Professional Documents
Culture Documents
Student’s name
List which assessment Pass Merit Distinction
criteria the Assessor has
awarded.
INTERNAL VERIFIER CHECKLIST
• Constructive?
Y/N
• Linked to relevant assessment
criteria? Y/N
Give details:
Date Received
Submission Date 1st submission
Date Received 2nd
Re-submission Date submission
Assessor Feedback:
Pearson
Higher Nationals in
Computing
Unit 5 : Security
1. A Cover page or title page – You should always attach a title page to your assignment. Use previous page as
your cover sheet and make sure all the details are accurately filled.
2. Attach this brief as the first section of your assignment.
3. All the assignments should be prepared using a word processing software.
4. All the assignments should be printed on A4 sized papers. Use single side printing.
5. Allow 1” for top, bottom , right margins and 1.25” for the left margin of each page.
1. The font size should be 12 point, and should be in the style of Time New Roman.
2. Use 1.5 line spacing. Left justify all paragraphs.
3. Ensure that all the headings are consistent in terms of the font size and font style.
4. Use footer function in the word processor to insert Your Name, Subject, Assignment No, and Page Number
on each page. This is useful if individual sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to help editing your assignment.
Important Points:
1. It is strictly prohibited to use textboxes to add texts in the assignments, except for the compulsory
information. eg: Figures, tables of comparison etc. Adding text boxes in the body except for the before
mentioned compulsory information will result in rejection of your work.
2. Carefully check the hand in date and the instructions given in the assignment. Late submissions will not be
accepted.
3. Ensure that you give yourself enough time to complete the assignment by the due date.
4. Excuses of any nature will not be accepted for failure to hand in the work on time.
5. You must take responsibility for managing your own time effectively.
6. If you are unable to hand in your assignment on time and have valid reasons such as illness, you may apply
(in writing) for an extension.
7. Failure to achieve at least PASS criteria will result in a REFERRAL grade .
8. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will then be asked
to complete an alternative assignment.
9. If you use other people’s work or ideas in your assignment, reference them properly using HARVARD
referencing system to avoid plagiarism. You have to provide both in-text citation and a reference list.
10. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be reduced to A
REFERRAL or at worst you could be expelled from the course
I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as my own
without attributing the sources in the correct way. I further understand what it means to copy another’s work.
Unit Tutor
Issue Date
Submission Date
Submission Format:
The submission should be in the form of an individual written report written in a concise, formal business style
using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as
appropriate, and all work must be supported with research and referenced using Harvard referencing system.
Please provide in- text citation and an end list of references using Harvard referencing system.
Section 4.2 of the assignment required to do a 15 minutes presentation to illustrate the answers.
Scenario
‘EMC Cyber’ is a reputed cyber security company based in Colombo Sri Lanka that is delivering
security products and services across the entire information technology infrastructure. The company
has a number of clients both in Sri Lanka and abroad, which includes some of the top-level companies
of the world serving in multitude of industries. The company develops cyber security software
including firewalls, anti-virus, intrusion detection and protection, and endpoint security. EMC Cyber is
tasked with protecting companies’ networks, clouds, web applications and emails. They also offer
advanced threat protection, secure unified access, and endpoint security. Further they also play the
role of consulting clients on security threats and how to solve them. Additionally the company follows
different risk management standards depending on the company, with the ISO 31000 being the most
prominent.
One of the clients of EMC Cyber, Lockhead Aerospace manufacturing which is a reputed aircraft
manufacturer based in the US, has tasked the company to investigate the security implications of
developing IOT based automation applications in their manufacturing process. The client has
requested EMC to further audit security risks of implementing web based IOT applications in their
manufacturing process and to propose solutions. Further, Lockhead uses ISO standards and has
instructed EMC to use the ISO risk management standards when proposing the solution.
The director of the company understands such a system would be the target for cyber-attacks. As you
are following a BTEC course which includes a unit in security, the director has asked you to investigate
and report on potential cyber security threats to their web site, applications and infrastructure. After
the investigation you need to plan a solution and how to implement it according standard software
engineering principles.
Assuming the role of External Security Analyst, you need to compile a report focusing on following
elements to the board of EMC Cyber’;
1.1 Identify the CIA Triad concept and evaluate why and how the CIA Triad could be utilize to EMC
Cyber in order to improve the organization’s security.
1.2 Identify types of security risks EMC Cyber is subject to its present setup and the impact that they
would make on the business itself. Evaluate at least three physical and virtual security risks identified
and suggest the security measures that can be implemented in order to improve the organization’s
security.
1.3 Develop and describe security procedures for EMC Cyber to minimize the impact of issues
discussed in section (1.1) by assessing and rectifying the risks.
Activity 02
2.1 Identify how EMC Cyber and its clients will be impacted by improper/ incorrect configurations
that are applicable to firewalls and VPN solutions. IT security can include a network monitoring
system. Discuss how EMC cyber can benefit by implementing a network monitoring system with
supporting reasons.
2.2 Explain how the following technologies would benefit EMC Cyber and its Clients by facilitating a
‘trusted network’. (Support your answer with suitable examples).
i) DMZ
ii) Static IP
iii)NAT
2.3 Identify and evaluate the tools that can be utilized by EMC cyber to improve the network and
10
Activity 03
3.1 Discuss suitable risk assessment integrated enterprise risk management procedures for EMC
Cyber solutions and the impact an IT security audit will have on safeguarding organization and its
clients. Furthermore, your discussion should include how IT security can be aligned with an
organizational IT policy and how misalignment of such a policy can impact on organization’s security.
(This can include one or more of the following: network change management, audit control, business
continuance/disaster recovery plans, potential loss of data/business, intellectual property, Data
Protection Act; Computer Misuse Act; ISO 31000 standards.)
3.2 Explain the mandatory data protection laws and procedures which will be applied to data storage
solutions provided by EMC Cyber. You should also summarize ISO 31000 risk management
methodology.
Activity 04
4.1 Design an organizational security policy for EMC Cyber to minimize exploitations and misuses
while evaluating the suitability of the tools used in an organizational policy.
4.2 Develop and present a disaster recovery plan for EMC Cyber according to the ISO/IEC 17799:2005
or similar standard which should include the main components of an organizational disaster recovery
plan with justifications. Discuss how critical the roles of the stakeholders in the organization to
successfully implement the security policy and the disaster recovery plan you recommended as a part
11
(Students should produce a 15 minutes PowerPoint presentation which illustrates the answer for
this section including justifications and reason for decisions and options used).
12
13
14
Contents
Activity 1......................................................................................................................................................
15
Activity 1
1.1 How CIA Triad could be used in EMC Cyber
What is the CIA Triad
The CIA triad, which is frequently referred to as availability, confidentiality, and integrity, is in fact a
concept developed to guide security procedures inside a company. This paradigm is frequently
16
triad of confidentiality. Three of the most fundamental and important cybersecurity components
make up the CIA triad.
Throughout this case, the terms "availability" and "confidentiality" relate to systems of rules that
limit access to data and the assurance that data will be available for use by those who are
authorized.
Confidentiality
This principle emphasizes the need to prevent unauthorized access to private, sensitive information.
Financial information, business plans, personally identifiable information (PII), such as a Social
Security Number (SSN) or date of birth, password-protected records, email records, payment
information (including credit/debit card information), and protected health information are just a
few examples.
Data must be separated based on how important it is to your organization and access rights must be
set limits in order to ensure the confidentiality of particular sorts of information. A proactive
approach to restricting access by unauthorized people may also be necessary.
The following techniques are used to manage data confidentiality: access control lists, role-based
access control (RBAC), volume/file encryption, file permissions, encryption of data in process, in
transit, and in storage.
Access control lists, role-based access control (RBAC), volume/file encryption, file permissions,
encryption of data in process, in transit, and in storage, remote wipe capabilities, education and
training for all people with access to protected data are some of the techniques used to manage
data confidentiality.
Integrity
This part of the CIA trinity makes sure the information is accurate, real, and trustworthy. In other
words, it guarantees that the data is trustworthy and hasn't been tampered with. Regardless of
whether the data is stored in a laptop, storage device, data center, or the cloud, it must be
safeguarded while it is in use, during transit, and when it is stored.
17
Through encryption, hashing, digital signatures, digital certificates, intrusion detection systems,
auditing, version control, authentication, and access controls, data integrity can be maintained.
Availability
This concept guarantees that systems, applications, and data are readily available and reachable by
authorized users at the appropriate time. To guarantee that crucial business processes continue
without interruption, networks, systems, and applications must be continuously available.
Human error, hardware failure, software failure, network failure, power outages, natural disasters,
and cyberattacks can all affect how accessible your data systems are.
Redundancy (in servers, networks, applications, and services), fault tolerance (in hardware), regular
software patches and system upgrades, keeping backups and backup copies, and disaster recovery
are some of the techniques used to ensure data and application availability.
The primary framework for creating security systems and guidelines for organizations is the CIA
triad. As a result, the CIA trinity is essential to protecting your data from evolving cyberthreats. An
organization is said to have failed in properly adopting one or more of these principles if a security
incident—such as data theft or a security breach—occurs. The CIA trinity is essential to information
security because it improves security posture, assists enterprises in maintaining compliance with
complicated requirements, and guarantees business continuity.
This "triad" model, which integrates all three components, could help guide how EMC develops data
protection. When assessing the needs for potential new products and innovations, such as their new
project with Lockheed Aerospace production, this trio can help EMC by offering specific questions
about how the benefit is achieved in some of those three essential areas.
To protect the secrecy of the information, specialized preparation may be necessary for people who
have access to secret materials. Training that increases employees’ awareness of danger signs and
how to avoid them is advantageous to qualified personnel. To prevent users from violating data
management standards with good intentions but potentially disastrous results, training sessions may
18
A great example of a tactic used to safeguard confidentiality is asking for bank account information
or credit card information when conducting online banking. Cryptography is a well-liked method for
keeping information secret. Although the use of login names and passwords is traditional, two-factor
authentication (2FA) is becoming more and more common.
Additional options include key security devices, soft tokens, and biometric authentication tokens.
Customers can also take security precautions to minimize the areas where the results are shown and
the number of times it is moved around to complete a required operation. Extremely sensitive
content may only be kept in physical copies or on space machines, unconnected memory sticks, or
other forms of protection, depending on how confidential the documents are.
These defenses include system files and user account limitations. System configuration can be used
to prevent authorized users from committing errors or unintentionally removing items.
Companies must also set up a system for detecting information changes that may result from non-
human events like electromagnetic pulses (EMPs) or system failures.
To ensure the accuracy of the data, checksums, particularly digital checksums, could be used.
To restore the affected data to its original state, duplicates and redundancies must be available.
Electronic signatures can also offer strong non-repudiation measures, making it impossible to
contest evidence of authentications, communications transferred, document management reads,
and electronic information dissemination.
The best way to achieve this is to keep all equipment in excellent working order, make any necessary
repairs as soon as they arise, and maintain a conflict-free, efficient operating system (OS)
environment. Additionally, keeping up with any necessary software upgrades is crucial. Avoiding
congestion and having enough transmission capacity are both essential strategies. Replication,
19
Quick but flexible contingency planning is essential for the worst-case scenarios; however, this
capability depends on the presence of a comprehensive DR strategy. It is important to include
unanticipated events like wildfires and ecological catastrophes in the protection against information
leaks or connectivity problems. To prevent information loss in the event of certain events, a
duplicate can be kept in a remote location, perhaps even inside a watertight, fireproof safe. Proxy
servers and security systems, for instance, are enhanced security tools or programs that can protect
against malicious DoS attacks, unauthorized network intrusions, and missing or unavailable data.
Physical threats include a subset of physical attacks. Attack denotes the presence of an attacker and
his desire to harm or cause damage.
Some instances:
A Virtual attack is an attempt to take control of computers, steal data, or use a computer system that
has been compromised to launch other attacks. Malware, phishing, ransomware, man-in-the-middle
attacks, and other tactics are used by cybercriminals to launch cyberattacks.
20
However, there are still problems with the current system that delay the staff's ability to quickly
receive these alert messages and make preparations.
Social Engineering
Manipulation of employees is the cornerstone of social engineering strategies. Hackers
frequently imitate others using information that con artists have amassed. One of the most
common forms of social engineering is the "coffee trick"—screening an office door while holding
a cup of coffee in each hand.
Tailgating
Tailgating is the practice of accompanying an assignee into a secure area when they have not
been invited to do so. Tailgating is the practice of having multiple people pass through the doors
at once while only the person in front of you needs to present an ID card or magnetic card. It is
simple for outsiders to enter because people simply follow visitors after them.
Purchasing office doors that can withstand a break-in is a smart move if you want to move to a
new place of business. Installations may be expensive but are worthwhile if a business decides
not to be monitored once people leave the current facility.
Documental Theft
Confidential documents can easily vanish and wind up in the wrong hands.
If they aren't removed from the workplace, visitors may occasionally disclose information that
the company would prefer someone not specifically see.
Implementing a clean space policy is one of the best ways to ensure that your employees' papers
are kept securely. Make sure that any personal documents the staff members have that are no
longer needed are destroyed. When there is a clear workstation policy in place, important
information is less likely to be left in dangerous places.
File Sharing
Sharing private information through folder applications makes it more likely that it will be
intercepted or used improperly. The loss of crucial corporate data can lead to security incidents
such as data leaks, information theft, and malware attacks, to name a few.
Phishing Attacks
21
Phishing attacks have become significantly more sophisticated in recent years. Phishing attacks
can be technologically thwarted, though.
A security procedure is a predetermined flow of steps that must be taken in order to carry out a
particular security task or function. In order to achieve a goal, procedures are typically composed of
a series of steps that must be carried out repeatedly and consistently. Security procedures offer a set
of established actions for managing the organization's security affairs once they are put into place,
which will aid in training, process auditing, and process improvement. In order to implement the
consistency required to reduce variation in security processes and increase control of security within
22
Natural Disaster
In the event of bad weather, businesses must have both business continuity and recovery plans.
Advanced indicators may be used by some solutions to identify such events, alert businesses, and
efficiently connect with staff members to carry out preexisting emergency rescue plans. To protect
their employees, businesses may make advance preparations for disasters.
Social Engineering
Conducting a thorough physical security risk evaluation is the first step. The majority of risks
associated with social engineering cannot be easily avoided. It is crucial to inform the staff of the
risks associated with social engineering so that they are vigilant for any unusual activity or contacts.
Tailgating
Staff members must be urged to inform security personnel of any frequency they observe. Offering
business security training programs is yet another way to reduce monitoring.
A strict physical security protocol must be put in place, including not leaving doors open to visitors,
to increase staff knowledge.
File Exchange
In order to prevent document theft, access control must be implemented, and unauthorized people
must be prevented from entering the business.
Phishing Attacks
By using a strong email security gateway, phishing emails can be stopped before they reach the
inboxes of company employees. Cloud-based email security providers like IRONSCALES may protect
the business.
Anything that could jeopardize the availability, confidentiality, or integrity of sensitive data.
This could involve threats to physical records, digital assets, servers, and systems, as well as
incidents involving the loss, theft, or temporary inaccessibility of information.
Although that is a good general summary, the reality is more complex than that, and complexity is
crucial if you want to adequately address information security risks.
The adverse consequences that result from a threat to the confidentiality, integrity, or availability of
information are a more accurate definition of information security risk.
23
Vulnerability
An exploitable flaw known as a vulnerability can be used to compromise or harm sensitive data
These frequently involve software bugs and how malicious hackers can use them to perform
functions they weren't designed for. Inherent human flaws like our susceptibility to phishing scams
or the likelihood that we'll misplace a sensitive file are also examples of physical vulnerabilities.
In a nutshell, vulnerabilities are the ways in which data security can be undermined.
Threat
When an actor takes advantage of or is a victim of a vulnerability, a threat occurs. In light of the
aforementioned examples, threats could consist of a hacker using a software bug to his or her
advantage or a fake email to trick a worker.
Threats are, in other words, the behaviors that lead to the compromise of information.
Information security risks are the results of a threat using a vulnerability, which you reach at the
end.
When a hacker preys on an employee, there is a chance that they will gain access to the employee's
work account and steal private data. This may lead to monetary losses, privacy invasion, harm to
one's reputation, and regulatory action.
Activity 2
2.1 What is a Firewall?
It serves as a network security device. It keeps track of incoming and outgoing network traffic to
decide whether to permit or block data packets in accordance with its security policies.
Its goal is to establish a barrier between traffic coming into your internal network and traffic coming
from outside sources, such as the rest of the internet. This prevents traffic from hackers, viruses, and
other bad actors.
In order to shield your network from attacks, there are pre-set rules to analyze and filter traffic,
rerouting data that originates from dubious or unsecure sources.
Hackers who use brute force techniques to try hundreds of username and password
combinations in an effort to find your login information.
24
Types of Firewalls
Software Firewall
This kind of firewall is a computer program that you install. It will control traffic through ports and
applications to manage users, create logs, and block applications, among other functions.
Hardware Firewall
Between the gateway and your network is actual hardware that serves as this type of physical
firewall. A hardware firewall is something like your router, though there are more specialized
devices for more extensive uses.
Packet-filtering firewalls examine packets (specifically the designation and source IP addresses) and
prevent packets from passing through if the packets don't match the pre-set rules. Therefore, in
order to protect you, your computer won't load a website that has been reported to be malicious.
Even though next-generation firewalls (which we'll discuss next) are more effective, this type of
firewall is still not the most popular. Because the firewall only scans the request itself and not its
contents, it can very well allow a malicious request from a source it trusts to pass through, limiting
the protection provided.
Use a different, more sophisticated type of firewall in addition to your current packet-filtering
firewall, at the very least. However, if you're using a more recent firewall, you probably won't need
to do this since it should already come with this kind of security.
25
Proxy Firewalls
A proxy firewall serves as a bridge between end systems, filtering traffic at the application level. The
firewall receives a request from the client, which is then evaluated in light of the security policies
and either approved or rejected. The most common use of proxy firewalls is to track traffic for layer
protocols (FTP and HTTP, for example).
Contrary to packet-filtering firewalls, which are sometimes referred to as "stateless," this technology
maintains state. The fact that stateful firewalls store and analyze so much more packet data makes
them more demanding on your device.
What is a VPN
Virtual private networks, or VPNs, are among the best tools for protecting your online privacy. When
you browse, shop, or conduct online banking, a VPN encrypts your connection and keeps you
anonymous.
Microsoft created the virtual private network for the first time in 1996 so that remote workers could
safely access the company's internal network. Once it doubled business productivity, other
businesses started implementing the strategy. Corporate VPNs that enable remote work are now a
common sight in the world of business.
Then, developers understood that the average person could use this safe "tunnel" to safely connect
to the world wide web, the largest network on the planet. In the consumer sector, VPNs are now the
pillar of online privacy.
A VPN first routes your traffic through a VPN server before sending your internet traffic—such as
your online searches, uploads, and downloads—directly to your Internet Service Provider (ISP). In
this manner, your data appears to have originated from the VPN server and not your personal device
when it is finally transmitted to the internet.
26
How EMC Cyber Will Benefit from installing a network monitoring system and How
EMC Cyber and its clients will be impacted by improper configuration.
Organizations must have a secure network infrastructure, which necessitates monitoring router,
switch, and other network device activity closely. Threats to your perimeter security, such as
unauthorized configuration changes, suspicious logon attempts, and scanning threats, must be able
to be quickly identified and investigated. For instance, if you don't promptly identify improper
changes to the configurations of your network device, your network will be open to intrusion and
even takeover by attackers.
Network Visibility
Users must be able to monitor every component of the network. which includes all of the network's
connected devices and all traffic patterns. It is the best method for keeping an eye on the network's
health and identifying performance gaps.
Simply maintaining the network's count of anything could be challenging. As part of network
monitoring, sophisticated network modeling solutions can give users an in-depth view of some of
the most complex environments.
Upholding Compliance
Businesses that need to maintain compliance must have access to the appropriate network
monitoring technologies. To comply with PCI DSS, HIPAA, FISMA, SOX, and other regulations,
network monitoring is necessary in addition to almost any distributed monitoring safeguards.
Prevent Downtime
Production is killed by costly downtime. The most recent survey found that 40% of business
organizations believed disruption could cost them between $1 million and $5 million per hour.
By monitoring, unplanned outages can be prevented. A key element of the system monitoring
systems is the detection of warning signs that could indicate a hardware failure or networking issue.
That helps troubleshoot issues and keeps businesses from experiencing interruptions.
Performance measurement gives IT teams the ability to increase efficiency for much more
productive operations in addition to preventing disruption.
27
Reduced Mean Time to Repair (MTTR) allows the IT staff to focus on other issues, which lessens the
impact of downtime or subpar network performance.
Network monitoring's primary objective is to monitor system stability, but it can also be used to
uncover potential risks that are concealed. By routinely looking out for odd or suspicious behavior, it
might be able to spot even the smallest dangers before they grow to be the biggest ones.
For instance, ransomware or viruses might not be immediately apparent, but the network
monitoring system may spot strange behaviors like dubious use of network resources. The initiative-
taking detection of security risks like DDoS attacks or unauthorized downloads is also conceivable.
When a company's bandwidth is overloaded, users have irate employees and customers. So can
monitor bandwidth usage to determine when things start to slow down. When bandwidth usage
reaches critical levels, one will be alerted so they can adjust any quality of service (QoS) protocols
and take other performance-improving actions.
Capacity Management
Furthermore, user demands are constantly shifting. As a result, it might be difficult to predict how
and where customers will use networking resources in the future. As demand increases, it is
essential to make plans for additional equipment and the capacity to meet this requirement.
2.2 How implementing a ‘trusted network’ will benefit EMC Cyber and its Clients
DMZs
A demilitarized zone (DMZ) is a physical or logical subnet in computer networks that isolates a local
area network (LAN) from other untrusted networks, typically the public internet. Perimeter networks
and screened subnetworks are other names for DMZs.
Any service offered to internet users should be situated in the DMZ network. There are typically
servers, resources, and services that are accessible from the outside. Web, email, domain names,
File Transfer Protocol, and proxy servers are some of the most popular of these services.
The rest of the internal LAN cannot be reached, but servers and resources in the DMZ are reachable
from the internet. This method increases the LAN's security by preventing hackers from accessing
internal servers and data from the internet directly.
28
Network segmentation on the level provided by DMZs aids in the defense of internal corporate
networks. By limiting remote access to internal servers and resources, these subnetworks make it
more difficult for intruders to access the internal network. This tactic works well for both small and
large businesses.
A DMZ is used by businesses to isolate internet-facing servers and applications from the internal
network. These resources are isolated by the DMZ, making it less likely that an attack will expose
them to harm, loss, or damage.
DMZs serve as a buffer zone between the private network and the public internet. Between two
firewalls is where the DMZ subnet is installed. Before reaching the servers housed in the DMZ, all
incoming network packets are then screened using a firewall or another security appliance.
Threat actors who are better prepared must first get past the first firewall in order to access the
DMZ services without authorization. These systems are probably fortified against such assaults.
Finally, even if well-funded threat actors manage to take control of a system located in the DMZ,
they will first need to get past the internal firewall in order to access sensitive enterprise resources.
Even the most secure DMZ architecture can be breached by determined attackers. But when a DMZ
is attacked, alarms go off, giving security experts enough time to stop a full intrusion into their
organization.
The main advantage of a DMZ is that it keeps a barrier between users of the public internet and the
private internal network while providing them access to some secure services. This buffer offers
several security advantages, including the following:
Access Control
Services accessed from the internet but located outside of an organization's network perimeters are
controlled by a DMZ network. The amount of network segmentation that is simultaneously added
raises the barriers a user must overcome in order to access a company's private network. Some DMZ
configurations include a proxy server, which centralizes internal internet traffic (typically employee
traffic) and makes recording and monitoring that traffic easier.
29
For nearly as long as firewalls have been in use, DMZ networks have played a significant role in
enterprise network security. They are used for similar purposes: to safeguard delicate organizational
resources and systems. The following are frequent applications for DMZ networks:
Reduce and manage external users' access to potential target systems by isolating and keeping them
apart from internal networks, hosting corporate resources so that some of them are accessible to
authorized external users, and so on.
Enterprises have more recently chosen to use virtual machines or containers to isolate particular
applications or portions of the network from the rest of the corporate environment. Many
businesses no longer need to have internal web servers thanks to cloud computing. most of the
infrastructure that faces the outside once located in the enterprise DMZ has migrated to the cloud,
such as software-as-a service apps.
Static IP
A computer's static IP address is a 32-bit number that serves as its internet address. Usually, an
internet service provider will provide this number, which looks like a dotted quad (ISP).
As an illustration, when a user tries to access WhatIs.com, their computer queries a domain name
system (DNS) server, which is comparable to a telephone information operator, for the right dotted
quad number. An IP address is required to uniquely identify a device with a network protocol, and
the DNS maps the domain name to the IP address. Your computer uses the response it receives to
connect to the WhatIs.com server in this scenario. The DNS server links the quad number, which is
similar to a phone number.
30
If a person or organization wants a static IP address, they must first call their ISP and ask them to
give their device — such as a router, for example — a static IP address. Static IP addresses are not
typically provided by most ISP companies by default. They will need to restart their device once it is
configured with a new, permanent IP address. The same IP address will be used by computers and
other hardware behind the router. Once the IP address is set up, it doesn't need to be managed
because it stays the same.
However, there is a cap on the number of static IP addresses that can be requested, so doing so
frequently results in a fee. To circumvent this problem, consider using IPv6. Since there are many
more IP addresses available thanks to IPv6's lengthening of IP addresses from 32 bits to 128 bits (16
bytes), static IP addresses are now simpler and less expensive to acquire and maintain. Although a
sizable portion of internet traffic still uses IPv4, IPv6 is increasingly being used, so both are still in use
today.
Up to 340 undecillion different IP addresses can be used with IPv6. To put that into perspective,
there are currently 340 trillion, trillion, trillion unique IP addresses that can be assigned, which is 340
followed by a total of 36 zeros. This increase in the total number of IP addresses enables significant
future expansion of the internet and alleviates what was anticipated to be a future shortage of
network addresses.
Businesses can have a single, static address if they use IP addresses for mail, FTP, and
web servers.
Games, VPNs, and voice over IP services should all be hosted on static IP addresses
In the event of a connectivity outage, they may be more stable, preventing the loss of
packet exchanges.
They enable faster file uploads and downloads on file servers.
Any geolocation service will find it simpler to access a device's location if it has a static
IP.
For remote access to a computer, static IPs work better.
It is not necessary for a device with a static IP address to send renewal requests.
When servers are running, network administrators may find it easier to maintain static
IP addresses.
And tracking internet traffic is simpler for administrators, assigning access to users
based on their IP addresses.
31
NAT
A single IP address space can be transformed into a global one using the NAT (Network Address
Translation) process. This functions with a firewall or router that connects two networks. With the
aid of a single public address, we are able to connect numerous network address translations into an
intranet. The main purpose of this method's introduction is to avoid address space exhaustion.
Because they wanted multiple devices to share a single IP address, many organizations used NAT. It
addresses translation and doubles the security of its features in networking systems. We will benefit
from it in some situations, while others won't.
Benefits of a NAT
32
Automated maps that visualize network traffic patterns are supported by NPM, allowing you to find
performance metrics and potential problems. NPM is able to produce intelligent maps of intricate IT
infrastructures utilizing Cisco ACI, Microsoft Azure, and Nexus systems.
When using NPM as your network monitor, you can enable customizable alerts, allowing you to
produce alerts based on general or specific trigger conditions. These alerts are intended to keep the
appropriate team members informed of important network metrics, reducing the amount of time
needed for problem diagnosis and repair. For deeper discoveries, reports can also be produced.
With SolarWinds NPM, you can more quickly identify and treat serious network problems and
implement smarter management.
ManageEngine OpManager
ManageEngine OpManager is made to keep track of network devices, gather important performance
metrics, and then find important trends and patterns in network performance. This information
might consist of errors, discards, CPU and memory storage, DB count, and disk utilization.
OpManager supports SNMP monitoring and can receive syslogs, traps, and additional network data.
OpManager is designed to automatically identify network devices and then logically and clearly map
them. Through OpManager, you can program automatic network discovery; on custom
ManageEngine dashboards, you can view scheduled and on-demand network maps.
Use this ManageEngine feature to track, examine, and resolve current and potential network issues.
A network topology diagram can be created using the cloud-based tool Datadog after discovering
network devices and their connections. Use this map to quickly identify data changes and
inconsistencies.
The Datadog network performance management tool also lets you capture packets, view real-time
device statuses, and perform utility analysis. Datadog has auto-discovery features that create device
inventories and create indexes of your most important tasks. These are made to automatically adapt
to changes in the network, keeping you current.
You can store traffic for historical analysis on a cloud server with Datadog. This could allow you to
look into the underlying causes of issues after they have been fixed and help guide the application of
preventative measures. You can also create alerts with Datadog based on automatically updated
thresholds which are automatically collected and adjusted through machine learning.
33
Paessler PRTG is cutting-edge network performance management software made to gather network
data from all of your network's gadgets, systems, and programs. PRTG is designed to present this
data in a hierarchical view for the highest level of organization.
Use the PRTG map designer to create detailed visualizations that integrate every network
component for in-depth analysis. These visualizations come in the form of graphs, lists, charts, and
more, all with distinguishable icons. Without additional plug-ins, PRTG is made to support these
visuals in their entirety.
Through PRTG, you can enable alerts and push notifications for continuous insight. To make network
performance management and collaboration easier, PRTG also supports comprehensive reports that
you can schedule, run on-demand, or export as PDF or HTML documents, among other formats.
Progress WhatsUp Gold is made to use SNMP to monitor important metrics. The WhatsUp Gold
network performance management tool gathers status reports or MIBs to learn about the devices
and connections that are currently present in your network. You can maintain a completely accurate
view of network performance thanks to the constant updating of this information.
Device dependencies are automatically discovered and displayed by WhatsUp Gold on unified
dashboards. Use this data to visualize your IT environment, find and fix problems, and foresee
potential issues in the future. Topology maps are useful for important tasks like creating SLA action
policies.
With WhatsUp Gold, which sends trap messages when issues are discovered or when a device's
status changes, real-time alerts can be produced. These notifications are made to be sent straight to
the appropriate IT administrator for immediate response and action.
A smart Next-Generation Firewall (NGFW) called GFI KerioControl keeps a close eye on your
networks for malware, viruses, and other threats. For small and medium-sized businesses, it is a
complete yet cost-effective solution.
The network security solution from KerioControl inspects each packet of data that enters and leaves
your network. In order to detect any deviations from the established traffic rules, it compares the
packets and raises alerts.
Using content, application, and URL filtering, KerioControl also recognizes threats and prevents them
from accessing your network. Additionally, its cutting-edge VPN technology secures your office
connections quickly using industry-standard VPN protocols.
The data flow in your network is something you can continuously watch over and manage. This
network security tool, in particular, guards against bandwidth hogging and supports internet load
balancing for continuous productivity.
34
GFI KerioControl is a sophisticated and cutting-edge network security program overall. It keeps an
eye on your network and gives you visibility and command over it. Additionally, you can create
network status reports using templates that come pre-built. Additionally, it guarantees adherence to
industry standards.
Zscaler Cloud Firewall examines both web and non-web traffic on your network to provide
comprehensive support and security for your vital assets.
All of the devices, applications, and users in your network are secured using the cloud-native
Security Service Edge (SSE) platform. It is quick, greatly scalable, flexible, and dependable.
Additionally, if your company encourages remote working, you'll find it appropriate.
The zero-trust approach to security that Zscaler Cloud Firewall takes is a standout feature. Before
accessing the network, each device and user must authenticate themselves. Predetermined access
controls are also necessary for access.
Zscaler doesn't require a complicated setup because it is cloud-delivered. The always-on feature also
shields your system from malicious data packets and users.
Furthermore, it has dashboard updates and real-time notifications to give your IT team complete
visibility and control.
When it comes to protecting your network and the assets on it, Zscaler performs consistently.
CrowdStrike Falcon
It is a comprehensive platform that keeps an eye on user activity, endpoint activity, and your
network to spot threats before they affect your data center.
Therefore, if a vulnerability is found, Falcon offers simple, effective, and quick solutions to address
the problem.
CrowdStrike Falcon's additional modules for dealing with particular security issues, like mobile
endpoint protection, automated malware analysis, etc., are a standout feature. These modules can
be added based on your security requirements.
In general, CrowdStrike is a scalable and adaptable platform for network and endpoint monitoring.
35
OSSEC is a reliable Host Intrusion Detection System (HIDS) that runs smoothly on Windows, Solaris,
macOS, and Linux. It is free and open-source.
Numerous monitoring and analytics tasks, including log analysis, Windows registry monitoring,
automated threat remediation, and other security operations, are carried out by it.
The biggest benefit of OSSEC is that it can be tailored to fit the needs of your business. Additionally,
it aids businesses in adhering to rules like the PCI DSS.
If you're looking for a unique network monitoring solution, OSSEC is a good option. For businesses
that can benefit from its customization, it's also a better option.
The essential features outlined earlier are present in all of the tools mentioned in the article. The
needs of your organization should therefore come first when selecting one of these.
Activity 3
3.1 Enterprise Risk Management Procedures (ERM)
Procedures and resources for enterprise risk management
The term "Enterprise Risk Management" (ERM) is used in business to refer to risk management
techniques used by organizations to identify and reduce risks that could negatively impact the
enterprise. What are the main risks that could prevent us from completing the mission, is the
straightforward question that ERM practitioners try to answer.
The JLA research team examined the risk types of 76 S&P 500 companies in 2004 where there had
been a market value decline of 30% or more. They discovered that strategic risks accounted for 61%
of incidents, operational risks for 30%, and financial risks for 9%.
Risks that pose a significant threat to life, health, or property are referred to as hazard
risks.
Risks that are directly related to money are referred to as financial risks. They include
monetary repercussions like rising expenses or declining revenues.
36
To address the risks they have identified, management chooses one of the five appropriate risk
response strategies listed below:
Eliminating risks or actions that could negatively affect an organization's assets is known
as risk avoidance. An example would be the suspension or cancellation of a planned
production or product line.
Risk mitigation or loss severity limitation is the reduction of risk. For instance,
management can schedule frequent visits to their key suppliers to spot potential issues
before they arise.
Alternative course of action: Considering additional potential risk-reduction measures.
Transferring risks to third parties, such as insurance companies, is referred to as sharing
or insuring. Purchasing, for instance, an insurance policy that would protect the
company from any unforeseen loss
Acceptance of risk: The recognition of the risks that have been identified and the
readiness to accept their effects. Typically, risk acceptance is defined as any loss
resulting from a risk that is not covered or avoided.
To ensure financial security for businesses, ERM employs a very clear and continuous process that
actively identifies and reassesses the various strategic and major risks. There are five distinct
components to the process:
37
Consider Tesla, a publicly traded company that primarily operates in the automotive and
energy generation sectors. During the strategy/objective setting in this example, ERM
will start by taking into account the factors that contribute to the company's value. The
competitive advantage of Tesla, new strategic initiatives, important product lines, or an
acquisition are a few examples.
Risk evaluation: The ERM process will start the risk identification process after the key
drivers have been identified by assessing pertinent risks that could potentially impede
the success of each key driver.
Risk assessment: The risks must then be carefully examined from multiple departments'
perspectives.
Executives will think about the best risk response strategy after upper management has
finished discussing and acknowledging the potential risks.
Finally, upper management will use any key risk indicators deemed useful by that
organization to measure, monitor, and communicate the effectiveness of the risk
response strategies.
Among these are measures like vulnerability scans, which look for security gaps in IT systems. or
running penetration tests to gain unapproved access to the networks, systems, and applications.
Finally, the organization receives the penetration testing reports created after carrying out all
required steps for further analysis and action.
38
Organizations can benefit from performing an IT security audit by receiving information about the
risks related to their IT networks. Finding security gaps and potential weaknesses in their system can
also be aided by it. preventing hackers from accessing them by promptly applying patches.
An IT security audit identifies hidden security risks and vulnerabilities in an organization's IT assets.
However, identifying risks has a positive knock-on effect that improves the organization's overall
security. How? Here is a breakdown of each one:
evaluates your current security setup and protocols, and uses the audit findings to
help you set a standard for your business.
reduces hacker risks by early detection of security holes and possible hacker entry
points.
enables you to comply with regulations by confirming that your IT infrastructure
complies with the highest regulatory bodies.
helps you make well-informed decisions for the improvement of your organization's
security awareness and training by identifying gaps in these areas.
Importance of an IT Security Audit
Anyone handling or using an organization's IT assets and services must adhere to the security
policy's outlined policies and procedures. So why are IT security protocols required? Such network
security protocols aim to address potential risks and strategies to lessen IT security weaknesses, as
well as ways to recover from a cyberattack. Rules also provide guidelines for what employees should
39
Business Interruption
You are losing money whenever your company is not operating to its full potential. Along with losing
money, you also lose productivity from the workforce. You will lose money and employee
productivity if your company does not have a disaster recovery plan to enable a prompt return to
normal operations, in the same location or elsewhere, in the event of any disaster, no matter how
minor. A disaster recovery plan gives organizations a seamless and coordinated way to handle any
type of disaster so that business can resume or go on as usual in the shortest amount of time.
Loss of clients
Information security is more widely understood than ever before. Your customers will want to know
where their information has gone, even though they may be understanding and unmoved by the fact
that you had a data breach. They will also inquire about your return to regular business hours.
Customers trust you because you assist them in fulfilling their needs. They won't want to hear that
you can't fulfill their requirements or that you have to start from scratch.
As a result, the majority of clients will want to know in advance that you have painstakingly created
a disaster recovery strategy that ensures you will continue to provide your services. Customers will
gravitate toward businesses that can ensure their continued service and information security.
Damaged Reputation
40
Business Failure
An organization could be completely taken over by a significant and widespread disruption in its
technology infrastructure. Unfortunately, no organization is impervious to such a catastrophic
disruption, no matter how tech-savvy or secure. However, an organization can survive a catastrophic
disaster with a proper disaster recovery plan that includes steps like data backup and a secondary
data center. It's also critical to remember that a company does not necessarily fail if it lacks a DRP.
Records can be recovered, rebuilt, and recreated. The underlying assumption is that the vast
majority of institutional knowledge, including processes, that keeps a business productive over time
is stored electronically. It could take a company months or even years to recover its institutional
knowledge and return to its prior state of productivity. Some companies don't have the luxury of
performing below their potential, which is why they fail.
-Signs
Internal controls were first defined by the American Institute of Accountants in 1949. Internal checks
and balances make sure that authorized transactions are carried out, recorded, accessed, and
examined. Employees perform job duties in a setting where personal safety is not guaranteed when
a company runs without an efficient system of internal controls. High levels of employee
dissatisfaction, absenteeism, and low levels of employee retention result from this. Then, employers
regularly spend needless time and energy on hiring, training, and conducting interviews for new
hires. Business partners and stakeholders, such as investors, frequently cast doubt on the accuracy
of financial records and managerial reports. When a business violates laws, regulations, and other
requirements, it damages its reputation and may even face legal action.
-Symptoms
When a business appears to be operated without regard for internal controls, customers take notice.
High customer dissatisfaction rates, weak sales, and a lack of profitable business alliances reveal a
company that lacks focus and direction. Poor business practices and ineffective management are
generally shown by waste, inefficient resource use, poor management decisions, high rates of
product errors, loss of records, carelessness, and errors.
-Results
Lack of internal controls frequently makes it impossible to compare performance to plans, forecasts,
and budgets. Privacy issues result from a lack of attention to information security. Security breaches
41
-Remedies
A business can lessen the negative effects of prior internal control deficiencies by implementing a
thorough set of policies and procedures. Transactions are carried out in a trustworthy manner by
holding each employee accountable for moral conduct, high standards for business conduct, and
adherence to the law. Errors, irregularities, and fraud can be avoided by making sure that only
competent, dependable, trained personnel perform tasks. Monitoring and upkeep of internal control
systems are required. Compliance with internal and governmental regulations is ensured by
independent audits.
Data loss is a serious inconvenience that prevents any information-based business from operating
normally on a daily basis. Your company must spend time and money recreating or recovering these
files when crucial files and documents are lost in order to fill the gaps left by the loss. While you
might be able to find hard copies of the information, they might not be as current as the lost digital
copies. Data loss brought on by viruses or corruption presents particular challenges because it's not
always easy to gauge the full extent of the damage. Your company may have to spend money
repairing and removing damaged files.
When data loss is accompanied by security breaches, productivity timelines are also pushed back
and you risk losing customers. Your business must notify customers when sensitive data is lost or
compromised, costing you their trust and respect. Even if your business is able to bounce back from
the data loss, you will need to spend time mending fences with customers.
When a significant amount of data is lost, the inconvenience can have even greater effects on your
business:
42
Computer-related injuries result from misuse of computers. Office workers who frequently use
computers are reported to have a high incidence of computer-related injuries (CRIs). This study aims
to determine the prevalence of computer-related accidents in a workplace where computers are
used by the majority of workers. In this study, 120 office workers were chosen at random to
participate in a survey. Distributing a self-administered survey was used to gather the data. The
findings indicated that office workers suffered from musculoskeletal disorders like neck, shoulder,
and waist pain as well as computer-related injuries like computer vision syndrome (eye strain,
blurred vision, watery eyes, and headache). It is strongly advised that the organization conduct
routine ergonomic training by the organization to reduce the incidence of CRIs among office
personnel.
Purpose Limitation
Personal data should only be collected and used for the following reasons: (1) those that are
permitted by law and thus should, in theory, be known to the data subject at the time of collection;
or (2) those that the data subject has authorized.
Lawfulness
43
Accuracy
Personal information must be current and accurate, and any errors must be quickly fixed.
Storage Limitations
Transaction metadata should not be retained for any longer than is required to fulfill the purposes
for which it was collected and processed. People may be given a choice regarding the retention
period for transaction metadata.
Accountability
An appropriate, independent oversight authority and the data subjects themselves should keep an
eye on how their personal information is processed in accordance with the aforementioned
principles.
ISO 31000
What Are ISO standards
The International Standards Organization is referred to as ISO. They are an independent organization
made up of a vast network of people with a variety of specialties. This enables them to combine and
share their experience and expertise across a variety of fields to identify best practices and crucial
safety information to define the best way to complete particular tasks or processes.
In essence, an ISO standard is a procedure that is accepted around the world. It implies that
everyone adheres to the same set of rules regardless of where they are based, producing a safer,
more reliable outcome. Both the business and the client, or end user, win from this. Companies can
feel secure knowing that this standard is upheld and respected worldwide. For customers, they
know they are getting a product or service which is safe, good quality and trustworthy
The International Organization for Standardization's ISO 31000 Risk Management Framework is a
global standard that offers organizations principles and guidelines for risk management. Initiatives to
ensure compliance with regulations are typically applicable to businesses of a certain size or those
44
There are six key components that make up the risk management framework:
Leadership. To ensure that ISO 31000 is adopted and used in a way that is consistent
with the organization's culture and business goals, leaders within the organization must
take the initiative
Integration. While it is crucial to incorporate risk reduction into as many organizational
processes as possible, it is equally crucial to avoid creating operational snags or
impeding the execution of crucial business operations.
Design. Based on their needs, organizations will need to create a risk management
strategy that works for them.
Implementation: During this phase, business procedures are integrated with the
organization's risk management strategy. Implementation is frequently a formal process
with predetermined goals, due dates, and reporting obligations.
Evaluation. The design is evaluated to see what is effective and what might need to be
improved.
Improvement. Organizations should always be looking for ways to implement ISO 31000
more effectively.
Benefits of ISO 31000 standard
Activity 4
4.1 Organizational Security Policy to minimize exploitation and misuses
The Acceptable Use Policy specifies how computer components should be used properly (AUP).
Unsuitable behavior that might also have criminal repercussions could compromise the network
infrastructure. A user is using a business computer improperly when they force it to browse data for
activities unrelated to their job.
Employees are required to sign a non-disclosure agreement and provide proof of completion after
completing the course. Leadership believes that users need to be instructed on the current security
policy. The strategy must address workplace upkeep, email policies, Internet connectivity
requirements, and cybersecurity definition.
Only the modification management policy ensures the administration, approval, and tracking of
changes to something like a company's information network.
This strategy should ensure that any changes are implemented carefully to minimize any negative
effects on the clients and services.
Essential elements of change management include providing accurate and timely documentation,
ongoing oversight, and a formal and transparent procedure.
The policy must include information on the incident response team, those responsible for reviewing
the strategy, as well as the procedures followed and the resources and tools used.
The remote access policy is designed to lessen the possibility of suffering harm from unauthorized
resource use. Every employee must receive a copy of the policy, which must address both sending
46
Passwords, which are used to validate usernames and passwords, control access to corporate data
or networks. This policy needs to address public awareness of the importance of choosing a secure
password. It really ought to include instructions for updating current passwords as well as warnings
against using old passwords again.
A thorough networking security plan ensures the same confidentiality, integrity, and accessibility of
information on corporate networks.
According to the regulation, devices must make use of the appropriate hardware, software, or
procedural auditing measures. Failures in authentication attempts, logging in or out, as well as the
use of access privileges, are all instances that can be audited.
Businesses must follow the Principle of Least Privilege when using access authorization (PoLP).
This explains the idea that businesses and customers should only have access to the data they need
to perform their specific tasks.
HR and Now it must consider sharing accounts, group affiliations, special rights, temporary or visitor
identities, and more.
The data retention policy specifies the kinds of information that a company should keep on file for
how long. Eliminating duplicate and outdated data will free up more storage space. This policy
details how long the data will be kept for and how it will be disposed of. It is essential for companies
that store sensitive information.
business goals-driven and express the level of risk that senior management is willing
to take.
The intended reader will find this information simple to understand.
47
Because they safeguard an organization's physical and digital assets, security policies are crucial.
They list every resource owned by the business as well as any threats to it.
A company's physical assets, including its buildings and equipment, including computers and other IT
hardware, are protected by physical security policies. Intellectual property is shielded from
expensive occurrences like data breaches and data leaks by data security policies.
Without standards, it is challenging to define the procedures for where and why security devices
ought to be installed in a consistent manner. As a result, many decisions regarding the use and
implementation of security technology are made purely on the basis of budget or in response to an
incident. From a "standard-of-care" standpoint, it is essentially impossible to defend against a
negligent security tort as a result of this reactive response. There are two requirements that need to
be met. The first is "Do we implement electronic security equipment consistently?" "Can we
articulate our position for use?" is the second. Sharing of information and best practices is also made
easier by security standards. They aid in ensuring that concepts, terms, and definitions are
understood by all, which avoids mistakes.
Standards are frequently created based on "the way we've always done it" becoming accepted
practice. Standards based on product usage aid in ensuring that installations and products are in line
with the organization's goals. Standards also help to guarantee the compatibility and functionality of
products.
Documenting all data processing activities, putting in place data protection measures like policies,
training, and audits, and, when appropriate, appointing a Data Protection Officer are all ways that
businesses can demonstrate compliance with GDPR (DPO). These will be regarded by the
Information Commissioner's Office (ICO). Businesses may be subject to hefty fines of up to 4% of
annual turnover if a GDPR violation is suspected and if compliance is not maintained.
48
- Cyber Essentials
In order to provide small- to medium-sized businesses with a straightforward and affordable means
of achieving a high standard of cybersecurity, the UK Government created the Cyber Essentials
program in 2014. Cyber Essentials, which consists of five essential technical controls, can assist
businesses in defending against 80% of common cyberattacks.
There are two levels of certification: Basic, which enables an organization to review and attest to
their compliance through an online self-assessment, and Plus, which entails a technical audit of your
systems by a qualified assessor to ensure alignment with the standard's controls.
Businesses of all sizes and industries can reduce information security and privacy risks by developing
efficient risk management processes and policies through the establishment of an information
security management system. Achieving this certification also enables companies to show that they
are in compliance with DPA2018 and other data protection laws, such as the UK-GDPR.
- NIST
All organizations can seek guidance from the National Institute of Standards and Technology's (NIST)
Cybersecurity Framework as they work to achieve a high level of cybersecurity and resilience.
Identify, Protect, Detect, Respond, and Recover are the five core branches that make up NIST's
framework. Businesses can show that they are skilled at identifying and addressing cyber risks by
coordinating policies and procedures within these functions.
- HIPAA
A specific industry is the target of particular standards. For instance, the Health Insurance Portability
and Accountability Act (HIPAA) serves as the benchmark for healthcare organizations, particularly
those in the USA, when it comes to the protection of patient data.
HIPAA, a law passed in the United States in 1996, mandates compliance with the physical and
cybersecurity measures outlined by the standard for all parties involved in the sector. Failure to do
so can result in fines that can be very expensive for these organizations. HIPAA enforcers claim that
in 2019, the typical monetary fine exceeded $1.2 million.
49
Standards give us a shared set of benchmarks that we can use to assess whether an organization has
policies, procedures, and other controls in place that adhere to a set minimum standard. Customers,
suppliers, and business partners have more faith in an organization's ability to deliver to a certain
standard if it is compliant with or meets that standard. Additionally, it may give a company a
competitive edge over rival companies. An organization that complies with security standards, for
instance, might have an advantage over a rival who does not when customers are evaluating their
products or services.
They should follow strict change control procedures because they are typically designed for internal
departments. As you go, procedures can be created. If your organization decides to go this route, it
is essential to have thorough and consistent documentation of the procedures you are creating.
frequently serve as the "cookbook" that staff members refer to when completing a
repeatable process.
sufficient in detail but not so complex that only a small group (or one person) will
comprehend it
Examples of procedures include installing operating systems, backing up a system,
granting access rights to a system, and creating new user accounts.
According to the best practices, guidelines are created to simplify specific processes. By their very
nature, guidelines should be open to interpretation and not be strictly adhered to.
Use the other tools to build on the policies, which are the data security anchor.
Remember that developing a program for information security takes time. It is a deliberate
organization-wide process that calls for participation from all levels. The IT department shouldn't be
the only one in charge of developing your program; most problems arise there.
50
The everyday tasks that must be completed in order to run your business make it more difficult to
achieve organization-wide consensus on policies, standards, procedures, and guidelines.
51
53
Additionally, the goal of business continuity is to keep at least a basic level of service while returning
the organization to normal operations. When a disaster strikes, a company that hasn't established a
disaster recovery plan runs the risk of losing clients to rival businesses, not receiving funding, and
having the need for its goods and services reevaluated and deemed unnecessary.
54
Our goal is to guarantee information system availability, data integrity, and company continuity
Policy Statement
The following policy statement has been authorized by corporate management:
• A formal risk assessment shall be conducted to identify the needs for the disaster
recovery plan, and the company shall develop a thorough IT disaster recovery plan.
• In accordance with key business activities, the disaster recovery plan should cover all
essential and critical infrastructure components, including systems and networks.
• To make sure that the disaster recovery plan can be implemented in emergency
situations and that the management and staff understand how to execute it, it
should be periodically tested in a simulated environment.
• The disaster recovery plan must be explained to all employees, along with their
individual responsibilities.
• The disaster recovery plan must be updated to reflect any changes in the
environment.
Objectives
The main goal of the disaster recovery program is to create, test, and document a well-organized,
simple-to-understand plan that will aid the business in recovering as quickly and effectively as
possible from an unanticipated emergency or disaster that disrupts information systems and
business operations. These additional goals are included:
• Ensuring that all employees understand their roles in putting this plan into action;
• Ensuring that operational guidelines are followed in all planned activities;
• Ensuring that proposed contingency plans are cost-effective; and • Considering the
effects on other company sites.
• Disaster recovery capabilities as they relate to important clients, suppliers, and
others
56
Inventory Profile
57
Miscellaneous inventory
Description Quantity Comments
58
59
Every time a change is made to the plan, it must be thoroughly tested, and the training materials
must be updated appropriately. The IT Director will be in charge of using formalized change control
procedures in this situation.
The plan selected calls for a fully mirrored recovery site at the business' offices in Sri Lanka, Japan,
United States, Norway.
Maintaining a fully mirrored duplicate site as part of this strategy will allow for instantaneous
switching between the live site (headquarters) and the backup site.
60
2 Emergency
2.1 Plan Triggering events
The following are major triggers at headquarters that would cause the DRP to go into effect:
61
Primary: The far end of the main parking lot; Alternate: The business parking lot across the street.
The extent to which the DRP must be used will then be decided by the ERT. To be used in the event
of a disaster, each employee must be given a Quick Reference card with the contact information for
the ERT.
In the event of a disaster, act quickly and contact emergency services; determine the disaster's
scope and its effects on the company, data center, etc.;
• Setting up facilities for an emergency level of service within two business hours;
• restoring key services within four business hours of the incident;
• returning to normal operations between eight and twenty-four hours after the
incident; and
• coordinating efforts with the disaster recovery team, first responders, etc.
62
The DR plan will primarily rely on important management and staff members who will offer the
technical and management skills required to achieve a seamless technological and commercial
recovery. As the company resumes normal business operations, suppliers of essential products and
services will continue to support recovery of business operations.
• Bruce Wayne
• Dua Lipa
If not available, try these instead:
• Peter Parker
• Peter Griffin
For the disasters listed in this plan, as well as for any other circumstance that impairs the business'
ability to operate normally, the Emergency Response Team (ERT) oversees activating the DRP.
Notifying the Disaster Recovery Team (DRT) that an emergency has occurred is one of the duties
during the early stages of the emergency. The notification will include enough details in order to
effectively communicate the DRT members' request to gather at the problem's location. Senior
representatives from the key business departments will make up the Business Recovery Team (BRT).
A senior member of the company's management team, the BRT Leader will be in charge of taking
overall control of the situation and ensuring that business operations resume as soon as possible.
63
64
Follow Up checklist
1. List the teams and their respective tasks.
2. Obtain emergency funds, and if necessary, arrange transportation to and from the
backup location.
3. Install housing, if necessary
4. Create dining facilities as necessary.
5. List every employee's name and phone number.
6. Create a plan for user participation.
7. Set up the mail delivery and receipt.
8. assemble backup office supplies
9. according to need, rent or buy equipment
10. Choose which applications to run and in what order.
11. Determine the necessary number of workstations.
12. Examine any required offline hardware for each application.
13. Verify the paperwork required for each application.
14. Before leaving, verify all data being transferred to the backup location, and leave the
inventory profile in place.
15. Establish key vendors to help with issues that arise during emergencies
16. Make transportation arrangements for any extra items required at the backup
location.
17. Follow the road signs to the backup site.
18. If necessary, look for additional magnetic tapes or optical media.
19. Make copies of the procedure manuals, operational documentation, and system
documentation.
20. Make sure that everyone involved is aware of their duties.
21. Make insurance companies aware
65
2. Bomb Threats
- DO NOT touch, tamper with, or move a suspicious object; instead, report it to the
organization’s Safety if you see one.
- NONE of your electronic devices, including phones, laptops, radios, tablets, etc., should
be used near the suspicious package or object.
- Keep the caller on the line if you receive a telephone alert about a bomb in a building. If
they hang up, DO NOT cut the call; instead, move to another phone and dial 911,
followed by 1243657809, which you can use to report the incident to office safety.
- If an evacuation is necessary, follow the standard procedures and DON'T try to enter a
building again until emergency personnel have given the go-ahead. Additionally, if you
are aware of a disabled or injured person who requires assistance, call emergency
services right away.
- Query the caller about the location of the bomb. When is it scheduled to go off? How
does it appear? Which type of bomb is that? Did you put it there? Why? Which address
do you have? Describe yourself.
- Pay close attention to the caller's precise language, voice, and speaking style. Try to
ascertain the caller's gender, race/ethnicity, and age. Listen for any background noises.
3. Building Lockdown
- When instructed to do so, start the lockdown/shelter-in-place procedure right away.
Until it is terminated by Office Safety or emergency response personnel, the lockdown
order will be in place.
- Keep your composure and stick with your group of visitors, faculty, or students.
- When the building is on lockdown, avoid leaving the space. Lock the windows and doors
to the room, and immediately draw the blinds.
- Keep people away from windows and doors and in silence. Consider people with
disabilities who might require assistance.
66
4. Earthquakes
- If you're indoors, duck, cover, and hold under a desk or table. You can also stand in a
doorway or where two walls meet, away from windows and potentially falling objects. If
you're outside, stay in a clear area far from any trees, buildings, power lines, or other
structures. If you're driving, stop and pull over far from any overhead power lines.
- After the shock wears off, go outside to a spacious area.
- NEVER use an elevator to leave a building.
- Observe the guidance given by emergency service personnel.
- If you are aware of a disabled person or someone who needs assistance, call emergency
services right away.
5. Evacuations
- An evacuation will be announced verbally by a professor, an office Safety officer, or
another branch representative, through the public address system, and/or by flashing
lights and audible alarms.
- To an evacuation site, proceed to the nearest exit by walking—DO NOT RUN—there.
- AVOID using elevators.
- obey the emergency personnel's instructions.
- Any disabled or injured people who require assistance should be reported to emergency
personnel right away. If you are hurt or disabled, you should SEEK HELP until you are
rescued.
- Prior to being told you can leave the area by emergency personnel, stay inside the
building with the group you were with.
9. Medical Emergencies
- Check for symptoms like chest pain, difficulty breathing, excessive or uncontrollable
bleeding, unconsciousness, and life-threatening injuries to determine what constitutes a
true medical emergency (severe head injuries, severe burns, etc.)
- Call 911, then Organization Safety, and let them know what kind of illness or injury you
have, your name, where the injury occurred, and your phone number.
- Provide first aid (if you are trained AND permission is granted by the injured)
- Send rescue workers and medical staff to the area.
- Continue to be with the victim until help arrives.
2. Hot Backup
- You don't need to halt database operations in order to create a hot backup. You
could be writing to your database at the time of the backup while transactions are
still in progress. This has the drawback that it leaves you uncertain as to the precise
state of your database at the time of the backup.
- A hot backup can be made using the db hotbackup command-line tool. This program
copies all required files to a target directory after running a checkpoint, which is
optional.
- Additionally, you can develop your own hot backup system by employing the DB
ENV->backup() method.
- As an alternative, you can do a hot backup by hand as follows:
- Your container files should all be copied to the backup location.
- To your backup location, copy all logs.
3. Incremental Backups
You can make incremental backups after you have created a full backup, which can be an offline or
online backup. Simply copy all of your currently present log files to your backup location to
accomplish this.
You don't have to perform a checkpoint or stop container write operations in order to perform
incremental backups.
It's crucial to be aware that an incremental backup can no longer be used to restore a database copy
made before a bulk loading event if your application makes use of the transactional bulk insert
optimization. This is true because some record insertions made during bulk loading are not logged,
69
When using incremental backups, keep in mind that a longer recovery time will result from your
backup having more log files. Run complete backups at regular intervals, followed by incremental
backups at less frequent intervals. Your application's sensitivity to prolonged recoveries and the rate
at which your containers change will determine how frequently you need to run a full backup
(should one be required).
Running recovery against the backup as you make each incremental backup will also speed up
recovery. If you perform recovery as you go, BDB XML will have less work to do if you ever need to
restore your environment from a backup.
Note: The countdown to the guaranteed delivery time starts as soon as Peter Griffin is informed of
the choice of the recovery plan.
These phone numbers are available Monday through Friday from 12 am to 11 pm.
On weekends and public holidays, as well as after regular business hours, this phone number is
available for disaster notification. Please only use this number to notify of actual disasters.
Give Tony Stark the address of the site where the equipment will be delivered (if applicable), a
contact, a backup contact, and phone numbers at which the contacts can be reached whenever
needed.
Schedule any required service connections by contacting the providers of the electricity and
telephone services.
Inform Bruce Wayne right away if any related plans should change.
70
17. Set up a backup schedule so you can restore the system on a computer at home when a
site becomes available. (Use routine system backup techniques.)
18. Distribute keys as needed and secure the mobile site.
19. Keep a record of your mobile equipment's maintenance.
5. DRP Exercising
Exercises for disaster recovery plans are a crucial step in creating the plan.
No one passes or fails in a DRP exercise; instead, everyone who takes part learns from exercises
what needs to be improved and how improvements can be made. Emergency teams should practice
their plans to make sure they are familiar with their tasks and, more importantly, that they are
confident in their abilities.
When necessary, successful DR plans go into action quickly and efficiently. This can only occur if each
person who has a part to play in the plan has practiced that part at least once. Additionally, the plan
needs to be verified by simulating the conditions under which it must operate and observing the
results.
References
1. UNITRENDS The CIA Triad and Its Importance in Data Security [Online].
Available at: https://bit.ly/3y1WUCr
[Accessed 26th September 2022]
2. Jeff Melnick (January 29th 2019) Why Monitoring of Network Devices Is Critical for
Network Security [Online].
Available at: https://bit.ly/3UHVFlD
[Accessed 26th September 2022]
72
6. Mishal Root (September 7th 2021) 7 Advantages and Disadvantages of Static IP Address |
Drawbacks & Benefits of Static IP Address [Online].
Available at: https://bit.ly/3xYfg7f
[Accessed 26th September 2022]
9. Staff Contributor (24th June 2021) 5 Network Performance Management Tools and Guide
[Online].
Available at: https://www.dnsstuff.com/network-performance-management
[Accessed on 26th September 2022]
10. Lavanya Rathnam (26th August 2022) Top 5 Network Security Tools
Available at: https://techgenix.com/expert-recommended-network-security-tools/
[Accessed on 26th September 2022]
12. Oliver Peterson (1st July 2019) Basics of Enterprise Risk Management(ERM): How to Get
Started [Online].
73
13. CFI Team (21st February 2021) Enterprise Risk Management (ERM) [Online].
Available at: https://bit.ly/3RkvxdM
[Accessed on 26th September 2022]
14. Jinson Varghese (26th September 2022) IT Security Audit: Importance, Types, and
Methodology [Online].
Available at: https://www.getastra.com/blog/security-audit/it-security-audit/
[Accessed on 26th September 2022]
15. Amy Larsen DeCarlo (December 2018) How can organizations improve their network
change management? [Online].
Available at: https://bit.ly/3dOL87C
[Accessed on 26th September 2022]
16. Silvia Bitchkei (19th June 2018) Cybersecurity Challenges & Organizational Change
Management [Online].
Available at: https://bit.ly/3LSdhan
[Accessed on 26th September 2022]
17. Sam Erdheim (19th August 2013) Using Firewall Change Management to Align Security
with the Business [Online].
Available at: https://bit.ly/3Chzyvk
[Accessed on 26th September 2022]
18. Dr. Blake Curtis (10th June 2020) The Impact of Poor IT Audit Planning and Mitigating
Audit Risk [Online].
Available at: https://bit.ly/3fkfAH7
[Accessed on 26th September 2022]
19. AdEPT (9th October 2020) What are the Risks of Not Having a Disaster Recovery Plan?
[Online].
Available at: https://www.adept.co.uk/what-are-the-risks-of-not-having-a-disaster-
recovery-plan/
[Accessed on 26th September 2022]
21. Brien Posey (November 2021) ISO 31000 Risk Management [Online].
Available at: https://www.techtarget.com/searchsecurity/definition/ISO-31000-Risk-
Management
[Accessed on 27th September 2022]
74
23. Eric Lachapelle (1st September 2015) ISO 31000 Risk Management – Principles and
Guidelines [Online].
Available at: https://bit.ly/3Rk9q7l
[Accessed on 27th September 2022]
24. Mike Ward (20th September) If they haven’t got it, they cant flaunt it: Access
Management [Online].
Available at: https://bit.ly/3SER6qw
[Accessed on 27th September 2022]
25. Helen A. Munter (9th September 2015) Importance of Audits of Internal Controls
[Online].
Available at: https://bit.ly/3dMexiH
[Accessed on 27th September 2022]
26. Reinhard Schrank (22nd November 2020) The Impact of Damage Apportionment on
Internal Control System Quality and Financial Reporting Accuracy [Online].
Available at: https://onlinelibrary.wiley.com/doi/full/10.1111/abac.12204
[Accessed on 27th September 2022]
27. Dan ( 28th August 2019) What Happens When Companies Don’t Have Internal Controls
[Online].
Available at: https://bit.ly/3UI8dcO
[Accessed on 27th September 2022]
28. Tara Duggan Signs & Symptoms of a Lack of Internal Control of a Business [Online].
Available at: https://bit.ly/3EgsJvt
[Accessed on 27th September 2022]
29. Lely Lubna Alaydrus (23rd April 2020) Impact of Computer Misuse in the Workplace
[Online].
Available at: https://knepublishing.com/index.php/KnE-Social/article/view/6838
[Accessed on 27th September 2022]
32. Luke Irwin (20th January 2022) What Is Information Security Risk? Definition and
Explanation [Online].
Available at: https://bit.ly/3E7BHe2
[Accessed on 27th September 2022]
33. Lindsay Pietroluongo (9th December 2021) What is a Firewall? Understanding What They
Are and Which Type is Right For You [Online].
Available at: https://bit.ly/3dMz1YN
[Accessed on 27th September 2022]
35. Coudian 4 Disaster Recovery Plan Examples and 10 Essential Plan Items [Online].
Available at: https://bit.ly/3rPtEeB
[Accessed on 29th September 2022]
36. Jaspreet Singh (October 22, 2021) Understanding RPO and RTO [Online].
Available at: https://www.druva.com/blog/understanding-rpo-and-rto/
[Accessed on 29th September 2022]
76