Professional Documents
Culture Documents
LEARNING LOG
YOUR ID: 19033799
LEARNING LOG 1
For the period ___21 September______ (start date) to ___30 September________ (end
date)
On 3rd September I got an email from miss Anima and we all are now in GRC
department. They provided us a meeting link for the introduction class to review the subject and
topic, as well as the plan for the upcoming sessions, and the time is 12:30 p.m. I arrived 5
minutes late for the meeting link in order to learn more about the GRC department (LO1). We
were told that Anima Pokhrel was assigned as our supervisor. This department, according to
Ma'am, is all about study, analysis, and comprehending the responsibilities assigned by the
supervisors. We must all deliver a virtual presentation of a small study project and demonstrate
that we comprehend the supervisors' tasks (LO7).
On this GRC department, we received four task from the GRC department, all of which
required us to conduct research and write a thorough report (LO5) The first duty is to conduct
research about GRC and its relevance in any organization. After doing some research on GRC,
I discovered that GRC stands for Governance, Risk, and Compliance, and that it is critical for
any organization or corporation to manage security (LO1). We also learn about the regulations
and laws that apply to any organization or firm. GRC creates an environment that allows
businesses to effectively manage IT and security risks, reduce expenses, and adhere to laws. It
also enhances decision-making and performance by offering a comprehensive view of a
company's risk management. On next class we were supposed to explain about the GRC and
its roles in any organization. I also shared my understandings and views about the same topic
which helped me to develop my communication as well as presentation skills (L04)
The second objective is to conduct research on cybersecurity and its related fields. I
write a decent cybersecurity report (LO5). Cybersecurity is all about how to defend a company
from hackers and how to set up a testing environment to keep any business safe from
intruders. The final assignment entails conducting research in any two cybersecurity topics. And
cryptography and security management are my choices. Cryptography in its most basic form I
learnt how to use an algorithm to convert plan text to cipher text. Cryptography taught me how
to protect my data from hackers using cryptography (LO1). For securing and penetration
testing, I employed a variety of tools and applications (LO3).
Action - I will do more research on different topic and also read books, blogs as well as the
genuine site for the research part.
Timing –
LEARNING LOG 2
For the period ___1 October______ (start date) to ___10 October________ (end date)
Our internship was conducted entirely online, and they provided us with a meeting link for
the internship courses at 2:00 p.m. I arrived 10 minutes early for the meeting link in order to
learn more about the GRC department (LO1). As I said in my learning log 2, all of the
assignments assigned by the GRC department are research-based and require a thorough
report (LO5). The GRC department is responsible for doing research, analyzing data, and
comprehending the responsibilities assigned by supervisors. And we all have to provide a
presentation of a small research project and a comprehension of the supervisors' tasks (LO4).
After we discussed our understanding. They assigned us a next task
Action Ask a few questions with my superiors and conduct internet research to view
intelligence gathering videos and tools.
LEARNING LOG 3
For the period ___11 October______ (start date) to ___16 October________ (end date)
The first lesson was about OSINT and its tools and methodologies. Throughout the course,
there was a variety of information that included flowcharts to illustrate the OSINT process, and I
was able to comprehend the OSINT tools and machine to perform investigations. The second
course I took was Cybersecurity Threat Intelligence Researcher, which was also billed as a free
course on Udemy. After completing the training, I had a high-level understanding of the seven
threat intelligence steps (LO2. I was able to comprehend the objectives of threat hunting,
feature extraction, behaviour extraction, grouping and correlation, threat actor attribution,
tracking, and capturing the attacker. (LO2). I learned that each of these phases was equally
significant, and the data obtained from the procedures helps you to take confident actions
(LO1). We were able to learn about attack pathways and the benefits of detecting new types of
assaults by answering the questions provided as our job. The most recent course I took was
Advanced Persistent Threat, which exposed me to Stuxnet and APT1. The seminar provided a
brief history on this terminology, allowing us to comprehend the lifespan of these threat actors
and groups (LO1, LO2, LO3. I submitted the SOC part of the task on time. by preparing a report
on the given questions of each of the courses as proof of completion. (LO5, LO7).
We were given other tasks dealing with Incident Response and Archiving after two days. A
small piece of information was attached to the task that gave us some insight into the
importance of incident response and archiving. Along with the task, a set of seventeen links
(educational blogs, articles, and websites) were attached, which we could use as a reference to
complete the tasks and learn the contents of the websites. This task allowed us to investigate
the NIST (National Institute of Standards and Technology) and SANS (Security and National
Intelligence Services) Incident Response Framework (Sysadmin, Audit, Network and Security)
(LO1, LO2, LO3). We had to find the differences between the two frameworks while researching
the two frameworks. In addition to the frameworks, I learned about the CSIRT (Computer
Security Incident Response Team) and its roles and responsibilities. (LO1). Not only that, but
the tasks also required us to create an Incident Response for any threat, which included
Malware, Phishing Email, and Ransomware, using either NIST or SANS. Making an incident
response took a lot of research, and after surfing the internet, I came up with an incident
response for Phishing emails. We also had to determine the purpose of archiving, specifically
email archiving, and I was able to learn how archiving can aid the Incident Response Process
by following the links to educational articles and blogs. (LO1, LO2).
Center that can contribute to information security Threat Intelligence and Hunting. It assisted
me in developing an incident response plan that included detection and analysis, as well as
threat intelligence and hunting.
What I could improve on (i.e., skills I want to improve)
Problem Solving – Although there were links provided to assist in the completion of the tasks, I
could have done more research on the internet in addition to the links to obtain additional
information and include it in the report.
Action I can take to improve my skills and learning (make these “SMART”):
Goal - To conduct more research outside of the box, rather than relying solely on available
resources.
Action - Reviewed the task questions, look for articles and journals to research, and do more
research if you're still unsure.
All tasks that are given is research based. I researched every task very well with good points. I
represent all our tasks to the supervisor very well. In every task I make a good report and
submit to the supervisors early from the deadline.
For Penetration testing many tools are used. I don’t know how to use the tools for pen testing. I
want to improve my skills in penetration testing tools for scanning the vulnerability for any
organization.
Action I can take to improve my skills and learning (make these “SMART”):
Action – I am going to install my penetration testing tool in my computer and I an going to take
some online classes to improve my technical skills in that pen testing tools.
For the period ___12 November______ (start date) to ___23 November________ (end
date)
Our internship held online, and they sent us meeting link for the internship classes at 2
P.M. I joined the meeting link 10 minutes early for learning and understanding about GRC
department (LO1). As I already describe in my learning log 2 that all the tasks that are given
from GRC department is researched based and make a good report on it (LO6). GRC
department is all about research, analysis and understanding the tasks that are given from the
supervisors. And we all have to give virtual presentation of brief research and the
understanding of the tasks that are given from the supervisors (LO7).
From 12 November to 26 November, we have got 3 tasks from GRC department all the
tasks are research based and make a good report on it (LO6). Fifth task is research on ISO
27000 and ISO 27001.
After the brief research on ISO 27000 and ISO 27001 I got to know that it stands for
International Organization for Standardization (LO1). We also get to know about the
Understanding security standards like the ISO 27000 series may help businesses maintain their
data and digital assets safe from attackers. This will be necessary to safeguard financial data,
customer information, employee information, and intellectual property (LO2). Also, after the
researched of ISO 27001 I get know that to Any group or organisation wishing to enhance its
information security practices or policies can use ISO 27001 as a guideline (LO2). ISO 27001
accreditation is the aim for firms wanting to be best-in-class in this field. To defend your
company from attacks such as ransomware, full compliance implies that your ISMS has been
determined to follow all best practices in the field of cybersecurity. (LO3)
Sixth task is research on data centre, its important of data centre and Infrastructure and
Security required for a data centre and make a good report on it (LO6). During the research of
data centre, I get to know about that A data centre is a physical location where businesses keep
their mission-critical programs and data. It's critical to consider long-term about how to preserve
their dependability and security as they expand from centralized on-premises facilities to edge
deployments to public cloud services (LO3).
I learned from data centre that almost all contemporary businesses and government
agencies require their own data centre or can lease one. If they have the means, large
enterprises and government entities may opt to create and administer them in-house (LO1).
During the research I get to know that there are a few critical data centre physical
security standards and technologies every colocation customer should evaluate when they’re
looking to partner with a facility are Layered Security Measures, Access lists, Video
Surveillance, Secure Access points, Background checks and Exit procedures etc. that how you
can create and provide a better environment for security of your organization (LO3). Any
organization have issue and problems in physical security they must have to use this
methodology to resolve that issue (LO4).
Last and the Seventh task is research on SOC 2 compliance. After the researched I get
to know that SOC 2 is an auditing procedure that ensures your service providers securely
manage your data to protect the interests of your organization and the privacy of its clients. All
the tasks that are given from GRC department is learning and researched based and all the
task that I have done with my team member. Every task gets easy when I do with my team
member (LO5). And I discussed every topic of the tasks with my team member for improving
my communication skills (LO7).
Action – I am going to do a lot of research on cybersecurity and going to install a lot of tools for
network scanning and penetration testing.
For the period ___24 November______ (start date) to ___26 November________ (end
date)
Last and the Seventh task is research on SOC 2 compliance. After the researched I get
to know that SOC 2 is an auditing procedure that ensures your service providers securely
manage your data to protect the interests of your organization and the privacy of its clients. All
the tasks that are given from GRC department is learning and researched based and all the
task that I have done with my team member. Every task gets easy when I do with my team
member (LO5). And I discussed every topic of the tasks with my team member for improving
my communication skills (LO7).
Like before I had prepared a note to pitch my research verbally (LO7). The assignment for next
session was to have in-depth research on data centre, its importance and the security
infrastructure and requirements to operate data centre. This was an interesting task after I
surfed ono the internet data centre was importance since important systems like servers and
data storage, business applications were supported by it. I was curious on what infrastructures
were used to secure data centre. Through my research I was able to tell that layered security
measures, access lists, video surveillance, secure access points etc. were some important
requirements to secure data centres (LO4, LO1, LO2).
The last assignment of the GRC section was given to us on November 24 and it was to
research on SOC 2 Compliance. I had a slight idea about SOC 2 compliance, and after
researching more about it I had the facts and the knowledge about it in a more detailed way.
SOC 2 compliance was required for many organizations and system, I learnt that a SOC 2
compliance is a minimal requirement when considering a SaaS (Software as a service)
provider. I also read about the SOC 2 certifications, reports and steps for implementing it (LO1,
LO4). And finally on November 26, 2021, we had our final session of the GRC section of
internship at Vairav Technologies. After the meeting discussion we were informed that the
internship period in GRC department had officially been concluded today. Our supervisor
wished us a good luck for future and ended the last online session(LO5).
What I have done well (refer to skills used)
SOC 2 compliance – I think throughout the period, I had the most time given to research about
SOC 2 compliance. And with that I had a wide range of knowledge on it especially SOC 2. The
report writing skills have improved significantly with the amount of research put on it.
Problem Solving and Communications - I think I could still improve on speaking and
presenting more well. During the internship it definitely helped to speak more often
presenting my research and idea, but I still think I need to work on asking more
questions and discuss with my colleagues.
Action I can take to improve my skills and learning (make these “SMART”):
Goal - To participate in interactions during the online sessions.
Action – Practice speaking, have a full understanding of the topic, be prepared to counter a
cross question.
Your Learning Log involves recording what you’ve done during your work placement and
encourages you to carry out self-assessment and reflection on how effectively you’ve performed
tasks.
It will help you to monitor your progress in working towards your learning outcomes and to
identify skills you’ve used and developed during the placement. You should attach a copy of
your Learning Agreement and the Skills Audit to the Learning Log.
Along with a written report, the Learning Log will form part of the assessment for the module.
For some courses, you will also deliver an oral presentation. In such cases, the Learning Log
will help you in preparing these by reminding you of task you were involved with and what you
learned from them.
You should complete it and email a weekly log to your academic tutor.
Note down things you feel went well and what you did to achieve this. This means that, in
addition to saying what you think you did well, you also need to say why it went well – what was
it that you did to secure a positive result?
Example:
Communication and interpersonal – in asking the Head of HR for a meeting, I introduced myself
and was clear about what I wanted to know. I took detailed notes of the meeting and wrote them
up into a summary immediately after the meeting whilst the information was fresh in my mind.
What I could improve on (i.e. skills I want to improve)
Here, try to identify any tasks you feel you might have done better or where you felt uncertain or
unconfident about something. Again, you may find it helpful to think of this in terms of skills, so
use your skills audit for ideas.
Example:
“Initiative and problem-solving – I sometimes lack confidence about approaching people I
haven’t met before. As a result, I put off doing some things like arranging a meeting and this can
then cause problems with meeting deadlines”.
Action I can take to improve my skills and learning (make these “SMART”)
In this section and using your reflection so far, set yourself goals for the coming period (e.g. for
the next week). These are likely to be about tasks which relate directly to one of your Learning
Outcomes and/or which address skills you want to improve.
Make them SMART (specific, measurable, achievable, realistic and time-bound) as this will help
you to clearly identify your actions and goals for the next period.
Example:
Following on from the example above:
“To improve my confidence in approaching people, I’ll plan in advance what I want to say and
write out a short script for myself. I’ll do this first thing next Monday (give date).
To make sure I don’t miss deadlines, I’ll work out and write down a schedule of what I need to
do by when and then I’ll use this to identify tasks and what I need to achieve on a daily basis. I’ll
have the schedule completed by the end of Monday next week (give date)”.
Or, you might prefer to separate out the stages and write in note form, for example,