
C. The Potential Impact (Threat-Risk) Of A Firewall And IDS If They Are Incorrectly Configured In A
Network .31
TASK 4 - SHOW, USING AN EXAMPLE FOR EACH, HOW IMPLEMENTING A DMZ, STATIC IP AND
NAT IN A NETWORK CAN IMPROVE NETWORK SECURITY (P4) ..................................................................32
 A. DMZ ........................................................................................................................................................................32

1. Definition .............................................................................................................................................................32
2. How Does DMZ Work..........................................................................................................................................32
3. Advantages Of DMZ ............................................................................................................................................33
4. Service of DMZ ....................................................................................................................................................34
5. The Importance Of Dmz Networks.......................................................................................................................34
B. Static IP ..................................................................................................................................................................34
1. Definition .............................................................................................................................................................34
2. How static IP addresses work..............................................................................................................................35
3. Advantages of Static IP ........................................................................................................................................36
C. NAT .........................................................................................................................................................................36
1. Definition .............................................................................................................................................................36
2. How Does NAT Work ...........................................................................................................................................37
3. Types of NAT........................................................................................................................................................37
4. NAT security ........................................................................................................................................................38
D. Discuss Three Benefits To Implement Network Monitoring Systems With Supporting Reasons (M2)........38
CONCLUSION .................................................................................................................................................................39
References .........................................................................................................................................................................39

List of Figures
Figure 1:Security Threats .....................................................................................................................................................6
Figure 2: Data Breaches ....................................................................................................................................................12
Figure 3: Security Procedures ...........................................................................................................................................20
Figure 4: Firewall ..............................................................................................................................................................25
Figure 5: Diagram How Firewall work .............................................................................................................................29
Figure 6: How IDS Work ...................................................................................................................................................30
Figure 7: DMZ ...................................................................................................................................................................32
Figure 8: How DMZ Work .................................................................................................................................................33
Figure 9: Static IP ..............................................................................................................................................................35
Figure 10: NAT...................................................................................................................................................................36
Figure 11: NAT Working ....................................................................................................................................................37
 INTRODUCTION

In today's data-driven and globally connected culture, data routinely moves freely
between individuals, groups, and businesses. Data is very valuable, and hackers are well
aware of this. As a result of the ongoing growth in cybercrime, there is a growing need
for security specialists to protect and defend an organization against attack. This report
will cover some fundamentally basic security theories, such as identifying different
kinds of security threats to organizations, organizational security procedures, firewall
policies, and the use of IDS, DMZ, static IP addresses, and NAT in networks, in order
to aid my quest for in-depth knowledge in this field.
TASK 1 - IDENTIFY TYPES OF SECURITY THREATS TO ORGANIZATIONS. GIVE AN EXAMPLE OF A
RECENTLY PUBLICIZED SECURITY BREACH AND DISCUSS ITS CONSEQUENCES (P1)
1. Define threats: Information security risks include things like software attacks, intellectual property theft, identity
theft, equipment or data theft, sabotage, and information extortion.

Threats include everything that has the potential to breach security, alter, destroy, or harm a particular item or
object of interest. For the purposes of this instructional series, a threat is defined as a prospective hacker attack
that would provide someone access to a computer system without authorization (garg, 2021).

Figure 1:Security Threats

2. Identify threats agents to organizations
 Nation States: Companies in certain sectors, such as telecommunications, oil and gas, mining, power
generation, national infrastructure, and so forth, may become targets for other nations, either to stymie
activities right now or to provide that nation a foothold in the future in times of crisis.
 Non-target specific (Ransomware, Worms, Trojans, Logic Bombs, Backdoors and Viruses perpetrated by
vandals and the general public):
 Companies have told me several times, "Oh, we're not going to be a target for hackers because..."
However, any organization can become a victim since there are so many random assaults that happen
every day (it would be impossible to provide accurate statistics here).
 The most well-known instance of a non-target specific attack is the WannaCry ransomware outbreak,
which infected over 200,000 PCs in 150 countries. In the United Kingdom, it led to a lengthy closure of
the NHS. Of then, there are the idle teenagers browsing the internet for weak links in their local lofts.
 Employees and Contractors
 Morrisons was fined because it lacked the necessary organizational and technological measures to stop
the former employee from committing the offense (note that Morrisons is currently appealing the fine).
 There are times when companies need specialist help and engage outside companies or contractors who
need access to their systems or data. Since their technology might not be as secure as the controller's
data, these third parties are typically the root of issues.
 Terrorists and Hacktivists
 (political parties, media, enthusiasts, activists, vandals, general public, extremists, religious followers)
Similar to the threat posed by nation-states, the amount of harm posed by these agents is dependent on
your activity. However, some terrorists choose to target certain sectors or nations, so you may face
constant fear of a random assault.
 The most notable instance of this is probably the Wikileaks releases of diplomatic cables and other
documents related to the wars in Afghanistan and Iraq in 2010.
 Organised crime (local, national, transnational, specialist)
 Personal information is sought after by criminals for a variety of reasons, including bank account fraud,
identity theft, and credit card fraud. These crimes are now committed on a large scale. The techniques
used might range from phishing scams to "Watering Hole" websites, but the end result is always the
same: your information and you are being gathered and used for nefarious ends.
 The Credit Industry Fraud Avoidance Society (Cifas) estimated in its 2018 Fraudscape report that there
were around 175,000 occurrences of identity fraud in 2017. Even while this is only 1% more than in
2016, it represents a 1250% increase over a decade ago, and in 95% of these cases, an innocent victim
was impersonated.
 Natural disasters (fire, flood, earthquake, volcano)
 Although not a cyber assault, these occurrences can have a similar impact on your capacity to do
business.
  You're still dealing with a data disaster, which needs to be taken into account, if you can't access your
offices, data centers, or cloud-based information. Although there is very little chance that an earthquake
will occur in the UK, every year we see pictures of towns or cities under water.
 Corporates (competitors, partners)
 Despite the obvious worry that a competitor may steal your intellectual property, we are working more
and more closely with a variety of partners to fill in skills and resource gaps as well as to provide services.
These partner companies might mistakenly or purposefully steal or expose your intellectual property or
personal data, depending on their goals.
 The 2013 attack on US retailer Target is possibly the best illustration of how a breach could originate
from a partner firm. The hackers specifically targeted (excuse the pun!) suppliers before finding a weak
spot with HVAC provider Fazio Mechanical. The hackers tricked a Fazio employee into opening a
phishing email that gave them access to Target's point-of-sale systems. During the 2013 holiday shopping
season, this gave them access to up to 40 million credit and debit cards from clients who visited its stores.
More than $200 million has been spent on this by Target.

3. List the type of threats that organizations will face

There are three main sources of threats:

a) Human errors and mistakes

+ Unintentional issues
+ Programs with poor writing
+ Procedures with poor design
+ Physical mishaps
+ User-initiated system, application, and data destruction
+ User breaking security rules
+ A disgruntled employee sabotaging operations or waging war against the business
+ Blackmail or extortion against employees.
b) Malicious human activity
APT (Advanced Persistent Threats)
+ Cybercriminals that employ Advanced Persistent Threats (APTs) try to play the long game when they
hack a company. They closely coordinate and invisibly enter a computer network, searching for entry
and exit points that will let them proceed undetected.

Figure 2: APT
+ They snoop about, install specialized harmful programs, and acquire essential data and sensitive
information once inside an organization (RSI, 2021).
+ Here are commonly five progressions that an Advanced Persistent Threat undergoes to strengthen its
damage:
Infiltration of Access: APT attackers utilize malware, trojan horses, and phishing to
penetrate the system.
Grip Strengthening: The strength of an Advanced Persistent Threat is its capacity to
penetrate an organization.
Invasion of the System: Once APT attackers have full freedom of movement, they will
start targeting the system by gaining administrator access and cracking passwords left and
right.
Lateral Movement: Enterprises have become the playground of hackers.
Deep Machinations: During this stage, the APT attackers have complete authority over
the organization, erasing all traces of their intrusion and creating a reliable backdoor for
future use.
+ They use cutting-edge tools like malware and computer intrusion techniques to undermine the
cybersecurity of a company. These cybercriminals are cunning and like to enter an organization
covertly in order to do damage (RSI, 2021).
Distributed Denial of Service (DDoS)
+ When fraudsters use Distributed Denial of Service, or DDOS, their primary purpose is to disrupt a
website.
+ In essence, they flood a target network with fictitious requests to overwhelm the system and make it
crash. Legitimate users or clients won't be able to visit the website because it will be down. DDoS can
cause considerable productivity losses as a result of these unnecessary interruptions.

Figure 3:DDOS attack

+ Because the incoming onslaught does not come from a single source, it is impossible to counter a
Distributed Denial-of-Service assault. Consider a restaurant where a rowdy throng gathers at the front
door to create a ruckus.
Ransomware
+ Ransomware is a form of virus from cryptovirology that hackers execute and expertly encrypt once
they've gained access to your network. Clients' sensitive personal information or important corporate
data is stolen, and the material is then threatened with jeopardy until the target company pays a ransom.
+ Over time, ransomware has evolved into a popular way of extorting money from businesses.
+ Digital attackers weaponize the valuable information they discover inside a network that has been
penetrated. Presenting an innocent file or link is one of the regular methods for recruiting individuals
to the company.
Phishing
+ One of the most popular methods used by hackers to access a system is phishing. Through it, one can
access more complex security issues like Distributed Denial of Service (DDoS) and ransomware
(DDoS).
+ The main tactic of phishing is deceit. Attackers design email campaigns that appear to be from a
reliable source. Without realizing it, clicking on these URLs or attachments might infect a machine
and its network.
 + Hackers frequently impersonate top employees or client organizations. They can pretend to be a bank
request or a business transaction that the victim employee would anticipate. The sophistication of
phishing and its ability to track its targets into realistic communication influence its effectiveness.
Worms
+ Worms are malware that spreads rapidly, particularly after they connect to a computer network.
In order to increase and strengthen their presence and impact, they look for network flaws..
Botnet
+ Robot and network are combined to form the term "botnet." It is a general phrase for privately owned
computers that have been infected by malware, leaving them open to remote access by hackers without
the knowledge of the business.
+ This level of precise control and comprehension of target networks is required for the dissemination
of spam, the execution of DDoS attacks, and data theft. Hackers use botnets as a force multiplier to
interfere with the intricate systems of their target companies.
+ Botnet architecture has progressed significantly in terms of evading detection. Its applications
impersonate clients to connect with existing servers. Cybercriminals can then control these botnets
remotely via peer-to-peer networks.
Cryptojacking
+ Nowadays, cryptocurrency is all the trend. It requires the tactic of mining to generate more currency
organically. Phishing tactics have been used by cybercriminals to infect and hijack more slave
machines that will be used to mine cryptocurrencies.
+ Because targets are unaware that their resources are being used to mine cryptocurrency, cryptojacking
can cause slower computers.

c) Natural Events And Disasters

+ Fires, floods, hurricanes, earthquakes, tsunamis, avalanches, and other acts of nature. This type of threat
includes losses resulting from activities taken to recover from the first problem, as well as losses
resulting from actions taken to recover from the initial problem.
4. What are the recent security breaches? List and give examples with dates
a. Security Breaches Definition: A security breach occurs when an attacker successfully attempts to gain
unauthorized access to a company's computer systems. Examples of breaches include the theft of sensitive
information, the tampering with or destruction of data or IT systems, and acts intended to deface websites
or destroy reputation (Cassetto, 2019).

Figure 4: Data Breaches

b. Recent Security Breaches, List and give examples with dates

1. Sina Weibo (March 2020)

With more than 600 million users, Sina Weibo is one of the most well-liked social media platforms in
China. 538 million Weibo users' personal information, including real names, site usernames, gender,
locations, and phone numbers, were compromised, the company discovered in March 2020. According to
reports, the attacker sold the database for $250 on the dark web.

China's Ministry of Industry and Information Technology (MIIT) has requested that Weibo enhance its
data security protocols in order to better protect user data and notify users and authorities when data
security breaches occur. In a statement, Sina Weibo said that no passwords were gained, but that an
attacker used an application intended to help users identify their friends' Weibo accounts by supplying
their phone numbers to collect publicly available information. However, it acknowledged that the exposed
information might be used to link accounts to passwords if passwords are reused on other accounts. The
 company claimed that it has improved its security procedures and informed the relevant authorities of the
problem. (Dan Swinhoe and Michael Hill, 2021)

2. Nintendo (April 2020)

Nintendo reported that a rumored credential stuffing assault resulted in the compromise of 160,000
accounts in April 2020. Using user IDs and passwords that had previously been made public, hackers
were able to access user accounts, purchase digital goods using stored credit cards, and view personal
information like name, email address, date of birth, gender, and nationality.

The gaming giant has been looking into the incident and later revealed that they think 140,000 more
accounts were taken, bringing the total number of compromised accounts to 300,000. Users are cautioned
not to use the same password for various accounts and services, even though all impacted customers'
passwords have been changed.

3. Zoom (April 2020)

At the beginning of April, as staff members were getting used to their new work-from-home environment,
it was reported that the virtual conference tool Zoom had experienced a humiliating security breach,
exposing the login information of over 500,000 users.

In yet another credential stuffing attack, hackers appear to have gained access to the accounts by using
username and password combinations that had been obtained in earlier data breaches. Later, the data was
offered for sale on hacker forums on the dark web for as little as one pence.
 Login credentials, email addresses, personal meeting URLs, and Host Keys were among the information
stolen. Criminals were able to log in and attend meetings or use the information for other nefarious
reasons, as a result of this.

4. LinkedIn (June 2021)

More than 90% of the user base of the corporation were impacted by the June 2021 leak on a dark website
of data associated with 700 million LinkedIn members. A hacker going under the handle "God User" used
data scraping methods to take advantage of the site's (and other websites') API before publishing the initial
data set, which contained information on around 500 million users. After that, they made a boast about
selling the entire 700 million-person customer database.

5. Data on 3.3 Million Audi Customers Exposed in Unsecured Database (June 2021)
In June 2021, Volkswagen said that data on 3.3 million Audi customers, including information about
recent and upcoming purchases, had been posted online. The data cache, which was acquired between
2014 and 2019, contained names, email addresses, phone numbers, and specific vehicle-related
information.
An further 90,000 people were affected, and sensitive data was stolen. Social Security numbers and dates
of birth could be included in this.
According to the company, the data was onlinely accessible at some point between August 2019 and May
2021. To pinpoint a certain timeframe, the organization is still investigating the incident.

6. Kaseya Ransomware Attack (July 2021)

A serious attack on the unified remote monitoring and network perimeter security product of IT solutions
provider Kaseya occurred in July 2021. Managed service providers and their downstream clients were the
target of a supply chain ransomware attack that stole administrative control of Kaseya services.

According to ZDNet, the attack affected on-premise VSA solutions used by Kaseya clients in ten different
countries as well as Kaseya's SaaS servers. Kaseya immediately informed its customers after the
occurrence. The organization released the Kaseya VSA detection tool, enabling business customers to
evaluate their VSA services and manage endpoints for indications of vulnerabilities..
7. Databases and Account Details on Thousands of Microsoft Azure Customers Exposed (August 2021)
In August 2021, Wiz security specialists were able to obtain access to Microsoft Azure account credentials
and client databases thanks to a Cosmos DB vulnerability. Because of the flaws, people were able to
access databases that weren't their own. Numerous Fortune 500 companies were among the many types
of firms that were affected by the issue.

It's unclear if anyone else had access to the information outside the security professionals. On the other
hand, anyone who did gain access to the systems would have had full access to download, delete, and edit
records..

8. Crypto.com (January 2022)

Security company Peckshield claims that 4,600 ETH, or almost $15 million, were stolen from
CryptoCrypto.com in the incident. Yesterday, once users started to notice suspicious activity in their
accounts, Crypto.com promptly intervened to halt withdrawals, but not before the thieves stole the stolen
Ethereum. However, this does not explain why customers were the first to discover suspicious activity in
their accounts. Crypto.com asserts that no user funds were stolen, indicating that the hack occurred on the
company's hot wallets.
After a short period of time, Crypto.com acknowledged that certain users had experienced "unauthorized
activity" in their accounts, but added that "all funds are protected," which doesn't explain why some users'
accounts had lost ETH..

9. Microsoft Breached by Lapsus$ Hacker Group (March 2022)

On March 20, 2022, the hacker collective Lapsus$ uploaded a screenshot to their Telegram channel,
claiming to have compromised Microsoft. The screenshot, which was taken using the Microsoft
collaboration platform Azure DevOps, showed that Bing, Cortana, and other Microsoft-related projects
had been compromised.

On March 22, Microsoft released a statement in which it acknowledged the attacks. Only one account
was taken over, according to Microsoft, and the company's security personnel were able to stop the attack
before Lapsus$ could further infiltrate their operations.
c. The Consequences Of Those Breaches

Sina Weibo: affecting 538 million Weibo users and their personal data, such as real names, usernames from
the site, gender, location, and phone numbers.

Nintendo: 160,000 accounts had been compromised in a suspected credential stuffing attack, approximately
300,000 accounts had been affected.

Zoom: The embarrassing security breach that Zoom, a virtual conference application, had exposed the login
information for over 500,000 users. On forums on the dark web, the data was sold.

Linkedln: 700 million-person consumer database was sold and released for free on the dark web.

Audi Database: Data on 3.3 million Audi customers, including past and future purchases, had been posted
online and was accessible to anybody. Affected were almost 90,000 people, and critical data was also seized.

Kaseya: A supply chain ransomware attack targeted downstream clients and managed service providers,
seizing administrative control of Kaseya services.

Microsoft Azure: The problem impacted a wide spectrum of businesses, including numerous Fortune 500
enterprises.

Crypto.com: 4,600 ETH valued at roughly $15 million was hacked and moved to ambiguous wallets.

Microsoft: Bing, Cortana, and other Microsoft projects had been hacked.
d. Suggest solutions to organizations:
+ Whether you've experienced a breach or want to develop a strong response capability, we can quickly
deploy a team of cyber security experts with years of expertise and our cutting-edge technologies to your
company. Work to increase visibility, address issues, and put plans in place to stop recurrent accidents.
+ Define, find, defend, and avoid There are four crucial criteria solutions for effective breach management.
Define Businesses must develop a comprehensive strategy and security lifecycle in order to identify
threats and counter them. Planning, risk analysis, policy development, and controls should all be taken
into consideration. The level of resilience required to withstand a concerted attack may be greatly
increased by a solid business and technical architecture. (Zola, 2019).
 Define: To identify and defend against threats, businesses must create an entire strategy and security
lifecycle. Planning, risk assessment, policy formulation, and controls should all be addressed. A strong
business and technical architecture may significantly increase the amount of resilience needed to
survive a coordinated attack. By incorporating security into this architecture, businesses can rest certain
that they are as secure as possible in the event of a compromise.

 Find: If an attack is discovered quickly, its damage can be minimized. When an organization has a
clear and defined plan, it needs to be able to monitor and recognize potential activities. Understanding
the volumes, types, and performance of the baseline environment is necessary to determine the types
of attacks, attack locations, and attack vectors used. You'll need a combination of people, procedures,
and technology to create a system for gathering situational awareness and actionable security
intelligence that will help you get ready for quick alerting of attacks.

 Defend: There are no foolproof methods for preventing attacks, however it is advised that preparations
be made to protect the organization's critical services and data. As part of your defense strategy, you
should eliminate the threat, seal the weakness, and manage the effect. A powerful strategy is a tiered
defense that enables you to identify a breach earlier, respond faster, mitigate the impact of the incident,
and reduce ongoing exposure. Costs are thereby decreased, control is strengthened, and risk exposure
is gradually decreased as a result..
  Avoid: By working together and exchanging security intelligence, organizations can recognize and
counter a wide range of attack strategies and sources. Since there are efficient procedures in place for
documenting, reporting, and auditing security breaches, there is support for taking legal action against
intruders.

5. PROPOSE A METHOD TO ASSESS AND TREAT IT SECURITY RISKS (M1)

One of the most successful strategies that may be suggested is developing an ISRM (Information Security Risk
Management) program with the aid of information technology to assist FIS in prioritizing the management of
various risks (including assessing and treating risk). An excellent choice for developing an ISRM is the NIST
framework, which offers a thorough, adaptable, repeatable, and measurable method for improving how IT
systems are developed, secured, and monitored.
Specifically, here are some abilities of an ISRM proving that this will help FIS manage risks:
 It guarantees that unacceptable risks are detected and appropriately managed.
 It guarantees that resources and effort aren't squandered on insignificant risks.
 It gives top management insight into the organization's risk profile and risk treatment priorities, allowing
them to make more strategic decisions.

ISRM process:

 Identify – Data Risk Analysis:

 Identification of your digital assets, which could contain a variety of data, is required at this step.
 Healthcare records that must be kept confidential in accordance with the Health Insurance Portability
and Accountability Act, or HIPAA, and financial information that must be governed by Sarbanes-Oxley
 Product development and trade secrets are examples of company secrets.
 During this stage, you'll assess not just the risk of data loss or theft, but also the procedures to take
to reduce or eliminate the risk connected with each type of data.
 This involves classifying data for security risk management based on its level of confidentiality,
compliance laws, financial risk, and acceptable risk level (Dobran, 2019).

 Protection – Asset Management:

 Employees get security awareness training on the correct handling of private information.
  Implement access controls to ensure that only those who have a legitimate need for information have
access.
 Establish a company "owner" for each identified risk to ensure buy-in for planned controls and risk
tolerance.
 Create a role for an information security officer who will be responsible for assessing and mitigating
data security risks.

 Implementation:
 Examine the security dangers that have been discovered and the measures that are in place.
 New danger detection and containment mechanisms are being developed.
 Analyze real and attempted attacks using network security technologies.
 Install and use technologies for alarms and unwanted access capture.

 Security Control Assessment:

 Verify that notifications are sent to the appropriate people for timely action.
 As new or updated apps are introduced, make sure that a continual data risk analysis is performed.
 The efficiency of network security measures should be checked on a regular basis. Have controls
been reviewed and approved if your business has audit functions?
 Have you questioned data company owners (stakeholders) to confirm that risk management solutions
are acceptable? Are they suitable for the underlying vulnerability?

 Information Security System Authorizations:

 This level of authorization must look at not just who is notified, but also what actions are performed
and how promptly they are taken. When your data is at risk, you need to act quickly to prevent data
theft or loss.

 Risk Monitoring:
 In order to provide a safe environment for your technological assets, you must implement an
information risk management framework.
  A sophisticated software-driven system of controls and alert management is an important component
of a risk management strategy (Dobran, 2019).

TASK 2 - DESCRIBE AT LEAST 3 ORGANIZATIONAL SECURITY PROCEDURES (P2)

1. Definition

A set of procedures that must be followed in order to carry out a certain security obligation or function is
known as a security process. Procedures are frequently created as a series of steps to be taken consistently
and repeatedly in order to accomplish a specific purpose. Once established, security procedures provide a
set of detailed methods for carrying out the organization's security operations, simplifying training, process
auditing, and process improvement. The uniformity needed to prevent variation in security operations is
established through procedures, which enhances security control inside the company. Reducing variance
is a great way to cut waste, improve quality, and increase performance in the security industry (Patterson,
2018).

Figure 5: Security Procedures

2. Discussion on Incidence response policy

Incident Response (IR) Procedure: In order to make sure that the is ready to respond to cyber security
incidents, secure State systems and data, and prevent a disruption of governmental services, provide the
necessary procedures for incident management, reporting, and monitoring as well as incident response
training, testing, and support.

This type of policy usually includes information about:

(i) the organization's incident response team;
(ii) Each team member's role;
(iii) The people in charge of testing the policy;
(iv) How to put the policy into action;
(v) The technological means, tools, and resources that will be used to identify and recover
compromised data.

Incidents Phases:

+ Preparation phase: The preparation phase refers to the teaching and preparing of system users and
the IT staff in responsibility of responding to security issues. Along with identifying potential
incident-related tools and resources, this stage should also adopt preventative measures, such as
conducting regular risk assessments and increasing user awareness.
+ Identification phase: Identifying and detecting a security incident, as well as establishing the
severity and priority level of the discovered problem. This phase entails (i) identifying incidents
that use common attack vectors (e.g., attacks via removable media, the Web, and e-mail); (ii)
recognizing signs of incidents; (iii) identifying detectable precursors; (iv) performing initial
analysis and validation through file integrity checking; (v) running packet sniffers; (vi) filtering
data, and (vii) evidence preservation.
+ Containment phase: instructions on how to isolate systems affected by the attack from other
systems to prevent future damage.
+ Eradication phase: Determining the cause of the occurrence and removing the impacted systems.
+ Recovery phase: Returning afflicted systems to their regular operating environment.
+ Post-incident phase: capturing the entire incident, conducting a thorough investigation, identifying
the cause of the incident, estimating related costs, and developing a plan to prevent such incidents
in the future..
Elements of an incident response policy:

+ Identification of an incident response team

o Centralized incident response teams and distributed incident response teams are the two
different forms of incident response teams. Large firms are more likely to utilize the second
kind because it enables them to successfully coordinate personnel in settings with a variety of
cultural, linguistic, and legal factors, whereas small organizations are more likely to employ
the first type..
o Depending on the type of occurrence, incident response teams may be entirely comprised of
corporate employees or may be partially or entirely outsourced. Additionally, the business
must ensure that the members are properly trained to carry out their roles and obligations in
addition to being defined in the agreement..
+ Information about the system: The policy should cover system specifications including network
and data flow diagrams, hardware inventories, and logging data..
+ Incident handling and reporting procedures: Determining the procedures for dealing with and
reporting an event should be included in another crucial area of the policy (suspected or occurred).
Such procedures should specify the circumstances that will initiate response actions and include
instructions on how to report an incident (e.g., the timing of the incident, a list of corrupted or
inaccessible data, and mitigation techniques in place). The rules should specify, for instance,
whether the organization would respond to a potential attack or whether the attack would have to
be successful in order to initiate response measures..
+ “Lessons Learned”: An important but occasionally disregarded component of an incident response
policy is the "Lessons Learned" section. A "Lessons Learned" initiative like this one, which
involves a meeting and a discussion with all parties involved, could be helpful in boosting security
measures in the company and the incident handling procedure itself..
+ Reporting to outside parties: An incident response policy may include deadlines and methods for
reporting to third parties, including IT staff, security analysts, data protection or law enforcement
agencies, the media, impacted outside parties, and software providers. Some jurisdictions may have
laws requiring incident reporting..
3. Discussion on Acceptable Use Policy
Acceptable Use Policy(AUP): Employees must agree to the terms and conditions set forth in the AUP
before being granted access to the corporate network or the internet. It is a normal onboarding procedure
for new employees. They are required to read and agree to an AUP before being given a network ID. It is
recommended that a company's IT, security, legal, and HR departments take this policy's provisions into
consideration (Anon., 2008).

General Use and Ownership:

This policy applies to any data produced or stored on the Organization's systems.

+ Before being electronically sent, all information, including non-public personal information,
must be encrypted.
+ In all other situations, sensitive information such as non-public personal information must be
encrypted in accordance with the Information Sensitivity Procedures..
+ All information and data stored on the organization's systems and networks are regarded as the
organization's property for the purposes of this policy..
+ Any information, including data files, emails, and information saved on company-issued
computers or other electronic devices, may be monitored or audited by the organization at any
time, for any reason, with or without warning, in order to test and monitor compliance with
certain security measures..

All sensitive information must be kept private and not shared or made available to anyone without
adequate authorisation. Sensitive information will be used solely and only in the investigation. It
may not be utilized for any other purpose besides managing the receivership.

Security and Proprietary Information:

+ The official website of the organization should not include any sensitive information.
+ According to the organization's information sensitivity policies, information on the systems of
the organization, including public and private websites, should be categorized as either public
or sensitive..
 + Passwords must be kept private and never given out to anyone else. Authorized users are
accountable for the password and account security..
+ Passwords at the user level must be updated by the organization's systems usage policy, but at
the very least every six months. Accounts at the user level include, but are not limited to:
o Email
o Web
o Social
o Media
o Access to sensitive information through application accounts
+ Authorized users should take extreme caution when opening email attachments as they could
include Trojan horse malware, viruses, or e-mail bombs accidentally or on deliberately. All
users must be instructed on how to spot such risks (Anon., 2008).
4. Discussion on Remote Access Policy

Remote Access Policy:

The acceptable methods of connecting to an organization's internal networks from a remote location
are covered in detail in the remote access policy. I've also seen amendments to this policy that
specify how BYOD assets must be used. Businesses with dispersed networks that may extend into
unsecure network locations, such as the local coffee shop or unmanaged home networks, are
required to have this policy..

General:

Everyone who has access to the Organization network, including employees, contractors, suppliers,
and others, must agree to keep all access codes and processes private and not share them with
anybody. Employees, independent contractors, vendors, and agents must ensure that their access
connections are protected by security measures that are generally equivalent to those used by
Organization..

Requirements:
 Only those employees who have been given permission by the information security officer should
have access to secure remote access, which must be strictly managed. To establish authorized
access, either one-time password authentication or public/private keys with strong passwords must
be utilized.

Authorized users are forbidden from disclosing their login information to third parties and from
writing it down or otherwise keeping a record of it (Anon., 2008).

Authorized users are only permitted to access the network using tools provided by the
Organization, unless the information security officer grants them permission to do otherwise.

Remote connections must adhere to minimum authentication standards like CHAP or DLCI, which
must be ensured by authorized users.

Any remote computer linked to the organization's internal networks must be running antivirus
software with the most updated virus definitions, and authorized users are in charge of making sure
this is the case..

TASK 3 - IDENTIFY THE POTENTIAL IMPACT TO ITS SECURITY OF INCORRECT CONFIGURATION

OF FIREWALL POLICIES AND IDS (P3)
A. Firewall
1. Firewall Definition
An organization's security policies are monitored and applied to incoming and outgoing network traffic by a
firewall, a network security tool. At its most fundamental level, a firewall is the wall separating a private internal
network from the public Internet. A firewall's main objective is to let harmless traffic through while blocking
threats..

Figure 6: Firewall

Types of Firewalls:

+ Packet filtering: A tiny quantity of data is examined and delivered by the filter's requirements.
 + Proxy service: At the application layer, a network security system protects while filtering
communications.
+ Stateful inspection: Dynamic packet filtering keeps track of current connections to decide which network
packets to let through the Firewall.
+ Next-Generation Firewall (NGFW): Deep packet inspection Firewall with the application-level
inspection.
Firewall Policies:

There are hardware and software appliances that act as firewalls. A lot of hardware-based firewalls furthermore
offer extra services to the internal network they safeguard, like acting as a DHCP server. Several personal
computer operating systems include software-based firewalls to protect against attacks from the public Internet.
Firewall components are found in many routers that transmit data across networks, and many firewalls may
also carry out simple, everyday tasks..

Firewall Usage:
+ Prevents the Passage of Unwanted Content

There is no such thing as unpleasant or subpar stuff online. Such bad content can easily enter the system
without a strong firewall. Most operating systems will include firewalls that effectively shield users from
undesirable and hazardous internet information by the year 2020 (Pedamkar, 2020)..

+ Prevents Unauthorized Remote Access

Today's world is full of unethical hackers that are always striving to gain access to vulnerable systems.
Uninformed users are unaware of who has access to their computers.

To protect your data, transactions, and other sensitive information, you need a strong firewall. For
enterprises, private data and information leaks can lead to considerable loss and failure..

+ Prevents Indecent Content

 People have been exposed to immoral material thanks to the internet's extensive network, especially
teenagers and young people. The harmful nexus surrounding this information is expanding quickly.

Young minds can be harmed by exposure to obscene material of any type, which can result in odd
behaviors and immoral behavior..

+ Guarantees Security Based on Protocol and IP Address

Hardware firewalls work well for examining traffic patterns depending on a particular protocol. A record
of every activity associated with a connection is stored when it is established, aiding in system security.

A type of firewall called Network Address Translation (NAT) effectively defends computers against
assaults coming from outside their network. As a result, these machines' IP addresses are only reachable
within their network, making them autonomous and secure (Pedamkar, 2020).

+ Protects Seamless Operations in Enterprises

In today's corporate environment, enterprise software and systems have become increasingly crucial. Due
to decentralized distribution techniques and widespread data access, authorized stakeholders can use and
alter the data for efficient business operations.

Using credentials from any machine on the network, a user may log in to his system. Given the size of the
network and the volume of data.

+ Protects Conversations and Coordination Contents

Companies in the service sector are required to maintain constant contact with external clients. As part of
numerous efforts, they regularly exchange pertinent information with the internal teams and the customer
teams.

Since almost all of the content produced by these coordination efforts is confidential, it must be carefully
protected since no organization can afford the costs associated with such crucial information being
divulged..

+ Prevents Destructive Content from Online Videos and Games

 Various websites allow users to watch movies, and some even let them download games or films. Similar to
this, you may play and download games from a ton of websites. Few websites, with the exception of a few
well-known ones, promise access security. In addition, malicious software and viruses are typically
constantly trying to infect the user's computer. The system must include a firewall since it guards the user's
computer against virus attacks via online games or movies..

Advantages of Firewall:
+ Hackers and remote access are prevented by a firewall.
+ It safeguards information.
+ Enhanced security and network monitoring capabilities
+ It gives you more privacy and security.
+ Assist the VOIP phone's dependability.
+ It guards against trojans (Bradley, 2021).
+ Allow for more advanced network capabilities to be implemented.
+ An OS-based firewall can only protect single PCs, but a network-based firewall, such as a router, can protect
many systems.

2. How Does A Firewall Provide Security To A Network?

+ Firewalls control network traffic on a private network. Based on a set of rules, it decides which kinds of
traffic should be allowed or forbidden. Think of the firewall as a gatekeeper at the computer's entryway,
giving only reliable IP addresses or sources access to the network..
+ A firewall will only allow incoming traffic that has been configured to be accepted. It distinguishes between
valid and malicious traffic and approves or rejects certain data packets in accordance with predefined
security criteria..
+ These requirements are dependent on a variety of packet data elements, including the source, destination, and
content, among others. They block traffic from questionable sources to prevent cyberattacks.
 + For instance, the illustration below shows how a firewall allows great traffic to get through to a user's private
network..

The graphic below, for example, depicts how a firewall permits excellent traffic to flow through to a user'sprivate network

+ The firewall in the example below, on the other hand, prevents harmful traffic from accessing the private
network, safeguarding the user's network from a cyberattack (Bradley, 2021).
+ This is how a firewall may do quick analyses to find malware and other questionable behaviour.
+ At different network levels, several types of firewalls are used to read data packets.

Figure 7: Diagram How Firewall work

B. IDS
1. IDS Definition

An intrusion detection system (IDS) is a network traffic monitoring system that detects suspicious behaviour
and sends out notifications when it is found (Lutkevich, 2021).
 While an IDS's primary responsibilities are anomaly detection and reporting, certain intrusion detection
systems also have the ability to take action when malicious behavior or abnormal traffic are found, such as
blocking traffic from suspect IP addresses..

An intrusion prevention system (IPS), which, like an IDS, scans network packets for potentially dangerous
network activity, but concentrates on preventing attacks rather than identifying and documenting them, varies
from an intrusion detection system (IDS).

2. IDS Usage
+ Other security measures aimed at detecting, preventing, or recovering from attacks; keeping an eye on the
performance of routers, firewalls, key management servers, and files necessary for other security measures;
+ Enabling administrators to adjust, monitor, and comprehend pertinent OS audit trails and other logs that may
otherwise be difficult to follow or understand;
+ Giving a user-friendly interface so that non-expert staff members may assist with system security
management; having a sizable attack signature database against which information from the system may
be evaluated.;
+ The IDS creates an alarm and tells the user that security has been breached; attackers are stopped or the
server is blocked when it discovers that data files have been altered..

3. How Does IDS Work

Systems for detecting intrusions are used to spot network anomalies and apprehend hackers before they cause
significant harm. Both host-based and network-based IDSes are practicable. A network-based intrusion
detection system is present on the network, whereas a host-based intrusion detection system is present on the
client computer..

Figure 8: How IDS Work

 Systems that detect intrusions seek for indications of past intrusions or deviations from routine behavior. The
protocol and application layers are examined after moving these anomalies up the stack. They are able to
recognize events like DNS poisonings and Christmas tree scans.
An IDS can be set up as a network security device or as client-side software. There are currently solutions for
cloud-based intrusion detection to protect data and systems in cloud deployments (Lutkevich, 2021).

C. The Potential Impact (Threat-Risk) Of A Firewall And IDS If They Are Incorrectly Configured In A
Network
+ On the same network segment, such as an open/unencrypted wireless network, unencrypted HTTP connections
can be misused by an outsider, allowing anybody on the Internet to reach the firewall. Anti-spoofing
limitations are not activated on the external interface, which opens the door for denial of service and related
attacks. Rules exist without logging, which might be problematic for important systems and services.
+ Any protocol or service can be used to connect internal network segments, which might result in internal
security flaws and compliance violations, especially in PCI DSS cardholder data settings.
+ Anyone on the internal network is able to connect to the firewall via an unencrypted telnet connection. These
connections can be misused by an inside user if ARP poisoning is enabled by a tool like the free password
recovery program Cain & Abel (or malware).
+ Any type of TCP or UDP service has the potential to exit the network, resulting in the proliferation of malware
and spam as well as unauthorized use and policy violations.
+ There is no documentation for the regulations, which might raise security management issues, particularly if
firewall administrators abruptly depart the organization.
+ The default password(s) are used, resulting in every security risk imaginable, including responsibility concerns
when network events occur.
+ Due to its age and lack of support, firewall OS software is susceptible to known flaws including remote code
execution and denial of service attacks. Additionally, if a breach occurs and the system's age is made public,
it could not seem good in the eyes of outsiders..
 + Anyone on the Internet may access internal Microsoft SQL Server databases, which can lead to internal
database access, especially if SQL Server is configured using the default credentials (sa/password) or an
otherwise weak password.

TASK 4 - SHOW, USING AN EXAMPLE FOR EACH, HOW IMPLEMENTING A DMZ, STATIC IP AND
NAT IN A NETWORK CAN IMPROVE NETWORK SECURITY (P4)
A. DMZ
1. Definition

An organization's internal local-area network is shielded from unauthorized traffic by a perimeter network called
a DMZ Network. A common DMZ is a subnetwork that is situated in between private networks and the public
internet (Ohri, 2021).

Figure 9: DMZ

An enterprise can connect to untrusted networks like the internet via a DMZ while still retaining the security of
its private network or LAN. The Domain Name System (DNS), File Transfer Protocol (FTP), mail, proxy, Voice
over Internet Protocol (VoIP), and web servers are among the external-facing services and resources that are
frequently kept in the DMZ..

2. How Does DMZ Work

Any device with an internet connection takes the brunt of most attacks, posing the greatest risk. Businesses that
must allow external users to access their public servers are more at risk of attacks. An internal network and an
external network are separated by DMZs. All incoming traffic is screened by a firewall or security device before
reaching the organization's server when a DMZ is established between two firewalls..

Figure 10: How DMZ Work

If a trained bad guy breaks through the company's firewall and obtains unauthorized access to those systems before
they can perform any harmful activity or access the company's sensitive data, those systems will alert the host that
a breach has occurred (Ohri, 2021).

3. Advantages Of DMZ

Access control: Companies can use the open internet to provide customers with access to services outside the
bounds of their network. The DMZ permits network segmentation and access to certain services, making it more
challenging for an unauthorized user to get access to the private network. A DMZ may have a proxy server, which
centralizes internal traffic flow and streamlines monitoring and recording of that traffic..

A DMZ serves as a barrier between a private network and the internet, preventing attackers from performing
network reconnaissance in search of appropriate targets. A firewall adds an additional layer of protection by
preventing an attacker from seeing inside the internal network even while servers in the DMZ are accessible to
the general public..

Even if a DMZ system is compromised, the internal firewall protects the private network by separating it from the
DMZ, preventing external reconnaissance.
 Blocking IP spoofing: By spoofing an IP address and pretending to be a reputable device that has logged in to the
network, attackers attempt to get access to systems. A DMZ can identify and prevent such spoofing attempts while
another service verifies the IP address's legitimacy. In order to organize traffic and make public services accessible
outside of the private network, the DMZ also functions as a network segmentation zone..

4. Service of DMZ:
− Web servers
− Mail servers
− FTP servers
− DNS servers
− Proxy servers
− VoIP servers

5. The Importance Of Dmz Networks

+ The primary benefit of employing a DMZ is that it adds an extra layer of protection to an organization's
private network by restricting access to servers and critical data.
+ In the DMZ, we may set up a reverse proxy server. Clients on the internet will connect to a reverse proxy
server that holds no sensitive information.
+ The DMZ not only isolates and keeps possible target systems away from inside networks, but it also limits
and controls access to them (Ohri, 2021).
+ Users within an enterprise may still exchange and access material on the internet, while unauthorized users
outside of a network can still get crucial data from the network, thanks to DMZ.
+ Because a DMZ manages both external and internal traffic flow to and from a private network, hackers
are less likely to get direct access to the system.
+ The DMZ can also be used to respond to security concerns posed by IoT devices, OT systems, and other
similar systems.

B. Static IP
1. Definition
 A static IP address is a 32-bit number that is issued to a computer to use as an internet address. An internet service
provider will usually supply this number in the form of a dotted quad (ISP).

Figure 11: Static IP

When a device connects to the internet, its IP address (internet protocol address) acts as a special identification.
Just as people use phone numbers to locate and speak with one another on the phone, computers use IP addresses
to locate and connect with one another on the internet. An IP address can give information about the hosting
company as well as location information. In Gillis's 2020.

2. How static IP addresses work

If a person or organization needs a static IP address, they must first get in touch with their ISP and ask them to
provide their device—such as a router—a static IP address because the majority of ISP providers don't offer them
by default. After the device has been configured with a new and permanent IP address, they must restart it.
Computers and other devices behind the router will share the same IP address. There is no need for additional
maintenance because the IP address never changes.
However, getting one will usually cost money because there are a certain number of static IP addresses available.
This issue has a remedy with IPv6. Static IP addresses are now more simpler to acquire and maintain because to
IPv6's extension of IP addresses from 32 bits to 128 bits (16 bytes), which greatly increases the number of available
IP addresses. Currently, IPv4 and IPv6 are both in use, with IPv4 still accounting for the majority of internet
traffic.
IPv6 allows for a whopping 340 undecillion potential unique IP addresses. In other words, there are 340 trillion,
trillion, trillion distinct IP addresses that may now be issued, or 340 followed by 36 zeros. This increase in IP
addresses allows for major future internet development and allays worries about a network address scarcity in the
future.
3. Advantages of Static IP
− There may be a single address that never changes for companies that utilize IP addresses for mail, FTP, and
web servers.
− For hosting voice over IP, VPNs, and gaming, static IP addresses are preferable.
− They can be more reliable in the event of a connectivity outage, ensuring that packet exchanges are not missed.
− They enable speedier file uploads and downloads on file servers.
− With a static IP, any geolocation services will have an easier time figuring out where a device is..
− For remote access to a computer, static IPs are preferable.
− A device with a static IP address does not need to make renewal requests.
− Network administrators may find it simpler to operate servers with static IP addresses..
− Additionally, managers may easily monitor internet traffic and offer people access based on their IP
addresses..

C. NAT
1. Definition

Network Address Translation (NAT) is a process that converts one or more local IP addresses into one or more
global IP addresses and vice versa in order to provide Internet connection to local hosts. In the packet that will be
sent to the destination, it also performs port number translation, masking the host's port number with a different
port number. The appropriate IP address and port number entries are then added to the NAT table. NAT is often
performed via a router or firewall. 2019 (Vaughan-Nichols)

Figure 12: NAT

2. How Does NAT Work
Generally, the border router is configured for NAT i.e the router which has one interface in the local (inside)
network and one interface in the global (outside) network. When a packet traverse outside the local (inside)

Figure 13: NAT Working

network, then NAT converts that local (private) IP address to a global (public) IP address. When a packet enters
the local network, the global (public) IP address is converted to a local (private) IP address.

If NAT runs out of addresses, i.e., no address is left in the pool configured then the packets will be dropped and
an Internet Control Message Protocol (ICMP) host unreachable packet to the destination is sent.

3. Types of NAT
+ Static NAT
This NAT chooses the same local address when it is transformed into a public one. This indicates that the
router or NAT device will have a constant public IP address.

+ Dynamic NAT
Instead of always utilizing the same IP address, this NAT employs a pool of public IP addresses. The router
or NAT device thus obtains a different address each time it transforms a local address to a public address
(Vaughan-Nichols, 2019).

+ PAT
 PAT stands for port address translation. Although it ties a collection of local IP addresses to a single public
IP address, it is a form of dynamic NAT. Organizations use PATs to route all employee activity through a
single IP address, typically under the supervision of a network administrator..

4. NAT security
NAT might be beneficial for security and privacy. NAT switches data packets from public to private addresses to
block outside access to the private device. Unwanted data has a harder time getting through since the router
arranges the data to make sure it is routed to the right place. Although it isn't flawless, it typically serves as your
device's first line of defense. A NAT firewall alone won't be enough for a corporation to safeguard its data; it also
has to hire a cybersecurity specialist..

D. DISCUSS THREE BENEFITS TO IMPLEMENT NETWORK MONITORING SYSTEMS WITH

SUPPORTING REASONS (M2)
Top three benefits of implementing network monitoring systems:
1) Identify security threats:
Every firm is particularly concerned about preventing cybercrime. As assaults become increasingly
sophisticated and challenging to track, it is essential to identify and mitigate any kind of network hazard
before it becomes worse.
Without network insights, dealing with persistent security threats on a regular basis might take an IT team
a very long time. The following is required in order to maintain IT network security:
 Security fixes are updated on a regular basis.
 On all individual workloads, standardized security settings are maintained.
Consequently, network monitoring will assist an IT team in better protecting a company's data and
infrastructure.
2) Manage Client Network Usage with Confidence:
This is because many businesses allow office staff and other employees to access the internet as part of
their regular duties. Unfortunately, it won't be possible to spot employees who are abusing the system or
exploiting private information for their own advantage without network surveillance of client networks.
Furthermore, few methods offer the kind of user-friendly interface that network monitoring does if our
clients depend on us for data backup and integrity. Although IT professionals may be able to create
different methods of network monitoring, everyone will be much more productive if network monitoring
tools are put into place..
3) Benchmark standard performance:
IT outages can result from a variety of factors.
 Errors made by humans
 Changes to the network that are incompatible
 Technology's ever-increasing complexity
More often than we'd like, organizations are only aware of network performance when it noticeably
deviates from the norm, and they only respond when it starts to affect business output (Luminet, 2016).

This is because network monitoring tools provide us the knowledge to assess regular performance and
the foresight to find any outliers, enabling us to identify issues early. Effective network monitoring
enables IT professionals to identify potential issues before they become serious issues that result in system
outages and repair them.
 CONCLUSION

This paper covers the risks and remedies, as well as a variety of tools that can help individuals
and organizations get betterto protect their data when online. List security breaches to help
users understand what has happened in the past and howto avoid danger and safeguard data
if one has occurred. There are risks, but there are also benefits to consider for the consumer.
As a result, the analysis shows that the benefits of such apps have been and continue to be
positively evaluated,allowing consumers to select the best software for their needs.
References
Anon., 2008. [Organization] Information Security Procedures , s.l.: s.n.
Bradley, T., 2021. What Is a Firewall and How Does a Firewall Work?. [Online]
Available at: https://www.lifewire.com/what-is-a-firewall-2487290

Cassetto, O., 2019. Security Breaches: What You Need to Know. [Online]
Available at: https://www.exabeam.com/dlp/security-breach/

Contributor, S., 2020. What is a Data Breach? Ultimate Guide to Cyber Security Breaches. [Online]
Available at: https://www.dnsstuff.com/data-breach-101

Dobran, B., 2019. Information Security Risk Management: Build a Strong Program. [Online]
Available at: https://phoenixnap.com/blog/information-security-risk-management

garg, r., 2021. Threats to Information Security. [Online]

Available at: https://www.geeksforgeeks.org/threats-to-information-security/

Gillis, A. S., 2020. static IP address. [Online]

Available at: https://whatis.techtarget.com/definition/static-IP-address

Luminet, 2016. Network Monitoring. [Online]

Available at: https://luminet.co.uk/top-5-benefits-network-monitoring/

Lutkevich, B., 2021. intrusion detection system (IDS). [Online]

Available at: https://www.techtarget.com/searchsecurity/definition/intrusion-detection-system

Lutkevich, B., n.d. intrusion detection system (IDS). [Online]

Available at: https://www.techtarget.com/searchsecurity/definition/intrusion-detection-system

Michael Hill and Dan Swinhoe, 2021. The 15 biggest data breaches of the 21st century, s.l.: s.n.

Ohri, A., 2021. What Is DMZ Network. [Online]

Available at: https://www.jigsawacademy.com/blogs/cyber-security/what-is-dmz

Patterson, D., 2018. The Importance of Policies and Procedures, s.l.: s.n.

Pedamkar, P., 2020. Firewall Uses. [Online]

Available at: https://www.educba.com/firewall-uses/

RSI, 2021. TYPES OF SECURITY THREATS TO ORGANIZATIONS. [Online]

Available at: https://blog.rsisecurity.com/types-of-security-threats-to-organizations/

Vaughan-Nichols, S. J., 2019. Static vs. Dynamic IP Addresses. [Online]

Available at: https://www.avast.com/c-static-vs-dynamic-ip-addresses
Zola, A., 2019. A Guide to Data Breach Best Practices. [Online]
Available at: https://www.business2community.com/cybersecurity/how-to-protect-a-small-business-from-a-data-breach-a-
guide-to-data-breach-best-practices-02244829