Security Assignment

Higher Nationals
Internal verification of assessment decisions – BTEC (RQF)
INTERNAL VERIFICATION – ASSESSMENT DECISIONS
Programme title BTEC Higher National Diploma in Computing
Assessor Mr. E. Janarthanan Internal Verifier

Unit 05: Security
Unit(s)
EMC Cyber
Assignment title
Student’s name Sivarasa Pakeen

List which assessment Pass Merit Distinction
criteria the Assessor has
awarded.
INTERNAL VERIFIER CHECKLIST
Do the assessment criteria awarded

match those shown in the assignment Y/N
brief?
Is the Pass/Merit/Distinction grade

awarded justified by the assessor’s Y/N
comments on the student work?
Has the work been assessed
Y/N
accurately?
Is the feedback to the student:
Give details:
• Constructive?
Y/N
• Linked to relevant assessment
criteria? Y/N
• Identifying opportunities for

improved performance? Y/N
• Agreeing actions? Y/N
Does the assessment decision need

Y/N
amending?
Assessor signature Date
Internal Verifier signature Date

Programme Leader signature (if
Date
required)
Confirm action completed
Remedial action taken
Give details:
Assessor signature Date
Internal Verifier
Date
signature
Programme Leader signature

Date
(if required)
Higher Nationals - Summative Assignment Feedback Form
Student Name/ID Sivarasa Pakeen
Unit Title Unit 05: Security
Assignment Number 1 Assessor Mr. E. Janarthanan

2021.09.13 Date Received
Submission Date
1st submission
Date Received 2nd
Re-submission Date
submission
Assessor Feedback:
LO1. Assess risks to IT security
Pass, Merit & P1 P2 M1 D1

Distinction Descripts
LO2. Describe IT security solutions.

LO3. Review mechanisms to control organisational IT security.

Pass, Merit & P5 P6 M3 M4 D2
LO4. Manage organisational security.

Grade: Assessor Signature: Date:

Resubmission Feedback:
Grade: Assessor Signature: Date:

Internal Verifier’s Comments:
Signature & Date:

* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and
grades decisions have been agreed at the assessment board
Pearson
Higher Nationals in
Computing
Unit 5: Security
General Guidelines
1. A Cover page or title page – You should always attach a title page to your assignment. Use previous
page as your cover sheet and make sure all the details are accurately filled.
2. Attach this brief as the first section of your assignment.
3. All the assignments should be prepared using a word processing software.
4. All the assignments should be printed on A4 sized papers. Use single side printing.
5. Allow 1” for top, bottom , right margins and 1.25” for the left margin of each page.
Word Processing Rules
1. The font size should be 12 point, and should be in the style of Time New Roman.
2. Use 1.5 line spacing. Left justify all paragraphs.
3. Ensure that all the headings are consistent in terms of the font size and font style.
4. Use footer function in the word processor to insert Your Name, Subject, Assignment No, and
Page Number on each page. This is useful if individual sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to help editing your
assignment.
Important Points:
1. It is strictly prohibited to use textboxes to add texts in the assignments, except for the compulsory
information. eg: Figures, tables of comparison etc. Adding text boxes in the body except for the
before mentioned compulsory information will result in rejection of your work.
2. Carefully check the hand in date and the instructions given in the assignment. Late submissions
will not be accepted.
3. Ensure that you give yourself enough time to complete the assignment by the due date.
4. Excuses of any nature will not be accepted for failure to hand in the work on time.
5. You must take responsibility for managing your own time effectively.
6. If you are unable to hand in your assignment on time and have valid reasons such as illness, you
may apply (in writing) for an extension.
7. Failure to achieve at least PASS criteria will result in a REFERRAL grade .
8. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will then
be asked to complete an alternative assignment.
9. If you use other people’s work or ideas in your assignment, reference them properly using
HARVARD referencing system to avoid plagiarism. You have to provide both in-text citation and
a reference list.
10. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be
reduced to A REFERRAL or at worst you could be expelled from the course
Student Declaration
I hereby, declare that I know what plagiarism entails, namely to use another’s work and to
present it as my own without attributing the sources in the correct way. I further understand
what it means to copy another’s work.
1. I know that plagiarism is a punishable offence because it constitutes theft.

2. I understand the plagiarism and copying policy of the Edexcel UK.
3. I know what the consequences will be if I plagiarize or copy another’s work in any of the
assignments for this programme.
4. I declare therefore that all work presented by me for every aspects of my programme,
will be of my own, and where I have made use of another’s work, I will attribute the source
in the correct way.
5. I acknowledge that the attachment of this document, signed or not, constitutes a binding
agreement between myself and Pearson UK.
6. I understand that my assignment will not be considered as submitted if this document is
not attached to the main submission.
Student’s Signature: Date:

Shrawanshraw3333@gmail.com 2021.09.13
Assignment Brief
Student Name /ID Number Sivarasa Pakeen

Unit Number and Title Unit 5- Security
Academic Year 2020/2021
Unit Tutor Mr. E. Janarthanan
Assignment Title EMC Cyber
Issue Date 2021.07.05

Submission Date 2021.09.13
IV Name & Date
Submission Format:
The submission should be in the form of an individual written report written in a concise, formal
business style using single spacing and font size 12. You are required to make use of headings,
paragraphs and subsections as appropriate, and all work must be supported with research and referenced
using Harvard referencing system. Please provide in- text citation and an end list of references using
Harvard referencing system.
Section 4.2 of the assignment required to do a 15 minutes presentation to illustrate the answers.
Unit Learning Outcomes:

LO1 Assess risks to IT security.
LO2 Describe IT security solutions.
LO3 Review mechanisms to control organisational IT security.
LO4 Manage organisational security.
Assignment Brief and Guidance:

Scenario
‘EMC Cyber’ is a reputed cyber security company based in Colombo Sri Lanka that is delivering security
products and services across the entire information technology infrastructure. The company has a
number of clients both in Sri Lanka and abroad, which includes some of the top-level companies of
the world serving in multitude of industries. The company develops cyber security software including
firewalls, anti-virus, intrusion detection and protection, and endpoint security. EMC Cyber is tasked
with protecting companies’ networks, clouds, web applications and emails. They also offer advanced
threat protection, secure unified access, and endpoint security. Further, they also play the role of
consulting clients on security threats and how to solve them. Additionally the company follows
different risk management standards depending on the company, with the ISO 31000 being the most
prominent.
One of the clients of EMC Cyber, Lockhead Aerospace manufacturing which is a reputed aircraft
manufacturer based in the US, has tasked the company to investigate the security implications of
developing IOT based automation applications in their manufacturing process. The client has
requested EMC to further audit security risks of implementing web based IOT applications in their
manufacturing process and to propose solutions. Further, Lock head uses ISO standards and has
instructed EMC to use the ISO risk management standards when proposing the solution.
The director of the company understands such a system would be the target for cyber-attacks. As you
are following a BTEC course, which includes a unit in security, the director has asked you to investigate
and report on potential cyber security threats to their web site, applications and infrastructure. After
the investigation, you need to plan a solution and how to implement it according standard software
engineering principles.
Activity 01
Assuming the role of External Security Analyst, you need to compile a report focusing on following
elements to the board of EMC Cyber’;
1.1 Identify the CIA Triad concept and evaluate why and how the CIA Triad could be utilize to EMC
Cyber in order to improve the organization’s security.
1.2 Identify types of security risks EMC Cyber is subject to its present setup and the impact that they
would make on the business itself. Evaluate at least three physical and virtual security risks
identified and suggest the security measures that can be implemented in order to improve the
organization’s security.
1.3 Develop and describe security procedures for EMC Cyber to minimize the impact of issues
discussed in section (1.1) by assessing and rectifying the risks.
Activity 02
2.1 Identify how EMC Cyber and its clients will be impacted by improper/ incorrect configurations
that are applicable to firewalls and VPN solutions. IT security can include a network monitoring
system. Discuss how EMC cyber can benefit by implementing a network monitoring system with
supporting reasons.
2.2 Explain how the following technologies would benefit EMC Cyber and its Clients by facilitating a
‘trusted network’. (Support your answer with suitable examples).
i) DMZ
ii) Static IP
iii)NAT
2.3 Identify and evaluate the tools that can be utilized by EMC cyber to improve the network and
security performance without compromising each other. Evaluate at least three virtual and
physical security measures that can be implemented by EMC to uphold the integrity of
organization’s IT policy.
Activity 03
3.1 Discuss suitable risk assessment integrated enterprise risk management procedures for EMC
Cyber solutions and the impact an IT security audit will have on safeguarding organization and its
clients. Furthermore, your discussion should include how IT security can be aligned with an
organizational IT policy and how misalignment of such a policy can impact on organization’s
security.
(This can include one or more of the following: network change management, audit control,
business continuance/disaster recovery plans, potential loss of data/business, intellectual property,
Data Protection Act; Computer Misuse Act; ISO 31000 standards.)
3.2 Explain the mandatory data protection laws and procedures, which will be applied to data
storage solutions provided by EMC Cyber. You should also summarize ISO 31000-risk management
methodology.
Activity 04
4.1 Design an organizational security policy for EMC Cyber to minimize exploitations and misuses
while evaluating the suitability of the tools used in an organizational policy.
4.2 Develop and present a disaster recovery plan for EMC Cyber according to the ISO/IEC
17799:2005 or similar standard, which should include the main components of an organizational
disaster recovery plan with justifications. Discuss how critical the roles of the stakeholders in the
organization to successfully implement the security policy and the disaster recovery plan you
recommended as a part of the security audit.
(Students should produce a 15 minutes PowerPoint presentation, which illustrates the answer for
this section including justifications and reason for decisions and options used).
Grading Rubric
Grading Criteria Achieved Feedback
LO1 Assess risks to IT security
P1 Identify types of security risks to organisations.

P2 Describe organizational security procedures.
M1 Propose a method to assess and treat IT security risks.
LO2 Describe IT security solutions
P3 Identify the potential impact to IT security of incorrect

configuration of firewall policies and thirparty VPNs.
P4 Show, using an example for each, how implementing a DMZ,

static IP and NAT in a network can improve Network Security.
M2 Discuss three benefits to implement network monitoring
systems with supporting reasons.
D1 Evaluate a minimum of three of physical and virtual security
measures that can be employed to ensure the integrity of
organisational IT security.
LO3 Review mechanisms to control organisational IT
security
P5 Discuss risk assessment procedures.
P6 Explain data protection processes and regulations as applicable

to an organisation.
M3 Summarise the ISO 31000 risk management methodology and its

application in IT security.
M4 Discuss possible impacts to organizational security resulting
from an IT security audit.
D2 Consider how IT security can be aligned with organisational
policy, detailing the security impact of any misalignment.
LO4 Manage organizational security
P7 Design and implement a security policy for an organisation.
P8 List the main components of an organisational disaster recovery

plan, justifying the reasons for inclusion.
M5 Discuss the roles of stakeholders in the organisation to
implement security audit recommendations.
D3 Evaluate the suitability of the tools used in an organisational
policy.
HND in Computing and System
Development
Table of Contents
1 Task .............................................................................................................................. 8
1.1 Impact of CIA in EMC Cyber in order to improve the organizations security ..... 8
1.1.1 CIA Triad ....................................................................................................... 8
1.2 EMC Cyber in order to improve the organization’s security. ............................. 10
1.2.1 Definition of Cyber Security ........................................................................ 10
1.2.2 Reason for Why Importance of Cyber Security ........................................... 12
1.2.3 Types of Cyber Security .............................................................................. 13
1.2.4 Introduction of EMC Cyber ......................................................................... 19
1.3 Types of Security risks to Organization .............................................................. 19
1.3.1 Danger things that are EMC Cloud Solution must aware for the IT Security.
19
1.3.2 Threats, Vulnerabilities, Risks, and Counter-measures ............................... 23
1.4 Development of Security Procedures to Minimize the Impact for the IT Security.
27
1.4.1 Identified risks for the EMC Cyber ............................................................. 27
1.4.2 Security procedures that can be used to minimize the impact of the EMC
Cloud Solution. .......................................................................................................... 28
1.4.3 Risk Management ........................................................................................ 30
1.4.4 Risk Treatment ............................................................................................. 32
2 Task ............................................................................................................................ 33
2.1 EMC Cyber and its clients will be impacted by improper/ incorrect
configurations. ............................................................................................................... 33
2.1.1 Definition of Firewall .................................................................................. 33
2.1.2 Issues of improper or incorrect Firewall configuration. .............................. 34
2.1.3 Advantages of using proper Firewall ........................................................... 34
2.1.4 Issues of improper or incorrect VPN configuration. .................................... 36
2.1.5 Advantages of using VPN ............................................................................ 37
Sivarasa Pakeen Security (Unit 05) Page 1 of 127

Development
2.1.6 Network-monitoring systems. ...................................................................... 39
2.1.7 Tools, Which Use to Networking Monitoring ............................................. 41
2.2 How DMZ, Static IP and NAT Helps To a Trusted Network in EMC ............... 43
2.2.1 Definition of Trusted Network..................................................................... 43
2.2.2 DMZ (Demilitarize Zone) ............................................................................ 44
2.2.3 Static IP (Internet Protocol) ......................................................................... 45
2.2.4 NAT (Network Address Translation) .......................................................... 47
3 Task ............................................................................................................................ 49
3.1 Risk management procedure for EMC Cyber solutions to safeguard itself and its
clients 49
3.1.1 Risk Assessment .......................................................................................... 49
3.1.2 Risk Assessment Framework(RAF) ............................................................ 49
3.1.3 5 components of RMF ................................................................................. 49
3.1.4 Importance of Risk Assessment Framework ............................................... 51
3.1.5 Procedures of Risk Assessment ................................................................... 53
3.1.6 Comment on IT Security & Organizational Policy...................................... 62
3.1.7 Organizational Policy................................................................................... 70
3.1.8 Advantages of IT Security Audit ................................................................. 70
3.2 Mandatory Data Protection laws and procedures, which will be, applied to data
storage solutions provided by EMC Cloud .................................................................... 71
3.2.1 Definition of Data Protection Act ................................................................ 71
3.2.2 Computer Misuse Act 1990 ......................................................................... 76
3.2.3 Personal Data Protection Act 2012 .............................................................. 77
3.2.4 ISO 31000 Risk Management Methodology ............................................... 79
4 Task ............................................................................................................................ 82
4.1 Managing Organizational Security...................................................................... 82
4.1.1 Security Policy ............................................................................................. 82
4.1.2 Security Policy for EMC Cyber ................................................................... 83

Development
4.1.3 Tools Used in an organizational Policy ....................................................... 88
4.2 Develop and present a disaster recovery plan for EMC Cloud ........................... 93
4.2.1 EMC Cyber’s DRP Screenshot .................................................................... 93
4.2.2 Implementing Security Audit Recommendations for the Organization. ... 104
5 References ................................................................................................................ 109

Development
Table of Figures
Figure 1 CIA Triad ............................................................................................................... 8
Figure 2 Cyber Security ..................................................................................................... 10
Figure 3 Types of cyber security attacks ........................................................................... 13
Figure 4 Active attack ........................................................................................................ 20
Figure 5 Passive Attacks .................................................................................................... 22
Figure 6 Threats, Vulnerabilities, Risks, and Counter-measures ....................................... 23
Figure 7 Risk Management Process ................................................................................... 30
Figure 8 Firewall ................................................................................................................ 33
Figure 9 Virtual Private Network....................................................................................... 36
Figure 10 Network Monitoring System ............................................................................. 39
Figure 11 Solar Winds NPM .............................................................................................. 42
Figure 12 Demilitarized Zone ............................................................................................ 44
Figure 13 Static IP.............................................................................................................. 45
Figure 14 Network Address Translation ............................................................................ 47
Figure 15 Risk Matrix ........................................................................................................ 57
Figure 16 Risk Rating ........................................................................................................ 57
Figure 17 IT Security Audit ............................................................................................... 62
Figure 18 data Protection ................................................................................................... 71
Figure 19 Data Protection Act of 1998 .............................................................................. 72
Figure 20 Data Protection act of 2018 ............................................................................... 74
Figure 21 ISO 31000 .......................................................................................................... 79
Figure 22 Introduction slide ............................................................................................... 93
Figure 23 Introduction about EMC Cyber ......................................................................... 93
Figure 24 Definition of ISO ............................................................................................... 94
Figure 25 Cover Slide of Disaster Recovery Plan ............................................................. 94
Figure 26 Contents of Presentation .................................................................................... 95
Figure 27 Goal of Presentation .......................................................................................... 95
Figure 28 explanation of Disaster ...................................................................................... 96
Figure 29 examples for types of disaster ........................................................................... 96
Figure 30 Disaster Recovery Plan ...................................................................................... 97
Figure 31 Types of Disaster ............................................................................................... 97
Figure 32 Disaster Recovery Plan ...................................................................................... 98

Development
Figure 33 Key components of Disaster Recovery Plan ..................................................... 98

Figure 34 Take Inventory of IT Assets .............................................................................. 99
Figure 35 Establish a Recovery Timeline .......................................................................... 99
Figure 36 Assign Roles and Responsibilities & Communication .................................... 100
Figure 37 data Backup & Location .................................................................................. 100
Figure 38 consider insurance ........................................................................................... 101
Figure 39 Test the disaster recovery plan ........................................................................ 101
Figure 40 Advantages of Data Recovery Plan ................................................................. 102
Figure 41 Cost Efficiency ................................................................................................ 102
Figure 42 Increased employee Productivity..................................................................... 103
Figure 43 Greater Customer Retention ............................................................................ 103
Figure 44 any questions Slide .......................................................................................... 104
Figure 45 Stakeholders..................................................................................................... 105
Figure 46 Types of Stakeholders ..................................................................................... 105

Development
Table of Tables
Table 1 Difference between Active and Passive Attacks................................................... 23
Table 2 EMC Cyber Procedure Chart ................................................................................ 53
Table 3 Probability Levels and their description ............................................................... 56
Table 4 System Failure ...................................................................................................... 58
Table 5 Uncertain Base Risk .............................................................................................. 58
Table 6 Hardware and Software errors .............................................................................. 59
Table 7 Internet Problems .................................................................................................. 59
Table 8 inside and outside threats ...................................................................................... 61
Table 9 Financial Problems................................................................................................ 61
Table 10 Physical Problems ............................................................................................... 62
Table 11 IT Security Audit of EMC Cyber........................................................................ 65
Table 12 IT Security Audit for Organizations Policies & Procedures ............................... 66
Table 13 IT Security Audit for Basic network controls ..................................................... 66
Table 14 IT Security Audit for Wireless and remote access.............................................. 67
Table 15 IT Security Audit for Network Servers ............................................................... 67
Table 16 IT Security Audit for Encryption ........................................................................ 68
Table 17 IT Security Audit for Access Control ................................................................. 69
Table 18 Computer misuse law's offence and penalty ....................................................... 77

Development
ACKNOWLEDGEMENT
I would like to express my deepest appreciation to all those who provided me the Possibility
to complete this assignment a special gratitude I give to our lecturer Mr.E.Janarthanan
Whose contribution in stimulating suggestions and encouragement, Helped to me
coordinate my project especially in writing this assignment documentation.
Furthermore, I would also like to acknowledge with much appreciation of the crucial rote
of the staffs of ESOFT campus. Who gave the permission to use all required equipment’s
and the Necessary materials to complete this assignment. I have to appreciate the guidance
given by the assignment coordinator Mr. S. Premnath. In addition, other Lecturers of
ESOFT campus Jaffna Branch that has improved my working skills and thanks to their
Comment and advices.
S. Pakeen
HND in computing & Systems Development
ESOFT Metro Campus Jaffna

Development
1 Task
1.1 Impact of CIA in EMC Cyber in order to improve the organizations security
1.1.1 CIA Triad
Cybersecurity aims to protect a company's digital assets from ever-increasing cyber-

attacks. Cybersecurity can be achieved by implementing appropriate security measures to
provide multiple security functions, such as deterring, preventing, and detecting
cybercrime. The main purpose of cybersecurity is to ensure the confidentiality, integrity
and availability (CIA) of data and services.
The CIA triad is important to cybersecurity as it provides vital security functions, helps
avoid compliance issues, ensures business continuity, and prevents damage to an
organization's reputation. In this article, you can learn how the CIA trio helped improve
their company's cybersecurity. (logsign, 2019)
Figure 1 CIA Triad
The CIA security triad consists of three functions:

Confidentiality
The ability of a system to ensure that only the correct and authorized user / system / resource
can view access, modify or use data.
Integrity: The ability of the system to guarantee the accuracy and correctness of the system
and information.
Availability: The ability of a system to ensure that systems, information and services are
available most of the time.

Development
 Confidentiality
Confidentiality ensures the confidentiality of confidential information as it travels over the
network. There are some proactive steps that need to be taken to prevent unauthorized
disclosure of sensitive data and allow access only to intended parties. Malicious agents
should not intercept data for nefarious purposes. Several implementations can be included
to ensure data confidentiality.
Cryptography is the best solution in this regard. Encryption primarily ensures the
confidentiality of confidential data. It converts plain text of data to cipher text, unreadable
by humans. The encrypted text can only be understood by authorized persons. Encryption
includes two vital security elements, including symmetric encryption and asymmetric
encryption. The use of strong passwords and two-way authentication are some of the other
privacy practices. In addition, you can also use steganography to hide data in other types
of data, such as images, audio files, or videos. It is very difficult to compromise the hiding
of sensitive data in large media files.
 Integrity
Integrity means preventing unauthorized access, modification or alteration of data for
malicious purposes. The authorized party unchanged and unchanged must receive this
means that the data sent. Integrity is important to data, whether it is in transit or in storage.
Data integrity is critical for commercial and e-commerce websites. Various attacks that
compromise data integrity include Man-In-the-Middle (MITM) attack, web server
penetration, and injection of malicious code into databases.
Developers often provide the use of hashing algorithms like MD5 and SHA1 to verify data
integrity. Other methods include certificates, digital signatures, and non-repudiation.
 Availability
Availability is also a security service that ensures that resources and services are always
available only to authorized parties within a specified time frame. It is necessary to maintain
reliable equipment in order to provide stable service to a large number of customers in any
organization. There should be less downtime during upgrades, and backing up sensitive
data to external drives comes in handy in case of data loss.
In the worst case, you should follow the rapid disaster recovery plans. Other important
security measures to ensure availability include data backups, patches, and backups.
Redundancy provides fault tolerance. This means that when the main system is not

Development
working, the auxiliary machine is available to continue providing functions and services.
In this case, security analysts redirect all traffic or workload to the backup system.
Importance of CIA Triad in Cybersecurity
Security breaches and data theft are now a headache in business. Recent reports and surveys
reflect an ugly picture of the organization's cybersecurity state. The focus is on the recent
Facebook data breach scandal, in which the personal data of millions of users was
compromised. Most companies have data unprotected due to poor policies that can lead to
data breaches and severe fines due to compliance issues, such as the GDPR - General Data
Protection Regulation. To prevent this situation, organizations must implement the
aforementioned security measures along with various other controls (such as SIEM and
SOAR) to improve their position in the cybersecurity field.
1.2 EMC Cyber in order to improve the organization’s security.
1.2.1 Definition of Cyber Security
Figure 2 Cyber Security
Cybersecurity can be described as collective methods, technologies, and processes that help
protect the confidentiality, integrity, and availability of computer systems, networks, and
data from cyber-attacks or unauthorized access. The main goal of cybersecurity is to protect
all assets of an organization from external and internal threats, as well as from disruptions
caused by natural disasters. Because an organization's assets are composed of multiple
disparate systems, an effective and efficient cybersecurity posture requires a coordinated
effort across all of our information systems. (synopsys, 2021)

Development
Cyber Security Sub Domains

 Application security
Application security includes the implementation of various means of protecting all
software and services used in an organization against a wide range of threats. This requires
developing secure application architectures, writing secure code, implementing stringent
input validation, threat modeling, and more, to minimize the likelihood of any unauthorized
access or modification of application resources.
 Identity management and data security
Identity management includes structures, processes and activities that provide
authentication and authorization of legal persons in information systems within an
organization. Data security includes the implementation of reliable storage mechanisms
that ensure the security of data at rest and in transit.
 Network security
Network security includes the implementation of hardware and software mechanisms to
protect the network and infrastructure from unauthorized access, failures, and misuse.
Effective network security helps protect an organization's assets from a variety of external
and internal threats.
 Mobile security
Mobile security refers to the protection of both organizational and personal information
stored on mobile devices such as cell phones, laptops, tablets, etc. from various threats such
as unauthorized access, device loss or theft, malware, etc. D.
 Cloud Security
Cloud security refers to the development of secure cloud architectures and applications for
organizations using a variety of cloud service providers such as AWS, Google, Azure,
Rackspace, etc. Effective architecture and environment configuration provides protection
against various threats.
 Disaster Recovery and Business Continuity Planning (DR&BC)
DR&BC provides processes, monitoring, warnings, and plans that help organizations
prepare to keep business-critical systems operational during and after any type of disaster,
and to recover lost systems and operations after an incident.

Development
1.2.2 Reason for Why Importance of Cyber Security
 Rise of Cyber Crimes

Whether it's a large or small firm, hackers and cybercriminals spare no one. Rather, they
are looking for opportunities to leverage the data and receive money from these firms. Over
the past year, the average cost of cybercrime for an organization has grown 23% more than
last year's $ 11.7 million, according to the report. In addition, the average number of
security breaches has grown significantly and is now $ 3.86 million, according to the report.
With the introduction of new technologies, the likelihood of cyber threats and risks is also
growing rapidly. Cybercriminals have advanced their attempts to deploy cyberattacks with
the advancement of technology.
 The rise of IoT devices
With the mission to build smart cities with smart devices, our dependence on connecting
everything to the Internet has also increased. The introduction of IoT technology, that is,
the Internet of Things, not only simplified and accelerated our tasks, but also created many
new vulnerabilities that hackers can exploit. No matter how advanced security measures
we take, cybercriminals will always be one-step ahead to try to commit cybercrime. If not
properly managed, these Internet-connected devices can become a business gateway for
hackers or cybercriminals
 Cloud storage needs protection
Confidential information such as bank details and passwords can now be stored in the
cloud, increasing the risk of theft. In addition, the rise of social media has led to an increase
in identity fraud. The point is, whether you are an individual, small business, large
organization, or even a government, you run the risk of becoming a victim of cybercrime.
Therefore, you might want to consider cybersecurity.
 Dark web
The growth and development of technology has not left the dark web behind. The dark web
is a secret collaboration of internet sites, accessible only through specialized web browsers.
It is mainly used to hide online activities and to preserve the anonymity and privacy of
users.
The dark web can be used legally, but it is also known for being the site of numerous illegal
operations. The dark web is known to use crimes such as drug and human trafficking, illegal
arms distribution, software distribution, illegal auctions, piracy, and many other illegal
activities, including unthinkable ones.

Development
As technology advanced, the dark web became more complex. It has become a haven for
cybercriminals and has increased the threat to ground-based Internet use. These
vulnerabilities have increased the importance of cybersecurity. (hakin9, 2021)
1.2.3 Types of Cyber Security

Many companies or individuals these days use different types of technology-based
applications. Some common examples of these applications include smart home, smart
office, LinkedIn, Google applications, Twitter, etc. There are number of cyber-attacks that
can hinder the development of these applications or organizations. They can range from
phishing and vishing to DOS attacks and many more. This section details the type of
cyberattack and the information associated with it. (assignmenthelp4me, 2021)
Figure 3 Types of cyber security attacks
 Phishing attack
A phishing attack is a combination of technical tricks and social engineering in which an
attacker sends an email that simulates sending from a trusted source. A phishing attack is
carried out in order to obtain personal information about a person or to persuade him to
take certain actions. The email may contain a link to a website that can receive data from
the user. In addition, it sends data to an attacker who can redirect the user to another website
that might host malware. In addition, emails may contain malware attachments that, when
loaded, can infect the system and reveal sensitive information stored on the computer,
making it vulnerable. In this attack, personal information mainly includes login credentials,
credit card numbers, or salary information. Since the end of February 2020, the number of

Development
targeted phishing attacks has grown by 667%. The Barracuda Sentinel discovered it. A total
of 467,825 such attacks were detected, of which 9,116 were related to COVID-19. Whereas
in February only 1,188 such attacks were detected, and in January - 137.
 Denial of Service (DoS) Attack
A denial of service attack is mainly aimed at shutting down servers or making them too
busy to be able to serve their users' requests. In this type of attack, the attacker uses more
machines that constantly flood the server with requests. Its purpose is to make the user too
busy to serve these bogus requests so that they don't have time to serve legitimate requests.
To do this, attackers acquire a huge number of machines, infecting several machines around
the world with their malware, so that they have access to each machine. In some cases,
when the load is too high, it can also cause the servers to crash. However, these attacks do
not benefit the attacker in any way, since they cannot steal confidential and sensitive
information from the server. Rather, they can simply keep it busy so that legitimate users
cannot use its services. In some cases, these attacks are also used as a distraction from
several other attacks. This is also due to the fact that when an organization starts focusing
on the server down, they forget to keep their server secure. Attackers using a recent
COVID-19 DoS attack attempted to disable the US Department of Health and Human
Services (HHS) website in order to deprive citizens of public information about the
pandemic. However, the website continued to function normally, although performance
slightly decreased, but it was able to serve requests under increased load.
 Vishing Attack
This is another form of phishing attack, in which an attacker makes phone contact with a
customer to obtain their personal information, claiming to be a real user. More often than
not, attackers claim to be employees of an insurance company in order to obtain the user's
bank details. The attacker uses bogus strategies to trick the client into passing on basic
information to inauthentic objects. In this type of phishing attack, the attacker tries to trick
his customers with SMS messages and fake voice calls.
 Viruses
Viruses are malicious programs that contain malicious code, the purpose of which is to
disrupt the normal operation of computer systems. The virus can create its own replicas in
the user's system for infection. In addition, it can be attached to a file on another computer
system, that is, it can be distributed. After the user's file is damaged, it steals all the
information contained in the file. And it is possible that the file will contain the user's bank

Development
account details, which could be damaged by an intruder. The virus cannot work without the
main program, because it is he who looks for other files in the system that are not infected
in order to steal information contained in such files.
 Malware Attacks
Malware attacks are mainly carried out using malicious code that can disrupt the entire
network, including the server and its clients. It gives attackers access to confidential
information and control over the machine. This is more dangerous because it can be on the
network without being monitored for a long time, thus intercepting data from packets and
causing internal information damage due to leakage of their information. It is even
considered deadly, as it can mimic as legitimate code and spread itself over the network,
thus spreading to all devices connected to the network. On April 20, 2020, an American IT
company was attacked by the ransomware Maze, which encrypted all of their data and sent
emails to customers with an IP address and a file. He blocked the organization's access to
their systems and encrypted the data. In addition, he stole the organization's data, as a result
of which the confidentiality of customer data was breached. It could not be deciphered and
the organization could not gain access until it paid the requested ransom amount.
 SQL injection Attack
As the name suggests, it is an attack on database-driven websites. When the SQL injection
is successful, it gives the attacker access to sensitive information such as login credentials,
billing information, and personal information of customers along with employees. This
attack is carried out using SQL commands that are inserted into the database to perform
certain operations on the database. This can be of immense benefit to an attacker, as he can
steal information and sell it for huge profits, or take advantage of information leaks over
the Internet. In some cases, attackers also delete data, causing significant damage to the
organization. In 2016, a SQL injection attack was carried out on the Illinois Election
Commission, which compromised the data of 200,000 citizens. As a result, the server was
shut down for 10 days in order to repair the server and fix vulnerabilities and flaws.
 Man in the Middle Attack
This is a type of cybersecurity breach in which an attacker intercepts the transmission of
packets between a client and a server, and each of them knows that their conversations are
being tapped. This allows an attacker to gain access to certain information that would
otherwise be unavailable. In addition, an attacker can capture and modify a packet before
it is sent to its intended destination. A logistics organization in Mumbai, India, was the

Development
victim of an unknown attacker and allegedly lost $ 16,000. The attacker used the MITM
technique to intercept the payment the company was about to receive by hacking into their
official account.
 Password Attack
These include attack attempts by malicious hackers to gain unauthorized access to the
corporate security system. Hackers can use some password cracking or security scanner
tools to gain access. Most of the time, these password cracking tools are used in login
procedures to give a false access to the user's account to steal the user's credentials and
other information.
 Brute force attack
A brute force attack is a network attack in which an attacker overpowers the system and
tries to gain access to the system by force, that is, tries to use all possible methods and
passwords. The procedure is performed until the correct access token is found and access
to the account is obtained. It is used in conjunction with vocabulary software, which allows
it to sample thousands of vocabulary words, making every possible combination. However,
the attack is not entirely effective, since if the other side finds out about such a brute force,
in the meantime it can increase its security, thus repelling the attack. TaoBao, a subsidiary
of the Alibaba Group, has been the victim of a massive brute-force attack that has hacked
up to 21 million accounts. It was found that the attackers used a database of 99 million
accounts. As a result, the company hacked 1 out of every 5 accounts, that is, 10.6 million
accounts.
 Spyware and Key loggers
Spyware is a type of malware attack that aims to identify activities performed on the
victim's computer system. On the other hand, there is another malware called Key loggers,
which aims to record all keystrokes pressed by victims. This may include details about
password, login, bank account or other important information that could be compromised
with this backend registration program. Basically, these spyware and Key loggers work by
entering the user's system after the user uploads or downloads any corrupt files from
malicious websites. Because these spyware and key logger programs are already present in
the user's system. Therefore, it can cause this important information along with the user's
browser history to be shared with the malicious hacker who might be controlling all this
activity at his own end. Also, the hacker can sell this information to a third-party vendor. It
can also use customer information to make fraudulent transactions over bank account

Development
information. It may also be possible for the hacker to leak this data on the dark net, which
could be exploited by anyone.
 Cross site Scripting (XoS)
The attack is an injection vulnerability in which well-known websites are used as hosts and
malicious scripts are sent through them because people usually trust the content from those
websites. This feat is achieved by attaching malicious code to the dynamic content of the
website. Here, the target browser executes the JavaScript code snippets, which are then sent
to the victim's browser. This is due to active vulnerabilities on the host site. In 2018, British
Airways was hit by a data breach that used a cross-site scripting attack. Between August
21st and September, it affected almost 380,000 booking transactions. The hack affected
both mobile app users and website users.
Advantages of cyber security
Cybersecurity as an exercise is very useful. In addition to protecting users from possible
cyber-attacks, it also warns against potential risks. Below is a list of the benefits of
cybersecurity.
 It protects personal and confidential data of individuals and organizations against
theft.
 The main advantage that can be achieved by using these effective cybersecurity
mechanisms is the protection of networks from various rogue nodes trying to gain
unauthorized access to the network.
 The most important aspect is that it increases the security of the system in
cyberspace.
 This eliminates the risk of compromised computers, reducing the risk of system
freezing and crashing.
 This improves overall safety mechanisms with an advanced knowledge structure
and leads to smooth business management.
 Identifies vulnerabilities and weak targets that could help an attacker attack a
system or server. These identification vulnerabilities can help teams secure systems
to prevent such attacks.
 It protects your system from spyware, viruses, malware, Trojans, worms and some
other unwanted infectious programs.
 This gives the user and organizations much-desired privacy as it protects their
personal information that might hurt their feelings in the event of a leak.

Development
 It is beneficial for mental health as it makes the person feel safe.

 Enhanced stakeholder support for effective safety mechanisms.
 Stolen data can be easily recovered by implementing effective cybersecurity
mechanisms.
 Company that is more reliable credentials with a strong job security structure.
Disadvantages of cybersecurity
To bring a strong digital security component to an association, it must arrange all its work
through the information system. Below are some of the potential challenges the
organization may face when integrating effective cybersecurity mechanisms within the
organization. These are explained as follows:
 Cybersecurity can be a costly issue; because highly trained professionals are
required.
 The latest security patches should be updated regularly with the latest security
definitions that are hard to follow.
 A firewall needs to be properly configured to secure the system, but it's hard work.
It can even block legitimate users from the system if done incorrectly, as several
security measures need to be properly implemented.
 Providing remote access is a business essential, but it can become a business
loophole as an attacker can gain unauthorized access over this network.
 The expansion of artificial intelligence is a challenge for cybersecurity, as robots
are developed to prevent cyberattacks from happening.
 Being interconnected with the advent of IoT is a challenge for cybersecurity; it can
easily replicate itself to all connected devices, as if one device has been
compromised.
 Identity management can be another issue the business may face, as the business
does not have open access provisions within the business so anyone can access the
system.
 The most challenging factor in cybersecurity is the regularly evolving nature of
security risks. Therefore, the association may not be able to adopt any proactive
strategy to protect its information from different digital ambushes.
(assignmenthelp4me, 2021)

Development
1.2.4 Introduction of EMC Cyber

EMC Cyber is known in Sri Lanka as one of the most trusted delivering security products
and services across the entire information technology infrastructure in the country. EMC
Cyber is available to number of clients both in Sri Lanka and abroad, which includes some
of the top-level companies of the world serving in multitude of industries. EMC develops
cyber security software including firewalls, anti-virus, intrusion detection and protection,
and endpoint security. EMC Cyber is tasked with protecting companies’ networks, clouds,
web applications and emails. They also offer advanced threat protection, secure unified
access, and endpoint security. Further, they also play the role of consulting clients on
security threats and how to solve them. Additionally the company follows different risk
management standards depending on the company, with the ISO 31000 being the most
prominent.
1.3 Types of Security risks to Organization
1.3.1 Danger things that are EMC Cloud Solution must aware for the IT Security.
• Unauthorized access
• Use
• Disclosure Disruption
• Modification
• Inspection Recording
• The destruction of information
As described above, EMC Cyber can face a number of threats. It’s not only about not
stealing something, it’s much more.
An attack is any behavior that destroys the protection of an organization's own data. These
attacks can be narrowly classified, at the highest level, as:
 Active Attack
 Passive Attack

Development
1.3.1.1 Active Attack

Active attacks involve the use of information gathered during passive attacks to
compromise users or the network. There are many types of active attacks. In a
masquerading attack, the attacker pretends to be another user to access restricted areas of
the system. In the new attack, the attacker steals data packets from the network and
forwards them to the service or application as if the attacker was the user who
originally sent the data packet. Denial of service (DoS) and distributed denial of service
(DDoS) attacks are also examples of active attacks that prevent authorized users from
accessing specific resources on the network or the Internet (for example, using more traffic
than it can handle). Unlike passive attacks, active attacks are more likely to be quickly
detected by the target after execution. The following are some defensive measures against
such attacks:
1. A random session key can be generated that is valid for only one transaction at a
time and should effectively prevent an attacker from retransmitting the original
message after the original session has expired.
2. Using a one-time password helps authenticate transactions and conversations
between communicating parties. This ensures that the associated password expires
even if the attacker successfully logs and forwards the intercepted message.
3. The Kerberos authentication protocol (usually used in Microsoft Windows Active
Directory) is used, which supports various countermeasures against different types
of replay attacks. (venafi, 2021)
Figure 4 Active attack

Development
1.3.1.2 Passive Attacks

In a passive attack, the attacker monitors the system and network communications and
scans for open ports and other vulnerabilities. For example, they might be using an
unsecured system or using an expired certificate on a security device (in fact, an expired
certificate that was not found by the company's security team contributed to the data breach
of Equifax).
Once an attacker has penetrated the network, he can collect information in two ways. In a
passive trail attack, the attacker will try to gather as much information as possible so that it
can later be used to attack the target system or network at a later stage. For example, an
attacker records network traffic with a packet analysis tool such as Wireshark for later
analysis. Installing a key logger is another type of passive attack where an attacker waits
for the user to enter their credentials and records them for later use.
The two most common use cases for passive attacks are:
Traffic analysis: This type of attacker monitors communication channels to gather a range
of information, including human and machine identities, their locations, and the encryption
types used, if any.
Release of message content: In this type, an attacker will monitor an unprotected
communication medium such as unencrypted e-mail or phone call and hijack it for sensitive
information.
Other types of passive attacks include "passive reconnaissance", in which an attacker tries
to obtain important information about the target organization connected to the internet
without sending any traffic (packets) to the target server or network. Examples of such an
attack are browsing a website content for relevant information (such as employee contact
information) that could be used in active attacks, or finding unprotected files on a
destination server, such as meeting documents or intellectual property.
It is very difficult and impossible to detect a passive attack in most cases because it does
not involve any data changes. However, you can take preventive measures to stop it,
including:
1. Using encryption techniques to scramble messages, making them unreadable for
unwanted recipients. In this case, two types of encryption can be applied:
 Symmetric keys (same key at both ends)—we still have a problem with secretly
exchanging the secret key.

Development
 Encryption with a private key, in which each party involved in the

communication (whether user, program, or system) has two keys, one public
and one that must be kept secret. An example of this type is the use of SSL/TLS
certificates (HTTPS), which are used to validate machine identities between a
web server and one's browser.
2. Avoid publicly posting sensitive information (such as private and company
information) that could be used by outside hackers to invade your private network.
(venafi, 2021)
Figure 5 Passive Attacks
Difference between Active and Passive Attacks

Both active and passive attacks are security attacks. During an active attack, the attacker
attempts to change the content of the message. In a passive attack, the attacker can
observe the message, copy the message and use it for malicious purposes.
The following are the main differences between active and passive attacks. (Parahar,
2019)
Key Active Attack Passive Attack
Modification In Active Attack, In Passive Attack,
information is modified. Information remain
unchanged.
Dangerous For Active Attack is dangerous Passive Attack is
for Integrity as well as dangerous for
Availability. Confidentiality.

Development
Attention Attention is to be paid on Attention is to be paid on

detection. prevention.
Impact on System In Active Attack, system is In Passive Attack, system
damaged. has no impact.
Victim Victim gets informed in Victim does not get
active attack. informed in passive attack.
System Resources System Resources can be System Resources are not
changed in active attack. changed in passive attack.
Table 1 Difference between Active and Passive Attacks
1.3.2 Threats, Vulnerabilities, Risks, and Counter-measures
In today's world, data and its protection are critical issues for businesses. Customers want
to make sure their information is safe with company, and if organization can't keep it safe,
they'll lose their business. Many customers with sensitive information want you to have a
solid data security infrastructure before doing business with organization.
How confident EMC Cyber organization's IT security in this environment?
To have a strong grasp of data security issues that could potentially impact business, it is
imperative to understand the interrelationships of the three components:
1. Threats
2. Vulnerabilities
3. Risk
Although these technical terms are used interchangeably, they are different terms with
different meanings and consequences. Let's have a look.
Figure 6 Threats, Vulnerabilities, Risks, and Counter-measures

Development
1.3.2.1 Threats
A threat refers to a new or newly discovered event that has the potential to harm a system
or your company in general. There are three main types of threats:
 Natural threats such as floods, hurricanes or tornadoes
 Unintentional threats, such as an employee accidentally accessing false
information
 Intentional threats such as spyware, malware, adware companies, or the actions
of a disgruntled employee
Worms and viruses are classified as threats because they can harm your organization by
being subject to an automated attack, as opposed to a human attack. Finally, on May 12,
2017, the WannaCry Ransomware Attack began bombing computers and networks around
the world and has since been described as the largest attack of its kind. As seen in the 2017
Internet Security Threat Report, cybercriminals are constantly finding creative new ways
to compromise your data.
These threats are uncontrollable and can often be difficult or impossible to detect
beforehand. However, certain precautions will help you assess threats regularly so you can
be better prepared should a situation arise. Here are some ways to do this:
 Keep the team members aware of current trends in cybersecurity so they can
quickly detect new threats. They should subscribe to blogs (like Wired) and
podcasts (like Techgenix Extreme IT) that cover these topics, and they should be
members of professional associations so they can benefit from breaking news feeds,
conferences, and webinars.
 Perform regular threat assessments to determine the best approaches to
protecting a system against a particular threat and to evaluate different types of
threats.
 Perform penetration testing by modeling real-world threats to discover
vulnerabilities.
1.3.2.2 Vulnerability
Vulnerabilities are known asset (resource) weaknesses, which can be exploited by one or
more attackers. In other words, this is a known issue that allows the attack to be successful.
For example, when a team member resigns and you forget to disable their access to external
accounts, change their login information, or remove their name from their corporate credit
card, this can leave your company vulnerable to both intentional and unintentional threats.

Development
However, automated attackers exploit most vulnerabilities, not by manual entry at the other
end of the network.
Vulnerability testing is essential to ensure ongoing system security. By identifying
weaknesses, you can develop a strategy for a quick response. Here are some questions to
ask yourself when identifying your vulnerabilities:
 Has your data been backed up and stored in a secure off-site location?
 Is your data stored in the cloud? If so, how does the cloud prevent vulnerabilities?
 What kind of network security do you need to determine who can access, change,
or delete information in your organization?
 What type of virus protection is used? Is the license up to date? Does it work as
often as necessary?
 If the vulnerability is exploited, do you have a data recovery plan?
Vulnerabilities can divide in to six sub topics
 Hardware Vulnerability
 Software Vulnerability
 Network Vulnerability
 Personal Vulnerability
 Physical site Vulnerability
 Organizational Management Vulnerabilities
Examples for the above Vulnerabilities
Hardware Vulnerabilities
 Susceptibility to humidity or dust
 Insecure storage
Software Vulnerabilities
 Improper testing
 Lack of audit trail
 Design flaws
Network Vulnerability
 Insecure communication strategies
 Insecure Network architecture
Personal Vulnerability
 Inadequate recruiting of suitable professionals

Development
 Low-security awareness
Physical site Vulnerability
 Area susceptibility to floods.
 Unreliable power sources.
 Accidental fires.
Organizational Management Vulnerabilities
1.3.2.3 Risk
Risk is defined as potential loss or damage when a vulnerability is exploited by a threat.
Examples of risks include:
1. Financial loss
2. Loss of confidentiality
3. Damage to your reputation
4. Legal implications
5. Even the loss of life
The risk can also be defined as:
 Risk = Threat x Vulnerability
Reduce your risk potential by creating and implementing a risk management plan. Here are
the key aspects to consider when developing a risk management strategy:
 Assess risk and identify needs. When it comes to designing and implementing a risk
assessment system, it is very important to prioritize the most critical violations that
need to be addressed. This level of assessment should be performed on a regular
and iterative basis, although the frequency will differ from organization to
organization.
 Include a common stakeholder perspective. Stakeholders include business owners
as well as employees, customers, and even suppliers. All of these players can
negatively impact the organization (potential threats), but they can also be assets
that help mitigate risk.
 Identify a central group of people responsible for risk management and determine
the appropriate level of funding for this activity.
 Implement appropriate policies and appropriate controls, and ensure that the
appropriate end users are notified of any changes.

Development
 Monitoring and evaluating policy and control effectiveness. The sources of risk are
constantly changing, which means that your team must be ready to make any
necessary adjustments to the structure. This may also include the inclusion of new
monitoring tools and techniques.
1.4 Development of Security Procedures to Minimize the Impact for the IT

Security.
The company must have a strategy to mitigate the impact of IT security threats. The strategy
should include known vulnerabilities, threats and risks, what needs to be done to do this,
how to deal with the risk, and what security procedures should be in place, etc.
1.4.1 Identified risks for the EMC Cyber

Inside and outside attacks
The high risk of EMC is hacking, breaking, and attacking. Because of the Internet-based
cloud architecture. Nowadays, the idea of the Internet of Everything (IoE) has become a
big shift for the business world. So there are many benefits that also have IoE drawbacks.
When hacking, attacks such as malware, ransomware or virus attacks can occur. So, the
EMC mainframe is going to crash. Thus, for the EMC, network contact should be protected.
1. Loss of data
The first priority on the part of IT protection is business data, confidential customer data.
Data still needs to be secure for cloud solutions like EMC. Data failure or data corruption
can lead to bankruptcy of the company. Therefore, parts must be carefully guarded and kept
in good condition.
2. Misuse of Data
A familiar threat to EMC is trade secret sharing, fraud, espionage, and theft. Consequently,
the consequences of misuse of data are an important fact that should be considered a high
risk.
3. Human interaction
Human error is another vulnerability that needs to be mitigated. Sometimes it is deleted,
modified, updated or corrupted. With the right procedure, this should decrease.
4. Equipment malfunction
Failure of systems and peripheral equipment can interrupt the EMC output. This is a big
impact on 99.9% customer availability.

Development
5. Application error
EMC output can be affected by computation errors, input errors, buffer overflows, database
failures, system failures, and license failures.
6. Physical damage
There will be fire, water, power outages and natural disasters, and a disaster recovery plan
must be named to restore everything that has been destroyed or lost to a minimum.
1.4.2 Security procedures that can be used to minimize the impact of the EMC
Cloud Solution.
For any company, a security protocol must exist to protect its resources from attacks or
disruptions. EMC should also provide an IT security mechanism to protect all company
property. This should be well managed and reported in the update. Any improvement made
should also be recorded. This is the recommended way to provide capital for the
organization. There are forms and risk groups. For each risk and its impact, we need to
establish a procedure. This is often considered a risk control method. Risk is determined in
the process of risk management; they are rated, and also classified by form. There are
security protocols for these forms that must be followed to reduce the impact on the
organization.
1.4.2.1 Procedures for the identified Risks

1. Network Security Procedures - Internal External Attacks
Provide the highest level of protection to prevent indoor and outdoor attacks. This includes
storage protection, network security, access restrictions, and monitoring procedures.
If we are concerned about attacks, we should avoid threats such as hijacking or burglary.
For this, the communication on the network must be secured. To avoid attacks, we can
conduct a series of security tests.
One can characterize the implementation of firewalls as the best hacking solution.
In addition, it must have a tool to scan the client's security for viruses.
2. Data protection procedure - data loss
Another important challenge for the enterprise is data protection. Access control and user
restrictions for business data should be established. Because data loss, error or damage can
occur without proper data protection.
For the planned plan, you need to back up your data or storage. And if something went
wrong, there had to be a contingency plan. And with the highest standard of access

Development
protection, they need to be well updated and managed. For best practice, backups should
be stored elsewhere. This is the recommended data protection protocol.
3. Encryption procedure - misuse of data.
The best way to avoid trade secrets, scams, espionage and data theft is by encrypting your
data. If a company can encrypt data to protect data using a dedicated encryption process,
the impact of data misuse will be reduced.
There are various methods for encrypting data. Therefore, if we can encrypt data with a
hash algorithm, encryption with a cryptographic key, it must be safe and recorded for
certain methods and keys of encryption algorithms and everything else. This is
recommended advice from IT professionals.
4. Access policy and restriction procedure - Interaction with people
Any company must have access policies, restrictions and regulatory processes. There is a
great danger here. Who has what access, what can be done with these access policies, what
are the restrictions, who has the right to do something with confidential data, what are the
intentions, what are the criteria, why should this be done to reduce the effects, should
everything be documented?
This is also required for the IT audit period. Every log, every change we made with time
and date that needs to be mentioned.
5. Procedure for using hardware resources - hardware failure
The business process is triggered by the failure of systems and peripheral equipment.
Therefore, the organization must provide redundant servers and computers for the duration
of the hardware failure to resolve system errors. To take action in the event of a failure, it
is important to record your current hardware products, server configurations, and system
configurations. Then it will be possible to apply only the backup method in order to enter
the periodic output state as soon as possible.
6. Troubleshooting Procedure - Application Error
In the IT sector, errors, bugs, failures are usually few. There might have been a failure.
If a loss occurs, before a solution can be found, it must be determined from top to bottom.
And from bottom to top. To overcome every failure, there must be procedures.
After the last time, there was a need for a good preservation and correction. What are the
latest steps taken, what new resources are being used, what triggered them, and what needs
to be recorded?

Development
When any new recruit arrives, that person should be aware of the failures that occurred
earlier and what steps should be taken to resolve them. They will need to check and record
if new failures, crashes and errors occur.
7. Disaster recovery procedure - physical damage
Physical injuries disrupt the entire business process. When a natural disaster occurs, a
mechanism can be used to restore the functioning of the business process to a minimum.
In honor of this operation, the "Disaster Recovery Plan" is named. This strategy includes
how the company will recover from the incident, what needs to be done during this period,
the recovery process, and so on. This described process is simply called the “Risk
Management Procedure”. This document contains:
Identify key risks, measure the likelihood and impact
 Analyze security threats
 Measurement of impact
 Rank potential risks and indicate desired results
 Avoiding risks
 Transfer of risk
 Risk reduction
Thus, by measuring and investigating them and determining the consequences of threats,
this document helps to reduce the risk and take appropriate action against it.
1.4.3 Risk Management
Risk management involves identifying, analyzing and responding to risk factors that form
part of the life of a business. Effective risk management means trying to control future
results as much as possible by acting proactively rather than reacting. Thus, effective risk
management makes it possible to reduce both the likelihood of a risk and its potential
impact. (corporatefinanceinstitute, 2021)
Figure 7 Risk Management Process

Development
IT managers conduct this process to help them balance the economic and operational costs
associated with using security controls to protect the data and information systems that
support the company.
The steps of risk management can be shown as below
1. Identify Risk
Anticipating potential project pitfalls shouldn't be discouraging for your organization. Vice
versa. Risk identification is a positive experience in which your entire team can participate
and learn from.
Leverage the collective knowledge and expertise of your entire team. Ask everyone to
identify the risks they have encountered previously or may have additional information.
This process promotes communication and cross-functional learning.
2. Assess Risk
In this way, the identified risk evaluates what the risk will do to the resources and the
organization. Each risk is evaluated to classify their behavior. Therefore, the concept of
risk access is the process of assessing, analyzing risks that understand how risks can cause
the organization and can eliminate or prevent hazards.
3. Analyze the Risk
They are measured in terms of severity by measuring the risks after assessing the identified
risks. They should record subsequent changes following an appropriate risk assessment.
Thus, the concept of risk analysis is a technique that allows you to deal with the detected
potential hazards that can cause a business process. This applies to programs, IT, security
issues and any activity in which threats can be assessed on a quantitative and qualitative
basis. Risk analysis is part of risk management.
4. Control the Risk
Risk management helps you manage identified, assessed and analyzed threats. These are
mainly the risks described by this. Risk management determines what steps should be taken
to mitigate these identified risks.
5. .Review the controlled Risk
It is important to monitor the implementation of control measures (to reduce or control
risks) to assess whether the measures are successful and whether they have a significant
impact on eliminating or minimizing the risk. Tracking monitoring is often used to assess
whether other threats have emerged because of the deployment.

Development
Importance of Risk management

Risk management is an important process as it provides the business with the necessary
tools to adequately identify and manage potential risks. Once the risk is identified, it can
be easily reduced. In addition, risk management provides a framework for the business to
make informed decisions. For a business, assessing and managing risk is the best way to
prepare for unforeseen circumstances that can hinder progress and growth. A business has
a better chance of being a successful business when it evaluates its plan for potential
threats and then develops structures to address them. In addition, progressive risk
management ensures that priority risks are handled as aggressively as possible. Moreover,
management will have the information they need to use to make informed decisions and
keep the business profitable.
1.4.4 Risk Treatment

Risk treatment involves developing a set of risk mitigation options, assessing those options,
and then preparing and implementing an action plan. The highest level of risk needs to be
addressed urgently.
Choosing the most appropriate risk treatment means balancing the cost of each activity and
the benefits obtained. In general, the costs of risk management should be commensurate
with the benefits obtained. The broader context also needs to be considered when assessing
costs and benefits.
Depending on the type and nature of the risk, the following options can be used:
 Avoid - deciding not to pursue an activity that resulted in unacceptable risk,
choosing an alternative, more acceptable activity that meets business objectives, or
choosing an alternative less risky approach or process.
 Mitigation - Implementation of a strategy aimed at reducing the likelihood or
consequences of a risk to an acceptable level where remediation is considered
excessive in terms of time or cost.
 Accept - Making an informed decision that the risk rating is acceptable or that the
cost of treatment outweighs the benefit. This option may also be relevant in
situations where residual risk remains after other treatment options have been
applied. No further action is taken to mitigate the risk, but continuous monitoring
is recommended. (survey.charteredaccountantsanz, 2021)

Development
2 Task
2.1 EMC Cyber and its clients will be impacted by improper/ incorrect
configurations.
2.1.1 Definition of Firewall
A firewall can be defined as a special type of network security device or program that
monitors and filters inbound and outbound network traffic based on a set of defined security
rules. It acts as a barrier between internal private networks and external resources (such as
the public Internet). The main purpose of a firewall is to allow safe traffic and prevent
malicious or unwanted data traffic to protect your computer from viruses and attacks. A
firewall is a cybersecurity tool that filters network traffic and helps users block malware
from accessing the Internet on infected computers.
Figure 8 Firewall
Types of Firewall
There are software and hardware firewalls. Each format serves a different but important
purpose. A hardware firewall is physical, like a broadband router, and is stored between
your network and the gateway. A software firewall is internal - a program on your computer
that runs through port numbers and applications. There are also cloud firewalls known as
Firewall as a Service (FaaS). One of the benefits of cloud firewalls is that they can grow
with your organization and, like hardware firewalls, do a good job of perimeter security.
There are several different types of firewalls depending on their structure and function.
There are various firewalls you can implement depending on the size of your network and
the level of security you need.

Development
2.1.2 Issues of improper or incorrect Firewall configuration.
Improperly controlled firewalls in every company pose some of the biggest business risks.
Networks are getting more complex and the most important factor to keep in mind is the
firewall specifications.
Therefore, firewall management and overall network security must be done correctly when
it comes to firewalls.
In every company, poorly controlled firewalls pose business risks. Risks are something we
don't know about until it's too late.
 Legacy firewall rules allowing unauthorized network access and cyber-attacks.
 Incorrect changes to firewall rules that disrupt business applications.
 Conflicts of policy rules or the order of policies can make some systems or
applications inaccessible
 Incorrect zoning and configuration design can expose critical vulnerabilities.

Therefore, when we configure a firewall, it should be tested before starting. So that the
person who created the firewall configuration understands the security risk of that
configuration and helps, avoid the effect.
The most important thing about a firewall is the firewall rules. This regulates all traffic in
all directions. Therefore, we need to know exactly what we are doing when we set up
firewall rules to allow or deny traffic.
The correct configuration for firewall policies should look like this. It depends on the
requirements of the company.
2.1.3 Advantages of using proper Firewall
 Monitors network traffic.

All the security benefits of a firewall begin with the ability to monitor network traffic. The
data entering and leaving systems creates opportunities for threats that can compromise the
work. Firewalls monitor and analyze network traffic, using predefined rules and filters to
protect the systems. With the help of a well-trained IT team, we can manage our levels of
protection based on what we see when entering and exiting through the firewall.

Development
 Prevents hacking
Unfortunately, the trend towards more and more digital operations encourages thieves and
intruders to do the same. With the rise of data thefts and criminals holding systems hostage,
firewalls have become even more important as they prevent unauthorized hackers from
gaining access to your data, email, systems, and more. A firewall can completely stop a
hacker or keep him from choosing an easier target.
 Stops spyware.
In a data-driven world, a much-needed advantage is preventing spyware from accessing
and infiltrating your systems. As systems become more sophisticated and reliable, the
number of entry points that criminals can use to gain access to your systems also increase.
One of the most common ways unwanted people gain access is using spyware and malware,
programs designed to infiltrate the systems, control your computers, and steal our data.
Firewalls are an important defense against this malware.
 Stops virus attacks.
Nothing can stop your digital operations faster and harder than a virus attack. Hundreds of
thousands of new threats are created every day, so it is vital that you put in place defenses
to keep your systems up and running. One of the most obvious benefits of firewalls is the
ability to control entry points into your system and stop virus attacks. The cost of damage
from a virus attack on your systems can be prohibitive, depending on the type of virus.
 Provides confidentiality.
The main advantage is confidentiality. By working proactively to keep your and your
customers' data secure, you create a privacy environment that your customers can trust. No
one likes stealing their data, especially when it is clear that steps could have been taken to
prevent an intrusion.
In addition, updated data protection systems can be a competitive advantage and an
argument in favor of buyers and customers. The benefit is greater the more confidential the
data your company is dealing with. (fortinet, 2021)

Development
Virtual Private Network (VPN)

A virtual private network or VPN is an encrypted connection between the device and the
Internet network. Encrypted connections help ensure the safe transmission of sensitive data.
This prevents unauthorized persons from blocking traffic and allows users to work
remotely. VPN technology is widely used in corporate environments. (cisco, 2021)
Figure 9 Virtual Private Network
2.1.4 Issues of improper or incorrect VPN configuration.
VPNs work on the Internet. Therefore, the risk is really great. To secure your VPN
connection, you must enforce proper configuration policies. So the VPN connection can be
secured and the contact can be stopped from being hacked by an attacker.
If there is an incorrect / inaccurate configuration or regulation, the EMC can face a
dangerous number of them.
 If remote access has been configured using an insecure authentication protocol,
attacker-in-the-middle attacks are possible. This attack is capable of remotely
authenticating to a VPN server.
 If an attacker can compromise the security certificate, the attacker gains access to
the server from the certification authority without compromise.
 When remote workers are unable to access a mission-critical application, it can
severely impact EMC and employee productivity.
So, one of the interesting features of EMC is VPN. Therefore, it must be installed correctly.
Accordingly, VPN connections can be protected using firewalls. VPNs must be located
correctly, without losing connectivity and without any security risks.

Development
2.1.5 Advantages of using VPN

 Protect the network
An app or website can track our online activity even if we are not aware of it. They can
then analyze the collected data and use it to try to target us with ads. Without a VPN, we
can face an influx of pop-ups that can interfere with our web browsing and cause a ton of
inconvenience.
If we are using a VPN, it can prevent people, programs, and web browsers from accessing
our connection. This ensures the security and anonymity of the information transmitted and
received.
 Hide personal information

Hackers can use various methods to intercept sensitive information that we enter on
websites. Using this information, they can try to impersonate us by gaining access to bank
accounts, credit card information, etc. However, with a VPN, you can get a high level of
security like 256-bit encryption. This makes all our online communication meaningless,
garbled text and symbols for anyone who can find a way to intercept them.
 Prevent data throttling

Data throttling happens when you have used up a certain amount of available data and then
your Internet Service Provider (ISP) decides to slow down your service. If you have a VPN,
you can avoid data restrictions, especially since not even your ISP can see how much data
you are using. This can be especially useful for employees who need to use data plans on
their smart devices while accessing the Internet on the go.
 Avoid bandwidth throttling

Bandwidth limiting is when our ISP or someone else who can control our network
intentionally slows down our internet speed. This sometimes happens when we visit certain
websites or engage in certain online activities. If we are using a VPN, traffic originating
from our device may be encrypted. Encryption prevents other users from seeing the
websites you visit.
Since bandwidth the sites we use or the type of activity you engage in, if our ISP cannot
see the data going to and from our device, it cannot throttle it in such situations, sometimes
triggers throttling. However, they can limit your data at certain times of the day to free up
bandwidth for other users.

Development
In most situations, employees and others using your internet connection will not be
restricted based on their internet use, but using a VPN can hide their data transmission and
eliminate the possibility.
 Get access to geo-blocked services

With a VPN, we can get a different IP address. IP addresses indicate where a device is
located when it browses the Internet, streams content, or engages in other online activity.
Some sites and services do not allow users from certain countries to access some or all of
what they have to offer. This is common for streaming services serving specific locations.
Some business websites also often restrict the use of their services based on where you are,
such as when you want a quote or access more specific information about their services. If
we are using a VPN, we may give the impression that we are using the Internet from a
location that is acceptable to the service you are trying to access.
If employees need full access to all the information and services that websites offer, a VPN
can make things easier.
 Network scalability
While a private network can help get the business off the ground, the costs of network
expansion can be prohibitive. If using a VPN, that can provide access to multiple employees
and remote employees at the same time. We can also run key applications in the cloud and
grant them access through a secure VPN tunnel.
This can be anything from email to full-fledged applications that you usually run on your
desktop computer. When employees connect to the VPN, they gain access to another
computer that you use to run the application they want. Every employee with a login can
access the VPN and therefore the application. Adding additional staff is only a matter of
providing more bandwidth if needed and credentials for each new team member.
 Reduced support costs

By setting up a VPN with a cloud computing architecture, we can significantly save on
support services. For example, in a field configuration, internal IT staff is usually
responsible for the performance and maintenance of the back-end server. It can take several
hours to check how well the server is performing, that everyone is reaching optimal
bandwidth, and that hackers or malware is not attacking it.

Development
In addition, if you find a problem, you need to spend more time fixing it and the possible
consequences in your organization.
However, in the case of a VPN, all maintenance, performance checks, and security
measures are the responsibility of the service provider. Their IT costs are supported by a
huge number of paying customers, which makes their costs per customer relatively low.
These cost savings are passed on to you in commissions that are lower than what you would
pay to have a dedicated team run your infrastructure.
To ensure that this is the case, it is prudent to carefully check the services the provider
offers and the types of equipment they use. More advanced components and security
measures often improve the experience for you, the customer. (fortinet, 2021)
2.1.6 Network-monitoring systems.

Network monitoring is an IT process that includes monitoring network components and
endpoints for availability, uptime, and performance. It also includes monitoring various
levels of data and alerting network administrators in the event of network downtime or
outages. Network monitoring systems include tools that track network activity. It is very
important to track traffic, bandwidth usage, and other metrics using performance counters.
In addition, checking the health and performance of network interfaces for their failures
helps to manage various network resources, both local and remote. Network monitoring
helps IT administrators reduce time to repair (MTTR) to resolve network performance
issues in real time with instant alerts and data in the form of tables, charts, graphs,
dashboards, and reports. (site24x7, 2021)
Figure 10 Network Monitoring System

Development
2.1.6.1 Benefits of using Network Monitoring

 Full network visibility
Organization cannot adequately assess the performance of the network if you do not have
full network visibility. The company needs to be able to track every bit of traffic that goes
through your network, as well as track every connected device and study overall
performance metrics. Any decent network-monitoring tool will provide comprehensive
monitoring capabilities that leave no part of your network in the dark. This way, there will
be no performance issues on company network.
 Detection of security threats

Although the main purpose of network monitoring solutions is to monitor performance,
they can also help discover potential security threats in the system. Some malware and
viruses are designed to stay online after being accessed without any action; others may
perform small actions that are not detectable by the human eye. Network monitoring
solutions will monitor your network for unusual and suspicious network traffic (indicating
that a security threat is attracting network resources) and alert your company to the
problem.
 Predicting and preventing network downtime

Organization can never guarantee 100% service uptime, even with the most powerful
network monitoring solution, but they can help us prevent unexpected network outages. A
key function of network monitoring solutions is to monitor network traffic that indicates
that a device or network is about to happen. This way, your business can proactively correct
any unexpected downtime, allowing maximizing service availability where possible.
 Monitoring bandwidth usage

For most network administrators, bandwidth utilization is one of the most important
performance metrics to analyze. Ideally, your company wants to use as much bandwidth as
possible while ensuring that all services run efficiently. A network monitoring solution will
track bandwidth usage, notify your network when bandwidth usage reaches critical levels,
and ensure that quality of service (QoS) protocols are working properly. (DanielHein,
2019)

Development
2.1.7 Tools, Which Use to Networking Monitoring

1. Manage Engine Op Manager
Manage Engine Op Manager is a network monitoring tool that continuously monitors
devices such as routers, switches, firewalls, load balancers, wireless LAN controllers,
servers, virtual machines, printers and storage devices. Manage Engine Op Manager must
be installed in the field, but comes with preconfigured network monitoring device templates
for added ease of use.
Key features include:
 Real-time network monitoring
 Physical and virtual server monitoring
 Multi-level thresholds
 Customizable dashboards
 WAN Connection monitoring
 SNMP monitoring
 Email and SMS alerts
 Auto-discovery
2. Paessler PRTG Network Monitor
Paessler PRTG Network Monitor allows organizations to monitor all their systems,
devices, traffic and applications in their IT infrastructure without additional plug-ins. You
can choose from multiple sensors that will monitor areas of your network, such as
bandwidth monitoring sensors, hardware parameter sensors, SNMP sensors, VOIP and
QoS sensors, and more.
 Integrated technologies (SNMP, WMI, SSH, HTTP requests, SQL etc.)
 Real-time dashboards
 Alerts by email, push or HTTP requests
 Threshold based warning system
 Reporting system
 Scanning devices by IP segment

Development
3. Solar Winds NPM
Figure 11 Solar Winds NPM
Although the name Solar winds Network Performance Manager is built on performance, it
is still a valuable network security-monitoring tool as it monitors network elements such as
servers, switches, and applications. Solar winds NPM can move from SNMP monitoring to
packet analysis to give your organization more control over monitoring your network
partitioning and improve network security.
 Critical path visualization
 Smart mapping
 Wi-Fi monitoring and heat maps
 Extended alert
 SNMP monitoring
 Automatically detects connected devices

4. Nagios
Nagios is a monitoring and alerting engine designed to run on Linux systems. The open
source Nagios model gives organizations the ability to customize and adapt the system to
their needs. The tool divides statuses into three categories - Current Network Status, Host
State Totals, and Service Status Totals. Using the API, you can integrate other services for
real flexibility.

Development
 Performance board
 API Integration
 Availability reports
 Warning
 Advanced plugins
 Upgrade Options for Nagios XI

5. What’s up gold
WhatsUp Gold is a tool that combines infrastructure management, application performance
management and network monitoring in one tool. It's a useful, feature-driven tool with
customizable pricing packages that perfectly match your organization's fabric and network
security needs. (Harvey, 2020)
 Hybrid Cloud Monitoring
 Real-time performance monitoring
 Automatic report generation
 Network screen
 Easy-to-use instrument panel
2.2 How DMZ, Static IP and NAT Helps To a Trusted Network in EMC
2.2.1 Definition of Trusted Network

The trusted network of a company is the network that a company uses to conduct its internal
business activities. In most cases, the company defines the trusted network as "secure" by
default. Trusted Network generally supports back-end systems, internal intranet web pages
only, data processing, messaging, and in some cases, internal instant messaging. Many
companies allow a reliable network to communicate directly between systems without
encryption. The problem with the above definition is that many assumptions are made in
these companies. A reliable network is not always secure. In fact, in most cases a reliable
network cannot be trusted. This is because the internal network consists of many different
networks. These include new purchases, old purchases, international access points, and
even multiple access points to the outside world. It is common practice to define a trusted

Development
network as the network used by internal employees in the office or through a secure and
controlled search engine. (subscription.packtpub, 2021)
2.2.2 DMZ (Demilitarize Zone)
In the field of computer security, the DMZ network (sometimes referred to as a

"demilitarized zone") acts as a subnet that contains public services outside the organization.
It acts as an open point for untrusted networks (usually the Internet). The purpose of DMZ
is to add an additional layer of security to the organization's local area network. Secure and
monitored network hosts outside the internal network can access the open content in the
DMZ, while the rest of the organization's network is protected by a firewall. If implemented
properly, the DMZ network can detect and fix security vulnerabilities before they reach the
internal network where valuable assets are stored, thereby providing additional protection
for the organization. (barracuda, 2021)
Figure 12 Demilitarized Zone
2.2.2.1 Benefits of DMZ

Implementing a DMZ allows organizations to define several different trust levels and zones
on the network. This brings many benefits to the organization, including:
 Protect systems with Internet access
E-mail servers, web applications, and other systems connected to the Internet need access
to confidential data, which means that they must be protected from attacks. Placing these
systems in the DMZ ensures that they can be accessed through the public Internet while
still being protected by external firewalls.

Development
 Internal system protection

Certain systems in the DMZ (such as FTP servers) pose a threat to the systems in the
organization's network. Placing these systems in the DMZ ensures that there is another
layer of security verification between these systems and the organization's internal network.
 Limited lateral movement
Cyber-attacks usually use this system to gain a foothold in the network, and then expand
its range of influence from that point. Since the most vulnerable and vulnerable systems
are in the demilitarized zone, it is more difficult to use them as a springboard to access and
use a secure internal network.
 Network scanning prevention
Attackers often scan the organization's network to identify computers and software that
may be vulnerable. The implementation of the DMZ configures the network so that only
systems connected to the Internet can actually see and scan from the public Internet.
 Advanced Access Control
Installing a firewall between the internal network and Internet connection systems allows
you to control all connections between these systems. This allows organizations to define
and strictly enforce access controls to ensure that internal systems are protected.
External users design improved network performance-The Internet-connected system for
frequent visits. Placing these systems in the DMZ can improve their performance by
reducing the load on the internal network infrastructure and firewalls. (checkpoint., 2021)
2.2.3 Static IP (Internet Protocol)
A static IP address is a manually configured IP address for the device rather than the
address assigned by the DHCP server. It is called static because it does not change
compared to a dynamic IP that changes. Routers, phones, tablets, desktops, laptops, and
any other device that can use an IP address can be configured to obtain a static IP address.
This can be done through a device (such as a router) that issues IP addresses, or by
manually entering the IP address from the device itself to the device. (Fisher, 2020)
Figure 13 Static IP

Development
2.2.3.1 Benefits of Static IP
 Running servers
One of the biggest advantages of a static IP address is that computers using such an
address can host servers containing data that other computers can access over the Internet.
A static IP address makes it easy for computers to find a server from anywhere in the
world. In addition, computers that allow remote access on a closed network work best
with static IP addresses. This allows different types of computers running different
operating systems to access the host system by searching for the same IP address each
time.
 Stability
Static IP addresses are more stable on the Internet as they never change. In the case of a
dynamic IP address, the ISP may automatically change the address regularly, for example
every few hours. This may cause the user's connection to fail. The computer may also
experience problems reconnecting to the Internet using the new address. Using a static IP
address avoids all these potential problems.
 Simplicity
Static IP addresses are easier to assign and maintain. It becomes easier for network
administrators to monitor Internet traffic and assign access to specific users based on their
IP address ID. Dynamic addresses require a program that assigns and changes IP
addresses and may require users to change settings on their computers.
 Number of addresses
One of the major disadvantages of static IP addresses is that each assigned address covers
a computer even when that computer is not in use. Because each computer needs a unique
address, this limits the number of available IP addresses. This prompted ISPs to create
several different IP standards to inject more IP addresses into the system, thus making
room for more computers.
 Access Monitoring
A computer with a static IP address is much easier to monitor over the internet. This can
be a disadvantage when it comes to websites that allow each visitor to download or view
a certain amount of content. The only way to view or download additional content is to
update the IP address in the dynamic IP system.

Development
Similarly, law enforcement can track computer users who download content by tracking
their IP addresses.
Users have expressed concerns about the privacy of this type of tracking, and whether
ISPs should disclose the name and address of a user associated with a particular static IP
address remains a controversial issue.
2.2.4 NAT (Network Address Translation)
Network Address Translation (NAT) is designed to protect IP addresses. Includes private

IP networks that use unregistered IP addresses to connect to the Internet. NAT typically
runs on a router that connects two networks and translates the private (not always unique)
addresses on the internal network to valid addresses before forwarding packets to the other
network.
As part of this capability, NAT can be configured to advertise only one address to the
outside world for the entire network. This provides additional security by effectively hiding
the entire internal network behind this address. NAT offers dual security and address
protection features and is typically implemented in remote access environments. (cisco,
2020)
Figure 14 Network Address Translation
Types of Network Address Translation

 Static NAT
In this case, a private IP address is mapped to a public IP address, that is, the private IP
address becomes a public IP address. It is used in web hosting.
 Dynamic NAT
In this type of NAT, multiple private IP addresses are assigned to a pool of public IP
addresses. It is used when we know how many regular users want to access the Internet at
any given time.

Development
 Port Address Translation (PAT)

This is also known as NAT overhead. With this, many local (private) IP addresses can be
converted to a single public IP address. The only way to view or download additional
content is to update the IP address on the dynamic IP system. This is most often used
because it is cost effective, as thousands of users can connect to the Internet using only one
true global (public) IP address. (saurabhsharma, 2021)
2.2.4.1 Benefits of Network Address Translation

 Save costs
By using NAT with private IP addresses, organizations do not need to purchase an IP
address for each computer. The same IP address can be used for multiple computers.
Therefore, this can lead to significant cost savings.
 Save address
When users are overloaded with NAT, NAT saves IPv4 address space by allowing the
privatization of the intranet. This is especially true during the on-chain privatization
process. In this process, all addresses are stored at the port level by multiple applications.
 Flexible connection
By implementing multiple tools, backups, and load balancing, NAT can increase the
flexibility and reliability of the overall network. This happens when installed on a public
network or any other network connection.
 Coordination network
NAT provides a consistent network-addressing scheme. Every time a public IP address is
used, the correct address space must be allocated. This is because as the network expands,
more IP addresses will be needed.
 Cyber security
All source and destination addresses are completely hidden in NAT. If the user is unwilling,
nodes on other networks will not be able to access the nodes in the NAT. Therefore, NAT
provides an additional layer of network security.
 Private addressing
NAT has its own private IPv4 addressing system, even if you want to upgrade to a new
public addressing scheme. However, if you change your ISP, the change of your internal
address will be blocked.

Development
3 Task
3.1 Risk management procedure for EMC Cyber solutions to safeguard itself and
its clients
3.1.1 Risk Assessment
Risk assessment is the process of identifying potential hazards and analyzing what might
happen if a hazard occurs. Business Impact Analysis (BIA) is the process of identifying
potential impacts resulting from the disruption of time-sensitive or critical business
processes. (ready.gov, 2021)
3.1.2 Risk Assessment Framework(RAF)

A risk assessment framework (RAF) is an approach to prioritize and communicate the
security risks posed by an information technology organization. The information should be
presented in a way that can be understood by both technical and non-technical personnel.
A Look at the RAF provides organizations with assistance in identifying and detecting low-
and high-risk areas in the system that may be vulnerable to abuse or attack. (techopedia,
2017)
Types of Risk Assessment Framework
1. Risk management guide for information technology systems (NIST guide) from the
National Standards Institute.
2. Operationally Critical Threats, Assets, and Vulnerabilities Assessment (OCTAVE)
of the IT Emergency Preparedness Team.
3. Control Objectives for Information Technology and Related Information Technology
(COBIT) of the Information Systems Audit and Control Association.
3.1.3 5 components of RMF
There are at least five key components to consider when creating a risk management
framework. These include risk identification; measuring and assessing risks; risk reduction;
reporting and monitoring of risks; and risk management.
1. Risk identification
The first step in identifying the risks a company faces is to determine the magnitude of the
risks. The amount of risk is simply a list of all possible risks. Examples include IT risk,
operational risk, regulatory risk, legal risk, political risk, strategic risk, and credit risk.
After listing all possible risks, the company can select the risks it faces and divide it into
main risks and non-essential risks. The main risk is the risk the company must take to

Development
achieve results and ensure long-term growth. Non-essential risks are often unnecessary and
can be minimized or completely eliminated.
2. Measuring risk
The risk measurement provides information on the number of specific exposures or
exposures in general and the probability of losses resulting from those exposures. When
measuring exposure to a particular risk, it is important to consider the impact that risk has
on the organization's overall risk profile.
Some risks provide multiple benefits, while others do not. Another important consideration
is the ability to measure exposure. Some risks are easier to measure than others. For
example, you can use observable market prices to measure market risk, but measuring
operational risk is considered both an art and a science.
If there is a small change in risk, the particular risk measure usually has a predictable effect
on profit and loss (“P/L”). They can also provide information about the degree of volatility
in the P&L. For example, the risk of investing in stocks can be measured as the effect of
gains and losses on stocks, such as a 1-unit change in the S&P 500 Index or the standard
deviation of a particular stock.
Common comprehensive risk measures include value at risk (VaR), return at risk (EaR)
and economic capital. In addition to these measures, techniques such as scenario analysis
and stress testing can also be used.
3. Risk reduction
Once risks are classified and measured, the company can decide which risks should be
eliminated or minimized and how many major risks should be retained. Directly selling
assets or liabilities, purchasing insurance, and using derivatives for hedging or
diversification purposes, can mitigate risks.
4. Risk reporting and monitoring
It is important to regularly report on specific and comprehensive risk measures to keep the
level of risk at an optimal level. Financial institutions that trade daily will generate daily
risk reports. Other organizations may require less reporting frequency. A risk report should
be sent to risk personnel who have the authority to adjust (or instruct others to adjust) risk
exposure.

Development
5. Management of risks
Risk management is the process of ensuring that all employees of the company perform
their duties in accordance with the risk management system. Risk management includes
defining the roles of all employees, segregation of duties and delegating authority to
individuals, committees and boards of directors to approve key risks, risk limits, exceptions
and risk reports, and overall oversight.
3.1.4 Importance of Risk Assessment Framework
 To conduct a risk assessment, participants (stakeholders, business owners, etc.)

must specifically identify information assets and their value to the organization,
such as their marketing value or integrity value if personal information is protected.
 Stakeholders will be informed about the risks their organizations are exposed to and
whether the current measures are sufficient.
 Participants within the organization become more aware of risks and learn to defend
themselves and avoid actions that could put the organization at greater risk.
 Conducting an assessment ensures that an effective and meaningful risk awareness

training program is developed for employees, including managers.
 An organization can establish risk tolerance standards based on a better knowledge

of its assets, security best practices, and legal and regulatory requirements for its
industry. (theruntime, 2019)

Development
Risk Assessment Procedure

EMC Cyber
Version 1.0
Sivarasa Pakeen

Development
3.1.5 Procedures of Risk Assessment

EMC Cyber
Date 29.08.2021
Version 1.0
Author Mr. Sivarasa Pakeen
Email Shrawanshraw3333@gmail.com
Description Risk Assessment Procedure for EMC Cyber
Purpose Risk management procedures for EMC Cyber

solutions and the impact an IT security audit
will have on safeguarding organization and its
clients.
Standard & Guidance NIST Definition of Cyber Security and ISO

31000
Act/Law The Federal Information Security

Management Act
Objectives Identifying Vulnerabilities and Threats on

Information resources, Human resources and
IT infrastructure of EMC Cyber Solution.
Evaluate the probability to occur and impact
levels
Assess the Risk of the organization.
Make the report
Security Administrator Mr. Sivarasa Pakeen
Project Manager Mr. Joyal
Core Team Members Risk Officer Miss. Haranika
Chief Executive Miss. Aranja

Officer
Project Sponsor Mrs. Thivya

Table 2 EMC Cyber Procedure Chart

Development
Responsibilities of Core Team Members

Project Manager
The responsibilities of the project manager vary from organization to organization.
Sometimes, they may even change according to the needs of the project. But throughout
the company, most project managers handle some core responsibilities.
Risk Officer
The Risk Officer manages all aspects of the enterprise risk management functions. If you
are looking for a risk manager, many highly qualified consultants in our network can get
started locally or remotely in your business in a matter of days.
Our Risk Officer has helped many companies with the following responsibilities:
 Identify, measure, manage and report risks
 Help design processes to better assess business risks
 Watch out for important and critical risks
 Conducting a risk and compliance assessment

Chief Executive Officer
The CEO is responsible for the daily management of the company in accordance with the
instructions and orders of the board of directors. The CEO lays the foundation for the
internal control environment by providing leadership and guidance to senior management
and analyzing the way they control the business. The CEO is responsible for the group's
risk management process and its continuous development, allocation of work resources,
review of risk management policies, and definition of operating principles and overall
processes. The CEO reports to the Risk Management Committee monthly. The chief
executive officer, chief financial officer, chief financial officer, department committees,
and department presidents working under the guidance of the chief executive officer are
responsible for managing the risks that threaten the achievement of the company's goals.
Project Sponsor
The main responsibility of the project sponsor is first to determine and support the project
investment in the strategic area of the organization, and secondly to ensure that the project
manager delivers the expected project benefits. Without effective PRG and project risk
management, these goals cannot be achieved. Therefore, the sponsor actively participates
in determining the overall risk status of the project portfolio and program group, and
monitors the performance of risk identification, analysis, and response at the project level.

Development
Assets Identifications
 Information & Data of clients
 Hardware and Software
 Servers and Computers
 Human Resources
 IT infrastructures
 Website
 Security equipment
Classification
 System Failure
 Uncertainty – based threats
 Hardware and software problems
 Financial Risks
 Inside and outside threats
 Internet Problems
 Physical security threats

Threats to cause harm
 Lack of staff knowledge
 Poor choice of passwords
 Internet dependency
 Radiation Effect
 Power failure/ Electricity problems
 Stored data is lost
 Transmission over unprotected communications
 Lack of security functionality in the organization
 Over heat
 Over Network Traffic
 Damage by fire, flood or other natural disasters

Development
Potential consequences
 Data Loss
 Direct loss of money
 Loss of business opportunity
 Legal consequences
 Breach of confidence
 Interruption of business activity
 System or application downtime
Probability Levels and their description
Probability Level Description
The information organization handle for customers, personals

Level 1: Low Risk
and organization’s business that is publicly available
This Level of information generally includes information that

is not Personally Identifiable Information (PII), or information
Level 2: Medium Risk that would not harm organization’s customers, employees or
their business such as, phone numbers, office policies, vendor
information, etc.
Highly sensitive information your business handles or has

access to such as customer records, personnel files, credit/debit
Level 3: High Risk
card numbers or other payment information, financial reports,
passwords, PIN, social security numbers, etc.
Table 3 Probability Levels and their description

Development
Mathematical Equation to Calculate

Total Risk = Threats x Vulnerability x Assets Value
Risk Matrix
Figure 15 Risk Matrix
Risk Rating
Figure 16 Risk Rating

Development
ID - 01
Category – System Failure
Risk
Description Probability Impact Solidarity Cost Benefits
Level
 Use anti-
Virus
 Use Network
address
Translation
Malware and
High  Use anti-
hacker Medium Medium Medium High
Risk malware
attacks
 Use Virtual
Private
Network
 Apply
Firewall
 Exhausting
heat to
Atmosphere
over a high
Over heat tunnel
and  Instructed
High High Critical High High
Exhausting them to
heat Keep the
instructions
 Use Safety
things
Table 4 System Failure
ID - 02
Category – Uncertain base Risk
Risk
Level
 Make
Disaster
recovery
plan
Damage by  Use Backup
Natural Low High Moderate generators Medium High
Disasters  Use
alternative
satellite
 Use backup
servers
Table 5 Uncertain Base Risk

Development
ID - 03
Category – Hardware and Software errors
Risk
Level
Stored Data  Use Backup
Low High Moderate Medium Medium
is Lost Servers
 Buy and use
genuine
Application software
High High Critical Low Low
Errors  Renew the
software
every year
Table 6 Hardware and Software errors
ID – 04
Category – Internet Problems
Risk
Level
 Use SSL and
TSL
certificates
 Use secure
protocols such
Transmission as https and
Very
Data over Low Low connection Low Medium
Low
unprotected  Use anti-
malware
 Use Virtual
Private
Network(VPN)
 Use Captchas
to prevent
from
Over unwanted
Network Medium Low Low traffic Low Medium
Traffic  Use Load
balance to
reduce the
server load
Internet  Get High
Very
Dependency Low Low speed internet Low Low
Low
connection
Table 7 Internet Problems

Development
ID - 05
Category – Inside and Outside threats
Risk
Level
 Schedule
Regular
Breaks
 Use safety
things to
prevent from
radiation
 Monitor and
Regulate
Radiation Workplace
High High Critical Low Medium
effect Heat
 Ensure
Workers Do
Not Work
Alone
 Schedule
Strenuous
Work on
Cooler Days
 Use
Captchas to
prevent
from
Poor choice
unwanted
of Pass Low Medium Low Low Low
traffic
words
 Use Load
balance to
reduce the
server load
 Fix CCTV
in the server
room
 Block ports
Employee on the
Very
Negligence Low Low system Low Low
Low
 Provide
access
control with
specific
passwords
Hackers  Use network
attack address
Low Medium Low Medium Medium
translations
devices

Development
 Give Strong
Passwords
 Use Better
Encryption
Lack of staff  Provide
knowledge trainings to
staffs
Very
Low Low  Appoint Low Low
Low
new staffs
with
interview
Table 8 inside and outside threats
ID - 06
Category – Financial Problems
Risk
Level
 Appoint
hardware
technician for
safe maintain
Security
Very  Get Long
Equipment Low Low Low Medium
Low Term
Problem
Warranty
 Buy High
quality things
Table 9 Financial Problems
ID – 07
Category – Physical Problems
Risk
Level
 Use SSL and
TSL
certificates
 Use secure
Lack of protocols such
Security as https and
functionality Low Medium Low connection Low Medium
in the  Use anti-
organization malware
 Use Virtual
Private
Network(VPN)

Development
 Use Captchas
to prevent
from
Theft of unwanted
intellectual Low Medium Low traffic Medium Medium
property  Use Load
balance to
reduce the
server load
Table 10 Physical Problems
3.1.6 Comment on IT Security & Organizational Policy
3.1.6.1 IT Security Audit

An IT security audit is a comprehensive study and assessment of your company's
information security system. Regular audits can help you identify weaknesses and
vulnerabilities in your IT infrastructure, validate security controls, ensure regulatory
compliance, and more. (Tierney, 2020)
Figure 17 IT Security Audit
Process of IT Security Audit

1. Define goals
By conducting IT security audits, determine the goals the audit team intends to achieve. Be
sure to articulate the business value of each goal so that specific audit goals align with your
company’s broader goals.
Use this list of questions as a starting point to brainstorm and refine your own list of audit
objectives.

Development
 Which systems and services do you want to test and evaluate?

 Do you want to audit your digital IT infrastructure, physical equipment and
facilities, or both?
 Is disaster recovery on your watch list? What are the specific risks?
 Is an audit necessary to prove compliance with specific regulations?
2. Plan the audit.
Thoughtful and well-organized planning is critical to the success of IT security audits.
You need to define the roles and responsibilities of the management team and IT system
administrators assigned to perform audit tasks, as well as the process schedule and methods.
Identify the data classification, reporting, and tracking tools that the team will use, and any
logistical challenges you may encounter, such as taking the team offline for evaluation.
Once you have decided on all the details, please record and distribute the plan to ensure
that everyone has a common understanding of the process before starting the review.
3. Perform audit work.
The project team should conduct audits in accordance with the plans and methods agreed
during the planning stage. This usually involves scanning IT resources (such as file sharing
services, database servers, and SaaS applications (such as Office 365)) to assess network
security, data access levels, user access permissions, and other system settings. As part of
the disaster recovery assessment, it is also recommended to conduct a physical inspection
of the data center to see if there are fires, floods, and power surges. In the process, interview
employees outside the IT department to assess their knowledge. Safety issues and
compliance with company safety requirements. Policies, so any loopholes in your
company’s security procedures can be resolved in the future.
Be sure to record any findings during the audit.
4. Report the results.
Compile all audit-related documents into a formal report, which can be shared with
management stakeholders or regulatory agencies. The report should include a list of
security threats and vulnerabilities found on your system, as well as mitigation measures
recommended by IT personnel.
5. Take the necessary actions.
Finally, follow the guidelines listed in the audit report. Examples of actions to improve
safety may include:

Development
 Correct specific security vulnerabilities or weaknesses in accordance with remedial

procedures.
 Train employees on safety requirements and safety awareness.
 Implement additional advanced methods to handle sensitive data and identify signs
of malware and phishing attacks.
 Acquire new technologies to strengthen existing systems and regularly monitor your
infrastructure for security threats. (Tierney, 2020)
Types of IT Security
 Network security
Network security is used to prevent unauthorized or malicious users from entering your
network. This ensures that usability, reliability, and integrity are not compromised. This
type of security is required to prevent a hacker from accessing data on the network. It also
prevents them from negatively impacting your users' ability to access or use the network.
Network security is becoming an increasingly complex challenge as companies expand the
number of endpoints and migrate services to the public cloud.
 Internet security
Internet security includes the protection of information sent and received in browsers, as
well as network security using web applications. These protections are designed to monitor
incoming Internet traffic for malware and unwanted traffic. This protection can take the
form of firewalls, malware and spyware protection.
 The last security post
Terminal security provides protection at the device level. Devices that can be protected
with endpoint security include cell phones, tablets, laptops, and desktop computers.
Endpoint security will prevent your devices from accessing malicious networks that could
pose a threat to your organization. Advanced malware protection and device management
software are examples of endpoint security.
 Cloud Security
Apps, data, and identities move to the cloud, which means users connect directly to the
Internet and are not protected by a traditional security stack. Cloud security can help protect
the use of software as a service (SaaS) and public cloud applications. Cloud Access Security
Broker (CASB), Secure Internet Gateway (GIS) and Cloud Unified Threat Management
(UTM) can be used for cloud security.

Development
 Application security
Due to application security, applications are specially encrypted at creation time to be as
secure as possible to ensure that they are not vulnerable to attacks. This additional layer of
security includes assessing the application code and identifying vulnerabilities that may
exist in the software. (cisco, 2021)
IT Security Audit Chart of EMC Cyber
EMC Cyber
Description – IT Security Audit of EMC Cyber
Version 1.0
Security Administrator Sivarasa Pakeen
Email or Phone Shrawanshraw3333@gmail.com
To assesses the security of the server's
physical configuration and environment,
Purpose
software, information handling processes,
and user practices.
Date 02 August 2021
Auditor Remarks (Supporting
Areas of Audit Observations, Findings, References &
Substantiation)
Table 11 IT Security Audit of EMC Cyber
Organization Policies & Procedures
Description Yes No N/A

Is EMC organization structure & roles and responsibilities
defined for IT?
Are operators certified for operating the trading servers and
systems?
Are plans related to business continuity and disaster recovery
tested and records related to test available?
Do incident response procedures exists? Are incidents
reported, resolved / closed and analyzed for root cause? Is
escalation of incidents done to management and organization
as applicable, based on criticality, impact and type of
incidents?

Development
Do Plans related to business continuity and disaster recovery

exist?
Are Server operators having experience?
Are resources, assets identified, and ownership assigned

towards complete lifecycle of these assets by management?
Are Policies related to Information Technology & Information
Security are available, approved by management and
complied?
Table 12 IT Security Audit for Organizations Policies & Procedures
Basic Network Controls

Are firewalls, routers, and other devices securely configured
to control access?
Do organization use firewalls, routers and other devices to
protect your network?
Have the following configuration steps been completed?
Removed unneeded services
Changed the default admin passwords
Do organization use updated anti-virus and anti-spyware software:

On all desktop computers with automatic update, where
available
To Scan all incoming email
Do organization regularly update software and security patches:

On all computers and servers with automatic update, where
available
On all desktop computers with automatic update, where
available
Table 13 IT Security Audit for Basic network controls

Development
Wireless and Remote Access
Do allow remote access to network?
If Yes, how do secure remote access?

User ID and Password VPN or similar VPN with additional authentication
Is employee access to the network monitored?
Do have a wireless network?
Is the wireless network for “guest” access and is it on a

separate subnet from
The rest of the network?
Do you require minimum security standards (anti-virus,
firewall, etc.) for
Computers with remote access?
If Yes, is the wireless network secured? (Note, WEP is not a
secure encryption
Protocol for wireless networks.)
Table 14 IT Security Audit for Wireless and remote access
Network Servers

How do organizations limit access to their network? (Check all that apply)
Unique user ID, password, plus additional authentication is

required
Is employee access to the network monitored?
Do you use employee permission controls to restrict access to

authorized users?
Is unsuccessful logon attempts monitored?
Is email used to send or receive sensitive information?
Table 15 IT Security Audit for Network Servers

Development
Encryption

Is the information transmitted encrypted?
Key management procedures for decryption are documented,

available to more than one (authorized) person, approved by
the data owner, and secure key management procedures are
followed.
Are certificates issued to clients of the organization?
Is all communication between client and server secured with

end-to-end encryption over a secure standardized protocol?
Is encryption and related procedures consistent with the
policies and provisions of the 2000 Law of the Ministry of
Telecommunications and Information Technology?
Is the login page and all subsequent authenticated pages
accessed exclusively over TLS / SSL?
Are encryption keys stored on a secure server and are access
procedures documented?
Does the size of the key used for encryption comply with the
policies and guidelines of the relevant authorities?
Table 16 IT Security Audit for Encryption
Access control
Does the system prompt you to change your password the first
time a user logs into the system?
Does the system automatically log out (lock/lock) the user
when the password expires?
Does the system provide password masking or password
hiding at login?
Are there controls to ensure that the password is a minimum
of six characters and a maximum of twelve characters?

Development
Are there controls to ensure that the password is

alphanumeric (preferably with a special character) rather than
just alphabetical or numeric only?
Do authorized personnel create access to personnel?
In case of a new user/password change, Is the password

securely transmitted to the user?
Is the authentication mechanism strong enough to handle
threats that may apply to EMC?
Is approval and authorization required to create users and
grant access (physical, system, database, application)?
Is there any trace of user IDs created, disabled, enabled,
deleted and unlocked? Is there a record of all these events?
Does the system only allow authorized users with
administrator rights to log a user out?
Are there checks to make sure the user's login ID and
password don't have to be the same?
Are the two factors different in the two-factor authentication
structure?
Are there controls to ensure that all passwords are protected
by an encryption mechanism and that the encryption
mechanism is sufficient to protect against potential risks?
Are there checks to ensure that the changed password is not
the same as the last password?
Is the authentication mechanism strong enough to handle
threats that may apply to EMC?
Is two-factor authentication applied for login session for all
orders shipped using Internet Protocol?
Has a public key infrastructure (PKI) implementation using
digital signatures for authentication been implemented, with
support from one of the Sri Lankan government-approved
agencies?
Table 17 IT Security Audit for Access Control

Development
3.1.7 Organizational Policy

A policy is a set of general guidelines that describe an organization's plan to address a
problem. Policymakers communicate the relationship between the vision and values of an
organization and its day-to-day operations. (i-sight, 2021)
3.1.8 Advantages of IT Security Audit
1. Measure the flow of data in your business.

Data is one of the core assets of any organization that needs the highest security controls.
IT security auditors regulate the type of information organization have, the flow of data in
organization, and who has the right to access that information. All technologies and
methods associated with its data protection standards are scrutinized to ensure that data is
not lost, stolen, used or corrupted. Otherwise, organization may risk litigation with clients
or other affected parties. The audit team can also lay the foundation for any necessary
changes or compliance in this area.
2. Identify vulnerabilities and problem areas.
An IT system is huge and consists of several parts, including hardware, software, data, and
procedures. IT outsourcing services provide experts who can determine if there are
potentially problem areas in organization IT environment in a number of ways. They can
determine if your software or hardware is configured and working properly. They can also
detect security conflicts from the past that may have exposed your security vulnerabilities.
An on-site audit can focus on passing tests in terms of network vulnerability, operating
system, security policy, and security application.
3. Determine whether organization need to change security policies and
standards.
The audit procedure begins with a preliminary audit, when the auditors receive relevant
documentation from past audits, as well as copies of the current security policies and action
plan. They then analyze and investigate organization entire system on site. During the audit
process, auditors document everything they have learned about the security and
effectiveness of their IT system. By the time they complete their audit, they will have a
sound judgment of whether you have satisfactory security standards that are consistently
applied across organization. For example, they can detect incidents of unauthorized access
to wireless networks that can create risks that exceed acceptable levels.

Development
4. Recommends how to use information technology to keep organization’s

business safe.
The technology you use must match the level of security your business requires. That is
why the IT Security Audit feature is to help organization’s understand how to select the
right security tools for organization. Auditors must be able to manage whether you need to
centralize security solutions across all devices or use dedicated software for each area of
risk. Security auditors can also advise. If organization are not spending too much on IT
system so that organization can properly assign security devices. They can prevent
organization from trying to protect all your servers or applications if they think the level of
risk is not worth it.
5. Provides an in-depth analysis of internal and external IT systems and
practices.
The IT information security audit report includes a comprehensive list of the audit
department's findings, complete with an executive report, supporting data, and attachments.
Provides corrective actions and recommended solutions for risk areas, compliance with
industry standards and security policies. For example, a section of the report can analyze
the quality of organization security audits. Organization may have installed a firewall on
server, but if internal controls are weak or incorrect, organization are still putting important
data at risk. As technology advances, another important requirement for organization’s
business is keeping an eye on IT security, where the stakes are high. Along with this
recognition, auditing organization system is a difficult decision must make for
organization, partners, and customers.
3.2 Mandatory Data Protection laws and procedures, which will be, applied to
data storage solutions provided by EMC Cloud
3.2.1 Definition of Data Protection Act
Figure 18 data Protection

Development
Data Protection Act is the UK law that governs the processing and processing of personal
information.
In particular, the term "data protection law" can refer to many different pieces of legislation
called "data protection law". Each new legislation is introduced to replace, update and
update the previous version of the DPA. (sumup, 2021)
3.2.1.1 Data Protection Act 1998

The 1998 Data Protection Act (the "Law") regulates how and when to obtain, use, and
disclose information related to individuals.
The bill also allows individuals to access personal data related to them question the misuse
of the data and seek remedies. The implementation of this bill is carried out through the
Information Commissioner ("Commissioner").
The Act stipulates that any individual or organization in a computer or certain manual data
system (or processing such information on a computer) is obliged to comply with the eight
data protection principles and notify the commissioner of the processing that will take
place.
Failure to notify is a criminal offence. However, there are many exemptions from the
notification requirements of the Act for individuals and organizations that only use personal
data on a limited basis.
The commissioner has developed a self-assessment guide to determine whether notification
is required.
Remedies for misuse of personal data include compensation when individuals suffer
damage, correct or destroy inaccurate data, and the right to request a commissioner to
review whether they violate the Act.
Figure 19 Data Protection Act of 1998

Development
Principles of Data Protection Act (DPA) 1998

Having seen the changes from the DPA in 1998 to the legislation in 2018, it is worth noting
that the following seven principles are intended to form the basis for organizations to
establish all data protection practices. The year is 2020, and all organizations that process
personal data must understand and comply with these increasingly common data protection
principles.
1. Legal, honest and transparent
In addition to continuing with the data protection standards / principles of legality and
fairness, this new standard also aims to allow users to understand the contents of the record
when transferring personal data. This principle requires organizations to use “clear, clear
and precise” language for content agreed by stakeholders, helping to ensure data rights and
legal protection.
2. Restrictions of use
This principle states that personal data collected for specific, previously established and
understandable purposes should not be used for other applications. While the GDPR states
that this purpose limitation principle does not conflict with processing based on public
interest, scientific or statistical purposes or historical research, it limits the scope of an
organization's "multipurpose" personal data.
3. Data minimization
To ensure that the amount or amount of data collected and / or processed is sufficient,
current and limited for its intended purpose, the principle of data minimization is to restrict
any organization from accumulating data effectively without clear reasons.
4. Precision
This is not a very important step forward in data protection, and it appeared in DPA 1998.
This principle makes organizations responsible for updating or removing inaccurate
information.
5. Storage limit
As with the 'retention' principle above, retention restrictions prevent organizations from
storing data indefinitely or beyond its intended purpose. Likewise, organizations may retain
personal data for the public interest, archival, scientific or historical research or for
statistical purposes, but these reasons must be reasonable and documented.

Development
6. Honesty and confidentiality

Formerly known as the "security" principle, the integrity and confidentiality of personal
data must be maintained with appropriate security measures. As with many other principles,
implementing physical and technical controls to ensure compliance is an inherent
responsibility.
7. Responsibility
Since there was no prior principle in DPA 1998, the liability principle requires
organizations to be held accountable for the personal data they process and their compliance
with six other principles. Appropriate records and actions must be taken to confirm
compliance. (hutsix, 2021)
3.2.1.2 Data Protection Act 2018

The current version of the Data Protection Act was introduced in May 2018. One of the
main features of DPA 2018 was the incorporation of the standards set out in the GDPR into
UK law.
However, DPA 2018 also introduced some additional changes that were not covered by the
GDPR, mainly in areas over which the EU has no authority (such as immigration and
security). (sumup, 2021)
Figure 20 Data Protection act of 2018
Principles of Data Protection Act 2018
1. Legal, fair and transparent processing

This principle emphasizes transparency about how and why data is collected. You must
indicate the legal basis in accordance with the GDPR (there are six of them) for the
collection and use of personal data. You must ensure that you do not violate other laws
during processing. Personal data must be used fairly with people, and you must be honest
and open about the use of their data.

Development
2. Goal limitation
This principle emphasizes the need for organizations to have a clear understanding of their
processing objectives from the outset. You need to clearly understand what your processing
purposes are and they should be recorded as part of your documentation obligations
(liability principle). You can no longer collect unnecessary information, you must have a
goal. If a new processing purpose arises, this data can only be used if it is compatible with
the original, if you have obtained consent or if it has a clear basis in law.
3. Data minimization
This principle emphasizes the need for organizations to minimize the data they collect.
All data collected must have a specific purpose. This principle is designed with today's
digital landscape in mind, in which almost all imaginable data can be collected in one way
or another. To be GDPR compliant, organizations only need to store the minimum amount
of data they need.
We must ensure that the personal data you process:
 Enough to adequately achieve the set goal
 Relevant: contains a link / refers to this target
 Limited to what is needed: you have no more than what is needed for this purpose.
4. Accurate and timely processing
This principle requires dispatchers to ensure that the information they hold is accurate, up-
to-date and up-to-date. Its use is only permitted if it remains accurate and up-to-date. You
must take all reasonable steps to ensure that your personal information is in no way
incorrect or misleading. If you find that personal information is incorrect or misleading,
you should take all reasonable steps to correct or delete it as soon as possible.
5. Storage limitation
This principle emphasizes the need for organizations not to store data more than is
necessary.
Personal data is stored in a form that allows the identification of data subjects for a period
not exceeding that necessary for the purposes for which the personal data is processed.
Even if you collect and use it legally, you can't keep it longer than you really need to.
The GDPR does not set specific time limits for different types of data; this is up to you, but
the retention periods you specify for different types of data should be reflected in your data
retention policy.

Development
6. Integrity and confidentiality (security)

This principle protects the integrity, confidentiality and confidentiality of data by imposing
certain obligations on organizations to protect it. The organizations that collect and process
data are solely responsible for the security of that data, and these security measures must
be fully proportional to the type of data. To comply, organizations must enforce strong data
security policies that protect data from all threats.
7. The principle of responsibility
This principle assigns responsibility for GDPR compliance to the organization and shows
that you comply with it; you should be responsible for the data processing activities that
you carry out. To ensure ongoing compliance, each step of your GDPR strategy must be
audited using policies and procedures. In the case of an investigation, you can prove that
the appropriate steps were taken, or at least you can show that the necessary steps were
taken. These commitments are being met and should be reviewed periodically.
(privacyhelper, 2021)
3.2.2 Computer Misuse Act 1990

The Computer Misuse Act 1990 provides UK legal protection against piracy, allowing the
government to hold accountable those who use or gain access to computers for malicious
purposes.
Three decades after the law was passed, cybercrime continues to rise year after year, and
hackers are more powerful and effective than ever.
Does the Law meet the threats posed by today's hackers? Understanding this law is a key
way for companies operating in the UK to keep cybercriminals out of their systems.
(Robert, 2020)
The law makes the following illegal:
 Unauthorized access to computer materials. This refers to logging into a computer
system without permission (hacking).
 Unauthorized access to computer materials for the purpose of committing a new
crime. This refers to logging into a computer system to steal data or destroy a device
or network (for example, install a virus).
 Unauthorized modification of data. This refers to the modification or deletion of
data, and also includes the introduction of malware or spyware into a computer
(electronic vandalism and information theft).

Development
 Manufacture, supply or receive anything that can be used to commit crimes of

misuse of a computer.
 These four articles cover a variety of crimes including hacking, computer fraud,
blackmail, and viruses.
Failure to comply with the Computer Misuse Law can result in fines and jail time. (bbc,
2021)
Offence Penalty
Unauthorized access to computer Up to six months in prison and / or a fine
materials of up to £ 5,000.
Unauthorized access to computer Up to five years in prison and / or
materials for the purpose of committing an unlimited fine
additional offense
Up to five years in prison and / or
Unauthorized modification of data
unlimited fine
Do, supply or receive anything that can be Up to ten years in prison and / or
used to commit crimes related to computer unlimited fine
misuse.
Table 18 Computer misuse law's offence and penalty
3.2.3 Personal Data Protection Act 2012
The Data Protection Act 2012 (Act No. 843) sets out the rules and principles for the
collection, use, disclosure and storage of your information or personal data-by-data
controllers or processors. By allowing controllers or data processors to process (collect,
use, disclose, delete, etc.) such personal data or information in accordance with individual
rights, you acknowledge that individuals have the right (rights of data subjects) to protect
your data or personal information. The bill also established the Data Protection
Commission as an independent legislative body to enforce and enforce compliance. (data
protection, 2021)
Principles of Personal data protection act 2012
The PDPA imposes the following data protection obligations on organizations in relation
to their data operations:
1. Obligation to Consent
An organization must obtain an individual's consent before collecting, using, or disclosing
their personal data for specific purposes (Section 13-17 of the PDPA).

Development
Purpose Limitation Obligation: An entity may collect, use, or disclose personal data only
for purposes that a reasonable person deems appropriate in the circumstances (Section 18
of the PDPA).
2. Obligation to Notify
An entity must notify an individual of the purposes for which it intends to collect, use or
disclose their personal data during or prior to such collection, use or disclosure, and may
collect, use and disclose personal data only for such purposes (Sections 18 and 20 PDPA).
Obligation to Access and Correct: The organization must, upon request, allow a person to
access and / or rectify their personal data in their possession or control. In addition, the
organization is required to provide an individual with information on how personal data
may have been used or disclosed during the last year (sections 21 and 22 of the Personal
Data Protection Act).
3. Commitment to Accuracy
An organization must use reasonable efforts to ensure the accuracy and completeness of
the personal data it collects if it can use such personal data to make decisions that affect the
person concerned, or to disclose such personal data to another organization. (Section 23
PDPA).
4. Obligation to protect
An organization must protect personal data in its possession or control by adopting
reasonable security measures to prevent (a) unauthorized access, collection, use, disclosure,
copying, modification, deletion or similar risks and (b) loss of any medium or device on
which personal data is stored (section 24 of the Personal Data Protection Act).
Obligation to Restrict Retention: An entity should cease withholding documents containing
personal data, or remove the means by which personal data can be associated with specific
individuals, as soon as it is reasonable to assume that the storage of such personal data no
longer serves a purpose. For which it was collected and is no longer required for legal or
business purposes (Section 25 of the Personal Data Protection and Human Rights Act).
5. Restriction of Transfer Obligation
An entity must not transfer personal data to a country or territory outside of Singapore,
except as required by the PDPA to ensure that the transferred personal data is provided with
a protection standard comparable to the PDPA standard (Section 26 of the PDPA)

Development
6. Accountability Commitment
An organization must appoint a PDPA Compliance Officer, commonly referred to as a Data
Protection Officer (DPO), and develop and implement the policies and practices necessary
to fulfill your obligations. in accordance with PDPA, including a complaint process. In
addition, the organization is required to communicate these policies and practices to its
staff and to provide information to those requesting it about these policies and practices
(Sections 11 and 12 of the PDPA).
7. Obligation to report data breaches
An organization must assess data breaches that have occurred with respect to personal data
in its possession or control and must notify PDPC as well as those affected when certain
data breaches (reported data breaches) occur (Sections 26A - 26E PDPA). (dataguidance,
2021)
3.2.4 ISO 31000 Risk Management Methodology

The long-term success of an organization depends on many factors, from continually
evaluating and updating the proposal to optimizing processes. As if that were not enough,
they must also take into account contingencies when managing risk. That is why we
developed ISO 31000 for risk management.
In addition to ensuring business continuity, ISO 31000 provides a level of confidence in
terms of economic sustainability, professional reputation, environmental performance,
and safety. In a world of uncertainty, ISO 31000 is designed for any organization that
wants clear guidance on risk management. (iso, 2021)
Figure 21 ISO 31000

Development
How can organizations become ISO 31000 certified

ISO 31000 "Risk management - Guiding principles" contains the principles, structure and
process of risk management. Any organization can use it, regardless of its size, activity or
department.
Using ISO 31000 can help organizations increase the likelihood of achieving objectives,
improve the identification of opportunities and threats, and effectively allocate and use
resources to address risks.
However, ISO 31000 cannot be used for certification purposes, but rather to provide
guidance for internal or external audit programs. Organizations that use it can benchmark
their risk management practices against internationally recognized benchmarks to ensure
that sound governance and corporate governance principles are reasonable. (iso, 2021)
ISO 31000 Risk Management Process
1. Identifying Risks
Identifying what might prevent us from achieving our goals.
2. Risk analysis
Understanding the sources and causes of the identified risks, Examine the possibilities and
consequences, taking into account existing controls, to determine the level of remaining
risk.
3. Risk Assessment
Compare the results of the risk analysis with the risk criteria to determine whether residual
risk is acceptable.
4. Risk processing
Changing the magnitude and probability of both positive and negative outcomes to achieve
a net increase in profits.
5. Create context
Not included in previous definitions of the risk management process, this activity consists
of defining the scope of the risk management process, defining the organization's
objectives, and establishing risk assessment criteria. Context includes both external
elements (regulatory environment, market conditions, and stakeholder expectations) and
internal elements (management, culture, organizational norms and rules, opportunities,
existing contracts, employee expectations, information systems, etc.).

Development
6. Monitoring and Review

This task is to measure the effectiveness of risk management against indicators, which are
reviewed periodically to verify their suitability. It includes checking for deviations from
the risk management plan, checking that the structure, policy and plan for risk management
is appropriate considering the internal and external context of the organization, reporting
risks, progress in the risk management plan, managing risk and risk management. How well
the risk management policy is. The effectiveness of the risk management system is
monitored and analyzed.
7. Communication and consultation
This task will help you understand stakeholder interests and concerns, verify that the risk
management process focuses on the correct elements, and help explain the basis for specific
risk management decisions and options.
Principles of ISO 31000
The standard includes a series of principles that risk management must verify:
 Create and protect value
 Is based on the best information
 Is an integral part of organizational processes
 It is made to measure
 It is part of decision making
 Takes into account human and cultural factors

ISO 31000 Standards on Risk Management
 It redefines risk as the effect of uncertainty on the ability to achieve an

organization's objectives, emphasizing the importance of setting goals before
attempting to manage risk and emphasizing the role of uncertainty.
 He introduces the (sometimes-controversial) concept of risk appetite, or the level of

risk that an organization agrees to accept in exchange for expected value.
 Defines a risk management structure with different organizational procedures, roles

and responsibilities in risk management.
 Describes a management philosophy in which risk management is considered an

integral part of strategic decision-making and change management.

Development
4 Task
4.1 Managing Organizational Security
4.1.1 Security Policy
Information technology (IT) security policies define rules and procedures for all people
who access and use the organization’s IT assets and resources. An effective IT security
strategy is an organizational culture model in which rules and procedures depend on how
your employees handle their knowledge and work. Therefore, an effective IT security
strategy is a unique document designed for each organization, involving employees’
tolerance for risks, the way they view and evaluate information, and the availability of the
final information. They continue. ... For this reason, many companies will abandon repeated
IT security policies because they fail to consider how people in the organization actually
use and share information, as well as between each other and the public.
The goal of an IT security strategy is to protect the confidentiality, integrity, and availability
of systems and information used by members of the organization. These three principles
form the CIA triplet:
Confidentiality includes protecting assets from outsiders.
Integrity ensures that asset changes are handled in a specific and authoritative manner.
Availability is the state of the system where authorized users can continuously access these
assets.
An IT security policy is a dynamic document that will be constantly updated to adapt to
changing IT and business needs. Organizations such as the International Organization for
Standardization (ISO) and the National Institute of Standards and Technology (NIST) have
issued security policy standards and best practices. According to the National Research
Council (NRC), the characteristics of any company policy should include:
1. Goal
2. Scope of application
3. Special instructions (paloaltonetworks, 2021)
Data protection and data security are essential in an organization. And it should be handled
appropriately. There must be an agreement to control data protection in the organization.
This law should address every security issue,

Development
4.1.2 Security Policy for EMC Cyber
EMC Cyber Security Policy

Version 1.0
Author: Sivarasa Pakeen

Development
Introduction
The risk of data theft, fraud, and security breaches can have a detrimental effect on a
company's systems, technology infrastructure, and reputation. As a result, EMC Cyber has
developed this policy to help outline the security measures that keep information safe and
secure.
Purpose
The purpose of this policy is to protect EMC's cyber data and infrastructure, describe the
protocols and guidelines governing cyber security measures, define the rules for corporate
and personal use, and list the company's disciplinary procedures for breaches of the politics.
Scope
This policy applies to all remote EMC Cyber employees, full-time and part-time
employees, contractors, volunteers, vendors, trainees, and / or anyone with access to the
electronic systems, information, software, and / or equipment of the company.
1. Confidential information.
 EMC Cyber defines "sensitive data" as:
 Secret and unpublished financial information
 Information about customers, suppliers and shareholders.
 Lead and sales data.
 Patents, business processes and / or new technologies.
 Passwords, assignments and personal information of employees.
 Corporate contracts and legal documents.
Device Security:
Company use.
To ensure the security of all company-issued information and devices, EMC Cyber
employees must:
 All devices manufactured by the company must be password protected (at least
eight characters). This includes tablets, computers, and mobile devices.
 Secure all relevant devices before leaving your desk.
 Obtain permission from organization office manager and / or inventory manager
before removing devices from company premises.
 Do not share personal passwords with colleagues, personal acquaintances,
management team and / or shareholders.
 Update devices periodically with the latest security software.

Development
Personal use.
EMC Cyber understands that employees may be required to use personal devices to access
company systems. In such cases, employees should report this information to management
for record keeping. To protect company systems, all employees must:
 Make sure all personal devices used to access company systems are password
protected (at least eight characters).
 Install fully functional antivirus software.
 Update your antivirus software regularly.
 Lock all devices if left unattended.
 Make sure all devices are protected at all times.
 Always use secure and private networks.
2. Email security
Securing email systems is a top priority because emails can lead to data theft, fraud and
contain malicious software such as worms and errors. Therefore, EMC Cyber requires all
employees to:
 Please check the legitimacy of each email, including the email address and
sender's name.
 Avoid opening suspicious emails, attachments and clicking on links.
 Look for serious grammatical errors.
 Avoid clickbait headlines and links.
 Contact your IT department about any suspicious emails.
3. Data exchange
EMC Cyber is aware of the security risks associated with internal and / or external transfers
of sensitive data. To minimize the likelihood of data theft, we instruct all employees:
 Refrain from transferring classified information to employees and third parties.
 Only transfer sensitive data over EMC cyber networks.
 Get the required approval from senior management.
 Check the recipient of the information and make sure they have adequate security
measures in place.
 Comply with EMC Cyber's data protection laws and privacy agreements.
 Report any breach, malware and / or fraud immediately to IT.

Development
4. Disciplinary action
Violation of this policy may result in disciplinary action up to and including termination of
employment. EMC's cyber discipline protocols are based on the severity of the breach.
Unintentional violations require only verbal warning, frequent violations of the same nature
may result in written warning, and intentional violations may result in suspension and/or
termination depending on the circumstances of the case.
5. Awareness, Communication and Learning
New hires - To reduce the risk of inadvertent disclosure of confidential information
The HR department will refer new employees to this policy and confirmation that it has
been read understood and applied.
New and existing employees - To reduce the risk of inadvertent disclosure of confidential
information. Staff recruitment, cyber security training and orientation sessions will be held
as an integral part of the project. Employee adaptation and continuous improvement of
employees. In addition, recognition of this policy, if this is understandable and the
employee agrees to provide it, it will be included in the annual subscription with the code
of conduct.
Change in separation and/or employment status- In case of a change in status, including
promotion, Transfer or termination of the relevant HR department, the local IT
administrator is advised to change the employee's network and physical access rights as
needed appropriate on time.
Third parties - Third parties, suppliers, suppliers, partners, contractors, service providers
or customers. EMC intranet connection or EMC data access must be available policies and
policies governing third party access to the system are detailed in Annex VI.
6. Operations Technology
Data, applications and networks, new software and IT hardware: Software and IT
hardware that can compromise the security of all information technologies infrastructure,
IT department in Vancouver, development, procurement, or the installation and approval
of all purchases of new software and major equipment. No software should be installed on
devices owned by the Company, unless approved by the employee's immediate supervisor
and IT department. EMC installs only properly authorized and licensed software and
Installing or using unauthorized, unlicensed or illegally copied software.

Development
Change Management: IT to protect against changes that could compromise Capstone's

operations. The Vancouver Department will ensure compliance with standards for approval
and implementation of changes. Information technology infrastructure and environment, as
well as any new all kinds of applications. These standards, among others, properly managed
and managed - and must be tested, documented by cyber, business, technical areas of legal
risk should be considered and user acceptance should be documented prior to installation.
The approved distribution plan should include rollbacks and contingencies.
Viruses and malware: to protect the company from computer viruses and malware, all
computers and Devices connected to the Capstone infrastructure must be approved devices
and have standards that authorized antivirus and antivirus software is installed. This is the
responsibility of the information-processing department. Keep this software up to date and
report any sign of infection to the IT department. Enhanced security, personal email is not
accessible via web browser or apps; Synchronization of tablets and mobile phones with
personal email is allowed accounts because these devices do not have access to the
corporate network.
Bring-Your-Own-Device (BYOD): Users should comply with the Terms and Conditions
of the BYOD Program to use personally owned devices to access Capstone info and
resources. The guidelines for the BYOD program square measure made public in Appendix
VII.
Equipment: Users square measure to blame for the hardware allotted to them. The IT
Department should approve relocations and transfers of equipment.
VPN: To safeguard company information whereas exploitation public networks, the IT
Department, wherever needed, will offer and support secured remote access, together with
Virtual personal Networks (VPN). Only Company issued devices are designed with VPN
(or equivalent) access. Users with VPN credentials are to blame for maintaining their
confidentiality in line with the word provisions of this policy.
Incident management: To promptly reply to threats, user’s square measure expected to
speak info security incidents to the IT Department in accordance with the incident response
breach policy. Security incidents embrace any violation of this security policy that
compromises company information severally of ownership of the device. The IT
Department is to blame for the channels and procedures that guarantee that security
incidents square measure known, contained, investigated, and remedied.

Development
7. Legal and Compliance

EMC will regularly assess developments within the company and in the environment, and
ensure the promulgation of corporate wide policies for:
 Cyber security management
 Management of third party’s access to company networks
 Other policies as required to ensure minimum standards of care are taken by the
organization to protect against cyber threat.
Cyber risk will be monitored through the ERM system, audited through the ICFR, ITGC
and Internal audit programs and be included in the ERM report communicated to the Board
of Directors quarterly. Legal counsel as a matter of course should review all material
contracts and to ensure that the potential cyber risk assumed or created as a result is
understood by management. All contracts for the provision of cyber related services to the
company should be reviewed by legal counsel to ensure that management has the
understanding of residual risks for purposes of making relevant business decisions.
4.1.3 Tools Used in an organizational Policy

Definition of Security Policy Tools
The EMC Cyber organization needs the right security products to deal with threats and
uncertainties. In recent years, security experts have released a variety of security products
to address the challenges an organization faces against cybercriminals.
Security products are designed to perform functions ranging from network and endpoint
security to cloud security and identity and access management. These products are useful
for an organization's cybersecurity as they provide solutions to organizations to combat
threats.
These are some of the products EMC need to keep business safe. (infoguard, 2018)
Network Security Tools
1. Wire shark
Wireshark debuted under the ethereal label. The console tool is an excellent protocol
analyzer mostly modeled after Tcpdump. Wireshark provides a real-time overview of the
network. Allows users to view recovered TCP session threads. Although Wireshark is still
the most common packet sniffer, many for security and device resources prefer Tcpdump.
Daily updates are provided to the device to keep up with its powerful packet detection
capabilities.

Development
2. Metasploit
Metasploit is available in a commercial Pro version and an open source Pro version for
developers or security professionals. Users can use this Rapid7 network security tool to
search more than 1500 processes, including security for network segmentation. It also
allows organizations to perform various security assessments and strengthen the overall
security of the network to be more comprehensive and responsive.
3. Nessus
When a company has insufficient security settings or faulty updates, this software fixes
bugs and improves the integrity of its network. Nessus identifies and fixes detected
vulnerabilities, including missing or missing patches, software bugs, or other common bugs
in applications, computers, and operating systems.
4. Air crack
A suite of WEP and WPA cracking tools, Aircrack provides ideal solutions for securing
mobile devices on the Internet. Aircrack is a reliable software for hacking algorithms.
Airdecap for broadcasting for WEP/WPA file decryption and packet injection is included
in the package. This package includes many more tools for building a robust suite of
information security applications. Aircrack is a comprehensive solution for a variety of
wireless security needs.
5. Snoring
It is an open source IDS that supports all operating systems and hardware. The software
analyzes protocols, searches/collects content and detects various network security attacks.
Snort is an effective intrusion detection and prevention framework, thanks to its simple
configuration, universal rules, and raw packet analysis.
6. Cain and Abel
Cain and Abel is a password recovery tool that is only compatible with Windows operating
system. It can record VoIP interactions, crack encrypted passwords, and analyze protocols
for routing operations. Detect cached passwords; explore password boxes, cryptanalysis,
brute force cryptanalysis etc.
7. Argus
It is one of the best free open source network analysis tools on the market. Argus stands
for Audit Record Creation and Usage System. The software, as the acronym suggests,
performs deep and efficient analysis of network data with fast and detailed reports on large
network traffic.

Development
8. Nagios
Nagios takes a great approach to network management. It is one of the most effective free
network security tools for aspiring cybersecurity professionals and experts. Nagios
monitors hosts, devices and networks and provides real-time notifications. Let users choose
the notifications they want to receive. It can monitor network resources such as HTTP,
NNTP, ICMP, POP3, and SMTP.
9. Tcpdump
Tcpdump is a Mac, Windows, and Linux compatible application that precedes the market-
leading Wireshark tool. It set the standard for network security. Tcpdump remains a very
effective network sniffer with a new approach.
10. Splunk
One of the simplest apps with a single interface, Splunk is the perfect tool for those on a
budget. This is a paid app with free versions for a limited time. Designed for real-time and
historical data searching, Splunk's powerful search feature makes monitoring applications
easy to use. Splunk is one of the fast and scalable network scanning tools. (jigsawacademy,
n.d.)
Encryption Security Tools
1. Final pass
Probably one of the most popular password management tools, Last Pass is available for
free with limited features while protecting your passwords and personal data. By using such
an encryption software tool, you no longer have to remember or type your password in a
notepad or other physical location. Last Pass has an intuitive and easy-to-use interface that
can make your life easier. There are extensions for the main web browsers such as Mozilla
Firefox and Google Chrome. You can also use the mobile application available for both
Android and Apple.
2. Descriptor
Another free open source encryption software that you can use to protect your internal and
external drive, including system partition and even ISO images, USB sticks, or other
storage devices. Like BitLocker, it is a full disk encryption tool for the Windows operating
system that includes various encryption algorithms such as AES, Twofish, and Serpent.
The interface is simple and intuitive, all you have to do is select a drive and click "Encrypt"
to protect your data.

Development
3. Ax Crypt
Similar to 7-Zip, Ax Crypt is an open source file encryption tool that offers a free solution
and a premium version for Windows, macOS, Android, and iOS. It has AES-256 file
encryption and can effectively encrypt a file, an entire folder, or groups of files with a
simple right click. Files can be encrypted for a specified period of time or automatically
decrypted later when this file reaches its destination. So how can I improve my online
security without creating too many obstacles that can slow down my access to information
posted on the Internet? Here are some simple tools you can use to access content online, as
well as to protect against data leakage.
4. HTTPS anywhere
Encrypting your files is not enough. To stay one-step ahead of cybercriminals, you need to
improve your online protection by ensuring that no one is listening to your online
communication. We recommend trying a browser extension like HTTPS Everywhere,
which is compatible with Mozilla Firefox, Opera, and Google Chrome, to always have
access to secure web pages that use encryption mechanisms. The extension was created as
a result of collaboration between EFF and the Tor Project and automatically switches from
insecure sites using HTTP to secure https. (ioana, 2021)
Password Security Tools
1. 1Password
1Password is a password manager designed not only to provide protection for individuals
or organizations, but also to provide an overall password protection system for families.
1Password considers itself the most popular password manager in the world.
There are two main guidelines for the service, one for individuals and their families that
allow a user or a family of up to five people to securely log in using 1Password. There is
also a business service that provides protection for those working from home and for teams
and companies in general.
In addition to providing, all of the above, 1Password protects you from hacks and other
threats like key loggers and phishing attempts, and only works in trusted browsers.
The result is a highly reliable and competent password manager suitable for both personal
and corporate use, including working from home, without compromising your security.
2. OTP (One Time Password)
In some applications, a one-time password set (OTP) is predefined or even printed, but in
most modern applications, the one-time password (OTP) is generated in real time by a

Development
software authenticator or hardware that the user has in his possession. The user-owned
authenticator uses a cryptographic key with a verifier, which is software that attempts to
verify the identity of the user.
Regardless of how it is created, each one-time password can only be used once. A verifier
that validates a password as a means of verifying the identity of a user will reject the reuse
of the password.
In many cases, the use of an OTP authenticator is just one component of the multi-factor
authentication procedure. By combining a one-time password with another factor, such as
a static password or some type of biometric signature, information can be more secure than
a separately stored static password.
Database Security tools
1. MSSQL data mask
When using real-time data in a test database, all organizations make a common mistake. In
order to avoid this situation, MSSQL Data Mask provides developers with the ability to use
SQL Server database to mask development, testing or outsourcing project data. MSSQL
Data Mask has a classified data-masking tool to protect data classified as personally
identifiable, sensitive personal data, or business-sensitive data.
2. Scuba diving
Scuba is a free database security software tool from the supplier Imperva, used to analyze
more than 2,000 common issues, such as weak passwords, known configuration risks, and
missing patches on various database platforms. The organization uses Scuba as a database
patch developer.
3. App Detective Pro
AppDetectivePRO can detect configuration errors, identity and access control issues,
missing patches or elevation of privilege or denial of service attacks, data leakage or data
manipulation.
4. Zen Card
Zen map is the official GUI of the Nmap security scanner. It is a cross-platform application
(Linux, Windows, Mac OS X, BSD, etc.) designed to make Nmap easier for beginners to
use and provide advanced features for advanced Nmap users. Allows you to save frequently
used scans as a configuration file for easy restart. It includes many very important
functions, such as scanning and detecting sample databases and vulnerabilities.

Development
4.2 Develop and present a disaster recovery plan for EMC Cloud
4.2.1 EMC Cyber’s DRP Screenshot
Figure 22 Introduction slide
Figure 23 Introduction about EMC Cyber

Development
Figure 24 Definition of ISO
Figure 25 Cover Slide of Disaster Recovery Plan

Development
Figure 26 Contents of Presentation
Figure 27 Goal of Presentation

Development
Figure 28 explanation of Disaster
Figure 29 examples for types of disaster

Development
Figure 30 Disaster Recovery Plan
Figure 31 Types of Disaster

Development
Figure 32 Disaster Recovery Plan
Figure 33 Key components of Disaster Recovery Plan

Development
Figure 34 Take Inventory of IT Assets
Figure 35 Establish a Recovery Timeline

Development
Figure 36 Assign Roles and Responsibilities & Communication
Figure 37 data Backup & Location

Development
Figure 38 consider insurance
Figure 39 Test the disaster recovery plan

Development
Figure 40 Advantages of Data Recovery Plan
Figure 41 Cost Efficiency

Development
Figure 42 Increased employee Productivity
Figure 43 Greater Customer Retention

Development
Figure 44 any questions Slide
4.2.2 Implementing Security Audit Recommendations for the Organization.

In the IT sector, IT professionals face a security breach on their network. Any state of
affairs will cause knowledge loss and operations in a company area unit stop working.
These area unit terribly serious issues that no company will afford, as a result of any
resource will cause intolerable harm to an organization.
An IT audit for structure IT infrastructure and employees functions could be a productive
unconscious process against crime and different security threats.
Auditors sometimes perform neutral interviews, vulnerability scans, and a series of
evaluations to assess security programs for organizations. IT security audit of the corporate,
which might give insights into strategic solutions on the way to enhance the organization's
overall IT processes and operations.
4.2.2.1 Organizational Stakeholders

Corporate stakeholders refer to the parties concerned with the performance of the company.
And they are directly affected by the company's practices. These include employees,
managers and employees. (penpoin, 2021)

Development
Figure 45 Stakeholders
Types of Stakeholders
Businesses exist in a great environment and many factors affect them directly or indirectly.
Every organization has stakeholders regardless of its size, nature, structure, and purpose.
The interested parties can be any natural or legal person that affects the activities of the
company and can be influenced by it. In the business environment, stakeholders are divided
into two categories: internal stakeholders and external stakeholders.
Figure 46 Types of Stakeholders

Development
Internal Stakeholder
Internal stakeholder area - those parties, individuals or clusters who are involved in the
management of the company. They will influence and can depend on the success or failure
of the organization as a result of the need for unconditional ownership within the
organization. Primary Stakeholders - This is the second name for internal stakeholders.
Internal Stakeholder Area Unit dedicated to the provision of corporate services. They are
extremely concerned about the choice of the company, its performance, profits and
alternative activities. if there are no internal stakeholders, the organization will not be ready
to survive in the long term. That is why they need great influence over the company. In
addition, they recognize all the secrets and internal affairs of the entity. Territorial unit
following the list of internal stakeholders:
Employees: a group of people working for a company for a fee.
Owners: The person or group that owns the organization. They will be partners,
shareholders, etc.
Board of Directors: This group of people runs a legal entity. Corporate members at the
AGM do not appoint them.
Managers: A manager is a person who manages an entire department. Such as Sales
Manager, Top Dog, etc.
Investors: an individual or group who invests their money in the territorial division of the
investing organization.
External Stakeholder
External stakeholders are those stakeholders who are not part of management, but who are
indirectly influenced by the work of the company. These external parts are part of the
business environment. They are also referred to as secondary stakeholders. They are users
of a company's financial information in order to know its results, profitability and liquidity.
External stakeholders are not involved in the day-to-day operations of the business, but are
influenced by the actions of the business. They deal with the company externally. They
have no idea about the internal affairs of the company.
Here is the list of external stakeholders:
Suppliers: They provide the organization with raw data such as raw materials, equipment,
etc.
Buyers: They are considered the king of the business because they are about to consume
the product.

Development
Lenders: This is the individual, bank or financial institution that provides funds to the
organization.
Clients: These are the parties with which the company works and provides its services.
Intermediaries: These are marketing channels that create a connection between a company
and customers such as wholesalers, distributors, retailers, etc.
Competitors: These are competitors who also compete with the organization for resources
and market.
Society: The Company is accountable to the community because the company uses its
valuable resources.
Government: The Company is governed and controlled by government rules and
regulations, as if it had to pay taxes and fees charged to the company. (Surbhi, 2017)
4.2.2.2 Shareholders
A shareholder can be an individual, a company or an organization that owns shares in a
particular company. A shareholder must own at least one share of a company or mutual
fund in order to become a partial owner. Shareholders usually receive a declared dividend
if the business is going well and successfully.
Roles of a Stakeholder
A shareholder is not only about making a profit, but also about other responsibilities.
Here are some of the responsibilities:
 Brainstorming and defining the powers granted to the directors of the company,
including their appointment and dismissal.
 Decide how much directors are paid for their salary. This practice is very difficult
because shareholders must be sure that the amount they return will offset expenses
and the cost of living in the city where the director lives, without damaging the
company's treasury.
 Make decisions in cases where the directors do not have authority, including
amending the company's bylaws.
 Verification and reconciliation of the financial statements of the company.

Development
Types of Stakeholder
There are Two Types of Stakeholders Such as Common Shareholder and Prefer
Shareholder
Common Shareholder
Common shares are a type of guarantee representing the ownership of the share capital of
a company. Other terms such as common shares, ordinary shares or voting shares are
equivalent to common shares.
Holders of ordinary shares have the right to claim and control a share of the company's
profits by participating in elections to the board of directors, as well as voting on important
corporate policies.
The holders of ordinary shares can benefit from the appreciation of the securities. On
average, common stocks offer higher returns than preferred stocks or bonds. However, the
highest returns are associated with the highest risks associated with such securities.
Preferred Shareholders
Preferred shares (also known as preferred shares or preferred shares) are securities that
represent property in a corporation and take precedence over ordinary shares in the assets
and earnings of the company. Stocks are older than common stocks, but younger than bonds
in terms of asset requirements. Holders of preferred shares also have priority over holders
of common shares in the payment of dividends. (corporatefinanceinstitute, 2021)

Development
5 References
Active & Passive Attacks [Definition & Differences] | Venafi. 2021. Active & Passive
Attacks [Definition & Differences] | Venafi. [ONLINE] Available
at: https://www.venafi.com/blog/what-active-attack-vs-passive-attack-using-encryption.
[Accessed 13 September 2021].
Assignment Help 4 Me. 2021. A comprehensive study of Cyber Security and its types.
[ONLINE] Available at: https://assignmenthelp4me.com/article-advantages-and-
disadvantages-of-cybersecurity-342.html. [Accessed 13 September 2021].
BBC Bitesize. 2021. Computer Misuse Act (1990) - Ethical, legal and environmental
impact - CCEA - GCSE Digital Technology (CCEA) Revision - BBC Bitesize. [ONLINE]
Available at: https://www.bbc.co.uk/bitesize/guides/z8m36yc/revision/5. [Accessed 13
September 2021].
Best Network Monitoring Vendors, Software, Tools and Performance Solutions. 2021. 8
Benefits of Network Performance Monitoring Solutions. [ONLINE] Available
at: https://solutionsreview.com/network-monitoring/8-benefits-of-network-performance-
monitoring-solutions/. [Accessed 13 September 2021].
Brad Garland. 2021. 4 Common Mistakes in Firewall Configuration. [ONLINE] Available
at: https://www.valasecure.com/blog/4-common-mistakes-in-firewall-configuration.
Check Point Software. 2021. What is a DMZ Network? - Check Point Software. [ONLINE]
Available at: https://www.checkpoint.com/cyber-hub/network-security/what-is-a-dmz-
network/. [Accessed 13 September 2021].
Cisco. 2021. Network Address Translation (NAT) FAQ - Cisco. [ONLINE] Available
at: https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-
nat/26704-nat-faq-00.html. [Accessed 13 September 2021].
Cisco. 2021. What Is a VPN? - Virtual Private Network - Cisco. [ONLINE] Available
at: https://www.cisco.com/c/en/us/products/security/vpn-endpoint-security-clients/what-
is-vpn.html. [Accessed 13 September 2021].
Cisco. 2021. What Is IT Security? - Information Technology Security - Cisco. [ONLINE]
Available at: https://www.cisco.com/c/en/us/products/security/what-is-it-security.html.
Corporate Finance Institute. 2021. Risk Management - Overview, Importance and
Processes. [ONLINE] Available

Development
at: https://corporatefinanceinstitute.com/resources/knowledge/strategy/risk-management/.
Corporate Finance Institute. 2021. Shareholder - Definition, Roles, and Types of
Shareholders. [ONLINE] Available
at: https://corporatefinanceinstitute.com/resources/knowledge/finance/shareholder/.
Cyber Security Solutions, Compliance, and Consulting Services - IT Security. 2021. 5
essential security tools for every organization - Cyber Security Solutions, Compliance, and
Consulting Services - IT Security. [ONLINE] Available
at: https://www.infoguardsecurity.com/5-essential-security-tools-for-every-organization/.
Data Protection Commission Ghana. 2021. The Data Protection Act 2012. [ONLINE]
Available at: https://www.dataprotection.org.gh/data-protection/data-protection-acts-
2012#:~:text=OVERVIEW%20OF%20DATA%20PROTECTION%20ACT%2C%20201
2%20(ACT%20843)&text=It%20recognises%20a%20person%27s%20right,accordance
%20with%20the%20individual%27s%20rights.. [Accessed 13 September 2021].
DataGuidance. 2021. Singapore - Data Protection Overview 2021 | Guidance Note |
DataGuidance. [ONLINE] Available at: https://www.dataguidance.com/notes/singapore-
data-protection-overview. [Accessed 13 September 2021].
Difference between Active Attack and Passive Attack. 2021. Difference between Active
Attack and Passive Attack. [ONLINE] Available
at: https://www.tutorialspoint.com/difference-between-active-attack-and-passive-attack.
Fortinet. 2021. Firewall Benefits: The Importance of Firewall Security | Fortinet.
[ONLINE] Available at: https://www.fortinet.com/resources/cyberglossary/benefits-of-
firewall. [Accessed 13 September 2021].
Fortinet. 2021. Benefits of VPNS: What are the pros and cons of a VPN? | Fortinet.
[ONLINE] Available at: https://www.fortinet.com/resources/cyberglossary/benefits-of-
vpn. [Accessed 13 September 2021].
GeeksforGeeks. 2021. Types of Network Address Translation (NAT) - GeeksforGeeks.
[ONLINE] Available at: https://www.geeksforgeeks.org/types-of-network-address-
translation-nat/. [Accessed 13 September 2021].

Development
Heimdal Security Blog. 2021. The most Popular Free Encryption Software Tools (2021).
[ONLINE] Available at: https://heimdalsecurity.com/blog/free-encryption-software-
tools/. [Accessed 13 September 2021].
Hiep Nguyen Duc. 2021. 8 Reasons Cyber Security Is Important -. [ONLINE] Available
at: https://hakin9.org/8-reasons-cyber-security-is-important/. [Accessed 13 September
2021].
Hut Six. 2021. What are the Eight Principles of the Data Protection Act?. [ONLINE]
Available at: https://www.hutsix.io/what-are-the-eight-principles-of-the-data-protection-
act/. [Accessed 13 September 2021].
i-Sight. 2021. Policies and Procedures in the Workplace: The Ultimate Guide [2021] | i-
Sight. [ONLINE] Available at: https://i-sight.com/resources/policies-and-procedures-in-
the-workplace-the-ultimate-guide/. [Accessed 13 September 2021].
ISO. 2021. ISO - ISO 31000 — Risk management. [ONLINE] Available
at: https://www.iso.org/iso-31000-risk-management.html. [Accessed 13 September 2021].
IT Security Audits: The Key to Success. 2021. IT Security Audits: The Key to Success.
[ONLINE] Available at: https://blog.netwrix.com/2020/04/09/it-security-audit/. [Accessed
13 September 2021].
Jigsaw Academy. 2021. Top 10 Network Security Tools (2021). [ONLINE] Available
at: https://www.jigsawacademy.com/blogs/cyber-security/network-security-tools.
Key Differences. 2021. Difference Between Internal and External Stakeholders (with
Comparison Chart) - Key Differences. [ONLINE] Available
at: https://keydifferences.com/difference-between-internal-and-external-
stakeholders.html. [Accessed 13 September 2021].
KirkpatrickPrice Home. 2021. 5 Network Monitoring Tools and Techniques I
KirkpatrickPrice. [ONLINE] Available at: https://kirkpatrickprice.com/blog/5-network-
monitoring-tools-and-techniques/. [Accessed 13 September 2021].
Lifewire. 2021. What Is a Static IP Address?. [ONLINE] Available
at: https://www.lifewire.com/what-is-a-static-ip-address-2626012. [Accessed 13
September 2021].
Palo Alto Networks. 2021. What is an IT Security Policy? - Palo Alto Networks. [ONLINE]
Available at: https://www.paloaltonetworks.com/cyberpedia/what-is-an-it-security-policy.

Development
Penpoin.. 2021. What is Organizational Stakeholders? Definition and explanation..

[ONLINE] Available at: https://penpoin.com/organizational-stakeholders/. [Accessed 13
September 2021].
Privacy Helper. 2021. The Data Protection Act 2018 - The 7 Principles You Need to Know.
[ONLINE] Available at: https://www.privacyhelper.co.uk/knowledge-hub-articles/the-
data-protection-act-2018-the-7-principles-you-need-to-know. [Accessed 13 September
2021].
Risk Assessment | Ready.gov. 2021. Risk Assessment | Ready.gov. [ONLINE] Available
at: https://www.ready.gov/risk-assessment. [Accessed 13 September 2021].
Risk Management Framework - Treat Risks . 2021. Risk Management Framework - Treat
Risks. [ONLINE] Available
at: https://survey.charteredaccountantsanz.com/risk_management/midsize-
firms/treat.aspx. [Accessed 13 September 2021].
Site24x7. 2021. Network Monitoring System | What is Network Monitoring? - Site24x7.
[ONLINE] Available at: https://www.site24x7.com/network-monitoring.html. [Accessed
13 September 2021].
SumUp - a better way to get paid. 2021. Data Protection Act - What is the Data Protection
Act? |SumUp Invoices. [ONLINE] Available
at: https://sumup.co.uk/invoices/dictionary/data-protection-act/. [Accessed 13 September
2021].
TechRadar. 2021. Best password managers 2021: free and paid ways to secure passwords
| TechRadar. [ONLINE] Available at: https://www.techradar.com/best/password-manager.
TermsFeed.com. 2021. Computer Misuse Act 1990 - TermsFeed. [ONLINE] Available
at: https://www.termsfeed.com/blog/computer-misuse-act-1990/. [Accessed 13 September
2021].
The Run Time. 2021. What is a Risk Assessment Framework? Benefits & Drawbacks - The
Run Time. [ONLINE] Available at: https://theruntime.com/what-is-a-risk-assessment-
framework-benefits-drawbacks/. [Accessed 13 September 2021].
What Is Cyber Security and How Does It Work? | Synopsys. 2021. What Is Cyber Security
and How Does It Work? | Synopsys. [ONLINE] Available
at: https://www.synopsys.com/glossary/what-is-cyber-security.html. [Accessed 13
September 2021].

Development
What is a DMZ (networking)? | Barracuda Networks . 2021. What is a DMZ (networking)?

| Barracuda Networks . [ONLINE] Available
at: https://www.barracuda.com/glossary/dmz-network. [Accessed 13 September 2021].
. 2021. . [ONLINE] Available at: https://subscription.packtpub.com/book/networking-and-
servers/9781904811077/1/ch01lvl1sec07/trusted-networks. [Accessed 13 September
2021].
. 2021. What Is the CIA Triad and Why Is It Important for Cybersecurity? - Logsign.
[ONLINE] Available at: https://www.logsign.com/blog/what-is-the-cia-triad-and-why-is-
it-important-for-cybersecurity/. [Accessed 13 September 2021].

Security Assignment

Uploaded by

Document Informationclick to expand document informationAssuming the role of External Security Analyst, you need to compile a report focusing on following elements to the board of EMC Cyber’;

Document Informationclick to expand document information

Copyright:

Available Formats

Security Assignment

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Security Assignment

Uploaded by

Copyright:

Available Formats

Higher Nationals

Internal verification of assessment decisions – BTEC (RQF)

INTERNAL VERIFICATION – ASSESSMENT DECISIONS

Programme title BTEC Higher National Diploma in Computing

Assessor Mr. E. Janarthanan Internal Verifier

Student’s name Sivarasa Pakeen

Do the assessment criteria awarded

Is the Pass/Merit/Distinction grade

• Identifying opportunities for

• Agreeing actions? Y/N

Does the assessment decision need

Internal Verifier signature Date

Assessor signature Date

Programme Leader signature

Assignment Number 1 Assessor Mr. E. Janarthanan

LO1. Assess risks to IT security

Pass, Merit & P1 P2 M1 D1

Pass, Merit & P3 P4 M2 D1

LO3. Review mechanisms to control organisational IT security.

LO4. Manage organisational security.

Grade: Assessor Signature: Date:

Grade: Assessor Signature: Date:

Signature & Date:

Word Processing Rules

1. I know that plagiarism is a punishable offence because it constitutes theft.

Student’s Signature: Date:

Student Name /ID Number Sivarasa Pakeen

Issue Date 2021.07.05

Unit Learning Outcomes:

Assignment Brief and Guidance:

LO1 Assess risks to IT security

P1 Identify types of security risks to organisations.

M1 Propose a method to assess and treat IT security risks.

LO2 Describe IT security solutions

P3 Identify the potential impact to IT security of incorrect

P4 Show, using an example for each, how implementing a DMZ,

P5 Discuss risk assessment procedures.

P6 Explain data protection processes and regulations as applicable

M3 Summarise the ISO 31000 risk management methodology and its

P7 Design and implement a security policy for an organisation.

P8 List the main components of an organisational disaster recovery

1.1.1 CIA Triad ....................................................................................................... 8

1.2 EMC Cyber in order to improve the organization’s security. ............................. 10

1.2.1 Definition of Cyber Security ........................................................................ 10

1.2.2 Reason for Why Importance of Cyber Security ........................................... 12

1.2.3 Types of Cyber Security .............................................................................. 13

1.2.4 Introduction of EMC Cyber ......................................................................... 19

1.3 Types of Security risks to Organization .............................................................. 19

1.3.2 Threats, Vulnerabilities, Risks, and Counter-measures ............................... 23

1.4.1 Identified risks for the EMC Cyber ............................................................. 27

1.4.3 Risk Management ........................................................................................ 30

1.4.4 Risk Treatment ............................................................................................. 32

2.1.1 Definition of Firewall .................................................................................. 33

2.1.2 Issues of improper or incorrect Firewall configuration. .............................. 34

2.1.3 Advantages of using proper Firewall ........................................................... 34

2.1.4 Issues of improper or incorrect VPN configuration. .................................... 36

2.1.5 Advantages of using VPN ............................................................................ 37

Sivarasa Pakeen Security (Unit 05) Page 1 of 127