Female Assignment Example
Female Assignment Example
Female Assignment Example
• Constructive?
Y/N
• Linked to relevant assessment criteria?
Y/N
• Identifying opportunities for improved
performance?
Y/N
• Agreeing actions? Y/N
Does the assessment decision need
amending? Y/N
Give details:
Pearson
Higher Nationals in
Computing
Unit 5: Security
General Guidelines
1. A Cover page or title page – You should always attach a title page to your assignment. Use
previous page as your cover sheet and make sure all the details are accurately filled.
2. Attach this brief as the first section of your assignment.
3. All the assignments should be prepared using a word processing software.
4. All the assignments should be printed on A4 sized papers. Use single side printing.
5. Allow 1” for top, bottom, right margins and 1.25” for the left margin of each page.
1. The font size should be 12 point and should be in the style of Time New Roman.
2. Use 1.5 line spacing. Left justify all paragraphs.
3. Ensure that all the headings are consistent in terms of the font size and font style.
4. Use footer function in the word processor to insert Your Name, Subject, Assignment No,
and Page Number on each page. This is useful if individual sheets become detached for any
reason.
5. Use word processing application spell check and grammar check function to help editing
your assignment.
Important Points:
1. It is strictly prohibited to use textboxes to add texts in the assignments, except for the
compulsory information. eg: Figures, tables of comparison etc. Adding text boxes in the body
except for the before mentioned compulsory information will result in rejection of your
work.
2. Carefully check the hand in date and the instructions given in the assignment. Late
submissions will not be accepted.
3. Ensure that you give yourself enough time to complete the assignment by the due date.
4. Excuses of any nature will not be accepted for failure to hand in the work on time.
5. You must take responsibility for managing your own time effectively.
6. If you are unable to hand in your assignment on time and have valid reasons such as illness,
you may apply (in writing) for an extension.
7. Failure to achieve at least PASS criteria will result in a REFERRAL grade.
8. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will
then be asked to complete an alternative assignment.
9. If you use other people’s work or
ideas in your assignment, reference them properly using HARVARD referencing system to
avoid plagiarism. You have to provide both in-text citation and a reference list.
10. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be
reduced to A REFERRAL or at worst you could be expelled from the course.
Student Declaration
I hereby, declare that I know what plagiarism entails, namely, to use another’s work and to
present it as my own without attributing the sources in the correct way. I further understand what
it means to copy another’s work.
shafiyyashirzard@gmail.com 08/08/2021.
Student’s Signature: Date:
(Provide E-mail ID) (Provide Submission Date)
Assignment Brief
Student Name /ID Number Fathima Shafiyya Shirzard / COL00042812.
Unit Number and Title Unit 5- Security
Issue Date
Submission Format:
The submission should be in the form of an individual written report written in a concise, formal business style
using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as
appropriate, and all work must be supported with research and referenced using Harvard referencing system.
Please provide in- text citation and an end list of references using Harvard referencing system.
Section 4.2 of the assignment required to do a 15 minutes presentation to illustrate the answers.
‘EMC Cyber’ is a reputed cyber security company based in Colombo Sri Lanka that is delivering
security products and services across the entire information technology infrastructure. The company
has a number of clients both in Sri Lanka and abroad, which includes some of the top-level companies
of the world serving in multitude of industries. The company develops cyber security software
including firewalls, anti-virus, intrusion detection and protection, and endpoint security. EMC Cyber is
tasked with protecting companies’ networks, clouds, web applications and emails. They also offer
advanced threat protection, secure unified access, and endpoint security. Further they also play the
role of consulting clients on security threats and how to solve them. Additionally, the company
follows different risk management standards depending on the company, with the ISO 31000 being
the most prominent.
One of the clients of EMC Cyber, Lockhead Aerospace manufacturing which is a reputed aircraft
manufacturer based in the US, has tasked the company to investigate the security implications of
developing IOT based automation applications in their manufacturing process. The client has
requested EMC to further audit security risks of implementing web based IOT applications in their
manufacturing process and to propose solutions. Further, Lockhead uses ISO standards and has
instructed EMC to use the ISO risk management standards when proposing the solution.
The director of the company understands such a system would be the target for cyber-attacks. As you
are following a BTEC course which includes a unit in security, the director has asked you to investigate
and report on potential cyber security threats to their web site, applications, and infrastructure. After
the investigation you need to plan a solution and how to implement it according to standard software
engineering principles.
Activity 01
Assuming the role of External Security Analyst, you need to compile a report focusing on following
elements to the board of EMC Cyber’;
1.1 Identify the CIA Triad concept and evaluate why and how the CIA Triad could be utilize to EMC
Cyber in order to improve the organization’s security.
1.2 Identify types of security risks EMC Cyber is subject to its present setup and the impact that they
would make on the business itself. Evaluate at least three physical and virtual security risks identified
and suggest the security measures that can be implemented in order to improve the organization’s
security.
1.3 Develop and describe security procedures for EMC Cyber to minimize the impact of issues
discussed in section (1.1) by assessing and rectifying the risks.
Activity 02
2.1 Identify how EMC Cyber and its clients will be impacted by improper/ incorrect configurations
that are applicable to firewalls and VPN solutions. IT security can include a network monitoring
system. Discuss how EMC cyber can benefit by implementing a network monitoring system with
supporting reasons.
2.2 Explain how the following technologies would benefit EMC Cyber and its Clients by facilitating a
i) DMZ
ii) Static IP
iii) NAT
2.3 Identify and evaluate the tools that can be utilized by EMC cyber to improve the network and
security performance without compromising each other. Evaluate at least three virtual and physical
security measures that can be implemented by EMC to uphold the integrity of organization’s IT
policy.
Activity 03
3.1 Discuss suitable risk assessment integrated enterprise risk management procedures for EMC Cyber
solutions and the impact an IT security audit will have on safeguarding organization and its clients.
Furthermore, your discussion should include how IT security can be aligned with an organizational IT
policy and how misalignment of such a policy can impact on organization’s security.
(This can include one or more of the following: network change management, audit control, business
continuance/disaster recovery plans, potential loss of data/business, intellectual property, Data
Protection Act; Computer Misuse Act; ISO 31000 standards.)
3.2 Explain the mandatory data protection laws and procedures which will be applied to data storage
solutions provided by EMC Cyber. You should also summarize ISO 31000 risk management
methodology.
Activity 04
4.1 Design an organizational security policy for EMC Cyber to minimize exploitations and misuses
while evaluating the suitability of the tools used in an organizational policy.
4.2 Develop and present a disaster recovery plan for EMC Cyber according to the ISO/IEC 17799:2005
or similar standard which should include the main components of an organizational disaster recovery
plan with justifications. Discuss how critical the roles of the stakeholders in the organization to
successfully implement the security policy and the disaster recovery plan you recommended as a part
of the security audit.
(Students should produce a 15-minute PowerPoint presentation which illustrates the answer for
this section including justifications and reason for decisions and options used).
FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSIGNMENT 12
Grading Rubric
Grading Criteria Achieved Feedback
INTRODUCTION..................................................................................................................20
ACTIVITY 01.........................................................................................................................21
2.1. CONFIDENTIALITY...............................................................................................23
2.2. INTEGRITY..............................................................................................................23
2.3. AVAILABILITY.......................................................................................................24
03. EVALUATE WHY AND HOW THE CIA TRIAD COULD BE UTILIZE TO
EMC CYBER IN ORDER TO IMPROVE THE ORGANIZATION’S SECURITY.. 24
ACTIVITY 02.........................................................................................................................41
11. THE TOOLS THAT CAN BE UTILIZED BY EMC CYBER TO IMPROVE THE
NETWORK AND SECURITY PERFORMANCE.........................................................64
ACTIVITY 03.........................................................................................................................68
ACTIVITY 04.........................................................................................................................81
PRESENTATION SLIDES.................................................................................................125
SLIDE – 01.........................................................................................................................125
SLIDE – 02.........................................................................................................................125
Slide – 03............................................................................................................................126
SLIDE – 04.........................................................................................................................126
SLIDE – 05.........................................................................................................................127
SLIDE – 06.........................................................................................................................128
SLIDE – 07.........................................................................................................................128
SLIDE – 08.........................................................................................................................129
SLIDE – 09.........................................................................................................................129
SLIDE – 10.........................................................................................................................130
SLIDE – 11.........................................................................................................................130
SLIDE – 12.........................................................................................................................131
SLIDE – 13.........................................................................................................................131
SLIDE – 14.........................................................................................................................132
SLIDE – 15.........................................................................................................................132
REFERECES........................................................................................................................134
Then my heartfelt thanks to my friend who supported to complete the work with great interest
and effectively within in the time.
Finally, I’m much obliged to the internet for providing valuable and prime facts to perfect my
assignment.
Best Regards,
Shafiyya Shirzard.
(Author)
Lockhead Aerospace Production, a reputable aircraft manufacturer in the United States, has
entrusted EMC Cyber with investigating the security implications of creating IOT-based
automation solutions in their manufacturing process. The customer has asked EMC to
investigate the security concerns associated with integrating web based IOT applications in
their industrial processes. Therefore, as a security analyst appointed by EMC I’ve have been
requested to look into and report on any possible cyber security risks to their website, apps,
and infrastructure. Following report, contains the developed solution and how to implement it
using software engineering best practices. I have used immerging technologies and methods
to get a proper solution for Lockhead Aerospace Production. I hope the following solution
fits the company and its requirements.
Figure 1: Security.
Types of IT security for an organization and they are as follows.
Data security refers to the protection of data from unwanted entry, modification, and
deletion.
Application security refers to the process of protecting an application by applying
security features to guard against cyber threats such as SQL injection, DoS attacks,
data breaches, and so on.
Computer security refers to having a standalone computer fully updated and patched.
The term "cybersecurity" refers to the protection of information systems that connect
through computer networks.
By securing both software and hardware technology, network security is ensured.
For instance, a financial institution will certainly encrypt any classified document being
electronically transmitted to prevent unauthorized persons from reading its contents.
Organizations like online marketplaces, on the other hand, would be actually affected if their
These are three key elements of CIA Triad; they are as follows:
Confidentiality.
Integrity.
Availability.
2.1. CONFIDENTIALITY.
The aim of confidentiality is to prohibit unwanted access to sensitive information. The access
may be intentional, such as when an attacker breaks into the network and reads the data, or it
could be unintended, such as when people processing the data are negligent or incompetent.
Cryptography and access control are the two major methods for ensuring confidentiality.
(Brooks, 2019).
Cryptography - The method of translating ordinary plain text into unintelligible text,
and vice versa, is known as cryptography. They are of two types. Symmetric
algorithm (Both the sender and receiver of an encrypted message must use the same
key and processing algorithms in symmetric algorithms) and asymmetric algorithm
(Two keys are used in asymmetric algorithms: a public key and a private key. The
sender encrypts a message with the public key, and the recipient decrypts it with the
private key).
Access control - Access control is a method of ensuring that users are who they want
to be and that they have permission to access organization data.
Username and passwords.
2.2. INTEGRITY.
Integrity refers to the ability to prevent data from being tampered with, changed, or
manipulated in an illegal manner in order to accomplish malicious objectives. That is to say,
data sent must be retrieved intact and undamaged by a trusted third party. Data integrity is
critical whether it is in transit or on a storage device (Brooks, 2019). For E-commerce and
company websites, data security is critical. A Man-in-the-Middle (MITM) attack, hacking
into the site server, and injecting malicious code into databases are all examples of attacks
that violate data integrity.
Hashing - The method of encoding a given key into another value is known as
hashing. A hash function is used to generate value by using mathematical process.
Encryption.
Data integrity trainings - Begin by teaching your workers on how to input and manage
data and assigning them the task of maintaining Data Quality. It will ensure that
everyone on your team is working to maintain data integrity.
Remove duplicate data.
Backing up Data.
Keeping an Audit trail.
2.3. AVAILABILITY.
Availability is also a security service that guarantees that only approved parties have access
to information and facilities in a timely manner. In order to deliver consistent services to a
vast number of users, every company must retain reliable hardware. Updates can take place
with as little disruption as possible, and backups of confidential data on hard drives would be
useful in the event of a disaster or data loss (Brooks, 2019).
Data backup.
Software Patching - A software patch is a simple fix for a piece of software that is
intended to fix bugs, boost security, and add new features.
03. EVALUATE WHY AND HOW THE CIA TRIAD COULD BE UTILIZE TO EMC
CYBER IN ORDER TO IMPROVE THE ORGANIZATION’S SECURITY.
Why CIA Triad should be used in an organization?
The CIA triad offers a high-level guide for evaluating your security protocols and tools that is
both simple and detailed. The three components of an effective system are met:
confidentiality, integrity, and availability. It is insufficient to provide an information security
system that is lacking in all of the three elements of the CIA triad. In a negative incident, the
CIA security triad is also useful in determining what went wrong—and what succeeded. For
e.g., perhaps availability was affected as a result of a ransomware attack, but the mechanisms
in place were also able to protect the integrity of sensitive data. This information will be used
to correct flaws and automate good policies and procedures. Therefore, EMC Cyber company
should use CIA Triad to increase security features to the organization.
In the vast majority of security scenarios, the CIA triad should be used, particularly since
each component is crucial. It's especially useful when creating systems that deal with data
classification and managing permissions and authorizations. When dealing with your
company's cyber vulnerabilities, you should follow the CIA triad to the core. In addition, the
CIA triad can be used in cybersecurity programming for workers. To help workers learn
about maintaining the confidentiality, integrity, and availability of information and systems,
you can use realistic examples or real-life case studies.
While considering the facts above EMC Cyber company should also use CIA Triad to
increase the organization security. As it is delivering security products and services across
Identify types of security risks EMC Cyber is subject to its present setup and the impact
they would make on the business itself. Evaluate at least three physical and virtual risks
identified and suggest the security measures that can be implemented in order to
improve the organization’s security.
Computer virus.
Spyware threats.
Hacking.
Physical damage.
Human Interaction.
Equipment malfunction.
Password Theft.
Figure 4: Hacking.
Loss or corruption of data system.
Cyber security breaches.
Loss of sensitive information.
Unauthorized access to computer system and data.
Attacks- Man in the middle attack, Phishing attack and many more.
These risks can be divided into physical and virtual risk. They are explained detailly below.
Essentially, risk is characterized as external and internal vulnerabilities that have a negative
impact on the company, such as the possibility of business damages, increased liability, and
loss area those types of risks to a business. Where it comes to the EMC business, there are a
variety of threats that may arise as a result of the lack of a proper security system.
These are few securities risk that would make an impact EMC Cyber organization.
The term "physical security" refers to the procedures in place to protect the organization and
its properties from damage. There are two forms of physical security: external and internal.
Internal physical protection refers to the measures in place to protect the organization and its
assets from physical threats that arise from within the organization, while external physical
security refers to the mechanisms in place to protect the organization and its assets from
physical threats that arise from outside factors and organizations .A physical threat is a
potential cause of an event that may result in computer device failure or physical damage.
(Sampera, 2019).
Internal risks include fire, an unreliable power source, and humidity in the rooms
where the equipment is house, etc.
External risks include lightning, floods, earthquakes, and other natural disasters.
These are some of the physical threats and they are as follows:
virtual security refers to the processes used to protect an organization's computing devices
from data loss. Internal virtual security and external virtual security are two types of virtual
security. External virtual protection refers to safeguarding measures used to minimize the
danger to software from external actors, while internal virtual security refers to the
mechanisms used by an organization to minimize the security risks that exist to software
within the organization. (Sampera, 2019).
Threats to devices, files, and networks are known as virtual security threats. The following
are some reasonable risks that an organization could face.
Data loss - Data loss can happen in a variety of ways and under a variety of
circumstances. It's inevitable at times. The most frequent cause is where the disk
driver fails without a backup. If the user of encrypted data removes the key that
unlocks it, data loss occurs. And, in the case of a malware attack, data loss may be
done on purpose.
Denial-of-Service attacks - A Denial-of-Service (DoS) attack is one that attempts to
bring a system or network to a stop, leaving it unreachable to its intended users. DoS
They should be treated as logical and physical risks, so security procedures can be
implemented.
Identify the organization's assets (e.g., network, servers, apps, data centers, tools,
etc.).
For each asset, create a risk profile.
Learn about the data that these assets store, transfer, and produce.
Determine the importance of an asset in terms of company operations. This covers the
total impact on economic, reputation, and the risk of exploitation of a company.
Assess assets by determining their risk level and prioritizing them for evaluation.
These are some measures that can be identified in an organization. But for EMC Cyber
Company I’ve suggested some countermeasures which will allow the company’s security
risks and help them solve by monitoring, identifying and prevent the security risks. And they
are as follows:
Password Protection.
Password protection entails setting a password to your data collection in order to protect it.
Without knowing the password, another user cannot access, alter, or destroy your data
collection.
Virus Guard.
Virus protection software is designed to prevent viruses, worms, and Trojan horses from
infecting a computer, as well as to remove any malicious software system code that has
already infected it.
Spam can be easily stopped before it enters the email server with a cloud-based spam filtering
solution, stopping spam messages out of inboxes and email fraud threats out of the hands of
users. A cloud-based spam filtering solution will already be up to date, trained by the most
recent threat information and fine-tuned by experts to recognize and prevent further spam
messages from entering the system.
We may generate a backup of every data we enter to the computers to reduce the risk of data
loss. We can reduce the risk of data loss this way. When a company's danger of data loss is
reduced, the organization can expand its business area and get ideas from previous situations.
Virus Scanners.
Scanners for Viruses Antivirus software can examine files and apps for viruses using one or
more ways. Signature scanning, heuristics scanning, integrity checks, and activity blocking
are among the techniques used by these tools to scan for and identify viruses.
Windows Sockets.
Pop-up Blockers.
Any software that prevents a pop-up from appearing at any moment is known as a pop-up
blocker. Multiple internet windows or real pop-ups created by code on a webpage are
examples of this. Pop-up blockers are often used to prevent pop-up advertisements from
appearing on websites. Depending on the pop-up blocker, however, they may also block
essential information.
SSH Protocol.
SSH encrypts connections between two network endpoints and enables password or public-
key based authentication. It is a secure alternative to unsafe file transmission techniques and
antiquated login protocols (such as telnet and rlogin) (such as FTP).
Data is the most important source of any organization. And who has access to it is the most
dangerous risk anyone can take. When it comes to securing data and documents, access
control is a must. Implemented encryption protocols to ensure the data is kept secure.
Authentication.
Surveillance cameras may be used to protect the organization from criminals 24 hours a week
though, 7. Surveillance cameras are important because they can record what is going on
within the company. Aside from cameras, the organization should hire a security guard to
protect it physically. Having a security guard may create a positive picture of the
organization's security.
CCTV Camera.
A CCTV (closed-circuit television) system uses video cameras to monitor the inside and
outside of a building and transmits the signal to a monitor or series of monitors. The
advantages of CCTV security systems are being turned on by an increasing population.
The organization's hardware should be updated and installed properly. Aside from that, they
should be protected with passwords and other safeguards. Unless it will lead to system
failures and data loss, this is a necessary security precaution.
WPA stands for Wi-Fi Protected Access and is a security standard for computers connected
to a Wi-Fi network.
The fire alarm's objective is to alert us to a danger so that we could take actions to safeguard
oneself, company, and the public at large. They are a part of our daily routine, yet they are
frequently neglected until an emergency arises, at which point they may save our lives. The
device may also be configured to imitate an alert for use in routine fire emergency exercises,
ensuring that all employees are aware of what to do in the case of an actual fire.
Educating Employees.
As an external security analyst, I suggest these security measures that should be implemented
in EMC Cyber company to reduce physical and virtual threats and improve organization
security.
Procedures and policies are the laws and regulations that every organization follows to ensure
its security and prevent various offences. As a result, both workers and management must
follow these processes and policies. Another purpose to establish rules and regulations is to
ensure that the firm can continue in the future. Similarly, EMC implemented a number of
methods to reduce their risks. These are some of the risks that the EMC firm had to deal with,
as stated above. The security procedures are as follows:
To reduce the risk of data loss in EMC Cyber there should be a backup plan implemented.
We may make a backup of all the data we enter into the computers. We can decrease the
danger of data loss this way. When a company's danger of data loss is reduced, the
organization can expand its business area and get ideas from previous situations.
To reduce the risk of Natural Disaster to EMC Cyber the company should implement a DRP
(Disaster Recovery plan) and Fire alarms. And also adapt Mitigation “Sustained activity that
lowers or eliminates long-term danger to people and property from natural disasters and their
effects,” according to the definition of mitigation. It refers to the continuing efforts at the
The crucial asset of an organization is to protect the data and information of the company.
While considering EMC Cyber must take steps to reduce the data misuse to get it done with
identity and access management, establish need to know access (By continually seeing when
and how each person interacts with data, activity monitoring systems may supplement logs
and aid security), set up behavior alert and analytics, and the best way is to educate the
employees. When sharing files and folders on drives, they should be labeled, and password
protected. No detachable drives, CDs, or DVDs are allowed to be inserted into the
organization's computers or devices without prior clearance from the administration. Always
have a backup of important and sensitive information of the company. These steps should be
considered to reduce data misuse in EMC Cyber.
As listed the of risks that the EMC company faces, we can implement a procedure called
regular inspection procedure to reduce regular equipment malfunction. If this procedure is
implemented by the regular basis of the company, then we can successfully reduce the risk of
asset malfunctions. Network servers and routers, for example, frequently hold sensitive data
regarding the Organization's network infrastructures. The following rules must be followed
when such assets are withdrawn.
To reduce theft and data modification of EMC Cyber the organization must install CCTV
Cameras where the crucial data is kept (server rooms) and to protect from data modification
EMC must implement strong password and encryption option to safeguard the company’s
data and information. And use physical Locks to prevent physical Data Theft.
To reduce the risk of Virus and Attack to EMC cyber the company should use Virus guard
software’s, Virus scanners and implement multi-factor authentication and password
management. To prevent from attacks, keep up with the software’s and hardware with best
practices.
To reduce the cyber-attacks and vandalism of EMC Cyber company the organization must
update the software’s fully, ensure endpoint security, install firewalls, backup all the
important and sensitive data, control access to the system, implement Wi-Fi security
measures, use access management methods, and use strong passwords for all the assets of the
company. These are the security procedures that I’ve implemented as a security analyst of
EMC Cyber in order to protect the organization for risks and negative impact. These security
procedures will help EMC Cyber company from physical and virtual risks. When these
security procedures are followed EMC Cyber will be able to identify the risk and treat it with
in time.
From data breaches to cyber-attacks, system failures, and natural disasters, an efficient risk
management approach can determine which risks represent the most threat to a business and
give instructions for dealing with them. There are three phases to understanding the risk
management process. They really are.
I. Risk Assessment and Analysis - The risk assessment and analysis stage are the first
phase in the risk management process. A risk assessment evaluates an organization's
exposure to uncertain events that might have an influence on its day-to-day operations
and estimates the financial and reputational harm those events may cause (CFI
Education Inc., 2021).
II. Risk Evaluation - Following the completion of the risk assessment or analysis, a risk
evaluation should be conducted. A risk assessment compares a risk's value to the risk
principles that the company has already established. Associated costs and benefits,
social considerations, regulatory requirements, and system faults can all be used as
risk criteria. (CFI Education Inc., 2021).
III. Risk Treatment and Reaction - Risk treatment and response are the final phase in
the risk management process. Implementing rules and processes to assist avoid or
minimize risks is known as risk treatment. Risk management include risk transfer and
risk financing as well (CFI Education Inc., 2021).
Avoidance strategies — These approaches aim to completely prevent a possible risk from
occurring or having any influence on an organization. Transfer and changings are the two
main subcategories of the avoidance tactics category.
Minimize strategies - These methods aim to minimize the impact of risk on a product or
organization, resulting in the least amount of damage possible. When avoidance measures
aren't practicable or have failed, reduce methods are usually utilized.
Since there are various risks to the organization, we must limit or prevent them. To prevent or
minimize those risks, we must adopt particular approaches. The treatment of risks may be
defined as the prevention of risks by the use of strategies. There are various risks that might
harm the EMC company as well, such as physical damages that might occur to the EMC
company. For various types of risks, such as equipment malfunctioning, data misuse, and
data loss, there are a variety of treatments or procedures that may be adopted, including a
property damage claim procedure, regular inspection procedure, and a monitor user activity
procedure, by employing strategies such as monitoring user action protocols and
implementing backup processes. I’ve implemented some procedures that EMC Cyber
company should follow by regulating these procedures they can overcome the security risks
and protect the organization from its impact. This will help EMC Cyber to control and
overcome risks.
A firewall is a network security system that measures and filter network traffic in accord
with an organization's security practices. A firewall, at its most basic level, is the barrier that
separates a private internal network from the public Internet. The primary goal of a firewall is
to allow non-threatening traffic in while keeping harmful traffic out (Check Point , 2021).
Figure 7: Firewall.
Firewalls are software that may be used to improve the security of computers on a network.
Installing a firewall system makes the computer unique; in other words, the firewall uses a
cod wall to completely separate our machine from the internet. Firewalls have a variety of
capabilities. Its key feature is that it can improve security by allowing granular control over
which system tasks may be performed. Some people believe that a firewall is a device that
regulates traffic passing through a network system, however it is essentially software that
prevents unwanted access to network systems.
A firewall policy is a set of rules that specifies how to utilize this software in order to make it
easier to manage. This is a program that regulates the flow of internet protocol data (IP). The
types of firewalls and firewall architectures are also included in the firewall policy.
I. Packet Filtering - A small quantity of data is examined and delivered based on the
filter's standards (Check Point , 2021).
II. Proxy Service - At the application layer, a network security system protects while
filtering messages (Check Point , 2021).
III. Stateful Inspection - Dynamic packet filtering keeps track of current connections to
decide which network packets to let through the Firewall (Check Point , 2021).
IV. Next Generation Firewall (NGFW) - Inspection of the entire packet Application-level
inspection in a firewall (Check Point , 2021).
V. Application Gateway - An application gateway is a proxy server that provides
application-layer access control. Between the secured network and the untrusted
network, it acts as an application-layer gateway. Because it operates at the application
layer, it has the ability to inspect traffic in great detail and is hence regarded as the
safest sort of firewall (Check Point , 2021).
Firewalls are frequently configured to allow traffic from any source to any destination. This
is due to the fact that IT teams do not know exactly what they want at the beginning, so they
begin with broad guidelines and work backwards. As a result, the network is always open to
trade. the minimum level of privileges required for a user or service to function correctly,
It's a risky situation if they don't examine the log outputs from their devices. This will keep
the administrators oblivious to the ongoing attacks and prevent any information about the
data theft from being revealed (Wickert, 2015).
As a result, it is preferable to set firewalls efficiently, as they may be the primary cause of the
organization's low security levels. Organizations must assess the state of their firewall
security and identify any potential vulnerabilities. Organizations may immediately enhance
their entire security posture and considerably lower their risk of a breach by resolving these
misconfiguration concerns.
Figure 8: VPN.
VPN policy is a collection of rules that specifies how to use this secure connection in order to
make it easier to manage. This is an application for protecting online traffic against spying,
interruption, and restriction. The varieties of VPNs and VPN Architectures are also included
in the VPN policy. When it comes to VPN types, there are a few different sorts to consider.
I. Remote users, such as road warriors (or mobile users), telecommuters, and branch
offices, can connect to corporate networks using access VPNs.
II. Intranet VPNs allow branch offices to securely connect to corporate headquarters.
VPN, although being one of the safest technologies, has its own set of problems.
There are four issues that might arise while using a VPN connection. They are as
follows:
Although VPN is one of the safest technologies available, it has its own set of issues. When
using a VPN connection, there are four difficulties that may emerge. You have a DNS
problem if this ping fails when the IP address ping succeeds, because the client is unable to
resolve the server's name to an IP address. In this case, the user should check to see if the
routing and remote access services are active (Posey, 2019).
Unauthorized connections that are permitted might damage security. When viewing a user's
properties sheet in the 'Active Directory Users and Computers' interface, the user will notice
This is a common issue that prevents users from accessing networks beyond the VPN server.
The reason of this problem is that the user is not authorized to access the entire network
(Posey, 2019).
Even if all of the functions operate, the VPN may not always enable the user to build a tunnel
between the client and the server. This problem exists for two reasons. One or more routers
may be involved in the packet filtering process, which may cause IP tunnel communication to
be blocked. Another cause is the use of a proxy server between the client and the VPN server
(Posey, 2019).
An organizational VPN's aim is to provide end-to-end encryptions for all devices in your
company's network, ensuring that no snoops, hackers, or even your internet service provider
can view your location or data. This gives you a private, secure internet connection no matter
where you are. Therefore, VPN must be configured properly as it provides security protection
to the organization.
When making those transactions, firewalls and VPNs are two software that are very
important to install. Because while conducting business on the internet, unwanted access to
the network system might occur, and other private networks can also attack the network
system. When it is breached by other users, they can get access to sensitive information about
EMC, particularly from rivals. If a rival, such as EMC, obtains information about the
organization, it poses a significant danger to the organization. To avoid such dangers,
firewalls must be installed. We must also tackle these risks if there are ineffective firewalls.
The second reason was the existence of inappropriate VPNs, which is another issue that
arises when performing online transactions because when we conduct online transactions
without utilizing a correct VPNs, there may be web traffic, eavesdropping, and interference,
which causes transactions to fail and buffer. As a result of the inappropriate VPNs, the EMC
company's reputation may be affected, thus we must establish suitable VPNs.
Therefore, firewall and VPN must be configured and installed properly. Misconfigurations of
these will lead huge impact to the EMC Cyber company. So, any misalignments will have a
great impact on the EMC network. Therefore, firewall and VPN must be installed without
any misconfigurations.
Defending your network against hackers - A network monitoring system can detect
suspicious traffic, allowing owners to take immediate action.
The network has a clear visibility - Administrators can receive a detailed view of all
the linked devices in the network, see how data is traveling between them, and rapidly
discover and rectify issues that might reduce performance and cause outages by using
network monitoring.
More efficient use of IT resources - Network monitoring solutions use hardware and
software to help IT employees do less human labor. As a result, the organization's
important IT professionals will have more time to dedicate to critical projects.
Network monitoring systems can create reports that illustrate how network devices
performed over time, leading to early prediction of future services and infrastructure.
The capacity to identify security risks more quickly - Network monitoring aids
companies in recognizing "normal" network performance. As a result, when odd
behavior happens, such as an inexplicable increase in network traffic levels,
administrators may rapidly identify the problem—and assess if it creates a security
risk.
Network monitoring can be done using network monitoring tools and software applications.
They are SNMP (Simple Network Monitoring Protocol), ICMP (Internet Control Message
Protocol), CDP (Cisco-Discovery Protocol), Net-flow and SIS log.
The major protocol for network management is the Simple Network Management Protocol
(SNMP). Network devices may be readily managed and controlled by a central mechanism
using SNMP. It's an application protocol that allows the controlled device and the
management system to communicate.
The Cisco Discovery Protocol is a layer 2 protocol that enables network applications to know
about directly connected devices nearby. It is media-independent and network-independent. It
operates on Cisco devices. This protocol makes it easier to manage Cisco equipment by
identifying them and figuring out how they're set up, as well as allowing systems utilizing
different network layer protocols to learn from one other. CDP purposes with SNMP.
SIS LOG.
servers, implement the Syslog protocol. This flexible application may be used to handle
NetFlow is a technology that enables one to follow a stream of packets with similar
properties like source or destination port, source or destination address, protocol, and so on.
NetFlow is a network protocol technology designed by Cisco for capturing active IP network
traffic as it flows around in an interface. After then, the NetFlow data is processed to produce
a picture of network traffic flow and volume, hence the name: NetFlow. NetFlow is a cisco
ISO software service that characterizes network activity. Network operators are finding it
more important to understand how their networks are acting in response to new demands and
constraints.
Cyber-attacks have been expanding at a shocking rate over the years, according to statistics.
As many as personal records have been compromised as a result of these attacks. Investing in
expert network monitoring will enable you to quickly identify and resolve security risks.
Combining with appropriate technology that can detect and identify threats before it's too late
is one strategy to reduce the damage caused by data thefts. Security can be provided by a
network monitoring tool. Can spot anything out of the ordinary, whether it's a spike in traffic
or an unfamiliar device connected to your network, because they know what normal
performance looks like. By drilling in to figure out when and on what device an event
occurred, you’re able to take a flexible approach to network security.
While considering the above facts and information it’s really very important for EMC Cyber
to implement a Network Monitoring system as it is providing security products and service
across the entire information technology infrastructure. Not only in Sri Lanka but also for
abroad EMC is providing services. Then it’s very crucial to establish a Network Monitoring
System to safeguard the organization and its Data. Organizational networks should be set up
with monitoring tools that automatically alert IT teams to potential risks, such as disk space
spikes, backup failure, failing hardware, hacker attempts, and network devices without up-to-
date antivirus software, allowing IT to take corrective action before it's too late. For
organizations to get the benefits of network monitoring, it must become a key component of
their overall IT strategy. All network pieces must be monitored for security, resilience,
appropriateness, availability, and speed in order to be most successful. So as a security
analyst of EMC Cyber Company I strongly suggest establishing a Network Monitoring
System to safeguard the entire network of EMC as mentioned above. Tools like SNMP, CDP,
SIS LOG and NetFlow must be implemented in EMC Cyber to have safe and secure network
monitoring system.
Computers, phones, cameras, machines, and sensors, along with networking devices like
routers and switches, usually send data to the system in one of two ways:
SNMP - The Simple Network Management Protocol (SNMP) is an open standard that
has long served as the industry's network management protocol. SNMP is a
commonly used network protocol for managing and monitoring network components.
SNMP is used by the network management system to "poll" each network element.
The system then receives a response from each part.
Telemetry - Telemetry is the automated communication of important performance
information in real time via a software agent installed in a network device. Because
Through network management system the company can identify some critical aspects and
they’re:
Identification of a flaw
Management of performance.
Provisioning of a network
Maintaining a high level of QOS.
CONCLUSION.
Network Management may be used to keep track of both software and hardware in a network.
It generally collects data from a network's distant locations and sends it to a system
administrator for reporting. Network Management’s main advantage is that it allows users to
monitor and manage their whole business activities from a single computer. Through network
management the organization can be useful in Device detection on the network, Monitoring
of network devices, Analysis of network performance, Device management on the network
and Customizable alerts or intelligent notifications. So as a security analyst of EMC Cyber
Company I strongly suggest establishing a Network Management System to safeguard the
entire network of EMC.
CONCLUSION.
The basic assumption is that you separate your public-facing servers from your private,
trusted network by putting them in the "DMZ network." The use case is that your server may
be deeply rooted because it has a public face. If this occurs, and a malicious person obtains
The ultimate purpose of a DMZ is to provide untrusted networks access to resources while
keeping the private network safe. Web servers, mail servers, FTP servers, and VoIP servers
are all examples of resources that are typically put in the DMZ.
1. IPV4.
2. IPV6.
1. Static IP.
2. Dynamic IP.
An Ip which does not change is known as a static IP address. When you assign a static IP
address to your device, it normally remains that way until it is retired or your network
A static IP address can be used to inform other computers or servers on the internet where a
certain device is located or connected to the internet. Many small companies with internet-
related activities might benefit from this, such as hosting a web, email, or FTP server, gaining
remote access to a corporate network, or hosting a camera for video streaming and
videoconferencing applications. The advantages of speed and reliability are great. Because a
static IP address remains constant, systems using static IP addresses are more exposed to data
theft and security risks.
There are many benefits of static IP and constraint some of them are as follows:
IP addresses assigned to dynamic addresses are liable to change at any time. Dynamic Host
Configuration Protocol (DHCP) servers assign dynamic addresses as needed (avast, 2021).
DHCP (Dynamic Host Configuration Protocol) is an Internet protocol that allows computers
on a network to obtain IP addresses and other information like the default gateway. When
you connect to the Internet, an ISP computer configured as a DHCP server provides you an
IP address automatically. It might be the same IP address as previously, or it might be a
different one completely. When you disconnect a dynamic IP address-based Internet
A DHCP server is used to automatically setup additional network configuration and import
other IP addresses. The router serves as the DHCP server in most homes and small
businesses. A single computer can function as the DHCP server in large networks. In
summary, a device (the client) requests an IP address from a router (the host), and the host
then provides an accessible IP address to allow the client to communicate on the network.
CONCLUSION.
Static IP addresses provide a lot of benefits. Protect your network and assess whether or not a
static IP address is the best choice for your internal or organization if you want to ensure that
your devices are connected and running. When a device is granted a static IP address, it
usually retains that address as its online identity until it is decommissioned, or the network
architecture is altered. Static IP addresses are typically assigned to servers and other essential
equipment, and the static IP address makes it easier to locate and connect with them.
Since static IP addresses do not change, they are ideal for web servers and email servers
because users are unlikely to be rerouted if the IP address changes. Devices with a static IP
address can host servers that store data that may be accessed via the Internet by other devices.
This makes it easy for devices to find a server anywhere on the earth. When using a static IP,
remote access for devices on a closed network is much easier. Because static IP addresses do
Therefore, choosing Static over DHCP would be more secure and benefitable for EMC Cyber
as it provides strong security features.
The importance of NAT in firewall security cannot be overstated. It reduces the number of
public addresses used within a company and provides for tighter access control to resources
on both sides of the firewall.
Advantages of NAT.
CONCLUSION.
The ultimate objective of NAT is to decrease the quantity of public IP addresses that a
corporation or organization needs utilize, for both economic and security purposes. As EMC
Cyber company is associating with the clients throughout the world its very necessary to have
NAT to protect the organization from networking risks and threats. The benefit of NAT is
Using a lower number of public (external) IP addresses to connect a large number of hosts to
the global internet, thereby preserving IP address space. Therefore, for both economic and
security reasons, NAT may assist an organization increase security and reduce the number of
IP addresses it needs. NAT reduces the number of globally valid IP addresses required by an
organization.
NAT may also help with security and privacy. NAT prevents anything else from accessing
the private device by transferring data packets from public to private addresses. The router
organizes the data to ensure that it is sent to the correct location, making it more difficult for
unwanted data to pass through. It isn't perfect, but it is frequently the first line of protection
for your device.
When considering in the security perspective DMZ is very crucial system that should be
implemented in EMC Cyber company. This refers to a host or other network system that
serves as a secure and intermediate network system, or a link between two or more
companies' internal networks and the outside world. When EMC communicates with
customers, various external network systems may be used to attack EMC's network work
system. The EMC corporation can implement DMZ network technologies to prevent these
types of threats.
In security perspective Static IP contains more security features for a cyber security
organization. When considering EMC Cyber company, it should use Static IP instead of
DHCP IP because it protects the network and the access through this unchangeable IP form.
It's a unique number that an internet service provider assigns to a machine. Web hosting and
voice over internet protocol both benefit from static IP addresses (VOIP). The key benefit of
adopting static IPs is that they are fast and reliable. As a result, when the EMC company
operates with other countries, it requires a fast internet connection. Static IP addresses are
extremely beneficial to the EMC firm in these situations.
For both economic and security reasons, network address translation is used to minimize the
number of public IP addresses that EMC must use. When there is a public IP address, the
EMC company's network infrastructure is used to respond to queries from unknown IP
addresses. The EMC corporation benefits greatly from NAT's assistance in preventing these
actions. Therefore, establishing NAT for EMC Cyber is really important when considering
the security of the company.
Authentication: Users should be required to login to the network, and only authenticated
users should be able to access it.
Encryption: data should be encrypted so that confidential information cannot be
intercepted and sent to unauthorized parties.
Firewall: Hardware such as a firewall, which is a software application or piece of
hardware that helps screen for security, should be installed on the trusted network's
Computers and servers.
Private Network: The trusted network's Devices and servers should be configured with
software such as a virtual private network (VPN), which enables remote work and secure
data transmission.
Directory Server: This server verifies the identities or responsibilities of client devices.
Before being admitted to a Trusted Network System, every client device must be
assessed.
CONCLUSION.
Identify and evaluate the tools that can be utilized by EMC cyber to improve the
network and security performance without compromising each other. Evaluate at least
three virtual and physical security measures that can be implemented by EMC to
uphold the integrity of organization’s IT policy.
11. THE TOOLS THAT CAN BE UTILIZED BY EMC CYBER TO IMPROVE THE
NETWORK AND SECURITY PERFORMANCE.
As EMC Cyber has some risks. It is important to improve the network and security
performances to uphold the integrity of the organization’s IT policy. There are two types of
security measures that can be implemented by EMC Cyber to uphold the integrity of the
company. They are Physical and Virtual securities. Some of these are mentioned detailly
below.
Physical security is extremely essential, yet most businesses neglect it. It is required if you do
not want your information to be stolen or destroyed in the event of a natural disaster. If this
security wasn’t adequately managed, when an attacker obtains physical access, every one of
the safety precautions will be deemed useless. Physical security is proving to be more
difficult than in past decades, since there are more sensitive gadgets available (such as USB
drives, computers, cellphones, tablets, and so on) that make data theft simple and painless.
Intrusion detector - An intrusion detection system, or IDS for short, keeps an eye
on network and system traffic for any unusual behavior. Intrusion detection
software will provide you warnings once any possible threats have been discovered
(Kristina, 2019).
Guards - Guards will ensure that your customers and workers are safe at all times,
keeping an eye out for any threats from unwelcome guests (Kristina, 2019).
Intrusion alarm.
Motion detectors - Motion detectors are designed to detect almost any type of
movement. These devices are portable, simple to install, and do not require any
monthly monitoring. While motion detectors can help you maintain physical
security in the office, they can also provide your employees a sense of security
(Kristina, 2019).
RFID tags - RFID tags employ radio frequency technology to identify things and
are a form of tracking system that uses smart barcodes to do so. These radio waves
carry information from the tag to a reader, which subsequently sends it to an RFID
computer software (Kristina, 2019).
Multiple operators can access control (AC), which comprises permission, access approval,
multiple identity verifications, authentication, and auditing. And there are tools which will
improve the security performances and they are as follows.
Many lives and companies have been saved as a result of having a strong emergency plan in
place; it fosters security and caring among employees and coworkers. These are the physical
security measures I’ve implemented for EMC Cyber to uphold the integrity of the
organization’s IT policy and maintain the security and network performances.
Software protections for an organization's systems, such as user identity and password access,
authentication, access permissions, and authority levels, are all part of virtual security. Only
authorized users are able to execute activities or access information in a network or on a
workstation using these safeguards. Today, businesses in a variety of sectors face a variety of
cybersecurity challenges, and virtual security controls may be the solution to some of these
problems. While considering the above facts EMC Cyber also should utilize some Virtual
Security measures to uphold the integrity of the company’s IT policy. As an external security
analyst of EMC, I’ve suggested some virtual security measures and they are as follows:
These are some tools that should be utilized to improve security performances of a company
in order to uphold the integrity of the company. As an external security analyst of EMC
Cyber, I’ve implemented some virtual security measures and they are as follows:
MAC Address Filtering - MAC address filtering, also known as hardware address
filtering, is an optional function found on most broadband routers and other wireless
access points. It enhances security by restricting the number of devices that may
connect to a network.
Antivirus and antimalware software - Antivirus and antimalware programs were
developed to identify and guard against malicious software. While the word antivirus
implies that software simply guards against computer viruses, its functions typically
include protection against today's various types of malwares. Antimalware identifies
more complex malware, such as zero-day attacks, whereas antivirus software protects
against more common malware.
Firewall - A firewall is a network security device that monitors network traffic and
evaluates whether certain types of traffic should be permitted or banned consisting of
a set of security policies.
Multi Factor Authentication - MFA is an authentication tool that enables a user to
submit two or more verification factors in order to obtain access to a resource such as
an application, a user account on the internet, or a VPN. A robust identity and access
management policy must include multi-factor authentication. MFA needs one or more
extra verification criteria in addition to a login and password, which reduces the
chances of a successful cyber-attack.
Email Filtering - The process of filtering an organization's inbound and outgoing
email traffic is known as email filtering. Inbound email filtering analyzes messages
sent to clients and classifies them into separate categories. Depending on their needs,
organizations can use this capability as a cloud service or an on-premises appliance.
ACTIVITY 03.
Discuss suitable risk assessment integrated enterprise risk management procedures for
EMC Cyber solutions and the impact an IT security audit will have on safeguarding
organization and its clients.
A risk assessment is a thorough analysis of your company to discover those items, situations,
procedures, and other factors that might damage people. After you've made the identification,
you'll need to examine and assess how likely and serious the risk is. After you've reached this
conclusion, you may go on to deciding what steps should be taken to successfully remove or
control the risk (CCOHS, 2021).
The ability to detect, evaluate, and prioritize risks in organizational processes, assets, and
persons is enabled by proper risk assessment. Risk assessment is constantly concerned with
information such as,
Keeping an eye out for risks can help you gain a better understanding of the organization and
assist you improve the areas where it is lacking. This is also beneficial for future planning.
Every company has a limit to how much risk it can take. As a result, knowing the degree of
risk that the business faces help administrators to take appropriate steps to minimize the risk.
These are some types of risks that can be identified through a risk assessment and risk
management. While considering EMC Cyber it has a potential value of risks and can be
treated through risk assessment. The following are some procedures I’ve implemented for
EMC Cyber in order to safeguard the organization and its clients.
A company may conduct a thorough risk assessment approach and strengthen security by
following the procedures outlined above. As External security analyst of EMC Cyber, I’ve
implemented the above procedures to safeguard the organization and the clients.
Data loss happens when data is unintentionally destroyed or when data becomes damaged
due to some event. Data can become illegible by people and software due to viruses, physical
damage, or formatting mistakes. Understanding what causes data loss can help you reduce the
risk of data loss in your organization.
Data protection is a highly helpful thing to perform in an organization since any organization
or major corporation contains a lot of useful data, and if that data is leaked to their rivals, the
organization or company would undoubtedly suffer financial losses. These are some of the
useful details that reputable businesses have. Some of them are as follows:
1. Banking information.
2. Email details and Passwords.
3. Asset information.
4. Customer details and information.
5. Transactions of the company.
So, these are some of the valuable information of the organizations and there more too. In
order to protect these from internal and external threats security measures should be taken.
Some of the security measures are stated below.
Policies for Data Encryption, Password, Email and Data processing should be implemented.
These are the key factors that can be recognized for a data protection. By encrypting the data
and applying strong password policies will lead to have a strong data protection.
Employee Monitoring.
The human component is frequently the most vulnerable link in the data protection process.
Data breaches arise as a result of employee carelessness or ignorance. Employees at large
businesses are kept up to date on compliance regulations and internal cybersecurity rules,
with training and clear instructions provided for individuals who come into deal with the
most sensitive forms of data.
These steps should be taken in order to protect the data. EMC Cyber company can also
implant the Data Protection Act of 1998, the main purpose of this Act is to protect individuals
against misuse or abuse of information. EMC Cyber also should practice these in daily basis
to prevent data breach and protect the data of the company. There are some standards that are
The primary goal of the Data Protection Act of 1998 is to safeguard individuals from the
exploitation or abuse of personal information. It was created to provide organizations more
control over how personal or consumer information is used. It safeguards individuals and
establishes guidelines for the use of personal data.
Organizations' personal data is protected against illegal access and alteration under the
Computer Misuse Act. This act is intended to prevent an infraction against the organization.
they really are Unauthorized access to computer material, unauthorized access to computer
material with the purpose to commit a later crime, and unauthorized data modification and
creating, giving, or getting anything that might be utilized in computer-related crimes.
The ISO 27701 standard is the most recent in the ISO 27000 series, and it explains what
organizations must do while putting in place a PIMS (privacy information management
system). ISO 27001 is an international standard for information security that establishes the
best practices required by legislation like the GDPR (Irwin, 2021).
ISO 27001 is concerned with how an organization keeps data correct, available, and
only accessible to authorized personnel.
ISO 27701 defines how a company gathers personal information and protects it from
unauthorized use or disclosure.
The General Data Protection Regulation (GDPR), which takes effect on May 25, 2018, is a
term for the General Data Protection Regulation. It was enacted by European legislators in
order to provide a uniform data privacy legislation for all EU member states. Its goal is to:
promote privacy as a basic human right; hold firms that handle personal data accountable for
properly handling that data; and encourage enterprises to share data responsibly and
Individuals should have control over how their personal data is collected and utilized
(Thomas, 2018).
Summarize the ISO 31000 risk management methodology and its application in IT
security.
A security policy is expected to explore a variety of approaches. Its primary goal should
be to protect persons and information while also laying the groundwork for expected user,
system director, management, and security behavior. It should also enable appropriate
people to monitor, probe, investigate, describe, and approve the outcomes of breaches, as
well as to process the company's baseline security position. This will make it easier to
reduce risk and verify adherence to policies.
These are the advantages of using ISO 31000 risk management methodology.
The ISO 31000 standard provides a structured framework for managing risks and
opportunities that is based on international best practices. If you stick to this framework,
you'll have a better chance of achieving your company goals. It will assist in analyzing and
evaluating elements that work in favor of or against the goals, making smarter decisions, and
improving management practices across your organization.
When we discuss about ISO 31000, we're referring about risk management rules that provide
concepts and frameworks for managing risks in the EMC enterprise. It is simple to manage
the EMC company when the Top management adheres to the ISO 31000 regulations. Because
it contains all of the guidelines and frameworks. This ISO 31000 law may be used by any
firm, including small and large businesses.
The director of an EMC company can compare the risks and threats that come their way by
maintaining or following the ISO 31000 law. To put it another way, the top management of
EMC can compare the threats that has encountered in the past with the new ones that are
approaching. Another advantage that the EMC company can have is that they can compare
their risk management methods to a globally recognized Standard that provides strong
management and corporate governance principles. Another advantage is that the EMC
company may discover risks before they have an impact on the organization.
When EMC company deals with or does business with foreign countries, its professional
image is crucial. If it is harmed as a result of threats or risks, those nations will begin to reject
the firm. Because of these factors, successfully managing risks allows EMC to operate well in
an uncertain environment. As a result, EMC Cyber company can detect the treats
approaching to the organization using the ISO 31000 risk management methodology and treat
them in advance. Through ISO 31000 law EMC Cyber can protect IT security of the
company too.
IT security is highly essential to the EMC organization because it guarantees that the cyber
defenses are up to date and that they can effectively identify and respond to any threats posed
by hackers and other cybercriminals who manipulate IT systems for their own goals by
managing or maintaining IT security audits. When the EMC company deals with other
countries, cyber defenses are critical; if they fail, highly dangerous hackers will attack the
servers and steal all of the essential data, but there is no risk if the cyber defenses are up to
date.
The unique feature of an IT security auditing system is that it can quickly detect vulnerable
points and problem sectors. Although the IT system is complex, with many components such
as hardware, software, data, and processes, the IT security system can quickly identify weak
regions. Developers may examine whether our hardware or software tools are configured and
operating correctly using the IT security system. And security audits retrace the security
events or risky situations that the organization has experienced in the past that may have
revealed our security flaws. The audit also focused on conducting testing in terms of network
vulnerabilities, operating systems, access control, and security applications.
Conclusion.
Security objectives that are aligned with the company's goals and are documented in policies
and procedures. Policies and procedures are more than simply paperwork; they are the
foundation of a strong security strategy. EMC's security base will be more relevant, effective,
and compliant once the business policies and processes have been improved or updated with
the aid of the company employees. These security procedures will be implemented by the
cybersecurity officers of EMC Cyber company. Which will Provide current management of
the company's policies, procedures, and standards in order to ensure that such papers are kept
up to date and relevant. Work with EMC to develop methods for effectively conveying
policies, standards, and processes for assessing acceptable security practices and agreements.
Therefore, IT security policy should be up-o-date and accurate to keep the business continue
successfully.
The alignment of security rules stated at various levels in socio-technical systems and
assigned to various agents, both technical and human, is referred to as security policy
alignment. Misalignment of IT security policy will always have a negative impact to the
When the future goals or plan are at odds with the actual outcome, misalignment occurs. The
concept of IT Security alignment has been explored, particularly in the context of IT business
alignment. The concept of alignment has also been investigated in the context of software
expansion to solve challenges related to growth and testing. Alignment is a difficult notion to
grasp, especially in IT, because it is fragmented and applies to a variety of surfaces. As a
result, it is critical to focus on individual components of alignment rather than the overall
alignment in order to establish appropriate alignment.
As a result, the goal of this work is to define security policy alignment for complex IT
systems, and the structure is based on predicates over action sequences. Developers describe
how this standardization provides the basis for current and future techniques for detecting
security flaws caused by policy misalignment in IT systems. Some of them are using
keywords, fingerprints, password, and many other security techniques.
Alignment is a problem that can't be solved in bits and pieces. EMC Cyber should devote
time and money to developing a thorough business alignment plan. This strategy's activities
and initiatives must be carried out in combination with, not in instead of, current security
projects. EMC Cyber must implement policies to secure the security of the company.
Security policies should include Personal usage of information systems, Disclosure of
information, Physical security of infrastructure and information resources, Violations and
breaches of security, Prevention of viruses and worms, Encryption and Contingency /
continuity planning. And should take valid rules for violating them.
CONCLUSION.
ACTIVITY 04.
Design an organizational security policy for EMC Cyber to minimize exploitations and
misuses while evaluating the suitability of the tools used in an organizational policy.
Significance of an IT policy.
IT security policies are intended to address security risks and execute methods to minimize IT
security vulnerabilities, as well as to specify how to recover from a data breach. Employees
are also given guidance on what they should and should not do as a result of the policies.
These are the following reasons why an organization should have an IT policy.
There are some extreme benefits of having a security policy in an organization and some of
them are as follows:
I’ve implemented some policies that should be followed by the employees in order to
minimize exploitation and misuses occur in EMC Cyber’s security policy and they are as
follows:
1. In order to establish and manage both system and user accounts, the Systems Manager
should present a writing in advance with the help of IT personnel.
2. Only authorized individuals have access to and maintain application systems, network
devices (routers, firewalls, servers, and so on), operating systems, and other data
items.
3. The creation of user and privilege accounts such as system administrator and security
administrator must be approved by the network manager.
4. Train employees to perform emergency tasks.
5. Be accurate and update to all policies of the organization,
These are procedures that should be used to improve the security features of EMC Cyber
company to protect from physical and virtual threats. And the policies for EMC Cyber
Company are explained detailly below.
A risk matrix is a diagram that shows how risks are presented. The risks are split in the
picture based on their likelihood, consequences, or extent of damage, so that the worst-case
scenario can be identified quickly. In this perspective, the risk matrix is an important
component of your project and risk management since it represents the outcome of the risk
analysis and risk evaluation (Kristina, 2019).
NAC products are critical tools for ensuring an organization's cybersecurity. They enable a
company's security policies to be applied to devices and people seeking to connect to its
network. It assists the organization in determining who is attempting to connect into their
network and from where they are attempting to log in. Before a user logs into a system, NAC
guarantees that the devices used inside the company have the necessary security updates,
antivirus software, and other controls. Increased network visibility, reduced cyber risks, and
improved significantly network performance are just a few of the top advantages of network
access control.
Whether you're concerned about a huge network security audit popping up or IoT devices
occupying your network, network access control can assist.
A user's applications, data, and configuration settings, as well as crucial personal information
like bookmarks, browsing history, backgrounds, documents, and apps, are all connected into
a user's profile. As a result, it's important for administrators to be able to rapidly restore User
profiles during outages so that their employees can go back to work and maintain their
productivity. By storing important profile information in a single location and providing it to
users as needed, a user profile management system allows IT to do this duty (Doug, 2018).
A user profile management system may provide important advantages to the user
environment, such as failure recovery, easy roaming, profile corruption prevention, and
Metric enhancement and many more.
Net Sparker serves as a one-stop shop for all things related to web security. This platform,
which is available as a hosted or self-hosted solution, may be readily incorporated into any
sort of test and development environment. Net Sparker offers developed Proof-Based-
Scanning technology that employs automation to identify vulnerabilities and check false
positives, eliminating the requirement for large-scale manpower investments (Aravindan,
2021).
It is a tool for evaluating the security of network communications. It looks for known
TLS/SSL flaws and misconfigurations in the application. Nogotofail is a scalable and flexible
tool for detecting, repairing, and repairing poor SSL/TLS connections. It determines if they
are vulnerable to man-in-the-middle (MITM) attacks. It works with Android, iOS, Linux,
Windows, Chrome, and any other device that connects to the internet as a router, VPN server,
or proxy server (Gary Hayslip, 2018).
An audit tool, in general, is anything that auditors use to perform an audit. Software such as
ACL, Access, or Excel can be used as an audit tool. A hard-copy audit program or check list
can also be used. Auditors' audit tools are often audit programs, checklists, Excel workbooks,
and work sheets that are printed and used as work papers to document the audit as it is
performed (PETTERS, 2020).
Auditing management software is an excellent tool for increasing efficiency and ensuring
quality, particularly in industries with numerous compliance and safety standards.
Performance has improved - Imagine what you could accomplish with these same
tools if they were built to assist auditors delve into the inner workings and finer
aspects of an organization.
The simplicity of usage.
It saves time.
A DLP technology, which is intended to prevent sensitive data from being transmitted, is
another crucial security tool for an organization. The DLP looks for data that fits particular
features or patterns linked with credit card and Social Security numbers in network traffic.
These are the most effective gadgets for detecting hacker activity if they have gained access.
It is important for a company since it is used to identify risks and alert personnel about
sensitive data and how to block transmission of that data (Aravindan, 2021).
They offer a centralized management structure for detecting and preventing unwanted access
to and transfer of your sensitive data. DLP safeguards your information infrastructure from
mistakes that lead to data leaks and intentional exploitation by insiders, as well as external
attacks.
In a policy, we may disregard some procedures. Even when fundamental advancements are
incorporated, we might become distracted and neglect at least one of the essential
methodologies. It's easy to forget things, and recovery is usually more about worry than
taking care of business the first time around. A checklist is a simple tool that keeps these
errors at away (sciencedirect, 2021).
Benefits of checklist.
Audits are made easier using checklists - Checklists for safety audits make it much
easier to examine all potential dangers in the business. That way, your employees will
be aware of the types of corrective actions that need to be taken to address any
possible issues.
Personnel will not overlook certain critical duties if checklists are in place.
Personnel are kept organized through the use of checklists.
A check list can help us be more organized by ensuring that we don't skip any
procedures in a schedule.
They're simple to use and efficient.
Checklists act as a knowledge store for your organization.
Checklists make it easier to share information.
Checklists make reporting easier.
Checklists enable us to create and complete tasks. Because checklists can help us be
more productive, it creates a balanced cycle in which we are motivated to do more as
a result of positive outcomes.
The penetration testing, often referred to a pen test, conducts a cyber-attack on a computer in
order to detect potential vulnerabilities. Penetration testing is frequently used to complement
a web application firewall in the context of web application security. Pen testing is attempting
to break into a variety of application systems (e.g., APIs, frontend/backend servers) in order
to find vulnerabilities, such as unsensitized inputs that are vulnerable to code injection
attacks. The penetration test's findings may be utilized to fine-tune your WAF security
policies and fix discovered vulnerabilities (Sampera, 2019).
Conclusion.
These are some security policy tools that should be implemented in EMC Cyber company to
have a secure policy for the organization. The above-mentioned tools (Risk Matrix, NAC,
User Profile Management, Net Sparker, Google Nogotofail, Auditing tools, Ethical Hacking,
Check List, DLP and Penetration Testing) aid in the identification of risks and threats, the
timely planning of work, and the preparation for attacks, as well as the implementation of a
more effective organizational policy. Therefore, as an external security analyst of EMC
Cyber company I prefer adding the following tools to establish a strong security policy for
the EMC organization.
IMPLEMENTING ORGANIZATION
INTRODUCTION.
PURPOSE.
SCOPE....................................................................................................................
ROLES AND RESPONSIBLITIES.
REVISION HISTORY OF SECURITY POLICIES IMPLEMENTED................
POLICIES...............................................................................................................................
STANDARDS.
GUIDELINES.
PROCEDURES.
REMOTE ACCESS POLICY.
PURPOSE.
SCOPE....................................................................................................................................
PASSWORD POLICY.
PURPOSE.....
SCOPE.
ACCESS MANAGEMENT POLICY.
PURPOSE.
SCOPE.
NETWORK-CONNECTION POLICY.................................
PURPOSE...............................
SCOPE..
ENCRYPTION POLICY..................
PURPOSE.
SCOPE.
EMAIL POLICY.
PURPOSE.
SCOPE.
PHYSICAL SECURITY POLICY.
PURPOSE.
PURPOSE.
The purpose of this Security Policy document is to outline the security standards for the
EMC's proper and secure usage of Information Technology services. Its objective is to
safeguard the EMC Cyber and its users against security risks that might compromise their
integrity, privacy, reputation, and commercial consequences to the greatest extent possible.
SCOPE.
This document applies to all users in the EMC Cyber, including temporary users, guests with
short or long - term access to services, and partner with limited by guaranteed access to
services. This member must follow the policies described in this document.
Determining how security will be minimized in the company is a part of information security
management. Management creates information security policies to indicate how the company
wishes to safeguard its data. Following the development of policies, standards are developed
to establish the obligatory regulations that will be utilized to carry out the policies. Some
policies may have many guidelines, which provide advice for how to apply the policies.
Finally, information security managers, administrators, and engineers create procedures that
follow the policies using common guidelines.
STANDARDS.
GUIDELINES.
The term "guideline" refers to broad declarations, suggestions, or administrative instructions
that provide a framework within which to implement procedures in order to fulfill the policy's
objectives. A guideline should be reviewed more regularly than standards and rules since it
might change often depending on the environment. Therefor always guidelines should be
reviewed and modified.
PROCEDURES.
A security procedure is a collection of steps that must be followed in order to complete a
certain security policy or function. Procedures are often developed as a set of actions to be
performed in a consistent and repeatable manner to achieve a certain goal. (John J. Fay,
2018).
Procedures and policies are the rules and regulations that every firm follows to ensure its
security and prevent various sorts of fraud. As a result, both employees and employers must
follow these procedures and policies. Another motivation to create rules and regulations is to
ensure that the firm can continue in the future. Similarly, EMC established a number of
procedures to reduce their risks. These are some of the risks that the EMC company had to
deal with, as stated above.
Procedures answer questions like How, When and Where while decision making.
These are the procedures that are implemented under the policies for EMC Cyber Company.
SCOPE.
A remote access policy provides as a guidance for distant users attempting to join to the
network. It assists in ensuring that only those users who require network access are granted
access, as long as their devices comply with the standards. When properly implemented, it
aids in the protection of the network from possible security risks. (Carklin, 2021). Therefore,
EMC Cyber company too should implement remote access policy. As a security analyst I’ve
implemented the following procedures that should be followed in EMC company to increase
the security features, and they are as follows.
PASSWORD POLICY.
PURPOSE.
Almost every company provides its staff with user accounts that provide them access to
sensitive data. The purpose of this policy is to implement a standard to create a strong
password and protect it.
Cyber attackers will be able to access these accounts in seconds unless staff safeguard them
with strong passwords. Organizations must reduce this risk by establishing tight guidelines
for what makes a valid password. Your password policy should recognize the dangers of bad
login practices and provide ways to minimize the risk of password breaches.
Passwords cannot include the user's whole name or portions of it, such as their
first name (personal data).
At least three of the four-character kinds are required in passwords: lowercase
letters, uppercase letters, digits, and symbols.
Further, the local administrator password should be updated every 180 days for
security reasons, and the service account password must be modified at least each
year during EMC Company maintenance.
When passwords are entered, they must not be displayed.
Passwords should never be kept in a format that is easily readable (encryption
must always be used).
Unauthorized persons should never have access to password hashes (irreversible
encoded data).
At least 8 characters must be included in the password.
Letters, numerals, special characters, and upper and lowercase characters should
all be included in the password.
Passwords should not contain easily guessable terms or personal information such
as birthdays, phone numbers, or other identifying information.
SCOPE.
Access control is the earliest and most effective security for business IT. The access control
policy of the company should be evaluated in order to properly safeguard the data. To avoid
NETWORK-CONNECTION POLICY.
PURPOSE.
A network-connection policy is a collection of rules for safe network connections that
includes standards for setting and expanding any section of the network, regulations for
private networks, and detailed information on the network's devices (Gary Hayslip, 2018). It
Protects against unauthorized and unsecured connections, which allow hackers to gain access
to an organization's network and compromise data and system integrity. Only approved
people and devices are allowed to join to the network, and it specifies who may add new
resources to the network.
SCOPE.
The location of an attacker's remote data collection server and whether the subject machine is
beaconing to a command-and-control structure, among other things, can be exposed by
network connections and activity on the target system. (sciencedirect, 2021). These are some
A hostname and an Internet Protocol (IP) address are required for all networked
devices in EMC Cyber.
The device's user/owner agrees to only use the network for legal purposes.
ENCRYPTION POLICY.
PURPOSE.
An encryption policy's purpose is to encrypt data at the appropriate moments. For example,
IPsec and SSL encrypt data while it goes across a network, but they don't safeguard data on
disk or in a database. Encrypted fields in a database, therefore, offer nothing to secure data
while it is accessed via a network.
SCOPE.
Encryption safeguards your company's sensitive data from hackers and illegal employees.
Encryption, for example, can prevent someone from accessing critical data on your hard drive
if your laptop and/or mobile device are stolen. As a result, it's critical to encrypt your
computer or mobile device's hard disk, or at the very least the sensitive data. Therefore, to
increase security measures EMC Company should adopt encryption methods to safeguard the
organization’s data. Hence as a security analyst I’ve suggested few encryption procedures for
EMC Company, and they are as follows:
SCOPE.
Over the last two decades, email has quickly become one of the most widely used business
tools. While email's advantages are obvious, the sheer number of messages sent and received
on a daily basis makes monitoring communications a challenging task. This is why having an
email policy in place is so important. These are some email procedures that are implanted for
EMC Company to safeguard the organization.
SCOPE.
Physical security is concerned with safeguarding sensitive data, confidential information,
networks, software, equipment, facilities, firm assets, and individuals. In order to protect
Physical access to server rooms/areas must be strictly regulated, and servers must
be kept under lock and key in server racks of EMC Company.
All physical accesses, both by guests and authorized people, must be recorded.
Identify that the most sensitive devices are kept in that secure location of EMC.
Pack up the portables and keep them safe.
Personal devices are not allowed to be plugged to EMC’s devices.
A security guard should be stationed in each of the organization's server rooms,
and surveillance cameras should be utilized to watch them 24 hours a day, seven
days a week.
For access to server rooms and special access rooms, smart cards are utilized.
Every year, all smart cards should be refreshed.
When employees enter the EMC Company, fingerprint access must be utilized.
Face recognition system of employees should be implemented.
SCOPE.
An organization or Business Continuity and Disaster Recovery Policy is intended to give
guidance and basic standards for the development, execution, and administration of the
Organization is the Disaster Recovery Policy. Hence this security measure/policy should be
implemented to EMC Company to protect the organization from disasters. Therefor as a
security analyst I’ve implemented the following procedures for disaster recovery policy, and
they are as follows.
SCOPE.
The aim of this policy is that the Employees should be aware that there are regulations under
which they will be held accountable when it comes to the sensitivity of business information
and IT assets. Therefore, EMC Cyber company too should implement a strong information
security policy. As a security analyst I’ve implemented the following procedures that should
be followed in EMC company to increase the security features and how to safeguard the
organization’s information and its resources and they are as follows:
Examine if employees of EMC are aware of the appropriate processes and procedures in
place.
Provide guidance on how to use audit logs and other proof to show that rules, processes,
and procedures are being followed.
Development of any policies that aren't yet in place, ensuring that they accurately
represent the working environment of EMC.
Save and have backups of regular files and save in multiple location or folders.
Keep antivirus software’s up to date.
Don’t delete files if you’re not attending, especially system files.
SCOPE.
It's critical to have a business continuity plan in place that considers any potential operational
disruptions to the organization. Business continuity aids an organization's survivability by
allowing it to respond swiftly to a disruption. Business continuity saves money, time, and the
reputation of the organization. While considering the facts above EMC Cyber company
should implement business continuity policy. As it is delivering security products and
services across the entire information technology infrastructure. As a security analyst of EMC
Company, I’ve implanted the following procedures that should be followed for a business
continuity policy.
IT ASSET POLICY.
PURPOSE.
IT asset management policies, which include data security and email, are used to safeguard
corporate assets and interests. Technology devices and software are clearly assets that are
costly, valuable, and deserving of "protection" from failure, loss, destruction, theft, damage,
and other harm (Ttoolkit.com, 2020).
SCOPE.
From physical locks on equipment to inventory tags, asset management policy specifies the
measures to be done to safeguard and maintain technological assets. IT asset Policy is used to
All workers that interface with EMC’s IT assets must be properly trained.
IT assets must only be utilized for the EMC’s business activities to which they have been
assigned and/or permitted.
All IT assets must be kept in secure places with strong access controls and appropriate
environmental conditions.
Non-authorized personnel are not allowed access to assets of EMC Cyber.
Access to assets at the EMC’s location, including those accessing remotely, must be
controlled and properly authorized.
Access to assets at the EMC Cyber’s location, including those accessing remotely, must
be controlled, and legally permitted. Laptops, PDAs, and other devices used in off-site
locations must be checked and maintained on a regular basis.
Before disposing, all asset tags or labels that identify the organization must be removed.
Physical demolition will be used to destroy electronic material (such as cassettes, disk
drives, multifunction devices, copiers, and so on).
INTERNET POLICY.
PURPOSE.
SCOPE.
Doing business requires the use of the internet. It may, however, be a fantastic method for
employees to waste time, compromise security, or cause legal difficulties. A well-thought-out
ANTIVIRUS POLICY.
PURPOSE.
This is an internal IT policy that specifies the anti-virus policy for each machine, including
how frequently a virus scan is performed, how frequently updates are performed, and what
applications will be used to identify, block, and remove malware programs. It specifies which
file attachment types are banned on the mail server and which anti-virus application will be
used. It may also describe how files can join the trusted network and how malicious or
undesirable content will be checked on these files.
This policy is intended to keep viruses and other malware from entering the organization's
resources (LOYOLA, 2020).
SCOPE.
On all servers and client PCs, the anti-virus software must be run in real time. The
product must be set up to provide real-time protection.
At least once a day, the anti-virus library definitions must be updated in EMC Cyber.
On all user-controlled workstations and servers, anti-virus scans must be performed at
least once a week.
Except for domain administrators, no one should be able to stop anti-virus definition
updates and scans.
All antivirus programs must update their virus definitions on a regular basis. They
must be closely watched to ensure that updates are completed successfully.
PURPOSE.
A risk management policy is a tool used by businesses and other organizations to minimize
threats and act in a way that minimize their effect. Even if most risk policy statements focus
on a company's financial risks, the kind of risks addressed can vary greatly, including the risk
of injury, accidents, and legal issues. (Sarokin, 2020).
SCOPE.
Risks to a business can arise from a variety of sources. Stealing, accidents, and worker unrest
are all internal threats. Natural disasters and pandemics are examples of external hazards, as
are environmental concerns such as global climate change and stakeholder reactions such as
lawsuits and protests. In this sense, a company's risk management policy aids in the
coordination of activities across the organization. Therefore, EMC Cyber company too
should implement a Risk management policy. As a security analyst I’ve implemented the
PURPOSE.
This policy establishes the processes for safeguarding this information, as well as how
personal and sensitive data should be exchanged securely and safely within and outside the
company. One of the most prevalent methods of cybercrime is data transmission.
The purpose of this Security Policy is to outline the security standards for the Organization's
proper and secure usage of Information Technology services. Its objective is to safeguard the
Organization and its users against security risks that might compromise their integrity,
privacy, reputation, and commercial consequences to the greatest extent possible. Always
remind your staff to spread the message about your new policies and procedures. It's critical
that staff are informed of and up to date on any changes to IT or cybersecurity procedures.
SCOPE.
This policy and procedure create a framework for ensuring compliance with data transfer
obligations that is effective, responsible, and transparent. It is critical to properly establish the
recipient's identification and authorization for any transfers of information including personal
or sensitive data. Therefore, EMC Cyber company too should implement a Data Transfer
So, these are the policies implemented for EMC Cyber to minimize the organization from
exploitations and misuses.
CONCLUSION.
Every organization must implement security policies to prevent from threats/risk. These are
some key benefits of implanting policies to an organization. Reduces the danger of data loss
or leakage. External and internal users who are “malicious” are protected from the
organization. Establishes rules and best practices for use, as well as ensuring correct
compliance. Declares that information is an asset, the property of the organization, and that it
must be safeguarded from unlawful access, alteration, disclosure, and destruction both
internally and externally. When legal difficulties develop, encourages the company to take
active steps.
As a security analyst of EMC Cyber company, I prefer adding the abovementioned security
policies to prevent the organization from security threats.
A disaster recovery plan's goal is to thoroughly describe the activities that must be performed
before, during, and after a natural or man-made disaster so that everyone on the organization
can follow them. A disaster recovery plan should address both deliberate and unintentional
man-made disasters, such as the consequences from terrorism or hacking, as well as
unintentional disasters, such as equipment failure.
Each representative must be made aware of the DRP, and when it is implemented,
compliance is essential. A comprehensive off-site information reinforcement strategy as well
as an on/off-site recovery plan must be included in the DRP.
There are some main components of a Disaster Recovery Plan, and they are as follows.
DISASTER RICOVERY
These are the main components of a Disaster Recovery Plan, and they are included in the
below DRP template.
PLAN FOR
EMC CYBER COMPANY.
IMPLEMENTING ORGANIZATIONAL SECURITY FOR EMC C
Objective...............................................................................................................................110
Policy Statement...................................................................................................................111
Disaster Recovery
Team.......................................................................................................112
External Contacts.................................................................................................................112
Backup
Strategy....................................................................................................................113
Risk Management.................................................................................................................114
Financial
Evaluation.............................................................................................................116
EMC Cyber is a well-known cyber security firm located in Colombo, Sri Lanka, that provides
security solutions and services across the whole IT infrastructure. Some of the world's top-
level firms serve in a variety of industries, and the company has a number of clients both in
Sri Lanka and worldwide. Firewalls, anti-virus, intrusion detection and prevention, and
endpoint security are among the products developed by the business. EMC Cyber is in charge
of safeguarding businesses' networks, clouds, web applications, and emails. Advanced threat
prevention, secure unified access, and endpoint security are also available. In addition, they
advise clients on security concerns and treat them.
Objective.
Policy Statement.
The following policy statement has been authorized by EMC Cyber management.
External Contacts.
Email Lecco.limited@gmail.com
Email Dialog.customer@gmail.com
Email Abans@gmail.com
Email Server.m@gmail.com
Email gamestreet@gmail.com
Email Agg.powergenerator@gmail.com
Email Cyber.insurance@gmail.com
Updating the EMC Strategy. The process of upgrading the DRP must be appropriately
managed and regulated. Any changes to the strategy should be thoroughly tested, and
relevant adjustments to the training materials should be made. Under the direction of the IT
Director, established change control processes will be used.
Copies of this Plan, including CDs and physical copies, shall be kept in safe places
determined by EMC. A CD and hard copy of this strategy will be given to each member of
senior management to keep at home. Every participant of the Disaster Recovery Team and
the Business Recovery Team will receive a CD and a hard copy of this plan. A master,
password-protected copy will be kept on special facilities set up for this purpose.
Backup Strategy.
The key business processes are outlined below, along with the agreed-upon backup solution
for each. The EMC's office will be used as the recovery site, which will be completely
mirrored.
This method includes maintaining a completely mirrored copy site that allows for quick
changeover between the live and backup sites (headquarters).
Risk Management.
There are a variety of possible disruptive threats that might emerge at any time and interrupt
routine company operations. The outcomes of our considerations are given in this section.
We evaluated a wide variety of potential risks. Every possible natural catastrophe or
emergency circumstance has been investigated. The focus here is on the level of business
interruption that each sort of disaster might cause. And they are as follows:
Tornando 5 Substitute
Probability: 1=Very High, 5=Very Low Impact: 1=Total destruction, 5=Minor annoyance
Type. Location.
The following are key trigger issues at headquarters that would result in the DRP being
activated:
The Emergency Response Team (ERT) must be activated when an event happens. The ERT
will next determine the scope of the DRP's application. In the case of a disaster, all
employees must be given a Quick Reference card with ERT contact information. The ERT's
responsibilities include:
In the order given, the person who discovers the issue contacts a member of the Emergency
Response Team:
Emergency Response:
The Emergency Response Team (ERT) is in charge of activating the DRP in the case of any
of the disasters listed in this plan, as well as any other incident that affects the company's
capacity to function regularly.
Financial Evaluation.
The emergency response team will prepare an early evaluation of the incident's impact on the
company's financial affairs. Loss of financial records should be included in the assessment.
• Revenue is lost.
• Theft of checkbooks, credit cards, and other assets
• There has been a cash loss.
IP Address:192.168.2.1 255.255.255.0
Other
Key Contacts
Daily
Monthly
Quarterly
After the initial disaster recovery response is completed, the DRT leader should write a report
on the actions that were completed. The report should include details on the emergency, who
was alerted and when, and the measures taken by members of the DRT, as well as the results
of those efforts. The influence on routine corporate operations will also be evaluated in the
report. The report should be delivered to the head of the company recovery team, with a copy
to senior management if necessary. After the initial disaster recovery response is completed,
the DRT leader will write a disaster recovery report. The report will be given to top
management in addition to the business recovery team leader.
Once regular company operations have been restored, responsibility for individual
activities must be returned to the appropriate business unit leader.
This procedure should be established to ensure that all parties are aware of the change
in overall responsibility and the return to normal operations.
• All operations will be decided using a standard framework during the disaster recovery
process, and this plan will need to be updated on a regular basis whenever possible during the
disaster recovery period.
• All acts that take place during this phase must be documented.
Activity Name:
Reference Number:
Brief Description:
For each process recovered, the business recovery team leader and the appropriate business
unit leader should fill out and sign the accompanying transition form.
I confirm that the effort of the business recovery team has been accomplished in accord
with the disaster recovery plan for the above procedure, and that normal business actions
have been successfully restored.
I confirm that above business process is now acceptable for normal working conditions.
Name: ___________________________________________________________________
Title: ____________________________________________________________________
Signature: ________________________________________________________________
Date: _________________
1. Influence a business.
2. Influenced by a business.
3. Influence a business and influenced by a business.
These are the stakeholders of EMC Cyber Company who manage to keep up the company
safe and secure during any kinds of risks. And make sure the organization functions properly
and securely during any crisis and they are as follows:
Risk manager: In terms of analyzing, managing, and responding to cyber risks, risk
managers may ensure that various stakeholders are linked. It's also crucial to understand the
expanding cyber insurance industry as well as risk financing solutions in overall.
Security Manager: Security managers are in charge of safeguarding assets for organizations
and corporations, from the safety of employees and customers to the prevention of theft and
inventory loss. These experts create and implement security policies, ensuring that they are
followed by all employees.
Chief Financial Officer /CFO: Concerns vary from the possible costs of a cyber incident to
the influence on the bottom line, as well as the security of the office's sensitive data.
Board of Directors/CEO: They have a legal duty to analyze and manage cyber risk since
they are responsible for overall business and company performance. Regulators such as the
Securities and Exchange Commission and the Securities and Exchange commission have
stated that they expect top management to be involved in the matter.
Customers and Vendors: Interactions with customers and vendors might put you at risk of
being attacked. You must be aware of the safeguards they have in place so that they do not
become a weak spot in your cyber security.
Protecting your company's data and people' privacy is getting increasingly tough. Cyber-
defense methods that work is multifaceted and thorough. Understanding and clarifying the
roles and responsibilities of all important stakeholders is a critical component.
Auditor – keeps track of all system activities, including user account logins, file access, and
data and configuration modifications. Detailed event logs allow you to determine the exact
cause of security flaws and other issues, allowing you to fix them and enhance your
cybersecurity strength.
Security Manger - Identify and safeguard corporate assets by creating and implementing
security policies. Through training and evaluations, ensure that employees follow security
procedures and requirements, ensure that employees and customers are safe in the workplace,
conduct assessments and inspections of security processes, Prepare the company and its
employees for external inspections.
Data Classification enables you to inventory all of your data and categorize it according to
its sensitivity and worth to the company, allowing you to apply different security measures to
different levels of data at a granular level. Compliance audits are also substantially
accelerated by data categorization.
Understanding the weaknesses in the current security strategy allows you to design a far
better plan than the one you have now. A thorough security audit may help an organization's
defense system improve. There are some steps that should be followed to have a proper
security audit and they are as follows:
1. Plan for your audit – the auditor has to recognize the risks associated with computer
equipment, customer data and other important documents. After finding the risks
mange only the very important and sensitive assets.
2. Make a list of your potential threats - Human error, malware and logical attack,
password insecurity, and natural disasters can all cause damage. Along with assessing
the risks, the auditor must examine how they might influence the performance of the
organization.
3. Examine the current state of security – the auditor has to identify the risks and
evaluate it. The preset security structure will help to minimize the risks associated
with the organization.
4. Organizing (Risk Scoring) - All threats are ranked in this phase based on their
priority. Risks with larger dangers are ranked higher, whereas risks with smaller
threats are ranked lower. When rating, various criteria such as the organization's
When these five stages are followed correctly, the company has undergone a complete
security audit.
Conclusion.
Simply publishing a report on your results isn't enough. By giving clear and realistic
suggestions for implementing cybersecurity changes, the audit should contribute to the
security of your company. Create a plan for resolving any system vulnerabilities. Take the
required steps to bring a file or data system into conformity with regulatory requirements.
And these activities will be carried out by the security manager, auditor, and data
classification manager of EMC Cyber who are the stakeholders interested in the company and
wanted to have a successfully and continence business.
SLIDE – 01.
SLIDE – 02.
This slide contains the contents of the presentation.
SLIDE – 04.
This slide includes a brief introduction about the EMC Cyber company and about its services
and products that they deliver. EMC Cyber is a security company which provides security
SLIDE – 05.
This slide includes the brief explanation of what a disaster recovery plan and how does it help
the organization with it. And also states about the purpose of it. A disaster recovery plan is a
document that directs how to respond to an unexpected situation. This situation can be a
natural disaster physical or logical attacks, which can have an impact on the organization. To
minimize such occurrence a disaster recovery plan must be implemented (EVOLVE IP,
2021).
Which includes the plan scope, roles and responsibilities, amount of tolerance of the disaster,
strategy of communication when a disaster occurs. And scheduling the time for testing,
reviewing ad improving the organization’s posture from the occurred disaster.
SLIDE – 07.
This slide states the benefits of implementing a disaster recovery plan of an organization.
There are many benefits when an organization implements a disaster recovery plan. Some of
them are stated in the above slide. The benefits are like DRP reduces the amount of stressed
environment because the advance plans are already implemented. DRP also reduce the risks
of critical process being disrupted and protected business operation. Therefore, every
organization should have a suitable DRP for them.
SLIDE – 09.
This slide includes the snapshot of the Disaster Recovery Plan of EMC Cyber. The snapshot
includes the table of contents, introduction of EMC Cyber company, objective of the
company, revision history of the Disaster recovery plan (when the DRP was created), policy
statement (how and to whom the policy is authorized in EMC), key personal contacts of EMC
Cyber when disaster occur, Disaster recovery team and the external contacts of EMC Cyber
company.
SLIDE – 11.
This slide includes the snapshot of the Disaster Recovery Plan of EMC Cyber. The snapshot
includes the technological disaster recovery plan of EMC Cyber, disaster recovery activity
form, returning recovered business operations to business unit leadership, damage assessment
SLIDE – 12.
This slide includes a small conclusion about why Disaster Recovery plan should be
implemented and how will it benefit the organization. To have a successful and a continuous
business any organization must implement a DRP as it provides many securities feature for
the organization. As a result, EMC Cyber company also have a suitable DRP plan to
overcome and minimize security threats to the organization (druva, 2021).
SLIDE – 13.
This slide includes all the references that are used overall the presentation slides.
SLIDE – 15.
This is the final slide of the presentation.
Carklin, N., 2021. What Is a Remote Access Policy, and Why Is It Important for Your Organization?.
[Online]
Available at: https://www.parallels.com/blogs/ras/remote-access-policy/#:~:text=A%20remote
%20access%20policy%20serves,users%20connecting%20to%20the%20network.&text=It%20helps
%20ensure%20that%20only,network%20from%20potential%20security%20threats.
[Accessed 2 june 2021].
Doug, 2018. Risk Management Process: Security Analysis Methodology in SecureWatch. [Online]
Available at: https://riskwatch.com/2018/03/19/risk-management-process/
[Accessed 7 july 2021].
Forcepoint, 2021. What is Network Security?Network security defined, explained, and explored.
[Online]
Available at: https://www.forcepoint.com/cyber-edu/network-security
[Accessed 25 may 2021].
Gary Hayslip, 2018. 9 policies and procedures you need to know about if you’re starting a new
security program. [Online]
Available at: https://www.csoonline.com/article/3263738/9-policies-and-procedures-you-need-to-
know-about-if-youre-starting-a-new-security-program.html
[Accessed 7 june 2021].
Hornetssecurity, 2021. IT Security What is IT Security, and why is IT Security so important?. [Online]
Available at: https://www.hornetsecurity.com/en/knowledge-base/it-security/
[Accessed 24 may 2021].
Irwin, L., 2020. How to write an information security policy – with template example. [Online]
Available at: https://www.itgovernance.eu/blog/en/how-to-write-an-information-security-policy-
with-template-example#:~:text=What%20is%20an%20information%20security,when%20out%20of
%20the%20premises.
[Accessed 1 june 2021].
Irwin, L., 2021. An introduction to ISO 27701: the international standard for data privacy. [Online]
Available at: https://www.itgovernance.eu/blog/en/iso-27701-the-new-international-standard-for-
data-privacy
[Accessed 13 july 2021].
John J. Fay, D. P., 2018. The Importance of Policies and Procedures. [Online]
Available at: https://www.sciencedirect.com/topics/computer-science/security-procedure#:~:text=A
%20security%20procedure%20is%20a,to%20accomplish%20an%20end%20result.
[Accessed 1 june 2021].
Kristina, 2019. Complete Guide to Improving Physical Security In Your Workplace. [Online]
Available at: https://www.opensourcedworkplace.com/news/complete-guide-to-improving-physical-
security-in-your-workplace
[Accessed 5 july 2021].
Posey, B., 2019. How to fix the four biggest problems with VPN connections. [Online]
Available at: https://www.techrepublic.com/article/fix-the-four-biggest-problems-with-vpn-
connections/
[Accessed 1 july 2021].
Protective Security Policy Framework, 2021. 3 Security planning and risk management. [Online]
Available at: https://www.protectivesecurity.gov.au/governance/security-planning-risk-
management/Pages/default.aspx
[Accessed 4 july 2021].
Sampera, E., 2019. What to Know About Logical Security vs Physical Security. [Online]
Available at: https://www.vxchnge.com/blog/logical-security-vs-physical-security
[Accessed 24 may 2021].
Thomas, M., 2018. GDPR: What You Need to Know and How Bluehost Helps You Comply. [Online]
Available at: https://www.bluehost.com/blog/gdpr-what-you-need-to-know-and-how-bluehost-
helps-you-comply/?
utm_source=google&utm_medium=genericsearch&gclid=CjwKCAjw87SHBhBiEiwAukSeUQFvtFZQtt8
AenERa-L9H5enPzGjSA79TenpKDsJYnc5xvCe7mi7ghoC7GEQAvD_BwE&gclsrc=aw.ds&nclid=_R_
[Accessed 13 july 2021].
Ttoolkit.com, 2020. Protecting Business Interests With Policies for IT Asset Management. [Online]
Available at: https://www.ittoolkit.com/articles/asset-management-policies
[Accessed 23 june 2021].