Securirty Assignment Roshen

lOMoARcPSD|19865507
Securirty Assignment - Roshen
Hnd in Computing (ESOFT Metro Campus)
Studocu is not sponsored or endorsed by any college or university

Downloaded by Sandun Rathnayaka (rathnayakasandun2003@gmail.com)
lOMoARcPSD|19865507
Higher Nationals
Internal verification of assessment decisions – BTEC (RQF)
INTERNAL VERIFICATION – ASSESSMENT DECISIONS
Programme title BTEC Higher National Diploma in Computing
Assessor Mr. Isura Kulathilake Internal Mr. Lakindu Premachandra
Verifier
Unit 05: Security
Unit(s)
EMC Cyber
Assignment title
Roshen Anthony Jude
Student’s name
List which Pass Merit Distinction

assessment criteria
Merit
the Assessor has
awarded.
INTERNAL VERIFIER CHECKLIST
Do the assessment criteria

Yes Assessment criteria awarded match with the
awarded match those shown in assignment brief
the assignment brief? Y/N
Is the Pass/Merit/Distinction
grade awarded justified by the Yes.
Y/N
Justified by the assessor’s comments
assessor’s comments on the
student work?
Has the work been

Yes. Accurately marked
assessed accurately? Y/N
Is the feedback to the student:

Give details: Yes.
Constructive and Identified opportunities
for improved performance
• Constructive?
Y/N
• Linked to relevant Y/N
assessment criteria?

lOMoARcPSD|19865507
• Identifying opportunities Y/N

for improved Y/N
performance?
• Agreeing actions?
Does the assessment decision

need amending? Y/N
isuranilupul@gmail.com 18.19.2021
Assessor signature Date
lakinducp@gmail.com 18.09.2021
Internal Verifier signature Date
Programme Leader
signature (if required) Date

lOMoARcPSD|19865507
Confirm action completed
Remedial action taken
Give details:
Assessor signature Date
Internal Verifier
signature Date
Programme Leader
signature (if required) Date

lOMoARcPSD|19865507
Higher Nationals - Summative Assignment Feedback Form
Student Name/ID Roshen Anthony
Unit Title Unit 05: Security
Assignment 1 Assessor
Mr. Isura Kulathilake
Number
Date Received
Submission Date 16.05.2021 1st 16.05.2021
submission
Date Received 2nd

Re-submission Date submission
Assessor Feedback:
LO1. Assess risks to IT security
Pass, Merit & P1 P2 M1 D1

Distinction Descripts
LO2. Describe IT security solutions.

LO3. Review mechanisms to control organisational IT security.
Pass, Merit & P5 P6 M3 M4 D2

LO4. Manage organisational security.


lOMoARcPSD|19865507
Grade: Merit Assessor Signature: isuranilupul@gmail.com Date: 18.09.2021
Resubmission Feedback:
Grade: Assessor Signature: Date:
Internal Verifier’s Comments:

The learner has gained more theoretical knowledge about network security. And also, the learner has done D3, D2 criteria but missed D1. Therefore, the learner needs to study how to secure network by adding more software
and hardware security configurations and tools. Furthermore, needs to explain how the IT solution be the "Trusted Network" with those configurations. The grading criteria have been clearly identified and completed but need
more potential when completing D criteria to achieve D grade. And the first marking assessor did an excellent job marking the work and agreeing with the grade.
Signature & Date: lakinducp@gmail.com 18.09.2021
* Please note that grade decisions are provisional. They are only confirmed once
internal and external moderation has taken place and grades deci
General Guidelines
1. A Cover page or title page – You should always attach a title page to your
assignment. Use previous page as your cover sheet and make sure all the details
are accurately filled.
2. Attach this brief as the first section of your assignment.
3. All the assignments should be prepared using a word processing software.
4. All the assignments should be printed on A4 sized papers. Use single side
printing.
5. Allow 1” for top, bottom , right margins and 1.25” for the left margin of each
page.

lOMoARcPSD|19865507
Word Processing Rules
1. The font size should be 12 point, and should be in the style of Time New
Roman.
2. Use 1.5 line spacing. Left justify all paragraphs.
3. Ensure that all the headings are consistent in terms of the font size and font
style.
4. Use footer function in the word processor to insert Your Name, Subject,
Assignment No, and Page Number on each page. This is useful if individual
sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to
help editing your assignment.
Important Points:
1. It is strictly prohibited to use textboxes to add texts in the assignments, except

for the compulsory information. eg: Figures, tables of comparison etc. Adding
text boxes in the body except for the before mentioned compulsory information
will result in rejection of your work.
2. Carefully check the hand in date and the instructions given in the assignment.
Late submissions will not be accepted.
3. Ensure that you give yourself enough time to complete the assignment by the
due date.
4. Excuses of any nature will not be accepted for failure to hand in the work on
time.
5. You must take responsibility for managing your own time effectively.
6. If you are unable to hand in your assignment on time and have valid reasons
such as illness, you may apply (in writing) for an extension.
7. Failure to achieve at least PASS criteria will result in a REFERRAL grade .
8. Non-submission of work without valid reasons will lead to an automatic RE
FERRAL. You will then be asked to complete an alternative assignment.
9. If you use other people’s work or ideas in your assignment, reference them
properly using HARVARD referencing system to avoid plagiarism. You have
to provide both in-text citation and a reference list.

lOMoARcPSD|19865507
10. If you are proven to be guilty of plagiarism or any academic misconduct, your
grade could be reduced to A REFERRAL or at worst you could be expelled
from the course

lOMoARcPSD|19865507
Student Declaration
I hereby, declare that I know what plagiarism entails, namely to use another’s work and
to present it as my own without attributing the sources in the correct way. I further
understand what it means to copy another’s work.
1. I know that plagiarism is a punishable offence because it constitutes theft.

2. I understand the plagiarism and copying policy of the Edexcel UK.
3. I know what the consequences will be if I plagiarize or copy another’s work in
any of the assignments for this programme. .
4. I declare therefore that all work presented by me for every aspects of my
programme, will be of my own, and where I have made use of another’s work,
I will attribute the source in the correct way.
5. I acknowledge that the attachment of this document, signed or not, constitutes
a binding agreement between myself and Pearson UK.
6. I understand that my assignment will not be considered as submitted if this
document is not attached to the main submission.
roshen.anthony@gmail.com 2021/11/01
16.09.2021
Student’s Signature: Date:
(Provide E-mail ID) (Provide Submission Date)

lOMoARcPSD|19865507
Assignment Brief
Student Name /ID Number Roshen Anthony
Unit Number and Title Unit 5- Security
Academic Year 2020/2021
Unit Tutor Mr. Isura Kulathilake
Assignment Title EMC Cyber
Issue Date 10.02.2021
Submission Date 16.05.2021
IV Name & Date Mr. Lakindu Premachandra 18.09.2021
Submission Format:
The submission should be in the form of an individual written report written in a concise, formal business
style using single spacing and font size 12. You are required to make use of headings, paragraphs and
subsections as appropriate, and all work must be supported with research and referenced using Harvard
referencing system. Please provide in- text citation and an end list of references using Harvard
referencing system.
Section 4.2 of the assignment required to do a 15 minutes presentation to illustrate the answers.
Unit Learning Outcomes:
LO1 Assess risks to IT security.
LO2 Describe IT security solutions.
LO3 Review mechanisms to control organisational IT security.
LO4 Manage organisational security.

lOMoARcPSD|19865507
Assignment Brief and Guidance:

lOMoARcPSD|19865507
Scenario
‘EMC Cyber’ is a reputed cyber security company based in Colombo Sri Lanka that is delivering security
products and services across the entire information technology infrastructure. The company has a
number of clients both in Sri Lanka and abroad, which includes some of the top-level companies of the
world serving in multitude of industries. The company develops cyber security software including
firewalls, anti-virus, intrusion detection and protection, and endpoint security. EMC Cyber is tasked with
protecting companies’ networks, clouds, web applications and emails. They also offer advanced threat
protection, secure unified access, and endpoint security. Further they also play the role of consulting
clients on security threats and how to solve them. Additionally the company follows different risk
management standards depending on the company, with the ISO 31000 being the most prominent.
One of the clients of EMC Cyber, Lockhead Aerospace manufacturing which is a reputed aircraft
manufacturer based in the US, has tasked the company to investigate the security implications of
developing IOT based automation applications in their manufacturing process. The client has requested
EMC to further audit security risks of implementing web based IOT applications in their manufacturing
process and to propose solutions. Further, Lockhead uses ISO standards and has instructed EMC to use
the ISO risk management standards when proposing the solution.
The director of the company understands such a system would be the target for cyber-attacks. As you
are following a BTEC course which includes a unit in security, the director has asked you to investigate
and report on potential cyber security threats to their web site, applications and infrastructure. After the
investigation you need to plan a solution and how to implement it according standard software
engineering principles.
Activity 01
Assuming the role of External Security Analyst, you need to compile a report focusing on following
elements to the board of EMC Cyber’;

lOMoARcPSD|19865507
1.1 Identify the CIA Triad concept and evaluate why and how the CIA Triad could be utilize to EMC
Cyber in order to improve the organization’s security.
1.2 Identify types of security risks EMC Cyber is subject to its present setup and the impact that they
would make on the business itself. Evaluate at least three physical and virtual security risks identified
and suggest the security measures that can be implemented in order to improve the organization’s
security.
1.3 Develop and describe security procedures for EMC Cyber to minimize the impact of issues
discussed in section (1.1) by assessing and rectifying the risks.
Activity 02
2.1 Identify how EMC Cyber and its clients will be impacted by improper/ incorrect configurations
that are applicable to firewalls and VPN solutions. IT security can include a network monitoring
system. Discuss how EMC cyber can benefit by implementing a network monitoring system with
supporting reasons.
2.2 Explain how the following technologies would benefit EMC Cyber and its Clients by facilitating a
‘trusted network’. (Support your answer with suitable examples).
i) DMZ
ii) Static IP
iii)NAT
2.3 Identify and evaluate the tools that can be utilized by EMC cyber to improve the network and
security performance without compromising each other. Evaluate at least three virtual and physical
security measures that can be implemented by EMC to uphold the integrity of organization’s IT policy.
Activity 03
3.1 Discuss suitable risk assessment integrated enterprise risk management procedures for EMC Cyber
solutions and the impact an IT security audit will have on safeguarding organization and its clients.

lOMoARcPSD|19865507
Furthermore, your discussion should include how IT security can be aligned with an organizational IT
policy and how misalignment of such a policy can impact on organization’s security.
(This can include one or more of the following: network change management, audit control, business
continuance/disaster recovery plans, potential loss of data/business, intellectual property, Data
Protection Act; Computer Misuse Act; ISO 31000 standards.)
3.2 Explain the mandatory data protection laws and procedures which will be applied to data storage
solutions provided by EMC Cyber. You should also summarize ISO 31000 risk management
methodology.
Activity 04
4.1 Design an organizational security policy for EMC Cyber to minimize exploitations and misuses
while evaluating the suitability of the tools used in an organizational policy.
4.2 Develop and present a disaster recovery plan for EMC Cyber according to the ISO/IEC
17799:2005 or similar standard which should include the main components of an organizational
disaster recovery plan with justifications. Discuss how critical the roles of the stakeholders in the
organization to successfully implement the security policy and the disaster recovery plan you
recommended as a part of the security audit.
(Students should produce a 15 minutes PowerPoint presentation which illustrates the answer for
this section including justifications and reason for decisions and options used).

lOMoARcPSD|19865507
Pearson
Higher Nationals in
Computing
Unit 5: Security
Roshen Anthony Unit 05 Security 1|Page

lOMoARcPSD|19865507
Contents
1 Acknowledgement ................................................................................................ 6
2 Risks in IT Security .............................................................................................. 7
2.1 CIA Triad Concept ......................................................................................... 7
2.1.1 Confidentiality ........................................................................................ 7
2.1.2 Information Integrity ............................................................................... 7
2.1.3 Availability ............................................................................................. 7
2.2 Types of Security risks to EMC Cyber .......................................................... 8
2.2.1 Passive attacks ........................................................................................ 8
2.2.2 Active attacks .......................................................................................... 9
2.3 Security measures for EMC Cyber............................................................... 11
2.3.1 Virtual security measures ...................................................................... 11
2.3.2 Physical security measures ................................................................... 13
2.4 Security procedures for EMC Cyber ............................................................ 15
2.5 Security procedures for EMC Cyber to minimize the impact of issues ....... 18
3 IT Security solutions ........................................................................................... 21
3.1 The impact of improper configurations that are applicable to firewall and
VPN solutions to EMC Cyber................................................................................. 21
3.1.1 Firewall ................................................................................................. 21
3.1.2 VPN....................................................................................................... 23
3.2 Implementing a DMZ, static IP and NAT in a network can improve network
security .................................................................................................................... 24
3.2.1 DMZ ...................................................................................................... 24
3.2.2 IP Address (Internet protocol address) ................................................. 25
3.3 The benefits of implementing network monitoring systems ........................ 28
3.3.1 Benefits of using different network monitoring tools ........................... 30
4 Mechanisms to control EMC Cyber IT security ................................................. 32
4.1 Risk assessment procedures for EMC Cyber ............................................... 32

lOMoARcPSD|19865507
4.2 Data protection process and regulations as applicable to EMC Cyber ........ 35
4.2.1 Data protection act of 1998 ................................................................... 35
4.2.2 Steps of data protection process for EMC Cyber.................................. 36
4.3 Summarizing the ISO 31000 risk management methodology and its
application in IT security ........................................................................................ 39
4.3.1 ISO 31000 risk management methodology........................................... 39
4.4 Impacts to Organizational security resulting from IT security audit ........... 40
4.5 The impact of IT security aligns with organizational policy and the safety
consequences of any misalignment ......................................................................... 43
5 Managing Organizational security ...................................................................... 44
5.1 Designing and implementing a security policy for EMC Cyber .................. 44
5.2 The main components of an organisational disaster recovery plan, justifying

the reasons for inclusion. ........................................................................................ 48
5.3 Disaster recovery plan for EMC Cyber ........................................................ 53
5.4 The roles of stakeholders in the organisation to implement security audit

recommendations. ................................................................................................... 60
5.5 The suitability of the tools used in an organisational policy ........................ 63
5.5.1 Evaluation of the tools used in an organisational policy ...................... 64

lOMoARcPSD|19865507
List of Tables
Table 1 Security Procedures for EMC cyber to minimize the impact of issues ......... 20
Table 2 Comparison between dynamic IP .................................................................. 26
Table 3 benefits of using different network monitoring tools .................................... 31
Table 4 Risk Assessment for EMC Cyber .................................................................. 34
Table 5 steps for Data protection process for EMC Cyber ......................................... 38
Table 6 Common IT Security audit standards ............................................................ 42

lOMoARcPSD|19865507
List of figures
Figure 1 Example for DMZ ........................................................................................ 24
Figure 2 Disaster recovery plan slide 1....................................................................... 53
Figure 10 Disaster recovery plan slide 9..................................................................... 57
Figure 11 Disaster recovery plan slide 10................................................................... 57
Figure 16 Gantt Chart ................................................................................................. 67

lOMoARcPSD|19865507
1 Acknowledgement
Many people have contributed to the success of this Report. Although a single sentence
hardly suffices, the author would like to thank Almighty God for blessing him with his
grace.
The author is profoundly indebted to his class guide, Mr. Isura Kulathilaka, for
innumerable acts of timely advice; encouragement and the author sincerely express his
gratitude to her. Her guidance made the author to successfully complete the report. The
author extends his sincere and heartfelt thanks to Mr. Isura Kulathilaka, for providing
him the right ambiance for carrying out this work.
The author expresses his immense pleasure and thankfulness to all the teachers and
staff for the cooperation and support. In addition, a huge thank to the google and other
sources that the author have used in this report.
Last but not the least, he thanks all others, and especially his classmates who in one
way or another helped him in the successful completion of this work.
The author hopes contributors will recognize that he has done his best to reflect the
variety of views and the wealth of information, which were so generously provided, to
him. The author takes full and sole responsibility for the content of the report and for
any errors or misrepresentations of fact or opinion it may contain.
Regards,
The Author,
Roshen Anthony

lOMoARcPSD|19865507
2 Risks in IT Security
Information security refers to the safeguarding of data, particularly as it is being
processed. IT security aims to keep unauthorized third parties from tampering with data
and systems. This means that socio-technical systems within firms / organizations, i.e.,
people and technology, as well as their data, are safeguarded from harm and dangers.
This includes not only data and information, but also physical data centers and cloud
services.
2.1 CIA Triad Concept
Over the last few years, information has grown increasingly precious. As a result, it is
much more critical to safeguard it. The three IT protection goals of availability,
integrity, and secrecy characterize information security. These three parts are known
as CIA Triad Concept.
2.1.1 Confidentiality
IT Security confidentiality means that data is only available to authorized individuals.
Only a limited number of people, for example, have access to the information it
contains. To put it another way, access control must be defined. This necessitates the
assignment of access rights.
The conveyance of data is another crucial aspect of information secrecy. This should
be encrypted at all times, whether symmetrically or asymmetrically. Unauthorized
individuals will be unable to access the information.
2.1.2 Information Integrity

The information's integrity should be seen, with the contents and data being complete
and correct at all times. As a result, the systems must cooperate for their mutual
advantage. Data must not be modified as a result of a sales or processing transaction in
order to be used. As a result, it's also worth noting that the authoritative Third party
will never get access to (even a portion of) the data. Because it is only conceivable to
make a mistake, it must be demonstrated that this art of manipulation can be avoided,
enhanced in terms of safety, and applied.
2.1.3 Availability
Having the appropriate information available ensures that data processing within the
systems goes smoothly. The data must be retrievable in a timely and accurate manner.

lOMoARcPSD|19865507
This necessitates the protection of computer systems against failure. This is why load
testing is used to check the limitations, ensuring that company operations are not
disrupted.
Use of CIA Triad Concept for Cyber
The CIA trio provides a high-level checklist for evaluating your security procedures
and equipment that is both easy and thorough. All three components of an effective
system are met: secrecy, integrity, and availability. It is insufficient to have an
information security system that is lacking in one of the three parts of the CIA trinity.
After a negative occurrence, the CIA security triangle is also useful in determining what
went wrong—and what worked. For example, if availability was harmed as a result of
a ransomware assault, but the mechanisms in place were still able to protect the
confidentiality of sensitive data. This information can be utilized to correct flaws and
replicate effective policies and procedures in EMC Cyber.
2.2 Types of Security risks to EMC Cyber
When considering the Security Attacks, these can be categorized as Passive and Active.
2.2.1 Passive attacks
A passive attack occurs when the attacker does not attempt to modify or affect the target
system's resources. Instead, the attacker is attempting to obtain or learn information
from that system.
Eavesdropping and monitoring of networks and communications are examples of
passive attacks. Listening in on communications and transmissions is referred to as
eavesdropping. For example, we could use a network monitoring tool to examine the
data transmitted by a Wi-Fi router. It would be an example of passive attack if we were
to listen in on and record a phone conversation (and possibly release the recording to
the public).

lOMoARcPSD|19865507
2.2.2 Active attacks

An active attack occurs when the attacker attempts to alter the system (for example, by
changing data or settings) or to interfere with the system's operation. Masquerading,
replaying, modification, and denial of service are examples of active attacks.
Masquerading is the act of pretending to be someone or something else in order to fool
the system into thinking we are someone else. This could come in handy if we want to
trick the system into granting us access, or if we want to leave a false trail of evidence
that points to someone else.
EMC cyber is reputed and reliable IT security service provider based in the Colombo
Sri lanka. The EMC cyber has both abroad and Sri Lankan clients. So, EMC should
have the best secured data centres but there are some vulnerabilities which are
identified by the author. Those are,
• Failure of the server

• DDoS assaults are a type of distributed denial of service attack.
• Inadequate data backups and data loss
• The vulnerabilities of cloud service providers
• Cloud-based phishing
• Attacks on the virtual machine level
• Attacks based on social engineering
• Vulnerabilities in the system
• Unauthorized access Malicious code
• Natural calamity
Organizational Risks,
• Reputation risk
• Financial risk
• Operational risk
• Legal risk
• Strategic Risk
• Technology risk
• People/culture risk

lOMoARcPSD|19865507
• Fraud risk
Roshen Anthony Unit 05 Security 10 | P a g e

lOMoARcPSD|19865507
2.3 Security measures for EMC Cyber

Keeping the EMC Cyber data is very important. Since there are several threats security
measures are very important. Security measures can be categorized as two main parts.
• Virtual Security measures

• Physical security measures
2.3.1 Virtual security measures

Backup/ restoration of data
A backup is a copy of your data that you make for safekeeping. The backup should then
be stored somewhere secure so that it can be safely retrieved if needed.
Some people get the terms backup and archive mixed up. A backup is a duplicate copy
of your data that you keep for safekeeping. An archive is your primary data that you
simply move to another location because you don't need it right now but may need it in
the future.
There are various types of backup methods from which to choose.
Full backup
This is the most basic type and is a full backup of all of your data. The benefit is that
your entire backup is available in one location or medium. The disadvantage is that if
you have a large amount of data to backup, it will take a long time to complete the
backup.
Incremental backup
Here, you first start by taking a full backup. Then, your backup only what has changed
since your last backup. The benefit is that your backup process will take less time and
space, but there is the disadvantage that you have to maintain multiple volumes.
Differential back up
This is very similar to an incremental backup, except that your subsequent backup
includes everything from your last full backup onward.

lOMoARcPSD|19865507
Audits
Auditing is the on-site verification of a process or quality system, such as inspection or

examination, to ensure compliance with requirements. A security audit for IT systems
would be a manual or systematic assessment to ensure that the proper procedures and
policies are in place, and that people are properly trained on how to respond to specific
situations that may compromise a system's security.
As part of an audit, we may verify that all systems are functioning as expected, that
proper backups and precautions are taken, that disaster recovery procedures are in
place, that people are properly trained, and that policies are properly understood and
implemented.
Testing procedures
There are several methods for testing networks. Some of the options available to you
are as follows:
Testing the Network, WAN, Intranet etc.
• Vulnerability Scanning: This is performed using automated software to scan a
system for known vulnerability signatures.
• Security Scanning: This involves identifying network and system flaws and
then providing solutions to mitigate these risks. This scanning can be done both
manually and automatically.
• External Penetration Testing: The goal of this testing is to determine whether

someone outside your organization can access your critical information assets
from the internet by exploiting weaknesses in your perimeter. This is
considered ethical hacking.
• Internal Penetration Testing: The goal is to determine whether internal staff or

someone with physical access to your premises can access information assets
that they do not have access to. This is a type of ethical hacking.

lOMoARcPSD|19865507
Testing systems
• Security auditing: Security auditing is an internal check for security flaws in

applications and operating systems. Line-by-line code inspection can also be
used for auditing.
• Security scanning: This involves identifying network and system flaws and then
providing solutions to mitigate these risks. This scanning can be done both
manually and automatically.
• Penetration testing: The goal of this testing is to determine whether someone
outside your organization can access your cjritical information assets from the
internet by exploiting weaknesses in your perimeter. This is considered ethical
hacking
• Web application Security assessment: The goal of this exercise is to assess and
identify vulnerabilities that can be exploited via web applications and services
made available to clients, employees, and others... Such flaws may enable an
attacker to exploit the application and extract its data, as well as further elevate
their privileges. This is an instance of ethical hacking.
2.3.2 Physical security measures
Locking server room
You should double-check that the server room door is securely locked even before you
shut down servers, and even until you first turn them in. Of course, the best lock in the
world won't help you if you don't use it, so policies requiring that those doors be closed
whenever the room is unattended, as well as who has the key or keycode to go in, will
be necessary. The server room is the heart of your network, and it can cause massive
damage if it gets compromised. To prevent this, make sure that everyone has physical
access to all of the devices that are connected to it
Setup surveillance
Getting people to enter and out of the server room is a good start, but it can be
dangerous if someone has unauthorized access. A good way to prevent this is by
implementing an electronic access system or a log book. This method works by creating
a record that identifies each person who enters the room.

lOMoARcPSD|19865507
Motion Detection Cameras can monitor continuously or they can use technology to
detect when someone is moving around. They can also send e-mails or text message
notifications if they detect motion.
Keep most vulnerable devices in a lock room
Remember, it's not only the servers about which you have to worry. A hacker can
connect a laptop to a hub and use sniffer software to capture network-wide data. Ensure
you have as many of your network devices as possible in the locked room or in the
locked closet elsewhere in the facility if they have to be in a different area.
Protect portable devices
Special physical security risks arise from laptops and handheld computers. The entire
computer can be easily robbed from a thief, including any recorded data and passwords
to the network connection. If employees use their desks on laptops, when leaving or
secure a permanent fixture with a cable lock, they should take them with them.

lOMoARcPSD|19865507
2.4 Security procedures for EMC Cyber
A security procedure is a set of steps that must be followed in order to complete a

certain security duty or function. Procedures are typically developed as a set of actions
to be performed in a consistent and repeatable manner to achieve a specific goal.
Security procedures, once developed, give a set of established steps for performing the
organization's security affairs, making training, process auditing, and process
improvement easier. Procedures serve as a starting point for establishing the uniformity
required to reduce variation in security procedures, hence improving security control
inside the business. In the security sector, reducing variance is also an excellent method
to reduce waste, improve quality, and boost performance.
The following rules and procedures are required by the organizational security
program.
Physical security procedures for EMC Cyber.
Physical security measures are intended to keep buildings safe and secure while also
protecting the equipment inside. In a nutshell, they keep undesired people out while
allowing authorized individuals in. While network and cybersecurity are crucial,
physical security breaches and threats must be avoided in order to keep your technology
and data safe, as well as any staff or faculty members who have access to the facility.
Your workplace or facility will be vulnerable to criminal activity if you don't have
physical security policies in place. Physical security concerns include theft, vandalism,
fraud, and even accidents.
The EMC cloud is based on a single structure with a large number of physical
components. Then there's the issue of physical security. Physical security, like logical
security, is critical. Physical security is a type of security technology that protects
people, hardware, networks, and data from physical threats. Multiple levels of
interdependent systems were utilized for physical security.
The physical security plan should also focus on keeping all employees safe, preventing
unwanted access to the network, and keeping hardware components secure.
According to a physical security expert, the physical entrance of a structure or

environment is the first worry. EMC Cyber is based in Colombo and houses all of its

lOMoARcPSD|19865507
functions in one location. This is Sri Lanka's busiest and most commercial city. As a
result, EMC may experience certain physical difficulties. Protesters' attacks, for
example, natural disasters. There are several methods that EMC cyber use in Physical
security. Those are,
• Lock up the server room

• Set up surveillance
• Keep most vulnerable devices in a locked room
• Protect the portable devices
• Looks
• Disable drivers in unwanted devices
• Security lighting
• Alarm system and sensors
Access Control list (ACL)
Lists of Controlled Access Network traffic filters known as "ACLs" can regulate
incoming and outgoing traffic. ACLs are a set of rules that describe how a packet should
be forwarded or blocked at the router's interface. An ACL is similar to a Stateless
Firewall in that it just restricts, blocks, or allows packets to pass from one source to
another. When you define an ACL for a specific interface on a routing device, all traffic
going through that interface is compared to the ACL statement, which will either block
or allow it. The source, destination, a specific protocol, or other information could be
used to define the ACL rules. ACLs are commonly found in routers and firewalls, but
they can also be configured in any network device, including hosts, network devices,
servers, and so on.
According to investigation that given by the Director of the company, the EMC is
mainly vulnerable in Hardware and Software security. As an investigator the author
suggests below steps to increase the security of EMC cyber.
Hardware Area
• Replace obsolete computers, laptops, and notebooks with newer models.
• Remove the old EMC router from the network.
• Drivers and encryption mechanisms should be updated.
• Use biometric authentication for access

lOMoARcPSD|19865507
Software Area
• Operating systems that have been patched or updated.
• Updated or patched productivity software, as well as patched web browsers.

lOMoARcPSD|19865507
2.5 Security procedures for EMC Cyber to minimize the impact of issues
Organizational Risk Preventing procedure

Data loss • Always Backup Data
• Diversify EMC backups
• Encrypt EMC sensitive data
• Address data security
• Use antivirus and email security
Data Quality • Extensive data profiling and
control of incoming data are
required.
• It is necessary to perform
extensive data profiling and
management of incoming data.
• Accurate gathering of data
requirements.
• Enforcement of data integrity.
• Integration of data lineage
traceability into the data
pipelines.
• Automated regression testing as
part of change management.
Infrastructure Risk • Secure remote access
• Create inventory of assets
• Identify and patch vulnerabilities
• Monitor for anomalies
• Integrate OT and IT networks
Operational Risk • Implement precise change
management processes
• Restrict access to network
devices

lOMoARcPSD|19865507
• Give your employees the

minimum access
• Implement dual control.
• Automate tasks to reduce the
need for human intervention
• Incident response and disaster
recovery planning
Strategy risk • Examine the current system of
internal controls.
• Working with an internal control
specialist is a good idea.
• Maintain a high level of safety at
all times.
• Obtain insurance coverage.
• Keep your commitments to a
minimum.
Natural Risk • Data from the company should
be backed up and stored in a
secure location.
• To safeguard against fire, use
fire-resistant building materials.
• Every floor should have a fire
extinguisher.
• To guard against strong forces,
reinforce doors and windows.
• Having a first-aid kit, non-
perishable food, water, and a
flashlight on hand in case of an
emergency.
Cyber threats • Keep software and system fully
updated
• Use a firewall

lOMoARcPSD|19865507
• WIFI security
• Give employees to personal
accounts
Table 1 Security Procedures for EMC cyber to minimize the impact of issues

lOMoARcPSD|19865507
3 IT Security solutions
3.1 The impact of improper configurations that are applicable to firewall and VPN
solutions to EMC Cyber
3.1.1 Firewall
A firewall is a network security device that analyzes incoming and outgoing network
traffic and determines whether specific traffic should be allowed or blocked based on
a set of security rules.
For more than 25 years, firewalls have served as the first line of defense in network
security. They create a barrier between secure, controlled internal networks that can be
trusted and untrustworthy external networks like the Internet.
A firewall might be hardware, software, or a combination of the two.
There are several types of Firewalls. Those are,
• Proxy Firewall
• Stateful inspection firewall
• Unified threat management firewall
• Next-generation firewall
• Threat-focused Next-generation firewall
• Virtual firewall
A firewall serves as a link between two LAN networks; however, it is unable to deal
with the risks listed below.
Malicious employees
Actually, firewalls are terrible at evaluating and analyzing people's perceptions, as well
as locating data packets with "bad intent." If an employee attempts to engage in
malicious behavior or engages in misconduct, the firewall will be unable to stop them.

lOMoARcPSD|19865507
Modem users
A firewall will not be able to protect connections that do not flow through it. A firewall
cannot prevent individual users with modems from calling into or out of the network,
thus circumventing the firewall.
Polices
The policies governing the usage of passwords are outside the control of the firewall,
resulting in the misuse of individual passwords and user accounts. This has to be
rigorously adhered to.
Previous attacks
Firewalls offer little protection against previously unknown assaults.
Viruses
Anti-virus protection that is normally down-and-out is provided.
There are common problems are caused by the Conventional Firewalls. Many
loopholes were discovered and discussed after reading and analyzing the standard
firewall. All four types of firewalls, including packet filters, circuit level gateways,
application-level gateways, and stateful multilayer inspection firewalls, have their own
set of wizards and deceptions. A few of them are listed below as well.
• A packet filtering firewall that solely works at the network level of the OSI
model does not support complex rule-based frameworks.
• Circuit level gateways operate at the OSI model's session layer, storing
information about protected networks but not straining individual messages.
• Application-level gateways, sometimes known as proxies, are essentially
similar to circuit level gateways, with the exception that they are application
specific. They also advertise a high level of security, but they have a significant
impact on network performance.

lOMoARcPSD|19865507
• Stateful multilayer inspection firewalls include the aforementioned three

firewalls, however they are extremely expensive and, because of their
complexity, may be less secure than simpler firewalls.
3.1.2 VPN
A virtual private network, or VPN, is an encrypted link between a device and a network
via the Internet. The encrypted connection aids in the secure transmission of sensitive
data. It protects against illegal eavesdropping on traffic and allows the user to work
remotely. In corporate settings, VPN technology is commonly used.
A virtual private network (VPN) connects a corporate network to the Internet via
encrypted connections. Traffic remains private as it travels because it is encrypted
between the device and the network. An employee can work from home and still
connect to the company network safely. A VPN can be used to connect even
smartphones and tablets.
There are many security risks that cause by the VPN s. such as,
• VPN hijacking
• Data leaks
• Malware infections
• Cannot create an enforce policies that protects credentials
• No third-party accountability
• No proper encryption methods
• Keep track of user’s data without permission of user
Since the EMC cyber is providing both local and international services Third-party
VPN are not suitable for the security and the growth of the company. As an investigator
the author suggests not to use third party VPNs.

lOMoARcPSD|19865507
3.2 Implementing a DMZ, static IP and NAT in a network can improve network
security
3.2.1 DMZ
DMZ is stands for Demilitarized Zone which is in computer networks is a physical or
logical subnet that divide a LAN (local area network) from untrusted networks. Such
as public internet. Perimeter networks or screened subnetworks are also known as
DMZs.
Internal corporate networks are protected by DMZs, which provide a level of network
separation. These sub-networks limit remote access to internal and resource servers,
making access to the internal network difficult for attackers. This strategy is useful for
individual uses as well as large companies.
Web servers, FTP servers, email servers, DNS servers, and VoIP servers are among the
equipment accessible to internet traffic in the Demilitarized Zone. Incoming traffic
from the external network is routed through the DMZ filer.
Figure 1 Example for DMZ
The above figure represents a part of EMC cyber network. According to the DMZ
security method isolated network can be provided for public facing servers. Such as
Web servers and mail servers.

lOMoARcPSD|19865507
3.2.2 IP Address (Internet protocol address)
An IP address, which is a unique address, identifies a device on the internet or on a

local network. The Internet Protocol (IP) is a set of rules that govern how data is
transmitted across the internet or a local network.
IP addresses can be classified as two types,
• Static IP address
• Dynamic IP address
Dynamic IP
Dynamic IP addresses are those that change on a regular basis. ISPs buy a large range
of Ip addresses and automatically assign them to their customers. They re-assign them
on a regular basis, and the older IP addresses are returned to the pool for use by other
clients. The goal of this method is for the ISP to save money. They don't have to go
through any special procedures to re-establish a customer's IP address if they move
residence, for example, because IP addresses are routinely transferred. There are also
security benefits, since criminals will find it more difficult to obtain access to your
network interface if clients IP address changes.
Static IP
Unlike dynamic IP addresses, static IP addresses do not change. The network assigns
an IP address, which does not change. A static IP address isn't essential for most
individuals and enterprises, but it is for those who want to run their own server. This is
because a static IP address ensures that the websites and email addresses linked with it
have a consistent IP address, which is necessary if you want other devices to be able to
find them regularly on the internet.

lOMoARcPSD|19865507
The below tables show a comparison between dynamic IP and static IP
Static IP Dynamic IP
The Network Administrator assigned it Assigned automatically by the DHCP
manually. server
More hackable More secure
The host in a network is given a In a network, a temporary IP address is
permanent numeric address. assigned to a host.
Used for dedicated servers such as mail Connects a huge network to the internet
servers, FTP servers, and VPN servers. and allows for communication.
Connects a huge network to the internet
and allows for communication.
After it is allocated to the computer, it If the connection is reset or the DHCP
does not alter automatically. leases expire, the value changes
automatically.
Table 2 Comparison between dynamic IP
NAT (Network Address Translation)
Network Address Translation (NAT) is a technique for conserving IP addresses. It

allows private IP networks to connect to the Internet using IP addresses that have not
been registered. Before packets are forwarded to another network, NAT occurs on a
router, usually linking two networks, and turns private (non-globally unique) internal
network addresses into legal addresses.
As part of this feature, NAT can be configured to only advertise one address for the
entire network to the outside world. By effectively disguising the entire internal
network behind that address, the system's security is enhanced. Because it enables both
security and address conservation, NAT is often employed in remote-access scenarios.
When accessing resources outside of the network, such as the internet, these machines
must have a public address.
This is where NAT comes into play.

lOMoARcPSD|19865507
When users connect to an outside network, such as the internet, they are all assigned
the same public address. As a result, a single public IP address can be utilized by
hundreds, if not thousands, of people. As a result, EMC's cyber service provider saves
money thanks to NAT. EMC saves money by not having to purchase a public IP address
for each computer. Furthermore, there are a number of advantages to using NAT.
Thanks to the NAT process, the EMC's security has increased. In addition, NAT is an
important part of firewall security.
There are several benefits when DMZ and NAT. The following table shows the
benefits.
DMZ • Organizational access control.

• Prevent intruders from
conducting reconnaissance on
your network.
• Anti-IP spoofing protection.
• The DMZ serves to protect the
LAN from internet intruders.
NAT • NAT allows numerous devices to
connect to an external network,
such as the internet, using a
single public address.
• NAT protects IP addresses that
are legally registered.
• NAT aids in the prevention of
IPv4 address exhaustion.
• By hiding the original source and
destination addresses, NAT adds
an extra degree of security.
• Financial prudence.
• Enhancements to security.
• EMC compartmentalization ease
could be a network.

lOMoARcPSD|19865507
3.3 The benefits of implementing network monitoring systems
Network monitoring gives network administrators the information they need to

determine whether a network is performing optimally in real time. Network monitoring
software, for example, can help administrators spot weaknesses early on, increase
productivity, and so on.
Network monitoring systems include software and hardware tools which can track
different aspects, such as traffic, bandwidth use and uptime, of a network and its
operation. These systems detect devices and other network elements and provide status
updates.
Network administrators rely on network surveillance tools to assist them spot failures
or problems like traffic bottlenecks that impede data flow fast. These systems can send
email or text alerts to administrators and generate reports using network analytics.
Continuously monitoring a network system is helps to identify problems and security

risks to the network system. The health of your network can measure with criteria such
as throughput, latency, reordering packets, and jitters.
Troubleshooting issues early, secure the business continuity and networking

monitoring benefits. Such as,
Enhanced growth and scalability
According to the researches there will be 25 billion parts of hardware will categorize
under Inter of things. This means smarter analytics, automated systems, and more will
be grow.
Therefore, EMC cyber will need advance monitoring solutions to keep up to speed. The
increasing demand for the network increases the complexity of the network. It's natural
to believe that relying solely on manual management will result in human error.
However, this is not always the case, so let's look at the numbers.

lOMoARcPSD|19865507
45% of the downtime is human error. EMC Cyber have clear arguments for automating
the company monitoring together with network problems. Teaching advanced
networking will help EMC Cyber to keep pace with evolving demands. This could
essentially result in easier, better growth that enables you to compete in an ever-
changing world.
Enhance security
The security of the network is an enormous affair. You may be at risk for malicious
attacks and hacking attempts without a network monitoring service.
Smart network monitoring can provide instant attention to potential threats. The need
to detect and remedy faults by human efforts no longer exists. It saves time and removes
trouble. Weak links could be broken and detected by network monitoring tools. It could
also identify areas for enhancements
Moreover, uptime and security failures reports will give EMC Cyber additional impetus
for upgrading. Sometimes it can be difficult to justify upgrading the network.
Monitoring can provide EMC Cyber with the essential outlet for your revenue and
growth.
Providing Historical and Baseline Data
Network monitoring technologies can compare data continuously and automatically

when baseline data is available. You will receive an alert if performance degrades, and
you will be able to resolve the issue right away. Historical data provides a benchmark
for determining ideal network performance or identifying bad network performance. It
allows you to troubleshoot network issues from previous events.

lOMoARcPSD|19865507
3.3.1 Benefits of using different network monitoring tools

Tool Feature
PRTG Monitor • Monitoring and alerting you
about uptimes and downtimes or
slow servers
• System health monitoring of your
various hardware devices
• Network device monitoring and
bandwidth accounting
• Application monitoring
• Monitoring virtual servers
• Service level agreement (SLA)
monitoring
• System usage monitoring (for
example, CPU load, free
memory, or free disk space)
• Database performance and table
values monitoring
• Email server monitoring and
reviewing various backup
solutions
Nagios XI • Nagios XI is aimed at a wide
range of users, including
freelancers, small and medium
businesses, and major
enterprises.
• Keep an eye on the network, the
infrastructure, and the database.
• Easy to set up (it may take some
time to adjust to your needs at
first).

lOMoARcPSD|19865507
DataDog • Designed specifically for hybrid

cloud setups.
• Monitor the network's, apps',
tools', and services' performance.
• Extensibility is possible because
to a large number of APIs
(Application Programming
Interfaces) with extensive
documentation.
• It's simple to set up and use, and
you'll be up and running in no
time.
• Agents are available for a variety
of platforms, including Windows,
Mac OS, a variety of Linux
distributions, Docker, Chef,
Puppet, and others.
• Can instantly construct bespoke
graphs, metrics, and warnings,
and the software can dynamically
alter them based on changing
conditions. (datadoghq.com)
Table 3 benefits of using different network monitoring tools

lOMoARcPSD|19865507
4 Mechanisms to control EMC Cyber IT security

4.1 Risk assessment procedures for EMC Cyber
A risk assessment is a careful review of your workplace to identify the situations,
processes, etc. that can harm people in particular. Once identified, the company or
person can analyze and assess the likelihood and the seriousness of the risk. After that,
the company or person can decide what measures should be in place to effectively
remove or control the damage.
There are several steps that can be identified in the risk assessment procedure.
• Hazard identification: finding, listing and characterizing the hazards

• Risk analysis: a process of identifying the level of the hazards and nature of
the hazards
• Risk evaluation: Comparison process of an estimated risk with certain risk
criteria to determine the importance of the risk.
• Risk control: Measures to implement decisions on risk assessment.
Advantages of risk assessment
• In your workplace, recognize and control risks.

• Sensitize your employees – and use them as a training tool.
• Set standards for risk management, based on acceptable safe practices and
legal requirements.
• Reduce occupational incidents.
• Save costs by proactivity rather than reactivity.

lOMoARcPSD|19865507
Risk About Risk Current Steps for Responsible person
Risk level
solution increase
security
Operational The possible Maintain Develop Management
Risk losses because good a solid
of uncertain records. plan
circumstances.
Includes Keep low
reputational, dept
legal and accounts.
regulatory
Casualty
purchase Low
insurance.
Infrastructure Potential Create Make a Management,
Risk structural and awareness proper Network
basic training for plan Administrator
structural businesses.
failures. Create a
system for
managing
Medium
human
resources.
Strategy Risk The EMC Review the Obtain an Management
could be current insurance
exposed to the internal
risk of failure control
of EMC system.
business Review
decision. Always
Medium
practice
security

lOMoARcPSD|19865507
Data Loss Data loss is a EMC Cyber Keeps Network

fault condition keeps backup administrator
that can be backups and daily
damaged by encrypt
failure or sensitive
failing to data
store,
transmit, or
process the
High
data.
Data Quality Good centralized Precise Network
information management collection administrator,
reduces the and data of data Database
risk and modeling of needs. Administrator,
makes data assets Quality assure
decision that are
making more frequently
confident. examined
High
and audited
Natural Risk An Keep Keep all Network
unexpected backups and necessary Administrator,
event that store data in databases Database
happens off-side separately administrator
beyond location
High
control
Table 4 Risk Assessment for EMC Cyber

lOMoARcPSD|19865507
4.2 Data protection process and regulations as applicable to EMC Cyber
Data protection is the process of protecting vital data against corruption, compromise
or loss and enabling them to restore the data to a functioning condition if something
makes the data inaccessible and unusable.
4.2.1 Data protection act of 1998

In order to safeguard your personal data kept on computers or in organized paper filing
systems, the Data Protection Statute 1998 is an act of Parliament. The EU Data
Protection Directive, the protection, processing and transfer of personal data
regulations of 1995 was implemented.
There are 8 fundamental principles of DPA 1998 specified that data must,
1. Fair and Lawful

2. Purposes
3. Adequacy
4. Accuracy
5. Retention
6. Rights
7. Security
8. International Transfers

lOMoARcPSD|19865507
4.2.2 Steps of data protection process for EMC Cyber

• Develop a Culture of “Privacy by Design”
• Appoint a data protection officer
• Educate Your personal
• Document Your information collection and usage practices
• Confirm your lawful basis for collecting and processing personal Data
• Update Consent Practices
• Protect individual rights
• Review and update your privacy notices
• Review third party contracts
• Prepare for data breaches
Steps Procedure
Develop a Culture of • Check EMC Cyber privacy approach and how you
“Privacy by Design” manage data protection.
• Conduct impact assessments for data protection
and establish risk mitigation measures found in
the evaluation.
• Make sure that the Company data that process are
adequately technological safeguarded. Technical
protections should include automatic identification
and classification methods for personal data,
pseudonymization and data encryption, and
technical security measures.
Appoint a data • A DPO is necessary if your company regularly
protection officer and systematically monitors large-scale people, or
if you process any of the sensitive data categories
on a wide scale.
• In all situations, a DPO is advised to guarantee
that a person with adequate expertise, institutional
backing and power is responsible for the security
of data.

lOMoARcPSD|19865507
Educate Your personal • Make sure that all decision-makers and key
individuals who process or direct data use are
aware of their obligations.
• Continuous data protection training.
Document Your • Make an inventory of data. Take all gathered and
information collection used information into account in all your
and usage practices organization areas.
• Develop a documented internal policy on your
organization's actions to safeguard and enforce
personal data. Develop a documented internal
policy on your organization's actions to safeguard
and enforce personal data.
Confirm your lawful • GDPR requires you to have a legally binding basis
basis for collecting and for personal data processing. The legally
processing personal acceptable grounds for business undertakings
Data • Document the appropriate legal bases for each
type of personal data gathered, make sure that the
data can only be useful and retain records for the
specified purposes.
Update Consent • If company agree to the processing of their
practices personal data on a legitimate basis, such
permission must be freely granted, explicit,
informed and clear.
• If they do not satisfy GDPR standards, existing
consents will have to be renewed.
Protect Individual • develop mechanisms to answer individual requests

Rights for their personal data rights
• Although the majority (pre-GDPR) of these rights
exist in the EU, the right to data portability is new.
If applicable, the data record must be transferred
in an electronic format, typically readable at the
request of the individual.

lOMoARcPSD|19865507
Review and Update • Make sure that the data collection and usage
your Privacy notes methods assessed and defined in Steps 4 through 7
are correctly described in your data protection
information.
• Company data protection notifications must
explicitly provide a legally-lawful basis for the
treatment, data retention and people' ability to
lodge complaints with the data protection
authorities of Member States.
Review third party • If company process, store or otherwise manage
Contracts data on your behalf from third party sources,
company is liable for their GDPR compliance as
far as your data are concerned.
• Review contracts and agreements with business
partners, cloud service providers and other third
parties to ensure that organizational and
technological information security safeguards are
in place for third parties.
Prepare for data • Confirm if internal processes are sufficient to
breaches quickly discover and report violations in the
correct control chain.
• Implement investigation and mitigation processes
for infringements of data.
Table 5 steps for Data protection process for EMC Cyber

lOMoARcPSD|19865507
4.3 Summarizing the ISO 31000 risk management methodology and its application
in IT security
4.3.1 ISO 31000 risk management methodology

The International Standard ISO 31000 for Risk Management provides concepts and
guidance for successful risk management. ISO 31000 offers advice on how to integrate
risk-based decision-making in EMC governance, management, planning, reporting and
policies and ISO 31000 to build a Risk Management Strategy to successfully identify
and mitigate risks, as the EMC's Cyber services provider notes.
Risk management Process
• Identify threats and opportunities

• Minimize losses
• Improve operational efficiency and effectiveness
• Encourage personnel to identify and treat risks
• Improve risk management controls
The following key provisions are the ISO 31000 risk management
• Principles
• Framework
• Process
Principles of risk management iso of 31000
• Risk management establishes and sustains value.

• Risk management is an integral part of all organizational
processes.
• Risk management is part of decision making.
• Risk management explicitly addresses uncertainty.
• Risk management is systematic, structured, and timely.
• Risk management is based on the best available information.
• Risk management is tailored.
• Risk management takes human and cultural factors into
account.

lOMoARcPSD|19865507
• Risk management is transparent and inclusive.

• Risk management is dynamic, iterative, and responsive to
change.
• Risk management facilitates continual improvement of the
organization.
4.4 Impacts to Organizational security resulting from IT security audit
There are 3 types of IT audit control
• Detective
• Prevention
• Corrective
During the planning stage of an engagement, audit objectives are developed that are
clearly aligned with the business objectives of the area or process under review. The
majority of engagements are centered on ensuring that controls are in place to
effectively reduce risks that could prohibit the region or process from meeting its
business objectives. Auditors additionally make sure that engagement goals are in line
with the organization's goals in terms of:
1. Operational aims and objectives are met.

2. Information trustworthiness and integrity
3. Asset protection is essential.
4. Resource utilization that is both effective and efficient
5. Observance of key policies, processes, laws, and regulations
Being audited provide numerous advantages to management. Such as,
• Assess the effectiveness of internal controls.

• Encourage the use of best control practices.
• Ensure that policies and regulations are followed.
• Identify inefficiencies and waste in your operations.
• Examine IT systems, programs, and technologies.
• Provide unbiased information
• Evaluate resource efficiency and stewardship.

lOMoARcPSD|19865507
• Determine where you can save money.

• Assist management in resolving cross-functional challenges that are
complicated.
An audit is required by a number of IT security standards. While some are general to

the IT business, many are more sector-specific, relating to healthcare or financial
organizations, for example. A small selection of some of the most widely debated IT
security standards is provided below.
Audit standard Description

ISO compliance The International Organization for
Standardization (ISO) creates and
publishes a variety of standards to ensure
quality, consistency, and safety. Because
these standards focus on keeping
information assets secure, the ISO/IEC
27000 family of standards is one of the
most relevant to system administrators.
The ISO/IEC 27001 standard is well-
known for its standards for information
security management systems.
HIPAA Security rule The HIPAA Security Rule lays out
detailed standards for how businesses
should safeguard patients' electronic
personal health information.
PCI DSS compliance The PCI DSS compliance standard is
directly applicable to businesses that
handle any type of client payment.
Consider this standard to be the need for
ensuring the security of your credit card
information every time you perform a
purchase. PCI DSS compliance is a
difficult endeavor, and I propose that you
use software like SolarWinds® Security

lOMoARcPSD|19865507
Event Manager to assist you with the

auditing process.
SOX Compliance The SOX Act, better known as the
Sarbanes-Oxley Act, which was adopted
in 2002 following the highly promoted
Enron scandal, was approved by Senator
Paul Sarbanes (D-MD) and Rep. Michael
G. Oxley (R-OOH-4). The purpose was
to protect investors by mandating all
public undertakings to make accurate,
dependable annual financial statements.
Table 6 Common IT Security audit standards

lOMoARcPSD|19865507
4.5 The impact of IT security aligns with organizational policy and the safety
consequences of any misalignment
The IT Security Policy defines rules and processes for everyone who accesses and uses
the IT resources and assets of a company. Effective IT security policy is a model of the
culture of the firm, which uses rules and procedures from the information and working
approach of its personnel. Therefore, for every organization, a good IT security policy
is a unique document, based on the views of its people on risk tolerance, how their
information is seen and appreciated and on their consequent availability.
There are Information security policies that can be used for EMC Cyber,
Classification of information and data — Good information and classification policies

assist firms to regulate the distribution of their safety assets. Poor grades may leave
organizations susceptible to attacks.
IT operation and management — the failure of departmental co-operation might result

in set-up problems. When the team works together, risk assessment and identification
may be coordinated across all departments to mitigate risks.
Privacy rules - Government imposed regulations such as the General End User Data
Protection Regulations. The company then needs to secure its users. If you don't secure
users' privacy, the organization risks losing its power and fines.
Personal and mobile devices - the company has moved into the cloud today. EMC
Cyber, for example. The organization offers access for any location to corporate
software assets. There is then a possibility that personal gadgets like laptop, cell phones
would introduce vulnerabilities. The corporation then needs to establish a policy to
safeguard its personal appliances properly, which can help prevent threats through its
assets.

lOMoARcPSD|19865507
5 Managing Organizational security
5.1 Designing and implementing a security policy for EMC Cyber

Policies are rules, principles, guidelines, or frameworks that an organization adopts or
creates in order to achieve long-term objectives. These are frequently written in a
format that is simple to understand. All key decisions to be made within the
organization are directed and influenced by policies, which maintain all operations
within a set of established parameters.
Scope
That policy encompasses all of EMC Cyber Company’s duties and must be compliant
with it.
Purpose
To ensure that client information is kept secure, accessible, and that EMC Cyber stores,
processes, or transfers, exploits, or misuses are kept to a minimum.
Overview
A policy is a collection of approaches or ideas for dealing with a certain circumstance.

Policies assist EMC Cyber service provider personnel in making more effective plans
and implementing job-related guidelines. The regulations of the EMC Cyber assistance
provider are described in the guidelines, and the techniques indicate how things are
done.
Policy Purpose of Policy Element of policy

Network Policy Network policies are a set • The network can
of constraints and only be accessed
parameters that apply to a by authorized
network who is allowed to users.
join to the network is • For any reason, the
defined by network user must not
policies. reveal their

lOMoARcPSD|19865507
password with
anyone.
• All modifications
must be recorded.
• Operating systems
and application
software must be
kept in good
working order.
• The user refuses to
authorize the
installation of
network
components.
Wireless Access Policy The policy's goal is to • Unauthorized
provide wireless Internet device access is
connection to just not permitted.
customers and sales • Set up the logging
people on the first floor. passwords.
• Use a MAC
address that may
be traced and
registered.
• All access must be
granted via a
secure access
point.
Mobile security Policy To secure data in transit • A strong password
and corporate data on must be set on all
mobile devices devices.
On the EMC Cyber, • All stolen or lost
protect critical data from devices must be

lOMoARcPSD|19865507
threats and unwanted reported to the

access. user.
• Security patches
must be installed
on the user's
computer.
• For their devices,
users must use the
most recent
operating systems.
• On their devices,
users must not
install cracked
software.
Software Security Policy To safeguard sensitive • Software should
data on the EMC, Cyber only be installed
from attacks and hackers. and uninstalled by
the IT department.
• EMC installs
Windows
operating systems
using WDS
(Windows
Deployment
Server).
• For their devices,
EMC employed
proprietary
software.
Backup and recovery A backup retention policy • Encrypted backup
policy not only satisfies explorer files should be
user expectations, but it saved.
also gives a more

lOMoARcPSD|19865507
thorough understanding of • Backup files

data reconstruction and should be kept in
backup methods. several locations,
as well as in a
secure location.
• Set the failover
clustering method
for each backup
system.
• Create a backup
schedule for each
process.

lOMoARcPSD|19865507
5.2 The main components of an organisational disaster recovery plan, justifying the
reasons for inclusion.
A disaster recovery plan (DRP) is a documented, systematic technique that explains
how a company can quickly restart operations following an unanticipated event. A
disaster recovery plan (DRP) is an important component of a business continuity plan
(BCP). It's used to describe the components of an organization that rely on a working
IT infrastructure. A data recovery plan (DRP) tries to assist an organization in resolving
data loss and restoring system functioning so that it can continue to operate in the
aftermath of an incident, even if at a reduced level.
The following stages should be included in a DRP checklist:
1. determining the range or amount of required therapy and activity

2. assembling pertinent network infrastructure documentation
3. determining the most serious threats and vulnerabilities, as well as the most
important assets
4. examining the history of unforeseen occurrences and outages, as well as how
they were dealt with
5. determining the status of present disaster recovery plans
6. determining who will be on the incident response team
7. reviewing and approving the DRP with management
8. putting the plan to the test
9. updating the plan.
10. implementing a DRP audit
Advantages of Disaster recovery plan
• Restoration times are drastically reduced, and RTO and RPO are significantly
reduced.
• Limit the amount of money you lose as a result of revenue reductions or other
expenses.
• Reduce the risk of Critical Processes being disrupted and protect corporate
operations.
• Avoid jeopardizing the company's reputation.
• Define simplified action plans to deal with unexpected occurrences and plan
for a controlled return to operations.

lOMoARcPSD|19865507
• Management on a small scale

• There is no effect on performance.
• Control and management of your disaster recovery plan
The components of an organizational disaster recovery plan (DRP)
• Clustering
• Backup
• Cloud computing
• Disaster recovery site

lOMoARcPSD|19865507
Component
Priority Level
Purpose Procedure Justification
•Availability of Set up a •Improved

Clustering
resources has increased. distributed file Performance: More

•Obtain failover system to allow processing power is
•Support. multiple servers provided by multiple
•Load balancing is a to access data. machines.
term that refers to the Load balancing •Retailing the load. If
process of balancing the should be set a node fails, the task it
•Project distribution and up. performs is directed at
failover are two an additional node or
important aspects of node set.
project management. •Application for
Recovery. If a node
fails, the system tries
to reconnect users to
another node with
queued or processed
queries. To be
authenticated on a
new node, users must
login again.
• Enhancing the
availability of
resources: If an
intelligence server in a
cluster is not
available, it can be
recovered by the other
Medium
intelligence servers in
the cluster. This

lOMoARcPSD|19865507
prevents time and

information from
losing valuable time if
a server fails.
•Fast file access. Installation of a •to accelerate the
Backup
•Natural catastrophe backup solution process of catastrophe

protection. based on cloud. recovery and preserve
•Failed hard drive your data.
security. •If backup sites are
•Recovery if OS fails implemented a few
miles away from the
main operation hub.
Both locations would
disintegrate under the
same threat when a
natural calamity
happens. As a security
expert, the writer
advocates setting up
backup sites and
redundant servers that
are placed within
miles, but can readily
reach via other paths
High
at the same time.

•Natural catastrophes •Process data •To ensure data access
Cloud computing
Failure to communicate. for disasters in even in the event of

Terrorism. the the destruction of
management infrastructure
hierarchy. resources, because
Medium
Issuing a alert data is backed up on

message the cloud servers.

lOMoARcPSD|19865507
•Improving emergency
management by
delivering real-time
information
Breakdown of •Establish and •Recover and re-
Disaster recovery site
communication. maintain an establish the

Malwares internal infrastructures and
recovery services of the EMC
facility for Primary Data Centre.
disasters •As the security
expert, the author
suggests setting up
disaster recovery sites
and redundant servers
that are situated a
distance, but can be
accessed easily via
different methods.

lOMoARcPSD|19865507
5.3 Disaster recovery plan for EMC Cyber
Figure 2 Disaster recovery plan slide 1

lOMoARcPSD|19865507

lOMoARcPSD|19865507

lOMoARcPSD|19865507

lOMoARcPSD|19865507

lOMoARcPSD|19865507

lOMoARcPSD|19865507

lOMoARcPSD|19865507
5.4 The roles of stakeholders in the organisation to implement security audit

recommendations.
A stakeholder is a party that holds an interest in a company and can either influence or
influence the company. Investors, employed people, consumers and providers are the
main stakeholders in the standard company.
Stakeholders can be categorized as two types,
• Internal stakeholder
• External stakeholder
Internal stakeholder
According to Nilson (2006: p170), internal stakeholders are those in the management,
marketing experts, designers, purchasing, manufacturing, assembly and sales, while
external stakeholders are the users/customers, distributors, governments, suppliers,
communities, laws and regulations. (Karim, et al., 2007, pp.8).
Investors
Investors raise or decrease their holdings in a firm based on its financial performance.
Project manager
The project manager is in charge of ensuring that the project team finishes the project.
The project manager creates the project plan and oversees the team's execution of
project operations.
Directors
Directors participate in the business's decision-making process. When it comes to

EMC, mainly directors are involved in adopting EMC security policies. The author
outlines the duties that EMC directors must fulfil.
Shareholder
• The company's stock is held by the company's shareholder. Highlight the roles
of the shareholders in the EMC as follows.
Provide a source of funding for the EMC.
• Using their voting privileges, they can comment on and approve the EMC's
security policy.

lOMoARcPSD|19865507
• Assistance with the EMC's decision-making process.
Employees
An employee might be a worker or a manager for a corporation. The EMC employee

plays a critical role in implementing EMC security policies and procedures to secure
the information security of the EMC cloud.
External Stakeholders
External stakeholders are those who have no direct relationship with the company.
They are not staff members and have no direct financial interest in the company's profit
or loss. They are interested instead in how the business affects the community or a
segment of the community. External stakeholders include governmental entities in the
area in which the company operates, including municipal councils, local schools, other
companies and local inhabitants.
Government organizations
Governmental agencies for various areas of administration are established by the

government. Refer to the duties of government agencies as follows.
• The government's responsibility.

• Provide rules and regulations for companies
• Contributes to understanding modern government economic trends

lOMoARcPSD|19865507
Team roles of the stakeholders in EMC during a disaster
The author made a list of roles for the EMC Cyber during a disaster.
Name Title Emergency Role

number
Name_1 Head of IT xxxxxxxxxx Team lead
Name_2 Security admin xxxxxxxxxx Responsible for
security system
Name_3 Storage Admin xxxxxxxxxx Responsible for
data storage
system
Name_4 Backup Admin xxxxxxxxxx Responsible for
data backup
system
Name_5 Network specialist xxxxxxxxxx Responsible for
network system
Name_6 System expert xxxxxxxxxx Coordinator of the
recovery team
Name_7 System engineer xxxxxxxxxx Responsible for
server system

lOMoARcPSD|19865507
5.5 The suitability of the tools used in an organisational policy
Biometric security
Biometric measurements – or physical characteristics – are used for the identification

of individuals, for the definition of a quick biometric. Fingerprint mapping, face-to-
face recognition, and retinal scans, for instance, are all types of biometric technology.
Researchers have asserted to be an ear, to be able to sit and walk, to be unique in bodily
excretions, in one's hand veins and even face contortions are other unique indicators.
This defines biometrics further.
Fingerprint
Fingerprint used for identification of the individual because of the unique fingerprints.
Fingerprint scanners measure the finger's loop, whorl and arc patterns. The easy
implementation and cost-effectiveness of fingerprint scanners. In terms of access
control, fingerprint recognition is used in the industry.
Facial recognition
Facial recognition is a technology way to recognize a human face. A face recognition

system uses biometrics to map photographic or video facial features. It compares the
data with a database of familiar faces to find matches. Facial reconnaissance can help
to check the identity of a person

lOMoARcPSD|19865507
Theft prevention
Keep track of important data
Monitoring is one of the cornerstones of success. The company owner simply can't
know what works and does not work without tracking. The inefficiencies are also hard
to see, and how they can be enhanced.
Use physical lock
In order to meet company requirements, the company should use a physical lock if it is
using a laptop and mobile devices. Today, Kensington supports locks which can
prevent user steps from beginning.
5.5.1 Evaluation of the tools used in an organisational policy

Technique Expected Cost Justification Recomm
level ended or
not
recomme
maintenance
Installing
nded?
Physical security
CCTV • Monitor High Low CCTV systems are able Yes
camaras activities to trac and monitor with
• Keep video the EMC premises and
records outside the premises and
• Crime also used monitor
prevention activities of the
employees
Fire exits • For safety Medium Low These must establish Yes
and alarms of the because it is necessary to
employees. check the safety of the
• To control employees and also alarm
the fire system is use to give
information for
employees

lOMoARcPSD|19865507
Key card • Reduce Medium Low When the door control Yes
entry unauthorize system in the EMC is
system access. implemented, the rules
• Reduce the for access for employees
risk of to certain areas are
hardware. precisely defined.
Avoid • Reduce Low Low When double-glazed or Yes
windows unauthorize crash resistant windows
access. are used, the risk of
• Increase unwanted access to
security valuable information is
reduced and the security
of office areas increases
Permeant •Assistance Low High Security guards will Yes
security in deterring respond immediately
staff crimes at the with EMC's corporate
premises of approval to any situation.
the EMC. However, the costs are
•Enhance the more than other
perception of approaches of physical
security. safety. The author
Enhance advises the following
client areas as a Security Expert
service. to provide this service.
•Efficient Customer consent and
handling of sales.
security
problems.
Biometric security
Fingerprint •To compute Low Low The greatest approach to Yes
recognition staff hours authenticate one's
automaticall identification is the
y.

lOMoARcPSD|19865507
•Secure area fingerprint recognition

and systems method.
access
control.
Facial •To employ Medium Low Using this procedure, an Yes
recognition real-time individual's identity with
identification his face is identified or
or verified. Also used to
verification identify persons at scenes
of of crime.
individuals,
photographs
and videos.
Signature •to recognize Medium Low Data such as the Yes
Dynamics a person's direction, pressure, stroke
behavioural and form of individual
features signature that were
when signing dynamically recorded.
the name

lOMoARcPSD|19865507
Gantt Chart
Figure 16 Gantt Chart

lOMoARcPSD|19865507
References
• Imperva (2019). What is phishing | Attack techniques & scam examples |

Imperva. [online] Imperva. Available at:
https://www.imperva.com/learn/application-security/phishing-attack-scam/.
• Ahola, M. (n.d.). Top 5 Physical Security Risks - And How to Protect Your
Business. [online] blog.usecure.io. Available at:
https://blog.usecure.io/physical-security-risks.
• Lutkevich, B. (2019). What is firewall? - Definition from WhatIs.com.

[online] SearchSecurity. Available at:
https://searchsecurity.techtarget.com/definition/firewall.
• Johansen, A.G. (2020). What is a firewall and do you need one? [online]
us.norton.com. Available at: https://us.norton.com/internetsecurity-emerging-
threats-what-is-firewall.html.
• Walkowski, D. (2019). What Is The CIA Triad? [online] F5 Labs. Available

at: https://www.f5.com/labs/articles/education/what-is-the-cia-triad.
• Buildings. (2021). 10 Strategies to Prevent Tailgating | Buildings. [online]
Available at: https://www.buildings.com/articles/31764/10-strategies-prevent-
tailgating.
• securityscorecard.com. (n.d.). 10 Best Practices to Prevent DDoS Attacks l

SecurityScorecard. [online] Available at:
https://securityscorecard.com/blog/best-practices-to-prevent-ddos-attacks.

lOMoARcPSD|19865507
• www.sciencedirect.com. (n.d.). Information Security Risk - an overview |

ScienceDirect Topics. [online] Available at:
https://www.sciencedirect.com/topics/computer-science/information-security-
risk.
• Wilson, B. (2020). Why Firewall Misconfigurations Are Putting Your Clients

At Risk in 2020. [online] XaaS Journal. Available at:
https://www.xaasjournal.com/why-firewall-misconfigurations-are-putting-
your-clients-at-risk-in-2020/.
• Wilson, B. (2020). Why Firewall Misconfigurations Are Putting Your Clients

At Risk in 2020. [online] XaaS Journal. Available at:
https://www.xaasjournal.com/why-firewall-misconfigurations-are-putting-
your-clients-at-risk-in-2020/.
• Guru99.com. (2019). IPv4 vs IPv6: What’s the Difference? [online] Available

at: https://www.guru99.com/difference-ipv4-vs-ipv6.html.
• Fortinet (2021). What Is a DMZ and Why Would You Use It? [online]
Fortinet. Available at:
https://www.fortinet.com/resources/cyberglossary/what-is-dmz.
• help.apnic.net. (n.d.). KnowledgeBase. [online] Available at:
https://help.apnic.net/s/article/What-is-an-IP-address.
• https://www.howstuffworks.com (2000). How Firewalls Work. [online]

HowStuffWorks. Available at:
https://computer.howstuffworks.com/firewall.htm.

lOMoARcPSD|19865507
• CactusVPN. (2019). The Top 8 VPN Security Risks (What to Look Out for).
[online] Available at: https://www.cactusvpn.com/vpn/vpn-security-risks/.
• Mitchell, C. (2020). IP Address Definition. [online] Investopedia. Available

at: https://www.investopedia.com/terms/i/ip-address.asp.

lOMoARcPSD|19865507
Grading Rubric
Grading Criteria Achieved Feedback
LO1 Assess risks to IT security
P1 Identify types of security risks to organisations. Achieved Identified different risks which will be faced by the organization according to CIA triad
P2 Describe organizational security procedures. Achieved Described security procedures to the each risks
M1 Propose a method to assess and treat IT security risks. Proposed a methods to assess and treat IT security risks triad
Achieved
LO2 Describe IT security solutions
P3 Identify the potential impact to IT security of incorrect Identified the harmful impact due to incorrect configurations of firewalls and third party
configuration of firewall policies and thirparty VPNs. Achieved VPNs
P4 Show, using an example for each, how implementing a DMZ, Explained about DMZ. Static IP and NAT with how importance them to enhance the
Achieved network security
static IP and NAT in a network can improve Network Security.
M2 Discuss three benefits to implement network monitoring systems
Achieved Explain three major benefits of implement a network monitoring tool
with supporting reasons.
D1 Evaluate a minimum of three of physical and virtual security Never investigated how a ‘trusted network’ may be part of an IT security
Not achieved
measures that can be employed to ensure the integrity of
organisational IT security.

lOMoARcPSD|19865507
LO3 Review mechanisms to control organisational IT

security
P5 Discuss risk assessment procedures. Risk assessment procedures explained by a table with high medium low risk
Achieved
measurements
P6 Explain data protection processes and regulations as applicable to Different data projection acts and principals are explained
Achieved
an organisation.
M3 Summarise the ISO 31000 risk management methodology and its
Achieved ISO 31000 summarized
application in IT security.
M4 Discuss possible impacts to organizational security resulting Discussed about the potential impact of a IT security audit
Achieved
from an IT security audit.
D2 Consider how IT security can be aligned with organisational Explained that how IT security can be aligned with organizational policy.
Achieved
policy, detailing the security impact of any misalignment.
LO4 Manage organizational security
P7 Design and implement a security policy for an organisation. Achieved Design a proper security policy with a table
P8 List the main components of an organisational disaster recovery

Achieved Disaster recovery table provided with different risk measurements
plan, justifying the reasons for inclusion.
M5 Discuss the roles of stakeholders in the organisation to Discuss the main roles of the stakeholders in the organization
Achieved
implement security audit recommendations.
D3 Evaluate the suitability of the tools used in an organisational Evaluated the suitable tools to enhance the security of the organization but expect the
Not achieved
answer more critically
policy.

lOMoARcPSD|19865507

lOMoARcPSD|19865507

lOMoARcPSD|19865507

Securirty Assignment Roshen

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Securirty Assignment Roshen

Uploaded by

Copyright:

Available Formats

lOMoARcPSD|19865507

Securirty Assignment - Roshen

Hnd in Computing (ESOFT Metro Campus)

Studocu is not sponsored or endorsed by any college or university

INTERNAL VERIFICATION – ASSESSMENT DECISIONS

Programme title BTEC Higher National Diploma in Computing

Assessor Mr. Isura Kulathilake Internal Mr. Lakindu Premachandra

List which Pass Merit Distinction

INTERNAL VERIFIER CHECKLIST

Do the assessment criteria

Has the work been

Is the feedback to the student:

Downloaded by Sandun Rathnayaka (rathnayakasandun2003@gmail.com)

• Identifying opportunities Y/N

Does the assessment decision

Downloaded by Sandun Rathnayaka (rathnayakasandun2003@gmail.com)

Confirm action completed

Remedial action taken

Assessor signature Date

Downloaded by Sandun Rathnayaka (rathnayakasandun2003@gmail.com)

Higher Nationals - Summative Assignment Feedback Form

Student Name/ID Roshen Anthony

Unit Title Unit 05: Security

Date Received 2nd

LO1. Assess risks to IT security

Pass, Merit & P1 P2 M1 D1

LO2. Describe IT security solutions.

Pass, Merit & P3 P4 M2 D1

LO3. Review mechanisms to control organisational IT security.

Pass, Merit & P5 P6 M3 M4 D2

LO4. Manage organisational security.

Pass, Merit & P7 P8 M5 D3

Downloaded by Sandun Rathnayaka (rathnayakasandun2003@gmail.com)

Grade: Merit Assessor Signature: isuranilupul@gmail.com Date: 18.09.2021

Grade: Assessor Signature: Date:

Internal Verifier’s Comments:

Signature & Date: lakinducp@gmail.com 18.09.2021

Downloaded by Sandun Rathnayaka (rathnayakasandun2003@gmail.com)

Word Processing Rules

1. It is strictly prohibited to use textboxes to add texts in the assignments, except

Downloaded by Sandun Rathnayaka (rathnayakasandun2003@gmail.com)

Downloaded by Sandun Rathnayaka (rathnayakasandun2003@gmail.com)

1. I know that plagiarism is a punishable offence because it constitutes theft.

Downloaded by Sandun Rathnayaka (rathnayakasandun2003@gmail.com)

Unit Number and Title Unit 5- Security

Academic Year 2020/2021

Unit Tutor Mr. Isura Kulathilake

Assignment Title EMC Cyber

Issue Date 10.02.2021

Submission Date 16.05.2021

IV Name & Date Mr. Lakindu Premachandra 18.09.2021

Unit Learning Outcomes:

LO1 Assess risks to IT security.

LO2 Describe IT security solutions.

LO3 Review mechanisms to control organisational IT security.

LO4 Manage organisational security.

Downloaded by Sandun Rathnayaka (rathnayakasandun2003@gmail.com)

Assignment Brief and Guidance:

Downloaded by Sandun Rathnayaka (rathnayakasandun2003@gmail.com)

Downloaded by Sandun Rathnayaka (rathnayakasandun2003@gmail.com)

Downloaded by Sandun Rathnayaka (rathnayakasandun2003@gmail.com)

Downloaded by Sandun Rathnayaka (rathnayakasandun2003@gmail.com)

Roshen Anthony Unit 05 Security 1|Page