Professional Documents
Culture Documents
Unit 8: Security
2022
HND DIGITAL TECHNOLOGIES GBS
Student:
Tutor: David Oyebisi
Jan 2022 Cohort – Group A1 or B1
pg. 1
STUDENT NAME AND ID
NUMBER
Qualification Pearson BTEC Level 4 Higher National
Certificate in Digital Technologies (General)
pg. 2
Student Declaration
This is to confirm that this submission is my own work, produced without any
external help except for acceptable support from my lecturer. It has not been
copied from any other person’s work (published or unpublished) and has not
that I have read and understood the ‘GBS Academic Good Practice and Academic
Signature
Date
pg. 3
Introduction
This report aims to provide an in-depth understanding of IT security risks, possible
solutions, and mechanisms to control IT security risk. The report is divided into two
main parts. The first part, LO1, will discuss the different types of security threats,
vulnerabilities, and procedures that an organization can implement to ensure
business continuity. It will also examine IT security risks assessment and treatment.
The second part, LO2, will focus on IT security solutions, such as the configuration of
Firewall policies and third-party VPNs, implementation of network security DMZ,
static IP, and NAT. This report is essential for IT professionals who want to secure
their IT systems from potential cyber-attacks.
pg. 4
1. Different Types of security, threats, and Vulnerabilities
pg. 5
3. IT security risks assessment and treatment
pg. 6
recovery or business continuity plans, conducting incident response
exercises, or improving incident reporting and communication processes.
pg. 7
routers, and switches. By implementing DMZ, the finance department can ensure
that its servers and applications are secure from external threats while still providing
access to the public.
2.2 Configuration static IP and NAT
Network Address Translation (NAT) is a technique used to translate private IP
addresses to public IP addresses and vice versa. Static NAT involves mapping a
public IP address to a specific private IP address, ensuring that incoming traffic is
directed to the correct device. Configuring static NAT involves defining the IP
address mapping, the inside local interface, and the inside global interface. This can
be done using router configuration commands. Configuring Static NAT can enhance
network security by allowing only authorized devices to communicate with the public
IP address.
3. Implementation of a network monitoring system
A network monitoring system is a software application that monitors network traffic
and activity, looking for any abnormal behavior that could indicate a security breach
or other issues. Three essential benefits of implementing a network monitoring
system include:
Detecting security threats: Network monitoring systems can detect and alert
the IT team of any suspicious activities or potential security threats, such as
unauthorized access, malware attacks, or data breaches.
Improving network performance: Network monitoring systems can help
identify and troubleshoot network performance issues, such as bottlenecks,
congestion, or latency.
Meeting regulatory compliance requirements: Many regulatory compliance
standards, such as HIPAA, PCI DSS, or GDPR, require organizations to
implement network monitoring systems to ensure data security and privacy.
pg. 8
Backup power supply: Ensuring that the company's critical systems have
backup power supplies, such as generators or uninterruptible power supplies
(UPS).
4.2 Three virtual security measures
Integrity in information systems refers to the accuracy, completeness, and reliability
of data and information stored and processed within the system. The following are
three virtual security measures that can be employed to ensure the integrity of the
JIN Investments Ltd system:
1. Access Control: Access control mechanisms such as user authentication,
authorization, and access rights management can help ensure that only
authorized personnel have access to the system and its data. This can
prevent unauthorized changes or tampering with critical data that could
compromise the system's integrity.
2. Data Encryption: Data encryption can be used to protect sensitive data from
unauthorized access or manipulation. Encryption algorithms can ensure that
data is encrypted at rest and in transit, making it difficult for hackers to access
or modify the data.
3. Backup and Recovery: Regularly backing up critical data and implementing a
robust disaster recovery plan can help ensure the integrity of the JIN
Investments Ltd system. In the event of a security breach or data loss, having
a reliable backup and recovery plan can help minimize downtime and prevent
data loss.
pg. 9
updated as necessary to reflect changes in the organization's needs or the threat
landscape.
Incident Response Plan:
An incident response plan is a documented set of procedures that an organization
follows in the event of a security incident. It includes identifying and containing the
incident, investigating the cause of the incident, and recovering from the incident.
The incident response plan should be tested and updated regularly to ensure its
effectiveness.
Security Auditing:
Security auditing involves reviewing and analyzing the security of an organization's
information system. It includes identifying vulnerabilities and weaknesses in the
system, determining the likelihood and impact of a security breach, and making
recommendations for improvements. Security auditing should be performed regularly
to ensure that the organization's security controls are effective.
Employee Training:
Employee training is essential to ensure that employees are aware of the
organization's security policies and procedures. Training should be provided on a
regular basis to ensure that employees are up-to-date on the latest security threats
and best practices. Training should also be provided to new employees to ensure
that they are aware of the organization's security requirements.
Conclusion:
The implementation of these mechanisms is essential to ensure the security and
integrity of an organization's information system. Access control mechanisms,
security policies, incident response plans, security auditing, and employee training
should be implemented and regularly reviewed to ensure their effectiveness. These
mechanisms should be integrated into the organization's overall security strategy to
provide a comprehensive approach to IT security.
pg. 10
2. Developing security policies and procedures: Organizations must develop
comprehensive security policies and procedures that address potential risks and
threats. These policies and procedures should cover everything from access controls
to incident response.
3. Implementing security controls: Once security policies and procedures have been
developed, organizations must implement appropriate security controls to protect
their IT infrastructure. This can include firewalls, intrusion detection systems,
antivirus software, and encryption.
4. Conducting security awareness training: Organizations must provide regular security
awareness training to employees to ensure that they understand the risks and their
role in protecting the organization's IT infrastructure.
5. Monitoring and reporting security incidents: Organizations must have systems in
place to monitor for security incidents and report them to appropriate personnel. This
allows the organization to respond quickly to incidents and prevent further damage.
6. Conducting regular security audits: Regular security audits are necessary to identify
potential weaknesses in the organization's security posture and address them before
they can be exploited.
By effectively managing organizational security, organizations can minimize the risk of
cyber-attacks and data breaches and protect their sensitive information from unauthorized
access or disclosure.
Conclusion
In conclusion, IT security is a critical aspect of any organization that deals with
sensitive data, such as financial institutions. This report has explored various IT
security solutions that can be implemented to secure the JIN Investments Ltd
system. These solutions include configuring firewall policies, implementing DMZ,
pg. 11
static IP, and NAT, implementing a network monitoring system, and employing
physical and virtual security measures to ensure the integrity of the system.
Furthermore, the report has discussed the importance of reviewing mechanisms to
control organizational IT security and the significance of managing organizational
security. It is crucial to recognize the potential risks and vulnerabilities that the
system may face and take proactive steps to mitigate them. This can be achieved by
implementing a robust IT security policy, conducting regular risk assessments, and
providing ongoing training and awareness to employees.
Overall, by implementing the recommended IT security solutions and best practices,
JIN Investments Ltd can improve the security of their system, protect sensitive
information, and maintain the trust and confidence of their clients.
pg. 12
References
National Institute of Standards and Technology (NIST). (2018). Framework for
Improving Critical Infrastructure Cybersecurity. Retrieved from
https://www.nist.gov/system/files/documents/cyberframework/cybersecurity-
framework-021214.pdf
European Union Agency for Cybersecurity. (2021). Cybersecurity risk management.
Retrieved from https://www.enisa.europa.eu/topics/risk-management/cybersecurity-
risk-management
Information Systems Audit and Control Association (ISACA). (2012). Risk IT
Framework. Retrieved from https://www.isaca.org/Portals/0/images/Risk-IT-
Framework.pdf
United States Computer Emergency Readiness Team (US-CERT). (2018). Best
Practices for Mitigating Risks in Virtualized Environments. Retrieved from https://us-
cert.cisa.gov/sites/default/files/publications/virtualization-security-15aug2018-508.pdf
National Cyber Security Centre (NCSC). (2018). Risk management process.
Retrieved from https://www.ncsc.gov.uk/guidance/risk-management-process
Cisco. (2021). Firewall Best Practices. Retrieved from
https://www.cisco.com/c/en/us/support/docs/firewall/asa-5500-x-series-next-
generation-firewalls/138740-configure-firewall-best-practices-00.html
Microsoft. (2021). Best practices for securing remote access. Retrieved from
https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/
securing-vpn-best-practices
Appendices
pg. 13
should be customized to the specific needs of the organization, taking into account
its size, industry, and risk profile.
Effective security awareness programs can help prevent security incidents and
breaches caused by human error or intentional actions, reduce the impact of security
incidents, and improve compliance with regulatory requirements. It is important to
regularly evaluate the effectiveness of the program and make necessary
adjustments to ensure that it continues to meet the organization's security needs.
pg. 14