MANAGING IT SECURITY OF AN

ORGANIZATION
Contents
Module # 1..................................................................................................................................................2
1.1.1 Introduction........................................................................................................................................2
1.1.2 Physical security.............................................................................................................................2
1.1.3 Information security.......................................................................................................................2
1.1.4 Cloud security.............................................................................................................................2
1.1.5 Application security....................................................................................................................2
1.1.6 Internet security.........................................................................................................................3
1.2.1 Phishing attacks..................................................................................................................................3
1.2.2 Example..........................................................................................................................................3
1.3.1 SQL Injection.......................................................................................................................................4
1.3.2 SQLmap..........................................................................................................................................4
1.3.3 Example..........................................................................................................................................5

1
Module # 1
Introduction
Cryptech is a company with a variety of organizational departments for forensics, IT security
management, and secure progress. I joined the company as an IT security management trainee a couple
of days ago and am presently working on their new client board of intermediate and secondary
education. The BISE conducts exams for secondary and intermediate education. They observed some
interference and anomalies within their system, so they look forward to the company's ability to
establish and implement official information security for their organization.

IT Security Risks And Procedures

Identifying Types Of Risks To Security Organizations
Unauthorized access
The act of interfering with another's account, an attempt to gain access to restricted areas of the
system, or using a connection that was accidentally allowed by the owner of a system without his
consent such as accessing a program, server, site, or service is known as unauthorized access. The
scenarios an organization must consider regarding unauthorized access are as follows:

 Apply techniques such as stock marketing or payment-based services to manage the

private organization to avail the benefit for own self,
 Networked gambling
 Filling up materials from the internet that harm others through an email or download
virus
 Linking documents or scanning photos with stamps or signatures into emails

Physical Threats
Physical threats play an integral role in ruining network data, hardware, and software. The organization
may be at risk of natural tragedies such as earthquakes, floods, harsh climates, and fires, theft of
documents, unaccounted visitors, and stolen identification. 4

Technical failure
It is distinguished by a crash in software, hardware, or telecommunications. Technical failure indicates
the risk for the system that hasn't backup

Blackberry
Blackberry launched a phone with a keypad and a touchscreen assuming the fact that the customer will
always prefer using keypads. Therefore, they suffered a massive loss of 500 million.
Samsung Galaxy Note 7
It was at first favored by clients but later on, because of defective batteries, it began malfunctioning. The
company had to cancel the whole flagship program. (Milner, 2022)

2
 Figure 1, Technical failure

Data theft
It is the theft of any reserved digital data, such as passwords, social security numbers, online
subscriptions, and so on from PCs to gather sensitive information. The most commonly used ways of
data theft are weak passwords, system vulnerabilities, social engineering, database problems, publicly
available information, physical actions, and insider threats. (kaspersky, 2022)
Types of data theft
Phishing
The purpose of phishing is to trick a victim into visiting a malicious URL attached to an email or message.
This URL is used to collect the victim's information. By filling out a form on a fake company's website,
the victim gives hackers access to his data. This allows them to monitor and use his data. For example, a
phishing attack may begin with an email claiming to be from a legal site, such as PayPal. An email aims to
collect user-sensitive information. Therefore, it links to a web page that closely resembles the original

3
Human Errors
Human errors are actions that are performed by a person involuntarily or without having been notified
of the necessary measures the person needs to take. This may result in insecurity.

Types of human error

Decision-based
The user makes these mistakes for a variety of reasons. Among these are the lack of enough
expertise or guidance and the lack of details about the task. This results in wrong decisions being
made
Skills-based
These mistakes are due to the negligence of workers. This category consists of minor mistakes
made by professionals. These mistakes may also take place when the worker is overtired or
distracted

Organizational Security Procedures

Security procedures are a series of steps that walk through comprehensive directions on how to
enforce security controls as specified by the security policies of an organization. Security
procedures are designed to implement security into processes. Security procedures must be
followed whenever control is necessary. For example, the pilot always reads the pre-flight
checklist to ensure that security procedures have been followed, such as checking fuel quantity,
adjusting the seats, giving instructions to travelers, as well as making sure the cabin doors are
closed.

Basic Procedure
Acceptable use
The acceptable use approach specifies the rules and practices that a worker using IT resources of
an organization should follow to access the organization's network or the internet. Fresh staff
members receive a copy of this policy to study and sign before they are granted a network ID.
The organization's IT, legal, and security units decide what is covered by this policy.
Access control policy
Its purpose is to restrict workers' access to passwords, software controls, details, and confidential
information in an organization. Also included in the role is how resigned workers or workers
who are no longer associated with the organization can no longer access the system.
Information security policy
Among all the policies, this is the most prominent. This involves several security controls issued
at the primary level by an organization. This is to make sure the regulations are adhered to by
each worker using IT assets in the organization's range.
Continuity plan
This plan will organize action across all areas of the organization. It will rely on the disaster
contingency plan to restore software, systems, and data that are crucial to the continuity of the
organization.
Incident response
It is the responsibility of incident response to determine the procedures that will be used to
control an incident. This will enable us to shorten the recovery time and the financial

4
consequences of the incident. In addition, it will enable us to limit the impact on organizational
functioning caused by the incident.

Disaster recovery
Recovery from disasters consists mainly of fault-finding and locating any asset that is crucial for
an organization like equipment, physical services, and software. The second function is
concerned with describing the actions required to maintain their functionality in the event of a
disaster. Additionally, it is also responsible for governing how the organization will secure itself
from disasters. (cloudian, n.d.)

Organization’s network security

Network security means defending the infrastructure of a network from exploited use, illegal
access, and stealing. The team develops a safe infrastructure, including routers, hubs, and circuit
breakers. Alternatively, it can develop software infrastructures such as monitoring and handling
operating systems and instruments to ensure compliance, workers, and applications are
functioning more securely.

Network Security

 The most harmful virus that can infect a computer network is malware. This is malicious
software programmed to damage the network by attacking the system's critical
information and stealing money from the organization.
 The malware requires more than antivirus software and vigilant patch updates.
Organizations must conduct content reviews and purify email servers, which are
increasingly being targeted by hackers. 
 The organization must improve visibility, and deliver superior multi-layered protection in
advance
 Organizations should continuously detect and block malicious activities in progress

Rules for workers

 It must be made compulsory for workers to enter the office within a fixed time
 The organization should handover the organization card with specific ID numbers
mentioned for each employee
 The supervisor should not allow any employee to enter the office without the
organization's allotted ID card
 Each employee's fingerprint should be saved in fingerprint sensors and their attendance
should be recorded on gates.

Device security

 The virus on the device is a malicious piece of code that is recreated and copied into
other programs. It changes the device's manner of functioning. The steps of procedures to
prevent the virus from spreading are outlined below

5
  Install anti-virus on the PCs in the organization. If a user downloads a file, the content of
the file in hexadecimal or binary is compared against the list of known viruses. However,
antivirus software in the computer once detected will be removed or quarantined from the
computer to ensure that the computer functions normally
 Log in to the virus detector on your device
 Unlink the device from the internet as few viruses propagate via the internet
 Reset the device using secure means
 Remove unwanted or non-permanent files from the PC
 Let the virus detector run through an anti-virus
 If the virus is detected, remove the folders from your PC to avoid further virus spread.
 By rescanning examine the device for any remaining threats and delete them to
 Restart your device
 Update all the PC's passwords since they may have been impacted by a virus.
 Update the portal, and system within the PC to minimize the probability of threats as
much as possible (kaspersky, n.d.)

File
When any file or folder on an organization's PC becomes corrupted, it is recommended that the
format of the folder on the PC be updated. By changing the format, the concerns will be resolved
and it will work as expected. In the case of a JPG file, for instance, it would be appropriate to
convert it to a PNG file as both of these are image formats. (tenorshare.net, n.d.)

6
 MODULE 2
ISO 31000 RISK MANAGEMENT
METHODOLOGIES

7
Firewall
The primary goal of a firewall system is to develop a protective barrier between public and
private networks. In its system, objectionable traffic is avoided, while desired traffic is permitted.
A firewall is responsible for blocking unauthorized individuals' access to the system. An
incorrect configuration can negatively impact the organization in many ways. For instance, a
client's earnings could continue to be stolen until the bug is fixed. Moreover, a misconfigured
firewall can be the source of criminal activities such as stealing data
Example
During the process of finding cyber threats or specific holes, if any significant risk is discounted
or if the firewall configuration is ignored accidentally by the organization, the survey can reveal
the client's concerns about architecture. (sunnyvalley, n.d.)

Virtual private network

A VPN provides an uninterrupted connection between your network and another device's
network. Sites restricted to a certain region can be accessed using it. Considering that people
work remotely and need to connect online, VPNs are beneficial to creating a secure connection;
otherwise, data may be lost or hacking may occur. The reason why it has been a priority is it
ensures your location stays private and your data is encrypted

Example
when you order internet from your Internet service provider they will set up your internet
connection. After the setup is finished, internet activity is routed through your ISP servers.
Therefore, ISP can see and log all of your internet activity so that they can see each site that you
visited

Influence of incorrect firewall configuration

 An incorrect firewall configuration can pose a threat of information loss, which occurs
when actual private information from a trusted framework is exposed to non-members.
This can be a very concerning situation because outsiders can use the data in several
harmful ways. They can, for example, share it in any document in a risky framework.
 It can raise the high risk of a security breach because it may permit security persons to
access or reveal the organization's sensitive data

Influence of an incorrect virtual private network configuration

When clients change VPN configurations randomly, such as pre-shared keys, there is a high risk
of security breaches occurring. Qualities are generally obscure to the client and this will keep the
client from setting up a VPN association. The client will then try to connect to the proper VPN
boundary defined by Windows User 22 22. This will enable the customer to resume working,
and during this scheme, security breaks may happen. As an example, keys can be shared via
Hotmail, Gmail, or phone calls. However, if the client has a firewall or other security features,
things can end up being disastrous.

Demilitarized zone
Demilitarized means the organization segregates devices, such as computers and servers, on the
opposite side of the firewall, to improve the security of its network. For example, The network

8
belongs to an organization. It has servers and computers that are behind a firewall. Whether it is
email servers or web servers, the organization's servers need to be accessed from the internet to
remain in business. Now as these servers are behind the organization's firewall they are inside the
organization's private network. This means the organization is letting people from an untrusted
network like the internet gain access to the organization's firewall. This will allow them access to
the organization's private network where the servers are. However, this could cause a security
concern as people are accessing these servers. Hackers could use this as an opening to cause
havoc on the organization's network. This is because they managed to get past the firewall. After
all, the servers are behind the firewall. Hackers can now access other sensitive data from devices
outside the firewall such as servers that store sensitive data, and they may try to plant a virus, but
if the organization puts email and web servers outside the firewall and on the opposite side, the
servers will still be in the same building, but they won't be beyond the organization's firewall
later on when people access the servers from the internet they will not be beyond the firewall
where the sensitive data is kept these servers are cut in front, facing the internet and fully
exposed so these servers are now in the DMZ, which is also known as a perimeter network
A more secure DMZ uses two firewalls. One extra firewall will be added and then placed in front
of the DMZ. This second firewall adds an extra layer of protection to make sure that only
legitimate traffic can access the DMZ. It also makes it more challenging for hackers to penetrate
an organization's internal network. This is because they would have to go through two different
firewalls if they attempted to access the internal network of the organization. In this way, DMZ
implementation improves network security.
Example
In military terminology, a demilitarized zone (DMZ) is a zone in which opposing parties agree to
set aside their differences to develop an environment of peaceful coexistence between them. For
instance, South Korea and North Korea are separated by a narrow strip of land (BasuMallick,
2022)

Static IP
Static IP also known as dedicated IP refers to an exclusive IP address that has been assigned to a
single user. Whenever you connect to a VPN your network communication will be routed
through the same IP. Only a handful of VPN services such as Pure vpn offer static IPs as a
premium add-on.
Example
An employee of a company has an IP address of 193.124.698.20. He can access his main desktop
server from his computer at home using this IP

Role of static IP in ensuring network security

 Static IP is simple to deal with and understandable in a reasonable amount of time
 Monitoring web traffic and setting authorization to direct customers based on IP address
is quite easy.
 A static IP address is appropriate when the computer is likely to be used by a
professional.
 It provides remote access for work-from-home employees
 Offers faster and more stable download and upload speed

9
NAT
NAT stands for network address translation. The purpose of this service is to translate a set of IP
addresses into another set of IP addresses. It is used in routers. A router that has an interface on a
worldwide or community network is configured for NAT. When the packet passes over globally to the
local network, it turns that inside IP address into the outside address. This is because when a packet
passes into a private network, its public IP address turns it private. Implementing NAT can improve
security because whenever the internet makes computers inside the internal network available, they are
only able to see the IP address of the router. Furthermore, by hiding the original root address and the
target address, NAT adds an extra layer of security to a network.
Example
when a Wi-Fi router and a DSL modem are linked in a system with NAT enabled in each of
them. Through the use of a Wi-Fi router, the host devices are connected to the public network via
Wi-Fi.

Figure 2 NAT

Types of NAT
Static NAT
Requires you to manually type in the entries into the table. This tells the router which private
address and port number will translate into which public address and port number later on. When
the data comes in it checks the NAT table for the source address. When it finds a match, the
private address is exchanged for the public address.
Port address translation
PAT, which is also known as overload NA, is used by home computers to send data to the
router. The reader checks the source address and port number as well as the destination address
and port number. Port numbers identify which device the data belongs to, as well as which
application the data belongs to. It swaps out the private source address and port number for a
public address and port number. To keep track of which public addresses correspond to which
private addresses the router builds the NAT table.

10
Dynamic NAT
It is a one-to-one mapping of addresses. It creates a pool of public addresses manually. A router
checks the source and destination addresses when data is sent to it. It replaces the source address
with the first available public address from that pool when data arrives. Then it's sent. When the
data comes back it again looks at the source address and then looks at the destination address. If
it finds a match in the NAT table for the destination address, it switches to the private address. It
then sends it. The public address will then be returned to the pool ready to be used again once
this process is completed. It is used by organizations.

11
12
Risk assessment

Risk assessment is a process of identifying scenarios that could be detrimental to an organization. It

involves analyzing the probability of each risk, figuring out the damages that it could cause, and
determining the response to be taken if these consequences occur. This is done to plan the most viable
solutions to reduce these risks. It clarifies the main picture of where assets lie. The process of risk
assessment is divided into stages as mentioned below. (lucidchart, n.d.)

Analysis

Analyze the appliances and how they are being used. In addition, train your staff on the safety
measures that must be taken when using pieces of equipment such as labs in your organization.
Furthermore, we need to fill the staffing needs of each department, since each requires a different
kind of personnel. For example, depending on the department, there will be a need for young
people, experienced people, and so on. Also, record these findings as per the law if there are
more than 5 employees in the office. This is because the process of risk assessment must be
written

13
Priority
Put the most sensitive departments and sources in your organization at the top of your priority list. Also,
record these findings as per the law if there are more than 5 employees in the office. This is because the
process of risk assessment must be written. This will include figuring out the high, low, and medium risks
by determining the cause, level, and source of the risk. In schools, for instance, one of the most critical

security measures is to ensure that only authorized members of the school staff and limited students
have access to the assets of the school.

Health measures
Ensure the physical and mental health of staff members and especially students is taken into account
during the assessment process. This is so that each individual in the organization performs properly
without any mental pressure and passiveness in a calm and stress-free environment.

IT risk assessment
IT risk assessment is responsible for determining the threat faced by your information systems, data,
and network. Assessing the potential adverse effects that you may face if you experience such adverse
events. Ideally, this should be done annually especially when significant changes take place inside the
organization.

Data protection process and regulations applicable to an organization

 Data protection is essentially the process of ensuring data safety by guarding against
activities such as loss of data or corruption of data. The requirement for data protection
increases with the growth of stored information, especially when the amount reaches
extraordinary proportions. By establishing and maintaining the data asset log, you ensure

14
 that the preventative measures you bring in will cover all the relevant data assets. Doing
this is a helpful way to better understand the places and people associated with data.
 Data privacy and safety are at the heart of the general data protection regulation (GDPR).
Employees must understand its significance. Let's suppose a laptop or any device
containing sensitive information about the organization is stolen or lost. It would be a
serious loss. In simple terms, human error has a negative impact not only financially, but
also on the organization's reputation. Thus, employees should be trained to handle assets
properly
 Now a days limiting the access of staff to data has become a basic security measure to
safeguard data from unauthorized activities. This is because in most cases the personnel
of organizations are involved in criminal activities.
 Risk assessment on a regular basis must be done to avoid data or physical breaches. It
will help to understand the current state or weak points of the organization's security
system.
 To prevent the risk of data leakage and the possibility of viruses, you must use reliable
and licensed software when scanning for viruses.
 Maintaining and updating such a huge amount of data is clearly a burden and requires a
lot of effort. The reason for this is that it is a time-consuming process, and it is
challenging to manage space for it and arrange them properly so that they can be found
easily. But on the other hand, losing a vast amount of data is a challenge ten times more
difficult than managing a backup of data. Therefore, it is crucial for organizations to
secure data by having backup
 ISSO 31000 is an international standard provided by the international organization for
standardization whose aim is to sketch, execute and maintain risk management. The
principle of ISSO 31000 explains the properties of effective risk management. To do this,
an organization must obey the principles mention that says It produces and defends the
value, It is a decision making phase which is essential in organizational processes , It
follows a structure, is systematic, and timely, It is iterative and reactive to change ISSO
31000 process is concerened to understanding of following

 Scope, criteria, and conditions.

 Communication and discussion
 Observe and review
 Keeping track of and reporting on the results

15
Access control policy

The key scheme of an access control plan is to limit access not only physically but also
systematically. This means protecting the place where a system is kept and protecting its data.
This policy identifies how to manage and control access to information. It includes access
control programs, user and network access control programs, data processing controls and
password controls.

Password authentication
The leading reason behind data loss is associated with a breach of password. Passwords are
among the weakest forms of client authentication, usually used to protect their most sensitive
data. As a result, clients can only access secured assets such as databases, web pages, networks,
and services based on networks when they have been verified. (tomorrowsoffice.com, n.d.)

16