Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Female Assignment Example

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 143

Higher Nationals

Internal verification of assessment decisions – BTEC (RQF)

INTERNAL VERIFICATION – ASSESSMENT DECISIONS

Programme title BTEC Higher National Diploma in Computing

Miss. Piyumi Fernando.


Assessor Internal Verifier
Unit 05: Security
Unit(s)
EMC Cyber
Assignment title
Fathima Shafiyya Shirzard. COL00042812.
Student’s name
List which assessment Pass Merit Distinction
criteria the Assessor has
awarded.

INTERNAL VERIFIER CHECKLIST


Do the assessment criteria awarded
match those shown in the assignment
brief? Y/N

Is the Pass/Merit/Distinction grade


awarded justified by the assessor’s
Y/N
comments on the student work?
Has the work been assessed
accurately? Y/N

Is the feedback to the student: Give


details:

• Constructive?
Y/N
• Linked to relevant assessment criteria?
Y/N
• Identifying opportunities for improved
performance?
Y/N
• Agreeing actions? Y/N
Does the assessment decision need
amending? Y/N

Assessor signature Date

Internal Verifier signature Date


Programme Leader signature (if
required) Date
Confirm action completed

Remedial action taken

Give details:

Assessor signature Date


Internal Verifier
signature Date
Programme Leader signature
(if required) Date
Higher Nationals - Summative Assignment Feedback Form

Student Name/ID Fathima Shafiyya Shirzard. COL00042812


Unit Title Unit 05: Security

Assignment Number 1 Assessor Ms. Piyumi Fernando.


08/08/2021 Date Received 1st
Submission Date submission
Date Received 2nd
Re-submission Date submission
Assessor Feedback:

LO1. Assess risks to IT security


Pass, Merit & Distinction
P1 P2 M1 D1
Descripts

LO2. Describe IT security solutions.


Pass, Merit & Distinction
P3 P4 M2 D1
Descripts

LO3. Review mechanisms to control organisational IT ity.


Pass, Merit & Distinction secur
P5 M3 M4
Descripts
P6
D2
LO4. Manage organisation
al security.
Pass, Merit & Distinction
Descripts P7 M5 D3
P8

Grade: Assessor Signature: Date:


Resubmission Feedback:

Grade: Assessor Signature: Date:


Internal Verifier’s Comments:

Signature & Date:


* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and grades
decisions have been agreed at the assessment board.

Pearson
Higher Nationals in

Computing
Unit 5: Security
General Guidelines

1. A Cover page or title page – You should always attach a title page to your assignment. Use
previous page as your cover sheet and make sure all the details are accurately filled.
2. Attach this brief as the first section of your assignment.
3. All the assignments should be prepared using a word processing software.
4. All the assignments should be printed on A4 sized papers. Use single side printing.
5. Allow 1” for top, bottom, right margins and 1.25” for the left margin of each page.

Word Processing Rules

1. The font size should be 12 point and should be in the style of Time New Roman.
2. Use 1.5 line spacing. Left justify all paragraphs.
3. Ensure that all the headings are consistent in terms of the font size and font style.
4. Use footer function in the word processor to insert Your Name, Subject, Assignment No,
and Page Number on each page. This is useful if individual sheets become detached for any
reason.
5. Use word processing application spell check and grammar check function to help editing
your assignment.

Important Points:

1. It is strictly prohibited to use textboxes to add texts in the assignments, except for the
compulsory information. eg: Figures, tables of comparison etc. Adding text boxes in the body
except for the before mentioned compulsory information will result in rejection of your
work.
2. Carefully check the hand in date and the instructions given in the assignment. Late
submissions will not be accepted.
3. Ensure that you give yourself enough time to complete the assignment by the due date.
4. Excuses of any nature will not be accepted for failure to hand in the work on time.
5. You must take responsibility for managing your own time effectively.
6. If you are unable to hand in your assignment on time and have valid reasons such as illness,
you may apply (in writing) for an extension.
7. Failure to achieve at least PASS criteria will result in a REFERRAL grade.
8. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will
then be asked to complete an alternative assignment.
9. If you use other people’s work or
ideas in your assignment, reference them properly using HARVARD referencing system to
avoid plagiarism. You have to provide both in-text citation and a reference list.
10. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be
reduced to A REFERRAL or at worst you could be expelled from the course.

Student Declaration

I hereby, declare that I know what plagiarism entails, namely, to use another’s work and to
present it as my own without attributing the sources in the correct way. I further understand what
it means to copy another’s work.

1. I know that plagiarism is a punishable offence because it constitutes theft.


2. I understand the plagiarism and copying policy of the Edexcel UK.
3. I know what the consequences will be if I plagiarize or copy another’s work in any of the
assignments for this programme.
4. I declare therefore that all work presented by me for every aspect of my programme, will
be of my own, and where I have made use of another’s work, I will attribute the source in
the correct way.
5. I acknowledge that the attachment of this document, signed or not, constitutes a binding
agreement between myself and Pearson UK.
6. I understand that my assignment will not be considered as submitted if this document is
not attached to the main submission.

shafiyyashirzard@gmail.com 08/08/2021.
Student’s Signature: Date:
(Provide E-mail ID) (Provide Submission Date)
Assignment Brief
Student Name /ID Number Fathima Shafiyya Shirzard / COL00042812.
Unit Number and Title Unit 5- Security

Academic Year 2020/2021

Unit Tutor Miss. Piyumi Fernando.


Assignment Title EMC Cyber

Issue Date

Submission Date 08/08/2021


IV Name & Date

Submission Format:

The submission should be in the form of an individual written report written in a concise, formal business style
using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as
appropriate, and all work must be supported with research and referenced using Harvard referencing system.
Please provide in- text citation and an end list of references using Harvard referencing system.

Section 4.2 of the assignment required to do a 15 minutes presentation to illustrate the answers.

Unit Learning Outcomes:

LO1 Assess risks to IT security.

LO2 Describe IT security solutions.

LO3 Review mechanisms to control organizational IT security.

LO4 Manage organizational security.


Assignment Brief and Guidance:
Scenario

‘EMC Cyber’ is a reputed cyber security company based in Colombo Sri Lanka that is delivering
security products and services across the entire information technology infrastructure. The company
has a number of clients both in Sri Lanka and abroad, which includes some of the top-level companies
of the world serving in multitude of industries. The company develops cyber security software
including firewalls, anti-virus, intrusion detection and protection, and endpoint security. EMC Cyber is
tasked with protecting companies’ networks, clouds, web applications and emails. They also offer
advanced threat protection, secure unified access, and endpoint security. Further they also play the
role of consulting clients on security threats and how to solve them. Additionally, the company
follows different risk management standards depending on the company, with the ISO 31000 being
the most prominent.

One of the clients of EMC Cyber, Lockhead Aerospace manufacturing which is a reputed aircraft
manufacturer based in the US, has tasked the company to investigate the security implications of
developing IOT based automation applications in their manufacturing process. The client has
requested EMC to further audit security risks of implementing web based IOT applications in their
manufacturing process and to propose solutions. Further, Lockhead uses ISO standards and has
instructed EMC to use the ISO risk management standards when proposing the solution.

The director of the company understands such a system would be the target for cyber-attacks. As you
are following a BTEC course which includes a unit in security, the director has asked you to investigate
and report on potential cyber security threats to their web site, applications, and infrastructure. After
the investigation you need to plan a solution and how to implement it according to standard software
engineering principles.
Activity 01

Assuming the role of External Security Analyst, you need to compile a report focusing on following
elements to the board of EMC Cyber’;

1.1 Identify the CIA Triad concept and evaluate why and how the CIA Triad could be utilize to EMC
Cyber in order to improve the organization’s security.

1.2 Identify types of security risks EMC Cyber is subject to its present setup and the impact that they
would make on the business itself. Evaluate at least three physical and virtual security risks identified
and suggest the security measures that can be implemented in order to improve the organization’s
security.

1.3 Develop and describe security procedures for EMC Cyber to minimize the impact of issues
discussed in section (1.1) by assessing and rectifying the risks.

Activity 02

2.1 Identify how EMC Cyber and its clients will be impacted by improper/ incorrect configurations
that are applicable to firewalls and VPN solutions. IT security can include a network monitoring
system. Discuss how EMC cyber can benefit by implementing a network monitoring system with
supporting reasons.

2.2 Explain how the following technologies would benefit EMC Cyber and its Clients by facilitating a

‘trusted network’. (Support your answer with suitable examples).

i) DMZ

ii) Static IP

iii) NAT

2.3 Identify and evaluate the tools that can be utilized by EMC cyber to improve the network and
security performance without compromising each other. Evaluate at least three virtual and physical
security measures that can be implemented by EMC to uphold the integrity of organization’s IT
policy.
Activity 03

3.1 Discuss suitable risk assessment integrated enterprise risk management procedures for EMC Cyber
solutions and the impact an IT security audit will have on safeguarding organization and its clients.
Furthermore, your discussion should include how IT security can be aligned with an organizational IT
policy and how misalignment of such a policy can impact on organization’s security.

(This can include one or more of the following: network change management, audit control, business
continuance/disaster recovery plans, potential loss of data/business, intellectual property, Data
Protection Act; Computer Misuse Act; ISO 31000 standards.)

3.2 Explain the mandatory data protection laws and procedures which will be applied to data storage
solutions provided by EMC Cyber. You should also summarize ISO 31000 risk management
methodology.

Activity 04

4.1 Design an organizational security policy for EMC Cyber to minimize exploitations and misuses
while evaluating the suitability of the tools used in an organizational policy.

4.2 Develop and present a disaster recovery plan for EMC Cyber according to the ISO/IEC 17799:2005
or similar standard which should include the main components of an organizational disaster recovery
plan with justifications. Discuss how critical the roles of the stakeholders in the organization to
successfully implement the security policy and the disaster recovery plan you recommended as a part
of the security audit.

(Students should produce a 15-minute PowerPoint presentation which illustrates the answer for
this section including justifications and reason for decisions and options used).
FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSIGNMENT 12
Grading Rubric
Grading Criteria Achieved Feedback

LO1 Assess risks to IT security

P1 Identify types of security risks to organizations.


P2 Describe organizational security procedures.

M1 Propose a method to assess and treat IT security risks.

LO2 Describe IT security solutions

P3 Identify the potential impact to IT security of incorrect


configuration of firewall policies and thirparty VPNs.

P4 Show, using an example for each, how implementing a DMZ,


static IP and NAT in a network can improve Network Security.
M2 Discuss three benefits to implement network monitoring
systems with supporting reasons.
D1 Evaluate a minimum of three of physical and virtual security
measures that can be employed to ensure the integrity of
organizational IT security.
LO3 Review mechanisms to control organizational IT security

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSIGNMENT 13


P5 Discuss risk assessment procedures.

P6 Explain data protection processes and regulations as applicable


to an organization.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSIGNMENT 14


FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSIGNMENT 15
M3 Summarize the ISO 31000 risk management methodology and its
application in IT security.
M4 Discuss possible impacts to organizational security resulting from
an IT security audit.
D2 Consider how IT security can be aligned with organizational
policy, detailing the security impact of any misalignment.
LO4 Manage organizational security

P7 Design and implement a security policy for an organization.

P8 List the main components of an organizational disaster recovery


plan, justifying the reasons for inclusion.
M5 Discuss the roles of stakeholders in the organization to
implement security audit recommendations.
D3 Evaluate the suitability of the tools used in an organizational
policy.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSIGNMENT 16


TABLE OF CONTENTS
ACKNOWLEDGEMENT.....................................................................................................19

INTRODUCTION..................................................................................................................20

ACTIVITY 01.........................................................................................................................21

01. WHAT IS SECURITY?...............................................................................................22

02. WHAT IS CIA TRIAD?..............................................................................................22

2.1. CONFIDENTIALITY...............................................................................................23

2.2. INTEGRITY..............................................................................................................23

2.3. AVAILABILITY.......................................................................................................24

03. EVALUATE WHY AND HOW THE CIA TRIAD COULD BE UTILIZE TO
EMC CYBER IN ORDER TO IMPROVE THE ORGANIZATION’S SECURITY.. 24

04. WHAT IS SECURITY RISK?....................................................................................27

4.1. WHAT IS PHYSICAL SECURITY?........................................................................28

4.2. WHAT ARE VIRTUAL SECURITY RISKS?.........................................................29

05. PROPOSE A METHOD TO ASSESS AND TREAT IT SECURITY RISKS........30

06. COUNTERMEASURES FOR VIRTUAL THREATS.............................................32

07. COUNTERMEASURES FOR PHYSICAL THREATS...........................................34

07. DEVELOP AND DESCRIBE SECURITY PROCEDURES FOR EMC CYBER


TO MINIMIZE THE IMPACT OF ISSUES DISCUSSED IN SECTION (1.2) BY
ASSESSING AND RECTIFYING THE RISKS.............................................................36

08. WHAT IS RISK MANAGEMENT?...........................................................................39

09. WHAT IS RISK ANALYSIS?.....................................................................................39

10. WHAT IS RISK TREATMENT?...............................................................................40

ACTIVITY 02.........................................................................................................................41

01. WHAT IS A FIREWALL?..........................................................................................41

02. WHAT IS A VPN?........................................................................................................44

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 17


03. HOW EMC AND ITS CLIENTS WILL BE IMPACTED BY
IMPROPER/INCORRECT CONFIGURATIONS THAT ARE APPLICABLE TO
FIREWALLS AND VPN SOLUTIONS...........................................................................46

04. WHAT IS A NETWORK MONITORING SYSTEM?............................................47

4.1. NETWORK MONITORING TOOLS.......................................................................48

05. WHAT IS NETWORK MANAGEMENT SYSTEM?..............................................52

06. WHAT IS A DMZ?......................................................................................................54

07. WHAT IS AN IP ADDRESS?.....................................................................................55

7.1. STATIC IP.................................................................................................................55

7.2. DYNAMIC IP............................................................................................................57

7.3. ABOUT DHCP..........................................................................................................57

08. WHAT IS NAT (NETWORK ADDRESS TRANSLATION)?................................60

09. HOW THE FOLLOWING TECHNOLOGIES WOULD BENEFIT EMC CYBER


COMPANY.........................................................................................................................62

10. WHAT IS A TRUSTED NETWORK?.......................................................................63

11. THE TOOLS THAT CAN BE UTILIZED BY EMC CYBER TO IMPROVE THE
NETWORK AND SECURITY PERFORMANCE.........................................................64

11.1. PHYSICAL SECURITY MEASURES...................................................................64

11.2. VIRTUAL SECURITY MEASURES.....................................................................66

ACTIVITY 03.........................................................................................................................68

01. WHAT IS A RISK?......................................................................................................68

02. WHAT IS RISK ASSESSMENT?..............................................................................68

03. WHAT IS DATA PROTECTION?............................................................................71

04. WHAT IS IT SECURITY?..........................................................................................74

05. WHAT IS RISK MANAGEMENT?...........................................................................75

06. WHAT IS ISO 31000 RISK MANAGEMENT LAW?.............................................75

6.1. SUMMARIZATION OF ISO 31000 LAW TO EMC CYBER COMPANY...........75

07. WHAT IS AN IT SECURITY AUDIT?.....................................................................77

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 18


7.1. WHAT AN IT AUDIT DOES FOR AN ORGANIZATION?..................................77

08. CONSIDER HOW IT SECURITY CAN BE ALIGNED WITH


ORGANIZATIONAL POLICY, DETAILING THE SECURITY IMPACT OF ANY
MISALIGNMENT.............................................................................................................79

8.1. HOW MISALIGNMENT OF IT SECURITY POLICY IMPACTS THE


ORGANIZATION............................................................................................................79

ACTIVITY 04.........................................................................................................................81

01. SECURITY PROCEDURES FOR EMC CYBER COMPANY..............................81

02.EVALUATE THE SUITABILITY OF THE TOOLS USED IN AN


ORGANIZATIONAL POLICY........................................................................................83

01. RISK MATRIX...........................................................................................................83

02. NETWORK ACCESS CONTROL (NAC)................................................................83

03. USER PROFILE MANAGEMENT...........................................................................84

04. NET SPARKER..........................................................................................................84

05. GOOGLE NOGOTOFAIL............................................................................................84

06. AUDITING TOOLS...................................................................................................85

07. ETHICAL HACKING................................................................................................85

08. DATA LOSS PROTECTION (DLP).........................................................................86

09. CHECK LIST.............................................................................................................86

10. PENETRATION TESTING.......................................................................................87

03. LIST THE MAIN COMPONENTS OF AN ORGANIZATIONAL DISASTER


RECOVERY PLAN, JUSTIFYING THE REASONS FOR INCLUSION.................107

01. WHAT IS A DISASTER RECOVERY PLAN (DRP)?...........................................107

04. DISCUSS THE ROLES OF STAKEHOLDERS IN THE ORGANIZATION TO


IMPLEMENT SECURITY AUDIT RECOMMENDATIONS.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 19


121

1. WHO IS A STAKE HOLDER?..................................................................................121

2. ROLES OF THE STAKEHOLDERS IN EMC CYBER COMPANY......................121

03. THE ROLES OF SECURITY POLICIES, AUDITS, AND RECOMMENDATIONS.


........................................................................................................................................122

04. SECURITY RECOMMENDATIONS THAT COULD BE PROVIDED BY THE


STAKEHOLDERS.........................................................................................................123

PRESENTATION SLIDES.................................................................................................125

SLIDE – 01.........................................................................................................................125

SLIDE – 02.........................................................................................................................125

Slide – 03............................................................................................................................126

SLIDE – 04.........................................................................................................................126

SLIDE – 05.........................................................................................................................127

SLIDE – 06.........................................................................................................................128

SLIDE – 07.........................................................................................................................128

SLIDE – 08.........................................................................................................................129

SLIDE – 09.........................................................................................................................129

SLIDE – 10.........................................................................................................................130

SLIDE – 11.........................................................................................................................130

SLIDE – 12.........................................................................................................................131

SLIDE – 13.........................................................................................................................131

SLIDE – 14.........................................................................................................................132

SLIDE – 15.........................................................................................................................132

CRITICAL EVALUATION OF THE REPORT..............................................................133

REFERECES........................................................................................................................134

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 20


LIST OF FIGURES.
Figure 1: security.
Figure 2: CIA Triad.
Figure 3: Security Risks.
Figure 4: Hacking.
Figure 5: Security Measures.
Figure 6: Physical Countermeasures.
Figure 7: Firewall.
Figure 8: VPN.
Figure 9: Network Monitoring.
Figure 10: SNMP.
Figure 11: SNMP Architecture.
Figure 12: CDP.
Figure 13: SIS -Log.
Figure 14: NetFlow.
Figure 15: Network Management.
Figure 16: DMZ.
Figure 17: Static Vs Dynamic.
Figure 18: NAT.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 21


LIST OF TABLES.

Table 1: Advantages and Disadvantages of Static IP.


Table 2: Advantages and Disadvantages of DHCP IP.
Table 3: Roles and Responsibilities.
Table 4: Revision History of Policies.
Table 5: Revision History Of DRP.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 22


ACKNOWLEDGEMENT.
To complete this assignment successfully I got help from many respected and valuable
people. I would like to start showing my sincere gratitude and thanks to Miss. Piyumi
Fernando who is the lecture of this module. She guided me to complete the assignment
successfully within in the given time by providing valuable feedbacks. Then I would thank
my parents for giving me the gift of education. My special thanks to Esoft management for
providing with all goods and facilities for the education. Then I would show my gratitude to
all others who helped me to complete this report.

Then my heartfelt thanks to my friend who supported to complete the work with great interest
and effectively within in the time.

Finally, I’m much obliged to the internet for providing valuable and prime facts to perfect my
assignment.

Best Regards,
Shafiyya Shirzard.
(Author)

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 23


INTRODUCTION.
EMC Cyber is a well-known cyber security firm located in Colombo, Sri Lanka, that provides
security solutions and services across the whole IT infrastructure. Some of the world's top-
level firms serve in a variety of industries, and the company has a number of clients both in
Sri Lanka and overseas. Firewalls, anti-virus, intrusion detection and prevention, and
endpoint security are among the products developed by EMC Cyber company. EMC Cyber is
in charge of safeguarding businesses' networks, clouds, web applications, and emails.
Advanced threat prevention, secure unified access, and endpoint security are also available.

Lockhead Aerospace Production, a reputable aircraft manufacturer in the United States, has
entrusted EMC Cyber with investigating the security implications of creating IOT-based
automation solutions in their manufacturing process. The customer has asked EMC to
investigate the security concerns associated with integrating web based IOT applications in
their industrial processes. Therefore, as a security analyst appointed by EMC I’ve have been
requested to look into and report on any possible cyber security risks to their website, apps,
and infrastructure. Following report, contains the developed solution and how to implement it
using software engineering best practices. I have used immerging technologies and methods
to get a proper solution for Lockhead Aerospace Production. I hope the following solution
fits the company and its requirements.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 24


ACTIVITY 01.
01.Identify the CIA Triad concept and evaluate why and how the CIA Triad could be
utilize to EMC Cyber in order to improve the organization’s security.

01. WHAT IS SECURITY?


Information security refers to the safeguarding of data, especially as it is being processed. IT
security aims to keep unwanted third parties from interfering with data and processes. This
means that disruption and risks to socio-technical
processes, individuals, and technologies within
businesses / organizations, as well as their data, are
saved. This includes not only data and documents, but
also physical data centers and cloud resources
(Hornetssecurity, 2021).

Figure 1: Security.
Types of IT security for an organization and they are as follows.

 Data security refers to the protection of data from unwanted entry, modification, and
deletion.
 Application security refers to the process of protecting an application by applying
security features to guard against cyber threats such as SQL injection, DoS attacks,
data breaches, and so on.
 Computer security refers to having a standalone computer fully updated and patched.
 The term "cybersecurity" refers to the protection of information systems that connect
through computer networks.
 By securing both software and hardware technology, network security is ensured.

02. WHAT IS CIA TRIAD?


The three main concepts of information security are confidentiality, integrity, and availability
(CIA). Each of these standards may be more relevant than the others depending on the
environment, application, context, or application case and this is known as the CIA Triad.
(Brooks, 2019).

For instance, a financial institution will certainly encrypt any classified document being
electronically transmitted to prevent unauthorized persons from reading its contents.
Organizations like online marketplaces, on the other hand, would be actually affected if their

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 25


network went down for an extended amount of time. As a result, they can concentrate on
strategies for maintaining high availability than on concerns about encrypted data.

These are three key elements of CIA Triad; they are as follows:

 Confidentiality.
 Integrity.
 Availability.

Figure 2: CIA Triad.

2.1. CONFIDENTIALITY.

The aim of confidentiality is to prohibit unwanted access to sensitive information. The access
may be intentional, such as when an attacker breaks into the network and reads the data, or it
could be unintended, such as when people processing the data are negligent or incompetent.
Cryptography and access control are the two major methods for ensuring confidentiality.
(Brooks, 2019).

These are few ways to keep up confidential information.

 Cryptography - The method of translating ordinary plain text into unintelligible text,
and vice versa, is known as cryptography. They are of two types. Symmetric
algorithm (Both the sender and receiver of an encrypted message must use the same
key and processing algorithms in symmetric algorithms) and asymmetric algorithm
(Two keys are used in asymmetric algorithms: a public key and a private key. The
sender encrypts a message with the public key, and the recipient decrypts it with the
private key).
 Access control - Access control is a method of ensuring that users are who they want
to be and that they have permission to access organization data.
 Username and passwords.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 26


 Two-factor authentication.
 Bio metric versions.

2.2. INTEGRITY.

Integrity refers to the ability to prevent data from being tampered with, changed, or
manipulated in an illegal manner in order to accomplish malicious objectives. That is to say,
data sent must be retrieved intact and undamaged by a trusted third party. Data integrity is
critical whether it is in transit or on a storage device (Brooks, 2019). For E-commerce and
company websites, data security is critical. A Man-in-the-Middle (MITM) attack, hacking
into the site server, and injecting malicious code into databases are all examples of attacks
that violate data integrity.

This is one of the few ways to keep up integrity of information.

 Hashing - The method of encoding a given key into another value is known as
hashing. A hash function is used to generate value by using mathematical process.
 Encryption.
 Data integrity trainings - Begin by teaching your workers on how to input and manage
data and assigning them the task of maintaining Data Quality. It will ensure that
everyone on your team is working to maintain data integrity.
 Remove duplicate data.
 Backing up Data.
 Keeping an Audit trail.

2.3. AVAILABILITY.

Availability is also a security service that guarantees that only approved parties have access
to information and facilities in a timely manner. In order to deliver consistent services to a
vast number of users, every company must retain reliable hardware. Updates can take place
with as little disruption as possible, and backups of confidential data on hard drives would be
useful in the event of a disaster or data loss (Brooks, 2019).

These are few ways to keep up the availability of information.

 Data backup.
 Software Patching - A software patch is a simple fix for a piece of software that is
intended to fix bugs, boost security, and add new features.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 27


 Redundancy.
 Hardware maintenance.

03. EVALUATE WHY AND HOW THE CIA TRIAD COULD BE UTILIZE TO EMC
CYBER IN ORDER TO IMPROVE THE ORGANIZATION’S SECURITY.
Why CIA Triad should be used in an organization?

The CIA triad offers a high-level guide for evaluating your security protocols and tools that is
both simple and detailed. The three components of an effective system are met:
confidentiality, integrity, and availability. It is insufficient to provide an information security
system that is lacking in all of the three elements of the CIA triad. In a negative incident, the
CIA security triad is also useful in determining what went wrong—and what succeeded. For
e.g., perhaps availability was affected as a result of a ransomware attack, but the mechanisms
in place were also able to protect the integrity of sensitive data. This information will be used
to correct flaws and automate good policies and procedures. Therefore, EMC Cyber company
should use CIA Triad to increase security features to the organization.

When and how should you use CIA?

In the vast majority of security scenarios, the CIA triad should be used, particularly since
each component is crucial. It's especially useful when creating systems that deal with data
classification and managing permissions and authorizations. When dealing with your
company's cyber vulnerabilities, you should follow the CIA triad to the core. In addition, the
CIA triad can be used in cybersecurity programming for workers. To help workers learn
about maintaining the confidentiality, integrity, and availability of information and systems,
you can use realistic examples or real-life case studies.

Cybersecurity intends to protect a company's digital assets from ever-increasing cyber-


attacks. Cybersecurity can be ensured by implementing effective security measures to include
prevention, avoidance, and monitoring functionality for cybercrime. The key goal in
cybersecurity is to protect data and application Confidentiality, Integrity, and Availability
(CIA). The CIA is often referred to as the CIA Triad. The CIA triad is critical in
cybersecurity because it offers critical security features, assists in minimizing compliance
problems, maintains operational stability, and protects the organization's integrity.

While considering the facts above EMC Cyber company should also use CIA Triad to
increase the organization security. As it is delivering security products and services across

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 28


the entire information technology infrastructure the company should always prioritize the
security features that should be implemented. Today's companies are dealing with security
breaches and data stealing. The organization's cybersecurity stance is painted in a negative
light by recent studies and surveys. To avoid this issue in EMC Cyber must implement the
above security measures, as well as a variety of other controls (such as SIEM and SOAR) to
improve their cybersecurity posture. So, considering CIA Triad there are various methods
that can be adopted to improve the organization security. Therefore, as external security
analyst of EMC Cyber, I prefer implementing CIA triad to keep up the organizational
security.

Identify types of security risks EMC Cyber is subject to its present setup and the impact
they would make on the business itself. Evaluate at least three physical and virtual risks
identified and suggest the security measures that can be implemented in order to
improve the organization’s security.

04. WHAT IS SECURITY RISK?


In today's world, security is a crucial consideration. First and foremost, when considering an
organization, network security should be kept as secure as possible. The practice of avoiding
and guarding against unwanted access into organizational networks is known as network
security. (Forcepoint, 2021).

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 29


Computer security is very important to avoid these types of threats that make security risks to
the network.

Figure 3: Security Risks.


These are some security risks to an organization, and they are as follows.

 Computer virus.
 Spyware threats.
 Hacking.
 Physical damage.
 Human Interaction.
 Equipment malfunction.
 Password Theft.

Figure 4: Hacking.
 Loss or corruption of data system.
 Cyber security breaches.
 Loss of sensitive information.
 Unauthorized access to computer system and data.
 Attacks- Man in the middle attack, Phishing attack and many more.

These risks can be divided into physical and virtual risk. They are explained detailly below.

Essentially, risk is characterized as external and internal vulnerabilities that have a negative
impact on the company, such as the possibility of business damages, increased liability, and
loss area those types of risks to a business. Where it comes to the EMC business, there are a
variety of threats that may arise as a result of the lack of a proper security system.

These are few securities risk that would make an impact EMC Cyber organization.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 30


 Physical damage - Property damage are the types of damages that may occur on
physical objects. Since the EMC business has lost its physical security system, the
risk of security harm to the company is high.
 Equipment malfunction - Equipment malfunction occurs because there are no virus
guards installed on machines or other hardware, allowing viruses to infect them and
cause them to malfunction over time. Without security, equipment malfunction is a
risk to the EMC business.
 Misuse of data - The loss of a security system leads to data misuse. Misusing data has
a negative impact on the business. The company's asset rate would drop as a result of
this. Because of this, the business could go bankrupt at times. As a result, data misuse
has a significant effect on the organization.
 Lack of encryption on physical access.
 Theft of data – the theft of data can lead the organization’s crucial information leaked
the competitors which is a major impact to the organization.
 Lack of security monitoring software - When a security-critical event is not properly
logged off and the system is not monitored, there is an insufficient logging and
monitoring risk. The absence of such features might make malicious activity more
difficult to identify, affecting the incident response process.

4.1. WHAT IS PHYSICAL SECURITY?

The term "physical security" refers to the procedures in place to protect the organization and
its properties from damage. There are two forms of physical security: external and internal.
Internal physical protection refers to the measures in place to protect the organization and its
assets from physical threats that arise from within the organization, while external physical
security refers to the mechanisms in place to protect the organization and its assets from
physical threats that arise from outside factors and organizations .A physical threat is a
potential cause of an event that may result in computer device failure or physical damage.
(Sampera, 2019).

Physical threats can be classified into three types. They are,

 Internal risks include fire, an unreliable power source, and humidity in the rooms
where the equipment is house, etc.
 External risks include lightning, floods, earthquakes, and other natural disasters.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 31


 Theft, vandalism of infrastructure and/or hardware, interruption, and unintentional or
purposeful mistakes are all examples of human risks.

These are some of the physical threats and they are as follows:

 Natural disasters - Natural hazards are an example of a physical threat externally.


Natural disasters can result in the destruction of an organization's data and valuable
properties.
 Vandalism. - Vandalism is an offense that can damage a person's property or an
organization's properties. There is a physical hazard externally.
 Data theft - Accessing and obtaining backups of data without the consent of
authorized parties is referred to as data stealing. This could be something internal or
something external.
 Fire breakdown - Electricity or fire breakdowns may pose a threat to an organization's
properties. Fires will destroy properties to the point that they can't be retrieved.
Electricity outages may be either temporary or permanent. This is a type of internal
threat.

4.2. WHAT ARE VIRTUAL SECURITY RISKS?

virtual security refers to the processes used to protect an organization's computing devices
from data loss. Internal virtual security and external virtual security are two types of virtual
security. External virtual protection refers to safeguarding measures used to minimize the
danger to software from external actors, while internal virtual security refers to the
mechanisms used by an organization to minimize the security risks that exist to software
within the organization. (Sampera, 2019).

Threats to devices, files, and networks are known as virtual security threats. The following
are some reasonable risks that an organization could face.

 Data loss - Data loss can happen in a variety of ways and under a variety of
circumstances. It's inevitable at times. The most frequent cause is where the disk
driver fails without a backup. If the user of encrypted data removes the key that
unlocks it, data loss occurs. And, in the case of a malware attack, data loss may be
done on purpose.
 Denial-of-Service attacks - A Denial-of-Service (DoS) attack is one that attempts to
bring a system or network to a stop, leaving it unreachable to its intended users. DoS

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 32


attacks work by flooding the target with traffic or delivering it information that causes
it to crash.
 Computer virus - A "Computer Virus" is a collection of software blocks that are
programmed to spread from one computer to another. They're either sent as an email
attachment or downloaded from particular websites with the aim of affecting the
device via communication networks. The viruses' duties include sending spam,
disabling security features, destroying, and stealing data from the device, including
sensitive information such as passwords, and even deleting everything on the hard
drive.
 Phishing Attack - Phishing is a sort of social engineering assault that is commonly
used to obtain sensitive information from users, such as login passwords and credit
card details.
 Trojan horse - A Trojan horse, often known as a Trojan, is malicious code or software
that appears to be legal yet has the ability to take control of your computer. A Trojan
is a computer program that is meant to hurt, disrupt, steal, and or harm your data or
network.
 Worms and virus.
 Spyware and Adware.
 Distribution of denial service attack - A distributed denial-of-service (DDoS) attack is
a malicious attempt to interrupt a targeted server's, service's, or network's regular
traffic by flooding the target or its surrounding infrastructure with Internet traffic.

They should be treated as logical and physical risks, so security procedures can be
implemented.

05. PROPOSE A METHOD TO ASSESS AND TREAT IT SECURITY RISKS.


There are some steps that can be used to identify the security risks and treat those, and they
are as follows:

1. Identification: Determine the technological infrastructure's essential assets. Next,


determine what sensitive data these assets create, store, or transfer. Make a risk profile for
each of them.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 33


2. Assessment: Implement a method for assessing the identified security threats for
important assets. Determine ways to effectively and efficiently allocate time and
resources to risk reduction after careful evaluation and assessment. The link between
assets, risks, vulnerabilities, and mitigating controls must be examined using the
assessment technique or methodology.
3. Mitigation: Define a risk management plan and put security measures in place for each
one.
4. Prevention: Implement tools and practices to reduce the risk of attacks and
vulnerabilities in your company's resources.

Through implementing these methods, the organization will allow to:

 Identify the organization's assets (e.g., network, servers, apps, data centers, tools,
etc.).
 For each asset, create a risk profile.
 Learn about the data that these assets store, transfer, and produce.
 Determine the importance of an asset in terms of company operations. This covers the
total impact on economic, reputation, and the risk of exploitation of a company.
 Assess assets by determining their risk level and prioritizing them for evaluation.

These are some measures that can be identified in an organization. But for EMC Cyber
Company I’ve suggested some countermeasures which will allow the company’s security
risks and help them solve by monitoring, identifying and prevent the security risks. And they
are as follows:

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 34


To protect the organization from security attacks, procedures and strategies should be
used. These are some of the countermeasures for physical and virtual security risk. And they
are as follows:

Figure 5: Security Measures.


06. COUNTERMEASURES FOR VIRTUAL THREATS.
Cloud Firewalls.
Cloud Firewalls are network products that are software-based and designed to prevent or
reduce unauthorized access to private networks. Cloud-based firewalls surround cloud
systems, infrastructure, and software with a virtual barrier. Cloud firewalls can be accessed
and installed from any location where an organization can have a secure network connectivity
route. The firewall protects a trusted internal network with a trusted public network, like the
internet.

Password Protection.

Password protection entails setting a password to your data collection in order to protect it.
Without knowing the password, another user cannot access, alter, or destroy your data
collection.

Virus Guard.

Virus protection software is designed to prevent viruses, worms, and Trojan horses from
infecting a computer, as well as to remove any malicious software system code that has
already infected it.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 35


Spam Filters.

Spam can be easily stopped before it enters the email server with a cloud-based spam filtering
solution, stopping spam messages out of inboxes and email fraud threats out of the hands of
users. A cloud-based spam filtering solution will already be up to date, trained by the most
recent threat information and fine-tuned by experts to recognize and prevent further spam
messages from entering the system.

Create Backup Procedures.

We may generate a backup of every data we enter to the computers to reduce the risk of data
loss. We can reduce the risk of data loss this way. When a company's danger of data loss is
reduced, the organization can expand its business area and get ideas from previous situations.

Virus Scanners.

Scanners for Viruses Antivirus software can examine files and apps for viruses using one or
more ways. Signature scanning, heuristics scanning, integrity checks, and activity blocking
are among the techniques used by these tools to scan for and identify viruses.

Windows Sockets.

Sockets for Windows (SOCKS) SOCKS is a network protocol. It enables client–server


applications to run behind a firewall and take use of the security features it offers.

Pop-up Blockers.

Any software that prevents a pop-up from appearing at any moment is known as a pop-up
blocker. Multiple internet windows or real pop-ups created by code on a webpage are
examples of this. Pop-up blockers are often used to prevent pop-up advertisements from
appearing on websites. Depending on the pop-up blocker, however, they may also block
essential information.

SSH Protocol.

SSH encrypts connections between two network endpoints and enables password or public-
key based authentication. It is a secure alternative to unsafe file transmission techniques and
antiquated login protocols (such as telnet and rlogin) (such as FTP).

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 36


07. COUNTERMEASURES FOR PHYSICAL THREATS.

Figure 6: Physical Countermeasures.


Access Control.

Data is the most important source of any organization. And who has access to it is the most
dangerous risk anyone can take. When it comes to securing data and documents, access
control is a must. Implemented encryption protocols to ensure the data is kept secure.

Authentication.

Authentication is a security mechanism that verifies whether an individual attempting to


access organizational data and properties is a verified person. There are some types of
Authentications, and they are Smart Cards, Fingerprint, Face Recognition, Eye Scans,
Signature Dynamics, Hand/Palm Recognition, Password, Pin Code, Voice Recognition,
biometrics and many more.

Surveillance cameras and security guard.

Surveillance cameras may be used to protect the organization from criminals 24 hours a week
though, 7. Surveillance cameras are important because they can record what is going on
within the company. Aside from cameras, the organization should hire a security guard to
protect it physically. Having a security guard may create a positive picture of the
organization's security.

CCTV Camera.

A CCTV (closed-circuit television) system uses video cameras to monitor the inside and
outside of a building and transmits the signal to a monitor or series of monitors. The
advantages of CCTV security systems are being turned on by an increasing population.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 37


Managing and Securing hardware.

The organization's hardware should be updated and installed properly. Aside from that, they
should be protected with passwords and other safeguards. Unless it will lead to system
failures and data loss, this is a necessary security precaution.

Wi-Fi protected Access.

WPA stands for Wi-Fi Protected Access and is a security standard for computers connected
to a Wi-Fi network.

Install Fire Alarms.

The fire alarm's objective is to alert us to a danger so that we could take actions to safeguard
oneself, company, and the public at large. They are a part of our daily routine, yet they are
frequently neglected until an emergency arises, at which point they may save our lives. The
device may also be configured to imitate an alert for use in routine fire emergency exercises,
ensuring that all employees are aware of what to do in the case of an actual fire.

Educating Employees.

Employee training is a program that assists employees in acquiring specific information or


skills in order to improve their performance in their present positions. Employee development
is broader and focuses on an employee's long-term success rather than a specific job function.
Employees that are illiterate are the most prevalent reason for a security threat. Even if all of
your data is safeguarded with cutting-edge technology that can't be defeated when data
breaches and denial-of-service attacks are undertaken, one reality can devastate all of these
high-tech systems: ignorant employees. Therefore, Educating Employees within the
organization should be considered to have a successful and continuous business.

As an external security analyst, I suggest these security measures that should be implemented
in EMC Cyber company to reduce physical and virtual threats and improve organization
security.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 38


07. DEVELOP AND DESCRIBE SECURITY PROCEDURES FOR EMC CYBER TO
MINIMIZE THE IMPACT OF ISSUES DISCUSSED IN SECTION (1.2) BY
ASSESSING AND RECTIFYING THE RISKS.
A security policy is a collection of rules and procedures that employees must follow in order
to protect the organization's assets and resources. As mentioned in above the security risks for
an organization I’ve implemented some security procedures to minimize the risks for EMC
Cyber. Appropriate security policies enable the company to maintain a higher level of
security. A security policy's objective is to safeguard the confidentiality, integrity, and
availability of systems and information used by an organizational stakeholder.

Confidentiality ensures the safeguarding of resources from unauthorized units, according to


the CIA triad. Availability is a condition of the system in which authorized users have
continual access to said resources. Integrity ensures that resource changes are handled in a
defined and permitted manner.

Security Procedures to reduce Risks of EMC Cyber company.

Procedures and policies are the laws and regulations that every organization follows to ensure
its security and prevent various offences. As a result, both workers and management must
follow these processes and policies. Another purpose to establish rules and regulations is to
ensure that the firm can continue in the future. Similarly, EMC implemented a number of
methods to reduce their risks. These are some of the risks that the EMC firm had to deal with,
as stated above. The security procedures are as follows:

 Procedure to Reduces Data Risk.

To reduce the risk of data loss in EMC Cyber there should be a backup plan implemented.
We may make a backup of all the data we enter into the computers. We can decrease the
danger of data loss this way. When a company's danger of data loss is reduced, the
organization can expand its business area and get ideas from previous situations.

 Procedure to Reduce Natural Disasters.

To reduce the risk of Natural Disaster to EMC Cyber the company should implement a DRP
(Disaster Recovery plan) and Fire alarms. And also adapt Mitigation “Sustained activity that
lowers or eliminates long-term danger to people and property from natural disasters and their
effects,” according to the definition of mitigation. It refers to the continuing efforts at the

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 39


federal, state, local, and individual levels to mitigate the effects of disasters on the
individuals, businesses, communities, and economy.

 Procedures to reduce Data Misuse.

The crucial asset of an organization is to protect the data and information of the company.
While considering EMC Cyber must take steps to reduce the data misuse to get it done with
identity and access management, establish need to know access (By continually seeing when
and how each person interacts with data, activity monitoring systems may supplement logs
and aid security), set up behavior alert and analytics, and the best way is to educate the
employees. When sharing files and folders on drives, they should be labeled, and password
protected. No detachable drives, CDs, or DVDs are allowed to be inserted into the
organization's computers or devices without prior clearance from the administration. Always
have a backup of important and sensitive information of the company. These steps should be
considered to reduce data misuse in EMC Cyber.

 Procedure to implement regular inspection.

As listed the of risks that the EMC company faces, we can implement a procedure called
regular inspection procedure to reduce regular equipment malfunction. If this procedure is
implemented by the regular basis of the company, then we can successfully reduce the risk of
asset malfunctions. Network servers and routers, for example, frequently hold sensitive data
regarding the Organization's network infrastructures. The following rules must be followed
when such assets are withdrawn.

 Procedures to reduce theft and data modification.

To reduce theft and data modification of EMC Cyber the organization must install CCTV
Cameras where the crucial data is kept (server rooms) and to protect from data modification
EMC must implement strong password and encryption option to safeguard the company’s
data and information. And use physical Locks to prevent physical Data Theft.

 Procedures to reduce the risk of virus and attacks to EMC.

To reduce the risk of Virus and Attack to EMC cyber the company should use Virus guard
software’s, Virus scanners and implement multi-factor authentication and password
management. To prevent from attacks, keep up with the software’s and hardware with best
practices.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 40


 Procedures to reduce the risk of vandalism and Cyber-attacks.

To reduce the cyber-attacks and vandalism of EMC Cyber company the organization must
update the software’s fully, ensure endpoint security, install firewalls, backup all the
important and sensitive data, control access to the system, implement Wi-Fi security
measures, use access management methods, and use strong passwords for all the assets of the
company. These are the security procedures that I’ve implemented as a security analyst of
EMC Cyber in order to protect the organization for risks and negative impact. These security
procedures will help EMC Cyber company from physical and virtual risks. When these
security procedures are followed EMC Cyber will be able to identify the risk and treat it with
in time.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 41


08. WHAT IS RISK MANAGEMENT?
Risk management is the process of discovering, evaluating, and managing to risk factors that
arise over the course of a company's operations. By acting proactively rather than reactively,
effective risk management seeks to influence future incidents even more than possible. As a
result, good risk management has the ability to lower both the likelihood of a risk occurring
and the impact it may have (CFI Education Inc., 2021).

From data breaches to cyber-attacks, system failures, and natural disasters, an efficient risk
management approach can determine which risks represent the most threat to a business and
give instructions for dealing with them. There are three phases to understanding the risk
management process. They really are.

I. Risk Assessment and Analysis - The risk assessment and analysis stage are the first
phase in the risk management process. A risk assessment evaluates an organization's
exposure to uncertain events that might have an influence on its day-to-day operations
and estimates the financial and reputational harm those events may cause (CFI
Education Inc., 2021).
II. Risk Evaluation - Following the completion of the risk assessment or analysis, a risk
evaluation should be conducted. A risk assessment compares a risk's value to the risk
principles that the company has already established. Associated costs and benefits,
social considerations, regulatory requirements, and system faults can all be used as
risk criteria. (CFI Education Inc., 2021).
III. Risk Treatment and Reaction - Risk treatment and response are the final phase in
the risk management process. Implementing rules and processes to assist avoid or
minimize risks is known as risk treatment. Risk management include risk transfer and
risk financing as well (CFI Education Inc., 2021).

09. WHAT IS RISK ANALYSIS?


It is a risk management tool. It is a way of finding vulnerabilities and threats, as well as
assessing the potential damage, in order to determine where security protections should be
implemented.

Risk analysis assists organizations in prioritizing their risks and demonstrating to


management the amount of money that should be spent in a responsible manner to protect
against those risks.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 42


10. WHAT IS RISK TREATMENT?
The process of identifying and executing risk-reduction strategies is known as risk treatment.
Avoiding, optimizing, transferring, or retaining risk are some of the risk treatment options
(enisa, 2021). When there are any risks to the organization, we must limit or prevent them. To
prevent or lessen those risks, we must use particular tactics. The treatment of risks may be
defined as the avoidance of risks via the use of strategies. To manage particular risks that
have been recognized, unique treatment techniques might be developed.

Avoidance strategies — These approaches aim to completely prevent a possible risk from
occurring or having any influence on an organization. Transfer and changings are the two
main subcategories of the avoidance tactics category.

Minimize strategies - These methods aim to minimize the impact of risk on a product or
organization, resulting in the least amount of damage possible. When avoidance measures
aren't practicable or have failed, reduce methods are usually utilized.

Since there are various risks to the organization, we must limit or prevent them. To prevent or
minimize those risks, we must adopt particular approaches. The treatment of risks may be
defined as the prevention of risks by the use of strategies. There are various risks that might
harm the EMC company as well, such as physical damages that might occur to the EMC
company. For various types of risks, such as equipment malfunctioning, data misuse, and
data loss, there are a variety of treatments or procedures that may be adopted, including a
property damage claim procedure, regular inspection procedure, and a monitor user activity
procedure, by employing strategies such as monitoring user action protocols and
implementing backup processes. I’ve implemented some procedures that EMC Cyber
company should follow by regulating these procedures they can overcome the security risks
and protect the organization from its impact. This will help EMC Cyber to control and
overcome risks.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 43


ACTIVITY 02.
2.1. Identify how EMC and its clients will be impacted by improper/incorrect
configurations that are applicable to firewalls and VPN solutions.

01. WHAT IS A FIREWALL?

A firewall is a network security system that measures and filter network traffic in accord
with an organization's security practices. A firewall, at its most basic level, is the barrier that

separates a private internal network from the public Internet. The primary goal of a firewall is
to allow non-threatening traffic in while keeping harmful traffic out (Check Point , 2021).

Figure 7: Firewall.
Firewalls are software that may be used to improve the security of computers on a network.
Installing a firewall system makes the computer unique; in other words, the firewall uses a
cod wall to completely separate our machine from the internet. Firewalls have a variety of
capabilities. Its key feature is that it can improve security by allowing granular control over
which system tasks may be performed. Some people believe that a firewall is a device that
regulates traffic passing through a network system, however it is essentially software that
prevents unwanted access to network systems.

Operations done by a Firewall and some of them are as follows:

 Resources must be protected.


 Verify that you have permission.
 Control and manage network traffic.
 Act as a mediator by recording and reporting on situations.

A firewall policy is a set of rules that specifies how to utilize this software in order to make it
easier to manage. This is a program that regulates the flow of internet protocol data (IP). The
types of firewalls and firewall architectures are also included in the firewall policy.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 44


Advantages of a Firewall.

 Concentrate on the network traffic.


 Protection from Trojan horses.
 Hackers will be prevented.
 Control of access.
 Improved privacy.

There are few types of firewalls, and they are as follows:

I. Packet Filtering - A small quantity of data is examined and delivered based on the
filter's standards (Check Point , 2021).
II. Proxy Service - At the application layer, a network security system protects while
filtering messages (Check Point , 2021).
III. Stateful Inspection - Dynamic packet filtering keeps track of current connections to
decide which network packets to let through the Firewall (Check Point , 2021).
IV. Next Generation Firewall (NGFW) - Inspection of the entire packet Application-level
inspection in a firewall (Check Point , 2021).
V. Application Gateway - An application gateway is a proxy server that provides
application-layer access control. Between the secured network and the untrusted
network, it acts as an application-layer gateway. Because it operates at the application
layer, it has the ability to inspect traffic in great detail and is hence regarded as the
safest sort of firewall (Check Point , 2021).

Although a firewall is an important security tool, misconfigurations might allow attackers to


view the organization's data.

The following are five frequent firewall misconfigurations:

Configurations of broad policy.

Firewalls are frequently configured to allow traffic from any source to any destination. This
is due to the fact that IT teams do not know exactly what they want at the beginning, so they
begin with broad guidelines and work backwards. As a result, the network is always open to
trade. the minimum level of privileges required for a user or service to function correctly,

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 45


reducing the possible damage caused by a breach. It's also a good idea to evaluate your
firewall settings on a regular basis to examine application use patterns and identify new apps
that are being utilized on the network and the connection requirements they require (Wickert,
2015).

Rogue services and administrative services.

Leaving unnecessary processes running in firewalls may be highly dangerous. Dynamic


routing is one example, while rogue DHCP servers on a network distributing IP addresses is
another. As a result of this, availability difficulties will arise as a result of IP conflicts
(Wickert, 2015).

Non-standardized Authentication mechanisms.

It can be dangerous if network equipment is not configured according to industry standards.


Weak passwords will be allowed, and anybody will be able to access critical data. As a result,
when considering authentication techniques such as passwords, they should meet established
standards (Wickert, 2015).

System testing with production data.

An organization's production data is a particularly sensitive type of data. Most businesses


have a habit of testing their security systems using production data, exposing the data to a
potentially dangerous environment. As a result, testing using simulated data is preferable
(Wickert, 2015).

Devices having log outputs for security.

It's a risky situation if they don't examine the log outputs from their devices. This will keep
the administrators oblivious to the ongoing attacks and prevent any information about the
data theft from being revealed (Wickert, 2015).

As a result, it is preferable to set firewalls efficiently, as they may be the primary cause of the
organization's low security levels. Organizations must assess the state of their firewall
security and identify any potential vulnerabilities. Organizations may immediately enhance
their entire security posture and considerably lower their risk of a breach by resolving these
misconfiguration concerns.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 46


02. WHAT IS A VPN?
The capability to make a protected wireless network when using public networks is known to
as a "virtual private network". VPNs encrypt your
internet traffic and hide your genuine identity on the
internet. Third parties will have a harder time tracking
your online activity and stealing data as a result of this.
The encryption is carried out in real time (Kaspersky,
2021).

Figure 8: VPN.
VPN policy is a collection of rules that specifies how to use this secure connection in order to
make it easier to manage. This is an application for protecting online traffic against spying,
interruption, and restriction. The varieties of VPNs and VPN Architectures are also included
in the VPN policy. When it comes to VPN types, there are a few different sorts to consider.

I. Remote users, such as road warriors (or mobile users), telecommuters, and branch
offices, can connect to corporate networks using access VPNs.
II. Intranet VPNs allow branch offices to securely connect to corporate headquarters.

VPN, although being one of the safest technologies, has its own set of problems.

There are four issues that might arise while using a VPN connection. They are as
follows:

VPN connection rejection.

Although VPN is one of the safest technologies available, it has its own set of issues. When
using a VPN connection, there are four difficulties that may emerge. You have a DNS
problem if this ping fails when the IP address ping succeeds, because the client is unable to
resolve the server's name to an IP address. In this case, the user should check to see if the
routing and remote access services are active (Posey, 2019).

Unauthorized connections are accepted.

Unauthorized connections that are permitted might damage security. When viewing a user's
properties sheet in the 'Active Directory Users and Computers' interface, the user will notice

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 47


the Dial In tab, which provides a control option for remote access policy access. The user will
be able to connect to the VPN if this option is chosen and the active remote access policy is
set to allow remote access (Posey, 2019).

The inability to access destinations outside of the VPN server's network.

This is a common issue that prevents users from accessing networks beyond the VPN server.
The reason of this problem is that the user is not authorized to access the entire network
(Posey, 2019).

Creating a tunnel gets difficult.

Even if all of the functions operate, the VPN may not always enable the user to build a tunnel
between the client and the server. This problem exists for two reasons. One or more routers
may be involved in the packet filtering process, which may cause IP tunnel communication to
be blocked. Another cause is the use of a proxy server between the client and the VPN server
(Posey, 2019).

An organizational VPN's aim is to provide end-to-end encryptions for all devices in your
company's network, ensuring that no snoops, hackers, or even your internet service provider
can view your location or data. This gives you a private, secure internet connection no matter
where you are. Therefore, VPN must be configured properly as it provides security protection
to the organization.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 48


03. HOW EMC AND ITS CLIENTS WILL BE IMPACTED BY
IMPROPER/INCORRECT CONFIGURATIONS THAT ARE APPLICABLE TO
FIREWALLS AND VPN SOLUTIONS.
EMC Cyber is a reputed Cyber-security company based in Colombo Sri Lanka that’s
delivering security products and services across the entire information technology
infrastructure. EMC has numerous clients both in Sri Lanka and abroad. EMC company does
transactions with other nations not just in Sri Lanka.

When making those transactions, firewalls and VPNs are two software that are very
important to install. Because while conducting business on the internet, unwanted access to
the network system might occur, and other private networks can also attack the network
system. When it is breached by other users, they can get access to sensitive information about
EMC, particularly from rivals. If a rival, such as EMC, obtains information about the
organization, it poses a significant danger to the organization. To avoid such dangers,
firewalls must be installed. We must also tackle these risks if there are ineffective firewalls.

The second reason was the existence of inappropriate VPNs, which is another issue that
arises when performing online transactions because when we conduct online transactions
without utilizing a correct VPNs, there may be web traffic, eavesdropping, and interference,
which causes transactions to fail and buffer. As a result of the inappropriate VPNs, the EMC
company's reputation may be affected, thus we must establish suitable VPNs.

Therefore, firewall and VPN must be configured and installed properly. Misconfigurations of
these will lead huge impact to the EMC Cyber company. So, any misalignments will have a
great impact on the EMC network. Therefore, firewall and VPN must be installed without
any misconfigurations.

04. WHAT IS A NETWORK MONITORING SYSTEM?

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 49


Network monitoring provides network managers with the data they need to assess if a
network is performing properly in real time. Administrators may use tools like networking
monitoring software to detect flaws early on, improve productivity, and more. Network
monitoring systems are software and hardware solutions that track many elements of a
network's performance, including traffic, bandwidth usage, and uptime. These systems can
monitor and update the status of devices and other items that make up or interact the network
(cisco, 2021).

Figure 9: Network Monitoring.


These are some key benefits of using Network Monitoring System and they are as follows:

 Defending your network against hackers - A network monitoring system can detect
suspicious traffic, allowing owners to take immediate action.
 The network has a clear visibility - Administrators can receive a detailed view of all
the linked devices in the network, see how data is traveling between them, and rapidly
discover and rectify issues that might reduce performance and cause outages by using
network monitoring.
 More efficient use of IT resources - Network monitoring solutions use hardware and
software to help IT employees do less human labor. As a result, the organization's
important IT professionals will have more time to dedicate to critical projects.
 Network monitoring systems can create reports that illustrate how network devices
performed over time, leading to early prediction of future services and infrastructure.
 The capacity to identify security risks more quickly - Network monitoring aids
companies in recognizing "normal" network performance. As a result, when odd
behavior happens, such as an inexplicable increase in network traffic levels,
administrators may rapidly identify the problem—and assess if it creates a security
risk.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 50


 Justify equipment upgrade - Tools for network monitoring provide historical data
on how equipment has behaved over time. The trends analysis can help you determine
whether your existing technology can grow to meet your company goals or whether
you need to invest in new technology.

4.1. NETWORK MONITORING TOOLS.

Network monitoring can be done using network monitoring tools and software applications.
They are SNMP (Simple Network Monitoring Protocol), ICMP (Internet Control Message
Protocol), CDP (Cisco-Discovery Protocol), Net-flow and SIS log.

SNMP- Simple Network Management Protocol.

The major protocol for network management is the Simple Network Management Protocol
(SNMP). Network devices may be readily managed and controlled by a central mechanism
using SNMP. It's an application protocol that allows the controlled device and the
management system to communicate.

Figure 10: SNMP.


SNMP is a network protocol that allows a network management station to control devices
remotely. To manage and monitor a device, its attributes must be expressed in a format that
both the agent and the manager are familiar with. Physical qualities such as fast speeds or

services such as routing tables can be represented by these attributes.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 51


Figure 11: SNMP Architecture.
CDP – Cisco Discovery Protocol.

The Cisco Discovery Protocol is a layer 2 protocol that enables network applications to know
about directly connected devices nearby. It is media-independent and network-independent. It
operates on Cisco devices. This protocol makes it easier to manage Cisco equipment by
identifying them and figuring out how they're set up, as well as allowing systems utilizing
different network layer protocols to learn from one other. CDP purposes with SNMP.

Figure 12: CDP.


CDP offers a great deal of information on the device near you. CDP is used to provide device
IDs, IP addresses, capacity, and other information to the requested neighbor (Cisco Discovery
Protocol).

SIS LOG.

Syslog is a network-based logging standard that allows programs to send information on


events, statuses, diagnostics, and more to a central server. Many devices, including most
network equipment like as switches and routers, as well as certain printers, firewalls, and web

servers, implement the Syslog protocol. This flexible application may be used to handle

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 52


complicated networks with enormous amounts of data that require centralized monitoring. As
a result, security is one of the most important syslog monitoring apps.

Figure 13: SIS -Log.


NET-FLOW.

NetFlow is a technology that enables one to follow a stream of packets with similar
properties like source or destination port, source or destination address, protocol, and so on.

NetFlow is a network protocol technology designed by Cisco for capturing active IP network
traffic as it flows around in an interface. After then, the NetFlow data is processed to produce
a picture of network traffic flow and volume, hence the name: NetFlow. NetFlow is a cisco
ISO software service that characterizes network activity. Network operators are finding it
more important to understand how their networks are acting in response to new demands and
constraints.

As a result, NetFlow aids in the delivery of mission-critical, performance-sensitive, and


application data.

NetFlow detects some operations, and few are as follows:

 Use of the application and the network


 Anomalies in the network and security flaws
 The usage of network resources and the productivity of the network.

Figure 14: NetFlow.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 53


CONCLUSION.

Cyber-attacks have been expanding at a shocking rate over the years, according to statistics.
As many as personal records have been compromised as a result of these attacks. Investing in
expert network monitoring will enable you to quickly identify and resolve security risks.
Combining with appropriate technology that can detect and identify threats before it's too late
is one strategy to reduce the damage caused by data thefts. Security can be provided by a
network monitoring tool. Can spot anything out of the ordinary, whether it's a spike in traffic
or an unfamiliar device connected to your network, because they know what normal
performance looks like. By drilling in to figure out when and on what device an event
occurred, you’re able to take a flexible approach to network security.

While considering the above facts and information it’s really very important for EMC Cyber
to implement a Network Monitoring system as it is providing security products and service
across the entire information technology infrastructure. Not only in Sri Lanka but also for
abroad EMC is providing services. Then it’s very crucial to establish a Network Monitoring
System to safeguard the organization and its Data. Organizational networks should be set up
with monitoring tools that automatically alert IT teams to potential risks, such as disk space
spikes, backup failure, failing hardware, hacker attempts, and network devices without up-to-
date antivirus software, allowing IT to take corrective action before it's too late. For
organizations to get the benefits of network monitoring, it must become a key component of
their overall IT strategy. All network pieces must be monitored for security, resilience,
appropriateness, availability, and speed in order to be most successful. So as a security
analyst of EMC Cyber Company I strongly suggest establishing a Network Monitoring
System to safeguard the entire network of EMC as mentioned above. Tools like SNMP, CDP,
SIS LOG and NetFlow must be implemented in EMC Cyber to have safe and secure network
monitoring system.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 54


05. WHAT IS NETWORK MANAGEMENT SYSTEM?

Using a network management system, a network administration does the process of


administering, managing, and running a data network. Modern network management systems
gather and analyze data on a regular basis and send out configuration changes to improve
performance, reliability, and security (cisco, 2021).

Figure 15: Network Management.


Switches, routers, access points, and wireless controllers are among the network devices
managed by the system. It usually collects data from network elements through a centralized
server. On-premises, in a private data center, or in the cloud, the server can be found.
Logging in to the server, generally using a web browser or a smartphone app, allows network
managers to monitor network activities.

Computers, phones, cameras, machines, and sensors, along with networking devices like
routers and switches, usually send data to the system in one of two ways:

SNMP - The Simple Network Management Protocol (SNMP) is an open standard that
has long served as the industry's network management protocol. SNMP is a
commonly used network protocol for managing and monitoring network components.
SNMP is used by the network management system to "poll" each network element.
The system then receives a response from each part.
Telemetry - Telemetry is the automated communication of important performance
information in real time via a software agent installed in a network device. Because

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 55


telemetry is more efficient, can provide many more data points, and is more scalable,
it is gradually replacing SNMP. Telemetry protocols like NETCONF/YANG are
gaining popularity as a means to provide multivendor support similar to SNMP.

Through network management system the company can identify some critical aspects and
they’re:

 Identification of a flaw
 Management of performance.
 Provisioning of a network
 Maintaining a high level of QOS.

Advantages of Network Management system.

 It improves productivity - Network Management Systems detect and address


problems before they become widely known, ensuring that production is not
restricted, or data is lost. Employees will have more time to focus on higher-priority
activities.
 It keeps the business running smoothly - A network management system detects and
resolves problems before they become a problem, allowing you to continue doing
business as normal.
 It reduces the danger of security breaches -. Antivirus, hacking, and other internal and
external dangers are all protected by a competent Network Management System.
Aside from that, companies must adhere to regulatory obligations. Organizations will
be able to maintain compliance with the help of a secure network.

CONCLUSION.

Network Management may be used to keep track of both software and hardware in a network.
It generally collects data from a network's distant locations and sends it to a system
administrator for reporting. Network Management’s main advantage is that it allows users to
monitor and manage their whole business activities from a single computer. Through network
management the organization can be useful in Device detection on the network, Monitoring
of network devices, Analysis of network performance, Device management on the network
and Customizable alerts or intelligent notifications. So as a security analyst of EMC Cyber
Company I strongly suggest establishing a Network Management System to safeguard the
entire network of EMC.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 56


2.2. Explain how the following technologies would benefit EMC Cyber and its clients by
facilitating a ‘trusted network’. (Support your answer with suitable example).

06. WHAT IS A DMZ?


A demilitarized zone (DMZ) is a physical or logical network that connects hosts that provide
an interface to an untrusted external network –
generally the internet – while keeping the
internal, private network – usually the business
network – separate and isolated from the
external network. Because systems that provide
services to users outside of the local area
network, such as e-mail, Web, and Domain
Name System (DNS) servers, are the most
vulnerable to attack, they are ‘locked up' inside a DMZ, from which they have limited access
to the private network. Internal and external network hosts can connect with hosts in the
DMZ, while internal network hosts can only connect with each other (The Secret Security
Wiki, 2021).

Figure 16: DMZ.


To filter traffic between the DMZ and the private network, a security gateway (i.e., firewall)
is used to protect the DMZ. In front of the DMZ is a security gateway that filters incoming
traffic from the outside network.

If an attacker succeeds in breaching or attacking an organization's network, just the DMZ


network will be compromised, not the core network behind it. A DMZ is more secure and
safer than a firewall, and it may also function as a proxy server.

CONCLUSION.

The basic assumption is that you separate your public-facing servers from your private,
trusted network by putting them in the "DMZ network." The use case is that your server may
be deeply rooted because it has a public face. If this occurs, and a malicious person obtains

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 57


access to your server, he should be isolated in the DMZ network, with no direct access to the
private hosts.

The ultimate purpose of a DMZ is to provide untrusted networks access to resources while
keeping the private network safe. Web servers, mail servers, FTP servers, and VoIP servers
are all examples of resources that are typically put in the DMZ.

07. WHAT IS AN IP ADDRESS?


The internet protocol address (IP address) is a numerical identifier that is connected with a
specific computer or computer network. When computers are linked to the internet, the IP
address allows them to send and receive data. (avast, 2021)

A TCP/IP network's IP address is a unique number that is issued to each device.

There are two common versions of IP’s they are:

1. IPV4.
2. IPV6.

There are two types of IP’s. they are:

1. Static IP.
2. Dynamic IP.

Figure 17: Static Vs Dynamic.

7.1. STATIC IP.

An Ip which does not change is known as a static IP address. When you assign a static IP
address to your device, it normally remains that way until it is retired or your network

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 58


modifications. Servers and other key equipment generally require static IP addresses (avast,
2021).

A static IP address can be used to inform other computers or servers on the internet where a
certain device is located or connected to the internet. Many small companies with internet-
related activities might benefit from this, such as hosting a web, email, or FTP server, gaining
remote access to a corporate network, or hosting a camera for video streaming and
videoconferencing applications. The advantages of speed and reliability are great. Because a
static IP address remains constant, systems using static IP addresses are more exposed to data
theft and security risks.

Advantages and Disadvantages of Static IP.

There are many benefits of static IP and constraint some of them are as follows:

ADVANTAGES OF STATIC IP. DISADVANTAGES OF STATIC IP.


It could give a higher level of security - Static IP addresses are more expensive -
When you assign a static IP to your internal than end-user plans, and ISPs often charge
network, it adds an extra degree of extra for them.
protection against security issues that may
arise on the network.
Over the internet, you have a better name Static IP addresses are more vulnerable
resolution - When a device has a static IP to hacking - With a static IP address,
address, it can be reliably contacted using its hackers can identify your server's location
allocated host names. on the Internet.
Better DNS support - DNS servers make it It restricts the amount of IP addresses
much easier to set up and manage static IP available - When a device or website has a
addresses. static IP address assigned to it, that address
stays occupied until the assignment is
removed. Even if the computer or website
isn't being used at the time.
Remote access made easier with a static Manual configuration.
IP address - Using a Virtual Private
Network (VPN) or other remote access
applications is made easier with a static IP
address.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 59


It makes it easier for geolocation. Establishing a static IP address is a
difficult task.
Communication that is more reliable -
Static IP addresses enable teleconferencing
and other speech and video collaboration
simpler using Voice over Internet Protocol
(VoIP).
You have quicker download and upload
speeds - The speed of access to content is
typically faster when you have a static IP
allocated to your device since there are less
disparities linked with it.
It lowers the risk of misplacing an
important message - This is never an issue
with a static IP address. Because your
address remains the same at all times, you'll
always know when someone is attempting
to contact you.
You’ll find it easier to locate shared
devices - If several employees need to use
the same networked printer, using a static IP
address makes it easier to locate the printer.
Table 1: Advantages and Disadvantages of Static IP.

7.2. DYNAMIC IP.

IP addresses assigned to dynamic addresses are liable to change at any time. Dynamic Host
Configuration Protocol (DHCP) servers assign dynamic addresses as needed (avast, 2021).

7.3. ABOUT DHCP.

DHCP (Dynamic Host Configuration Protocol) is an Internet protocol that allows computers
on a network to obtain IP addresses and other information like the default gateway. When
you connect to the Internet, an ISP computer configured as a DHCP server provides you an
IP address automatically. It might be the same IP address as previously, or it might be a
different one completely. When you disconnect a dynamic IP address-based Internet

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 60


connection, the ISP may allocate that IP address to another client (WatchGuard
Technologies,, 2021).

A DHCP server is used to automatically setup additional network configuration and import
other IP addresses. The router serves as the DHCP server in most homes and small
businesses. A single computer can function as the DHCP server in large networks. In
summary, a device (the client) requests an IP address from a router (the host), and the host
then provides an accessible IP address to allow the client to communicate on the network.

Advantages and Disadvantages of DHCP IP.

ADVANTAGES OF DHCP IP. DISADVANTAGES OF DHCP IP.


Configuration is simple and automated - Remote access may be limited - If you
The DHCP server assigns the device the utilize a dynamic IP address, depending on
next available IP address when it has a your remote access software, you may have
dynamic IP address. You are under no need problems connecting.
to take action.
Costs are lower - Using a DHCP IP address When there is just one DHCP server, it
saves money in most cases. fails.

IP addressing is not limited - IP addresses More downtime is possible - While it


can be reused with dynamic addresses. Your doesn't happen very frequently, your ISP
devices are immediately set with a new may be unable to provide you a DHCP IP
DHCP IP address within a network. address. Your internet connection may be
disrupted as a result of this.
Better security - A DHCP IP address For hosted services, this is unlikely to
makes it more difficult for an attacker to work- Using a DHCP IP address to host a
target your networked devices. You may website, email server, or other service might
also improve your security by using a VPN be problematic. DNS does not function well
to hide your network address. enough with dynamic IP addresses because
the address is constantly altering. There are
Dynamic DNS services that can solve this
problem, but they are expensive and
complex. This would have the potential to
be a huge disadvantage.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 61


Physical safety is improved - It's far more DHCP IPs have a number of security
difficult for a snoop to figure out where you flaws and if we use older Microsoft
are. A VPN might also help with this. servers, there are complications with the
DHCP server.
Table 2: Advantages and Disadvantages of DHCP IP.

CONCLUSION.

An IP address (internet protocol) is a number that uniquely identifies each device on a


network. This unique number remains the same with a static IP address. This number is
automatically issued to each device from a pool of available numbers on the network using a
DHCP (dynamic host configuration protocol) address. Static means permanent, whereas
DHCP means changeable. When considering both the Static IP and DHCP IP both offers
security features and many advantages. But while considering the term, which IP is more
secure for a Trusted Network? Then I prefer Static IP. Static IP addresses are typically
preferred by organizations that host their own websites and internet services. Static IP
addresses are indeed beneficial to remote professionals who access to the office via a VPN. If
you have a static IP address, it means the device's IP address was manually setup. That's not
the same as the DHCP server assigning one to the device automatically. Because it does not
change, it is referred to as a "static" address. Which is the key benefit for a Trusted Network.

Static IP addresses provide a lot of benefits. Protect your network and assess whether or not a
static IP address is the best choice for your internal or organization if you want to ensure that
your devices are connected and running. When a device is granted a static IP address, it
usually retains that address as its online identity until it is decommissioned, or the network
architecture is altered. Static IP addresses are typically assigned to servers and other essential
equipment, and the static IP address makes it easier to locate and connect with them.

Since static IP addresses do not change, they are ideal for web servers and email servers
because users are unlikely to be rerouted if the IP address changes. Devices with a static IP
address can host servers that store data that may be accessed via the Internet by other devices.
This makes it easy for devices to find a server anywhere on the earth. When using a static IP,
remote access for devices on a closed network is much easier. Because static IP addresses do

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 62


not change, they give increased reliability for Internet access. It's easier to assign a static IP
address and keep connections while handling several devices. For businesses with remote
employees or enterprises that offer connected devices for large scale deployments, a static IP
address may be the best option for installing several devices.

Therefore, choosing Static over DHCP would be more secure and benefitable for EMC Cyber
as it provides strong security features.

08. WHAT IS NAT (NETWORK ADDRESS TRANSLATION)?


The process by which a network device, usually a firewall, assigns a public address to a
computer (or group of computers) inside a private network is known as network address
translation (NAT). For both economic and security concerns, the core objective of NAT is to
decrease the number of public IP addresses which an organization or corporation has to use.
(What Is My IP Address., 2021).

Figure 18: NAT.


Internet needs that necessitate Network Address Translation (NAT) are complex, yet they
happen so rapidly that the end user isn't even aware of it. A request is sent from a workstation
in a network to a computer on the internet. When routers in the network determine that the
request isn't for a network resource, they forward it to the firewall. The request from the
computer with the internal IP is detected by the firewall. IT then sends the identical request to
the internet using its own public address and receives the response from the internet resource
on the private network machine. The communication looks to be direct with the site on the
internet, based on the workstation's perspective.

The importance of NAT in firewall security cannot be overstated. It reduces the number of
public addresses used within a company and provides for tighter access control to resources
on both sides of the firewall.

Advantages of NAT.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 63


 Private IP addresses are reused.
 Increase the security of private networks by keeping internal addresses hidden from
the outside environment.
 Using a lesser number of public (external) IP addresses to connect a large number of
hosts to the global internet, therefore preserving IP address space.
 It permits a limitless number of private IP addresses to share a single internet
connection.

CONCLUSION.

The ultimate objective of NAT is to decrease the quantity of public IP addresses that a
corporation or organization needs utilize, for both economic and security purposes. As EMC
Cyber company is associating with the clients throughout the world its very necessary to have
NAT to protect the organization from networking risks and threats. The benefit of NAT is
Using a lower number of public (external) IP addresses to connect a large number of hosts to
the global internet, thereby preserving IP address space. Therefore, for both economic and
security reasons, NAT may assist an organization increase security and reduce the number of
IP addresses it needs. NAT reduces the number of globally valid IP addresses required by an
organization.

NAT may also help with security and privacy. NAT prevents anything else from accessing
the private device by transferring data packets from public to private addresses. The router
organizes the data to ensure that it is sent to the correct location, making it more difficult for
unwanted data to pass through. It isn't perfect, but it is frequently the first line of protection
for your device.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 64


09. HOW THE FOLLOWING TECHNOLOGIES WOULD BENEFIT EMC CYBER
COMPANY.
1. DMZ for EMC Cyber.

When considering in the security perspective DMZ is very crucial system that should be
implemented in EMC Cyber company. This refers to a host or other network system that
serves as a secure and intermediate network system, or a link between two or more
companies' internal networks and the outside world. When EMC communicates with
customers, various external network systems may be used to attack EMC's network work
system. The EMC corporation can implement DMZ network technologies to prevent these
types of threats.

2. Static IP for EMC Cyber.

In security perspective Static IP contains more security features for a cyber security
organization. When considering EMC Cyber company, it should use Static IP instead of
DHCP IP because it protects the network and the access through this unchangeable IP form.
It's a unique number that an internet service provider assigns to a machine. Web hosting and
voice over internet protocol both benefit from static IP addresses (VOIP). The key benefit of
adopting static IPs is that they are fast and reliable. As a result, when the EMC company
operates with other countries, it requires a fast internet connection. Static IP addresses are
extremely beneficial to the EMC firm in these situations.

3. NAT for EMC Cyber.

For both economic and security reasons, network address translation is used to minimize the
number of public IP addresses that EMC must use. When there is a public IP address, the
EMC company's network infrastructure is used to respond to queries from unknown IP
addresses. The EMC corporation benefits greatly from NAT's assistance in preventing these
actions. Therefore, establishing NAT for EMC Cyber is really important when considering
the security of the company.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 65


10. WHAT IS A TRUSTED NETWORK?
A trusted network system is a network of interconnected plans that can only be accessed by
authorized users and enables only protected data to be sent. To achieve "trust," a Trusted
Network System design uses current standards, protocols, and hardware designs. User
authentication, complete network device admission control, end-device status checks, policy-
based access control, traffic filtering, automatic remediation of non-compliant devices, and
auditing are all provided by Trusted Network Systems. For Trusted Network System, the
Trusted Computing Group has developed industry standards Cisco Trust Sec, Cisco Clean
Access (previously known as Cisco Network Admission Control), and Microsoft Network
Access Protection are three successful Trusted Network System technologies that have been
developed (Aravindan, 2021).

Components of a Trusted Network are as follows:

 Authentication: Users should be required to login to the network, and only authenticated
users should be able to access it.
 Encryption: data should be encrypted so that confidential information cannot be
intercepted and sent to unauthorized parties.
 Firewall: Hardware such as a firewall, which is a software application or piece of
hardware that helps screen for security, should be installed on the trusted network's
Computers and servers.
 Private Network: The trusted network's Devices and servers should be configured with
software such as a virtual private network (VPN), which enables remote work and secure
data transmission.
 Directory Server: This server verifies the identities or responsibilities of client devices.
 Before being admitted to a Trusted Network System, every client device must be
assessed.

CONCLUSION.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 66


In order to form a trusted network for EMC Cyber the following technologies must be
implemented. They are DMZ (Demilitarized Zones), Static IP and NAT (Network Address
Translation). Through utilizing these technologies EMC Cyber will form a Trusted Network.
Which is highly recommended by me as security analyst of EMC company. And this will
form a strong Network Security to EMC Cyber Company.

Identify and evaluate the tools that can be utilized by EMC cyber to improve the
network and security performance without compromising each other. Evaluate at least
three virtual and physical security measures that can be implemented by EMC to
uphold the integrity of organization’s IT policy.

11. THE TOOLS THAT CAN BE UTILIZED BY EMC CYBER TO IMPROVE THE
NETWORK AND SECURITY PERFORMANCE.
As EMC Cyber has some risks. It is important to improve the network and security
performances to uphold the integrity of the organization’s IT policy. There are two types of
security measures that can be implemented by EMC Cyber to uphold the integrity of the
company. They are Physical and Virtual securities. Some of these are mentioned detailly
below.

11.1. PHYSICAL SECURITY MEASURES.

Physical security is concerned with safeguarding sensitive data, confidential information,


networks, software, equipment, facilities, corporate assets, and employees. There are two
factors that might have an impact on security. Natural disasters such as floods, fires, and
power outages are the first to impact. Though the information will not be abused, retrieving it
will be difficult and may result in irreversible data loss. The second type of attack is one
committed by a malicious party, which might include terrorism, vandalism, and theft.
Physical security concerns affect all organizations in different ways (Kristina, 2019).

Physical security is extremely essential, yet most businesses neglect it. It is required if you do
not want your information to be stolen or destroyed in the event of a natural disaster. If this
security wasn’t adequately managed, when an attacker obtains physical access, every one of
the safety precautions will be deemed useless. Physical security is proving to be more
difficult than in past decades, since there are more sensitive gadgets available (such as USB
drives, computers, cellphones, tablets, and so on) that make data theft simple and painless.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 67


While considering the above facts EMC Cyber also should utilize some Physical Security
measures to uphold the integrity of the company’s IT policy. As an external security analyst
of EMC, I’ve suggested some physical security measures and they are as follows:

 Intrusion detector - An intrusion detection system, or IDS for short, keeps an eye
on network and system traffic for any unusual behavior. Intrusion detection
software will provide you warnings once any possible threats have been discovered
(Kristina, 2019).

 CCTV, smart cards.

 Workplace safety Coordinator.

 Guards - Guards will ensure that your customers and workers are safe at all times,
keeping an eye out for any threats from unwelcome guests (Kristina, 2019).

 Intrusion alarm.

 Motion detectors - Motion detectors are designed to detect almost any type of
movement. These devices are portable, simple to install, and do not require any
monthly monitoring. While motion detectors can help you maintain physical
security in the office, they can also provide your employees a sense of security
(Kristina, 2019).

 Physical access cards.

 RFID tags - RFID tags employ radio frequency technology to identify things and
are a form of tracking system that uses smart barcodes to do so. These radio waves
carry information from the tag to a reader, which subsequently sends it to an RFID
computer software (Kristina, 2019).

 Barbed wire and much more.

Multiple operators can access control (AC), which comprises permission, access approval,
multiple identity verifications, authentication, and auditing. And there are tools which will
improve the security performances and they are as follows.

 Access To Areas with Important Equipment or Information Is Limited.


 Create a list of all the devices you own - Theft of devices is the leading cause of
data breaches. The inventory of devices will assist you in swiftly identifying the

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 68


individual who took the device, as well as the time it occurred and whether any
data was taken.
 Establish physical security procedures for your workers.
 Employee Education.
 Arrange for a surveillance and monitoring system to be set up - One of the first
things you should do to increase workplace physical security is to establish
physical security procedures. When it comes to providing physical security for a
company, video surveillance and monitoring systems are highly beneficial. Once
they are correctly set up, your company will be able to keep track of who enters and
departs your facility, as well as the exact time it happened.
 From the outside in, secure the facility – it’s critical to keep your workplace safe
for you and your staff. To keep your employees and data safe at all times, you'll
need to secure your facilities from the outside in.
 Printers, drives, workstations, and data should all be protected.
 Making An Effective Emergency Plan.
 Fire extinguishers are used to stop flames.

Many lives and companies have been saved as a result of having a strong emergency plan in
place; it fosters security and caring among employees and coworkers. These are the physical
security measures I’ve implemented for EMC Cyber to uphold the integrity of the
organization’s IT policy and maintain the security and network performances.

11.2. VIRTUAL SECURITY MEASURES.

Software protections for an organization's systems, such as user identity and password access,
authentication, access permissions, and authority levels, are all part of virtual security. Only
authorized users are able to execute activities or access information in a network or on a
workstation using these safeguards. Today, businesses in a variety of sectors face a variety of
cybersecurity challenges, and virtual security controls may be the solution to some of these
problems. While considering the above facts EMC Cyber also should utilize some Virtual
Security measures to uphold the integrity of the company’s IT policy. As an external security
analyst of EMC, I’ve suggested some virtual security measures and they are as follows:

 Sensitive Files Should Be Quarantined-Take control of your data by utilizing data


security software that identifies sensitive data and transfers it to a secure place.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 69


 Prepare for Cyber Risks-You'll want to have an efficient security policy in place that
addresses both existing and potential data threats. Both external and internal dangers
are included. Use software that gives real-time monitoring and notifications of
questionable activity in addition to your policy.
 User access is being tracked.
 High-Risk Activities are being blocked.
 Authentication, Encryption and Passwords.

These are some tools that should be utilized to improve security performances of a company
in order to uphold the integrity of the company. As an external security analyst of EMC
Cyber, I’ve implemented some virtual security measures and they are as follows:

 MAC Address Filtering - MAC address filtering, also known as hardware address
filtering, is an optional function found on most broadband routers and other wireless
access points. It enhances security by restricting the number of devices that may
connect to a network.
 Antivirus and antimalware software - Antivirus and antimalware programs were
developed to identify and guard against malicious software. While the word antivirus
implies that software simply guards against computer viruses, its functions typically
include protection against today's various types of malwares. Antimalware identifies
more complex malware, such as zero-day attacks, whereas antivirus software protects
against more common malware.
 Firewall - A firewall is a network security device that monitors network traffic and
evaluates whether certain types of traffic should be permitted or banned consisting of
a set of security policies.
 Multi Factor Authentication - MFA is an authentication tool that enables a user to
submit two or more verification factors in order to obtain access to a resource such as
an application, a user account on the internet, or a VPN. A robust identity and access
management policy must include multi-factor authentication. MFA needs one or more
extra verification criteria in addition to a login and password, which reduces the
chances of a successful cyber-attack.
 Email Filtering - The process of filtering an organization's inbound and outgoing
email traffic is known as email filtering. Inbound email filtering analyzes messages
sent to clients and classifies them into separate categories. Depending on their needs,
organizations can use this capability as a cloud service or an on-premises appliance.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 70


These are the virtual security measures I’ve implemented for EMC Cyber to uphold the
integrity of the organization’s IT policy and maintain the security and network performances.

ACTIVITY 03.
Discuss suitable risk assessment integrated enterprise risk management procedures for
EMC Cyber solutions and the impact an IT security audit will have on safeguarding
organization and its clients.

01. WHAT IS A RISK?


A security risk is something that might cause information or asset compromise, loss,
unavailability, or damage, as well as harm to people. The influence of uncertainty on
objectives is known as security risk, and it is frequently assessed in terms of its likelihood
and consequences. People, systems, processes, procedures, crime, attacks, and natural events
are the most common causes (Protective Security Policy Framework, 2021).

02. WHAT IS RISK ASSESSMENT?


Understanding, managing, limiting, and reducing risk is what security risk assessment is all
about. It's an important part of every company's risk management strategy and data security
activities. Risk assessment is an unavoidable aspect for businesses dealing with information
technology and information systems. Threats involved, vulnerability level, and value of
information the threat can influence are the three main elements to consider when assessing a
risk.

A risk assessment is a thorough analysis of your company to discover those items, situations,
procedures, and other factors that might damage people. After you've made the identification,
you'll need to examine and assess how likely and serious the risk is. After you've reached this
conclusion, you may go on to deciding what steps should be taken to successfully remove or
control the risk (CCOHS, 2021).

The ability to detect, evaluate, and prioritize risks in organizational processes, assets, and
persons is enabled by proper risk assessment. Risk assessment is constantly concerned with
information such as,

 The most important assets

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 71


Looking for the most significant assets might provide insight into the risks that those assets
may face. So, in order to assess the risk, we ranked the organization's assets in order of
priority.

 A data breach has occurred.

A data breach occurs when sensitive information is exposed as a result of a cyber-attack,


virus, or human mistake. What type of data breach would have the most impact on the
organization's security and can be detected by looking at how data is hacked?

 Observations into the organization

Keeping an eye out for risks can help you gain a better understanding of the organization and
assist you improve the areas where it is lacking. This is also beneficial for future planning.

 Vulnerabilities are exploited.

Understanding external and internal vulnerabilities, as well as their influence on the


company, should be explored during risk assessment.

 The level of risk is identified.

Every company has a limit to how much risk it can take. As a result, knowing the degree of
risk that the business faces help administrators to take appropriate steps to minimize the risk.

These are some types of risks that can be identified through a risk assessment and risk
management. While considering EMC Cyber it has a potential value of risks and can be
treated through risk assessment. The following are some procedures I’ve implemented for
EMC Cyber in order to safeguard the organization and its clients.

1. Determine the information's worth - Any organization's data is relevant.


Understanding the value of the organization's information is a critical aspect. Because
it is linked to factors like legal, financial, and profitability, the sensitivity level of
information can be quite important.
2. Identifying and rating the assets of the company - Prioritizing and rating the asset
based on its worth is critical.
3. Detecting dangers - A threat is something that can cause a vulnerability to be
exploited in order to compromise security and put the system at risk. Threats may be
divided into two categories: logical threats and physical threats. Malware and hackers

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 72


are logical dangers. Natural catastrophes, system failures, human errors, data breach,
and data loss are all physical dangers.
4. Recognize vulnerability - Vulnerability is a type of flaw that compromises an
organization's security. By reviewing vulnerability analysis or audit data, the analyst
should be able to spot the flaws.
5. New controls should be evaluated and implemented - Threats and vulnerabilities are
handled by controls. There are two sorts of controls: preventative and detective. If the
current security measures are insufficient to limit the risk, the analyst might look for
and install new controls in the future.
6. Keeping track of the risk assessment report - Finally, the analyst must write a report
that details the risks, vulnerabilities, and countermeasures. Aside from the current
data, the assessor might offer his opinions on the issues. This report will assist
management in making proper and effective decisions about the organization's
security sector.

A company may conduct a thorough risk assessment approach and strengthen security by
following the procedures outlined above. As External security analyst of EMC Cyber, I’ve
implemented the above procedures to safeguard the organization and the clients.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 73


Explain the mandatory data protection laws and procedures which will be applied to
data storage solutions provided by EMC Cyber. You should also summarize ISO 31000
risk management methodology.

03. WHAT IS DATA PROTECTION?


Data protection is the process of preventing essential data from being manipulated,
compromised, or lost. As the quantity of data generated and stored continues to rise at
unprecedented rates, data protection becomes increasingly important. There is also limited
tolerance for downtime, which might prevent important information from being accessed. As
a result, ensuring that data can be recovered quickly after any corruption or loss is an
important component of a data protection strategy. Other important aspects of data protection
include preventing data breach and protecting data privacy (Crocetti, 2021).

Data loss happens when data is unintentionally destroyed or when data becomes damaged
due to some event. Data can become illegible by people and software due to viruses, physical
damage, or formatting mistakes. Understanding what causes data loss can help you reduce the
risk of data loss in your organization.

Data protection is a highly helpful thing to perform in an organization since any organization
or major corporation contains a lot of useful data, and if that data is leaked to their rivals, the
organization or company would undoubtedly suffer financial losses. These are some of the
useful details that reputable businesses have. Some of them are as follows:

1. Banking information.
2. Email details and Passwords.
3. Asset information.
4. Customer details and information.
5. Transactions of the company.

So, these are some of the valuable information of the organizations and there more too. In
order to protect these from internal and external threats security measures should be taken.
Some of the security measures are stated below.

Installing CCTV camera.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 74


As a result, a CCTV camera is an essential tool for keeping your property secure as well as
the safety of your company's personnel and activities. It improves the security of the
environment, lowers crime rates, and deters potential smash-and-grab criminals from causing
damage to your property. Through installing CCTV camera crimes can be detected, monitor
activities, reduce retail theft, Eliminate Fraudulent Insurance Claims, provide staff protection
and many more.

Policies should be implemented.

Policies for Data Encryption, Password, Email and Data processing should be implemented.
These are the key factors that can be recognized for a data protection. By encrypting the data
and applying strong password policies will lead to have a strong data protection.

Employee Monitoring.

Employee monitoring is a type of activity monitoring used by organizations for a number of


purposes, including preventing and detecting expensive data breaches, increasing employee
engagement, and optimizing wasteful operations. Businesses may use these new technologies
to improve employee performance, increase employee engagement, and minimize process
inefficiencies. Organizations can enhance worker productivity and profitability by monitoring
and analyzing employee work behavior. This is also a data-protection strategy, as certain
workers or employees may engage in unethical business practices. As a result, as a business
owner, we must be aware of this. So, it's crucial to keep an eye on your employees or workers
on a regular basis.

Employee education at all levels

The human component is frequently the most vulnerable link in the data protection process.
Data breaches arise as a result of employee carelessness or ignorance. Employees at large
businesses are kept up to date on compliance regulations and internal cybersecurity rules,
with training and clear instructions provided for individuals who come into deal with the
most sensitive forms of data.

These steps should be taken in order to protect the data. EMC Cyber company can also
implant the Data Protection Act of 1998, the main purpose of this Act is to protect individuals
against misuse or abuse of information. EMC Cyber also should practice these in daily basis
to prevent data breach and protect the data of the company. There are some standards that are

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 75


implemented for data protection, and which will be used for EMC Cyber company, and they
are as follows:

Data Protection Act Of 1998.

The primary goal of the Data Protection Act of 1998 is to safeguard individuals from the
exploitation or abuse of personal information. It was created to provide organizations more
control over how personal or consumer information is used. It safeguards individuals and
establishes guidelines for the use of personal data.

Computer Misuse Act of 1990.

Organizations' personal data is protected against illegal access and alteration under the
Computer Misuse Act. This act is intended to prevent an infraction against the organization.
they really are Unauthorized access to computer material, unauthorized access to computer
material with the purpose to commit a later crime, and unauthorized data modification and
creating, giving, or getting anything that might be utilized in computer-related crimes.

ISO 27701 and ISO 27001 Data Privacy.

The ISO 27701 standard is the most recent in the ISO 27000 series, and it explains what
organizations must do while putting in place a PIMS (privacy information management
system). ISO 27001 is an international standard for information security that establishes the
best practices required by legislation like the GDPR (Irwin, 2021).

 ISO 27001 is concerned with how an organization keeps data correct, available, and
only accessible to authorized personnel.
 ISO 27701 defines how a company gathers personal information and protects it from
unauthorized use or disclosure.

GDPR General Data Protection Regulation.

The General Data Protection Regulation (GDPR), which takes effect on May 25, 2018, is a
term for the General Data Protection Regulation. It was enacted by European legislators in
order to provide a uniform data privacy legislation for all EU member states. Its goal is to:
promote privacy as a basic human right; hold firms that handle personal data accountable for
properly handling that data; and encourage enterprises to share data responsibly and
Individuals should have control over how their personal data is collected and utilized
(Thomas, 2018).

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 76


These are some standards and Acts that can be implemented in order to protect Data Of an
organization. While considering EMC Cyber, I suggest using Data Protection Act of 1998,
Computer Misuse Act Of 1990 and ISO 27701 and ISO 27001 Data Privacy. Which will be
more efficient for the organization and to protect the data of it.

Summarize the ISO 31000 risk management methodology and its application in IT
security.

04. WHAT IS IT SECURITY?


IT security is a set of cybersecurity procedures that secures from unauthorized access to
organizational resources such as computers, networks, and data. It protects the integrity and
confidentiality of sensitive data by preventing skilled hackers from accessing it (cisco, 2019).
As hackers become cleverer, the danger to IT security has grown, and companies are
expected to enhance security. Although providing IT security is costly, the damage incurred
by the company as a result of a data breach is far greater. Hackers and malware such as
viruses, worms, and spyware pose a danger to IT security. There are some types of IT
security, and they are as follows:

 Network Security - The goal of network security is to keep unauthorized or harmful


users out of your network.
 Internet Security - Internet security includes the protection of information sent and
received in browsers, as well as network security including web-based applications.
These safeguards are intended to monitor incoming internet traffic for malware and
unwanted content. Firewalls and anti-spyware software are the tools of it.
 End Point Security - Endpoint security protects devices at the physical layer. Endpoint
security includes things like advanced malware prevention and device management
software.
 Cloud Security - Users are connecting directly to the Internet and are not secured by
the traditional security stack as applications, data, and identities move to the cloud.
Software-as-a-service (SaaS) applications and the public cloud can both benefit from
cloud security. A cloud-access security broker (CASB), secure Internet gateway
(SIG), and cloud-based integrated threat management can all help with cloud security.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 77


 Application Security - This extra layer of security entails examining the code of an
app and identifying any vulnerabilities that may exist throughout the software system.

A security policy is expected to explore a variety of approaches. Its primary goal should
be to protect persons and information while also laying the groundwork for expected user,
system director, management, and security behavior. It should also enable appropriate
people to monitor, probe, investigate, describe, and approve the outcomes of breaches, as
well as to process the company's baseline security position. This will make it easier to
reduce risk and verify adherence to policies.

05. WHAT IS RISK MANAGEMENT?


The process of identifying security hazards and developing measures to mitigate them is
known as security risk management. The possibility of recognized threats exploiting
vulnerabilities, as well as the impact they have on valued assets, are used to assess risk.

06. WHAT IS ISO 31000 RISK MANAGEMENT LAW?


ISO 31000 is a risk management procedure (also known as a security analysis methodology)
that is used in many risks management programs across a wide range of sectors. It aids in the
standardization of the processes you take to evaluate and control risk, resulting in a formal
and standardized process (Doug, 2018).

These are the advantages of using ISO 31000 risk management methodology.

 Recognize potential risks and opportunities.


 Reduce your losses.
 Increase the efficiency and effectiveness of your operations.
 Encourage employees to recognize and manage risks.
 Controls regarding risk management should be improved.

There's a lot more.

6.1. SUMMARIZATION OF ISO 31000 LAW TO EMC CYBER COMPANY.

The ISO 31000 standard provides a structured framework for managing risks and
opportunities that is based on international best practices. If you stick to this framework,
you'll have a better chance of achieving your company goals. It will assist in analyzing and
evaluating elements that work in favor of or against the goals, making smarter decisions, and
improving management practices across your organization.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 78


This ISO 31000 law can benefit an EMC Cyber in increasing the likelihood of meeting its
objectives. And can quickly assess the company's strengths and weaknesses. These factors
have a role in the EMC company's vision and goal. The ISO 31000 Act, on the other hand,
cannot be utilized for certification purposes. However, it serves as a guide for both internal
and external auditing processes. ISO 31000 has some secure workflows which will benefit
the EMC to manage risk and improve security. Theya are construct facilities, reporting, add
questions/vulnerabilities to the equation, make an assessment and finish it and assign a job
and follow up on it. This enables businesses to monitor and analyze any type of risk. Within
the platform, there are modules that allow users to select the kind of risks they want to track.

When we discuss about ISO 31000, we're referring about risk management rules that provide
concepts and frameworks for managing risks in the EMC enterprise. It is simple to manage
the EMC company when the Top management adheres to the ISO 31000 regulations. Because
it contains all of the guidelines and frameworks. This ISO 31000 law may be used by any
firm, including small and large businesses.

The director of an EMC company can compare the risks and threats that come their way by
maintaining or following the ISO 31000 law. To put it another way, the top management of
EMC can compare the threats that has encountered in the past with the new ones that are
approaching. Another advantage that the EMC company can have is that they can compare
their risk management methods to a globally recognized Standard that provides strong
management and corporate governance principles. Another advantage is that the EMC
company may discover risks before they have an impact on the organization.

When EMC company deals with or does business with foreign countries, its professional
image is crucial. If it is harmed as a result of threats or risks, those nations will begin to reject
the firm. Because of these factors, successfully managing risks allows EMC to operate well in
an uncertain environment. As a result, EMC Cyber company can detect the treats
approaching to the organization using the ISO 31000 risk management methodology and treat
them in advance. Through ISO 31000 law EMC Cyber can protect IT security of the
company too.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 79


Discuss possible impacts to organizational security resulting from an IT security audit.

07. WHAT IS AN IT SECURITY AUDIT?


A security audit is a high-level explanation of the various methods in which businesses may
test and analyze their overall security posture, which includes cybersecurity. To obtain your
desired outcomes and satisfy your business objectives, you may use more than one form of
security audit (PETTERS, 2020).

These are the advantages of IT security audit to an organization.

 Check whether the existing security approach is appropriate.


 Check whether the security training is making a difference from one audit to the next.
 Shut down or repurpose unnecessary hardware and software discovered during the
audit to save money.
 Security audits reveal risks brought by new technology or procedures within your
company.
 Confirm that the company complies with all requirements.

IT security is highly essential to the EMC organization because it guarantees that the cyber
defenses are up to date and that they can effectively identify and respond to any threats posed
by hackers and other cybercriminals who manipulate IT systems for their own goals by
managing or maintaining IT security audits. When the EMC company deals with other
countries, cyber defenses are critical; if they fail, highly dangerous hackers will attack the
servers and steal all of the essential data, but there is no risk if the cyber defenses are up to
date.

7.1. WHAT AN IT AUDIT DOES FOR AN ORGANIZATION?

Due to its in-depth examination of a company's IT infrastructure and personnel


responsibilities, an IT audit is an effective defensive strategy against cybercrime and other

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 80


security vulnerabilities. In order to analyze your security plan, auditors often perform
personnel interviews, vulnerability scans, and a series of tests. Companies might have an IT
security audit performed by outsourcing service providers This can provide strategic insights
on ways to enhance your entire IT systems and processes. This helps prevent the company
data being hacked and As EMC Cyber is providing security products and services across the
entire information technology infrastructure. The IT security audit must be done to protect the
organization and its data from cyber-attacks.

These are the factors done by an IT audit to an organization.

 It assesses the data flow throughout the company.


 It identifies weak points and issue sectors.
 It decides whether or not you need to change your security rules and regulations.
 It gives advice on how to use information technology to improve your company's
security.
 It provides a detailed examination of your internal and external IT processes and
systems.

The unique feature of an IT security auditing system is that it can quickly detect vulnerable
points and problem sectors. Although the IT system is complex, with many components such
as hardware, software, data, and processes, the IT security system can quickly identify weak
regions. Developers may examine whether our hardware or software tools are configured and
operating correctly using the IT security system. And security audits retrace the security
events or risky situations that the organization has experienced in the past that may have
revealed our security flaws. The audit also focused on conducting testing in terms of network
vulnerabilities, operating systems, access control, and security applications.

Conclusion.

An IT security audit will have a positive impact on an organization as is provides advantages


to secure the organization’s security. IT auditing has the ability to improve communication
between technology management and the business of a company. IT auditors look at and test
what is going on in the real world and in practice. The ultimate product from an audit is
useful information in the form of written reports and spoken presentations. Identifying risks is
the first step in the standard auditing process. After then, the design of the controls is
evaluated. Finally, auditors evaluate the controls' efficacy. IT security firms may provide

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 81


value to a company, and the quality and scope of a technical audit is a need for doing so.
Therefore, EMC Cyber company will also have an IT security auditing process done in order
to secure the organization internally and externally.

08. CONSIDER HOW IT SECURITY CAN BE ALIGNED WITH


ORGANIZATIONAL POLICY, DETAILING THE SECURITY IMPACT OF ANY
MISALIGNMENT.
To protect EMC company from breaches and attacks, the company must align the
cybersecurity posture with the entire business objectives. Security executives are responsible
for executing effective and meaningful cybersecurity initiatives that improve the
organization's cybersecurity posture. The company can only enhance the cybersecurity
posture, secure the key assets and applications against breaches, theft, and attacks,
demonstrate that the security activities are effective, and optimize in return on investment if
security programs are aligned across the business.

Security objectives that are aligned with the company's goals and are documented in policies
and procedures. Policies and procedures are more than simply paperwork; they are the
foundation of a strong security strategy. EMC's security base will be more relevant, effective,
and compliant once the business policies and processes have been improved or updated with
the aid of the company employees. These security procedures will be implemented by the
cybersecurity officers of EMC Cyber company. Which will Provide current management of
the company's policies, procedures, and standards in order to ensure that such papers are kept
up to date and relevant. Work with EMC to develop methods for effectively conveying
policies, standards, and processes for assessing acceptable security practices and agreements.
Therefore, IT security policy should be up-o-date and accurate to keep the business continue
successfully.

8.1. HOW MISALIGNMENT OF IT SECURITY POLICY IMPACTS THE ORGANIZATION.

The alignment of security rules stated at various levels in socio-technical systems and
assigned to various agents, both technical and human, is referred to as security policy
alignment. Misalignment of IT security policy will always have a negative impact to the

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 82


organization. Misalignment of the IT security policy the organization will have some bad
impact some of them are Obstruction vs. facilitation, Organizational difficulties, incorrect
measurements, failure to develop the proper culture and many more. This will lead the
organization has a bad reputation and data breach will occur and the organization will have
no future. These are the following negative impact an organization have when the
misalignment occurs. Negative encounters with genuine prospect/customer traffic, Security
teams are overwhelmed, Data barriers and a lack of knowledge, Technology that is
inconvenient and business opposition, Solutions that aren't being used and apps that aren't
being protected.

When the future goals or plan are at odds with the actual outcome, misalignment occurs. The
concept of IT Security alignment has been explored, particularly in the context of IT business
alignment. The concept of alignment has also been investigated in the context of software
expansion to solve challenges related to growth and testing. Alignment is a difficult notion to
grasp, especially in IT, because it is fragmented and applies to a variety of surfaces. As a
result, it is critical to focus on individual components of alignment rather than the overall
alignment in order to establish appropriate alignment.

As a result, the goal of this work is to define security policy alignment for complex IT
systems, and the structure is based on predicates over action sequences. Developers describe
how this standardization provides the basis for current and future techniques for detecting
security flaws caused by policy misalignment in IT systems. Some of them are using
keywords, fingerprints, password, and many other security techniques.

Alignment is a problem that can't be solved in bits and pieces. EMC Cyber should devote
time and money to developing a thorough business alignment plan. This strategy's activities
and initiatives must be carried out in combination with, not in instead of, current security
projects. EMC Cyber must implement policies to secure the security of the company.
Security policies should include Personal usage of information systems, Disclosure of
information, Physical security of infrastructure and information resources, Violations and
breaches of security, Prevention of viruses and worms, Encryption and Contingency /
continuity planning. And should take valid rules for violating them.

CONCLUSION.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 83


A risk-based security strategy and a business-aligned security policy are not mutually
exclusive. EMC Cyber will need to continue to manage their entire risk profile, but this is a
long-term effort that does not address the opportunities that organizations face now. Security
organizations must do a better job of explaining the importance of security to the company
and its financial effect. The business-aligned security strategy is a useful way for establishing
alignment between the security department and the business, communicating the benefit of
security to executives, and justifying security spending increases. The main reason of security
policy misalignments are the most complicated terms are used for the policies (technical
terms) which many employees couldn’t understand therefore the policies of the company
should use simple language so everyone can understand and keep up the organization’s
security without any misalignments. Therefore, EMC Cyber company must inspect IT
security policies always to reduce the misalignment.

ACTIVITY 04.
Design an organizational security policy for EMC Cyber to minimize exploitations and
misuses while evaluating the suitability of the tools used in an organizational policy.

01. SECURITY PROCEDURES FOR EMC CYBER COMPANY.


In order to safeguard the integrity and confidentiality of client and company data and mitigate
the risk of a security problem, the business maintains a secure network architecture by
following the rules listed below. This policy's purpose is to establish IT security standards
and to convey the controls required for a safe network architecture. The organization's entire
set of security rules will be supported by the network security policy.

Significance of an IT policy.

IT security policies are intended to address security risks and execute methods to minimize IT
security vulnerabilities, as well as to specify how to recover from a data breach. Employees
are also given guidance on what they should and should not do as a result of the policies.

These are the following reasons why an organization should have an IT policy.

 From a security perspective, IT security policies describe what is expected of an


organization's employees.
 IT security policies should reflect the risk appetite of an organization's management
and the managerial perspective on security.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 84


 IT security policies set the foundation for a control architecture that protects the
organization from both external and internal risks.
 IT security policies serve as a backbone for an organization's legal and ethical
obligations.
 IT security policies are a mechanism for assigning responsibility for ensuring that
expected information security behaviors are followed.

There are some extreme benefits of having a security policy in an organization and some of
them are as follows:

 Enhancing users' and stakeholders' accountability


 Becoming more audit-ready and compliant with regulatory standards.
 Increasing the overall security posture of your organization, fewer security incidents
and more application uptime as problems are kept at a strategic distance.
 Establishing a thorough procedure for policy development.

I’ve implemented some policies that should be followed by the employees in order to
minimize exploitation and misuses occur in EMC Cyber’s security policy and they are as
follows:

1. In order to establish and manage both system and user accounts, the Systems Manager
should present a writing in advance with the help of IT personnel.
2. Only authorized individuals have access to and maintain application systems, network
devices (routers, firewalls, servers, and so on), operating systems, and other data
items.
3. The creation of user and privilege accounts such as system administrator and security
administrator must be approved by the network manager.
4. Train employees to perform emergency tasks.
5. Be accurate and update to all policies of the organization,

These are procedures that should be used to improve the security features of EMC Cyber
company to protect from physical and virtual threats. And the policies for EMC Cyber
Company are explained detailly below.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 85


02.EVALUATE THE SUITABILITY OF THE TOOLS USED IN AN
ORGANIZATIONAL POLICY.
These are the following tools that should be implemented in an organization to have a proper
security policy and they are as follows:

01. RISK MATRIX.

A risk matrix is a diagram that shows how risks are presented. The risks are split in the
picture based on their likelihood, consequences, or extent of damage, so that the worst-case
scenario can be identified quickly. In this perspective, the risk matrix is an important
component of your project and risk management since it represents the outcome of the risk
analysis and risk evaluation (Kristina, 2019).

Benefits of Risk Matrix.

 Identifies the most significant project risks.


 With minimum effort, creates and presents a risk situation (e.g., as an Excel diagram).
 Visually and fully depicts the risk situation.
 Because no prior information is necessary to comprehend the risk scenario, it is
presented in a simple manner for everyone to understand.
 Evaluates the effectiveness of your control measures.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 86


02. NETWORK ACCESS CONTROL (NAC).

NAC products are critical tools for ensuring an organization's cybersecurity. They enable a
company's security policies to be applied to devices and people seeking to connect to its
network. It assists the organization in determining who is attempting to connect into their
network and from where they are attempting to log in. Before a user logs into a system, NAC
guarantees that the devices used inside the company have the necessary security updates,
antivirus software, and other controls. Increased network visibility, reduced cyber risks, and
improved significantly network performance are just a few of the top advantages of network
access control.

Whether you're concerned about a huge network security audit popping up or IoT devices
occupying your network, network access control can assist.

03. USER PROFILE MANAGEMENT.

A user's applications, data, and configuration settings, as well as crucial personal information
like bookmarks, browsing history, backgrounds, documents, and apps, are all connected into
a user's profile. As a result, it's important for administrators to be able to rapidly restore User
profiles during outages so that their employees can go back to work and maintain their
productivity. By storing important profile information in a single location and providing it to
users as needed, a user profile management system allows IT to do this duty (Doug, 2018).

A user profile management system may provide important advantages to the user
environment, such as failure recovery, easy roaming, profile corruption prevention, and
Metric enhancement and many more.

04. NET SPARKER.

Net Sparker serves as a one-stop shop for all things related to web security. This platform,
which is available as a hosted or self-hosted solution, may be readily incorporated into any
sort of test and development environment. Net Sparker offers developed Proof-Based-
Scanning technology that employs automation to identify vulnerabilities and check false
positives, eliminating the requirement for large-scale manpower investments (Aravindan,
2021).

Benefits of Net Sparker.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 87


 Incredibly accurate - Net sparker creates extremely accurate web application security
scans that are validated for vulnerabilities, ensuring that they are not false positives.
 You don't have to manually check the vulnerabilities that the scanners discovered,
which saves time that can be spent fixing them.
 Because you can contract the task of discovering vulnerabilities in online applications
to fewer people, it will be less expensive.

05. GOOGLE NOGOTOFAIL.

It is a tool for evaluating the security of network communications. It looks for known
TLS/SSL flaws and misconfigurations in the application. Nogotofail is a scalable and flexible
tool for detecting, repairing, and repairing poor SSL/TLS connections. It determines if they
are vulnerable to man-in-the-middle (MITM) attacks. It works with Android, iOS, Linux,
Windows, Chrome, and any other device that connects to the internet as a router, VPN server,
or proxy server (Gary Hayslip, 2018).

06. AUDITING TOOLS.

An audit tool, in general, is anything that auditors use to perform an audit. Software such as
ACL, Access, or Excel can be used as an audit tool. A hard-copy audit program or check list
can also be used. Auditors' audit tools are often audit programs, checklists, Excel workbooks,
and work sheets that are printed and used as work papers to document the audit as it is
performed (PETTERS, 2020).

Auditing management software is an excellent tool for increasing efficiency and ensuring
quality, particularly in industries with numerous compliance and safety standards.

Benefits of An Auditing Tool.

 Performance has improved - Imagine what you could accomplish with these same
tools if they were built to assist auditors delve into the inner workings and finer
aspects of an organization.
 The simplicity of usage.
 It saves time.

07. ETHICAL HACKING.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 88


Ethical hackers acquire and conduct hacking in a professional manner, following the client's
orders, and then give a maturity score outlining their overall risk and vulnerabilities, as well
as ideas for improvement. Every day, new worms, malware, viruses, and ransomware are
released, requiring the employment of ethical hacking services to protect the networks of
organizations, government agencies, and defense (Irwin, 2020).

Benefits of Ethical Hacking.

 Organizations that have been subjected to a cyber-attack - To capture a hacker, one


must first adopt a hacker's attitude, which is the foundation of ethical hacking. To
safeguard its computer and network systems, ethical hackers nearly always work with
the organization's permission. Man-in-the-middle attacks, ransomware, phishing
attacks, and so on are all potential risks.
 The hacker mindset is being eliminated - The capacity to update a business
organization's network and completely secure it against cyber-attacks is the first and
most important advantage of ethical hacking.
 Quality Control and Development - A well-trained ethical hacker may provide a team
a boost by assisting them in doing security testing efficiently and successfully, rather
than depending on the in procedures that take more time and effort.
 Cybersecurity training - Ethical hackers should be used to keep this rising worry in
control, as well as to take use of the cloud's benefits without compromising the
systems' security.

08. DATA LOSS PROTECTION (DLP).

A DLP technology, which is intended to prevent sensitive data from being transmitted, is
another crucial security tool for an organization. The DLP looks for data that fits particular
features or patterns linked with credit card and Social Security numbers in network traffic.
These are the most effective gadgets for detecting hacker activity if they have gained access.
It is important for a company since it is used to identify risks and alert personnel about
sensitive data and how to block transmission of that data (Aravindan, 2021).

They offer a centralized management structure for detecting and preventing unwanted access
to and transfer of your sensitive data. DLP safeguards your information infrastructure from
mistakes that lead to data leaks and intentional exploitation by insiders, as well as external
attacks.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 89


09. CHECK LIST.

In a policy, we may disregard some procedures. Even when fundamental advancements are
incorporated, we might become distracted and neglect at least one of the essential
methodologies. It's easy to forget things, and recovery is usually more about worry than
taking care of business the first time around. A checklist is a simple tool that keeps these
errors at away (sciencedirect, 2021).

Benefits of checklist.

 Audits are made easier using checklists - Checklists for safety audits make it much
easier to examine all potential dangers in the business. That way, your employees will
be aware of the types of corrective actions that need to be taken to address any
possible issues.
 Personnel will not overlook certain critical duties if checklists are in place.
 Personnel are kept organized through the use of checklists.
 A check list can help us be more organized by ensuring that we don't skip any
procedures in a schedule.
 They're simple to use and efficient.
 Checklists act as a knowledge store for your organization.
 Checklists make it easier to share information.
 Checklists make reporting easier.
 Checklists enable us to create and complete tasks. Because checklists can help us be
more productive, it creates a balanced cycle in which we are motivated to do more as
a result of positive outcomes.

10. PENETRATION TESTING.

The penetration testing, often referred to a pen test, conducts a cyber-attack on a computer in
order to detect potential vulnerabilities. Penetration testing is frequently used to complement
a web application firewall in the context of web application security. Pen testing is attempting
to break into a variety of application systems (e.g., APIs, frontend/backend servers) in order
to find vulnerabilities, such as unsensitized inputs that are vulnerable to code injection
attacks. The penetration test's findings may be utilized to fine-tune your WAF security
policies and fix discovered vulnerabilities (Sampera, 2019).

Benefits of Penetration Testing.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 90


 Vulnerabilities in the system will be identified and fixed.
 Get a better understanding of your digital systems.
 Develop a strong bond with the clients.

Conclusion.

These are some security policy tools that should be implemented in EMC Cyber company to
have a secure policy for the organization. The above-mentioned tools (Risk Matrix, NAC,
User Profile Management, Net Sparker, Google Nogotofail, Auditing tools, Ethical Hacking,
Check List, DLP and Penetration Testing) aid in the identification of risks and threats, the
timely planning of work, and the preparation for attacks, as well as the implementation of a
more effective organizational policy. Therefore, as an external security analyst of EMC
Cyber company I prefer adding the following tools to establish a strong security policy for
the EMC organization.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 91


IT SECURITY POLICIES FOR EM

IMPLEMENTING ORGANIZATION

UNIT 05 SECURITY ASSIGNMENT.

FATHIMA SHAFIYYA SHIRZARD COL00042812.


ESOFT METRO CAMPUS COLOMBO.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 92


TABLE OF CONTENTS.

INTRODUCTION.
PURPOSE.
SCOPE....................................................................................................................
ROLES AND RESPONSIBLITIES.
REVISION HISTORY OF SECURITY POLICIES IMPLEMENTED................
POLICIES...............................................................................................................................
STANDARDS.
GUIDELINES.
PROCEDURES.
REMOTE ACCESS POLICY.
PURPOSE.
SCOPE....................................................................................................................................
PASSWORD POLICY.
PURPOSE.....
SCOPE.
ACCESS MANAGEMENT POLICY.
PURPOSE.
SCOPE.
NETWORK-CONNECTION POLICY.................................
PURPOSE...............................
SCOPE..
ENCRYPTION POLICY..................
PURPOSE.
SCOPE.
EMAIL POLICY.
PURPOSE.
SCOPE.
PHYSICAL SECURITY POLICY.
PURPOSE.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 93


SCOPE.
DISASTER RECOVER POLICY.
PURPOSE.
SCOPE.
INFORMATION SECURITY POLICY.
PURPOSE.
SCOPE.
BUSINESS CONTINUITY POLICY.0
PURPOSE.0
SCOPE.
IT ASSET POLICY.
PURPOSE..............................................................................................................................100
SCOPE...................................................................................................................................100
INTERNET POLICY.
PURPOSE.
SCOPE.
ANTIVIRUS POLICY.
PURPOSE.
SCOPE.
RISK MANAGEMENT POLICY.
PURPOSE.
SCOPE.
DATA TRANSFER POLICY.
PURPOSE.
SCOPE.
CONCLUSION.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 94


INTRODUCTION.
The Information Security Policy specifies the types and standards of security that must be
developed and maintained in order for information technology resources and capabilities to
be considered secure.

PURPOSE.
The purpose of this Security Policy document is to outline the security standards for the
EMC's proper and secure usage of Information Technology services. Its objective is to
safeguard the EMC Cyber and its users against security risks that might compromise their
integrity, privacy, reputation, and commercial consequences to the greatest extent possible.

SCOPE.
This document applies to all users in the EMC Cyber, including temporary users, guests with
short or long - term access to services, and partner with limited by guaranteed access to
services. This member must follow the policies described in this document.

ROLES AND RESPONSIBLITIES.


ROLES. RESPONSIBILITIES.
Information Officer (CIO). Responsible for the organization's information security in
all aspects.
Owners of information. Assist with their respective area's security standards.
Determine the privileges and rights of access to the
resources in their areas.
The IT Security Group. Implements and manages information security.
Implements the resource privileges and access rights.
Security Policies are supported.
Officer in charge of Responsible for the IT infrastructure's security.
information security. Make a security threat, vulnerability, and risk plan.

Ensure that security training initiatives are in place.


Documents on security policy should be implemented and
updated on a regular basis.
Ascertain that your IT infrastructure is compatible with
your security policies.
Respond to situations involving information security.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 95


Assistance with disaster recovery strategies.
Users. Comply with the security policies.
Any attempted security breaches should be reported.

Table 3: Roles and Responsibilities.

REVISION HISTORY OF SECURITY POLICIES IMPLEMENTED.

Version. Description. From. To. Pages Author.


Affected
.
1.0 Initial Version 01/07/2021. 01/07/2022. All. Mr. James.
(Original
version)

Table 4: Revision History of Policies.


POLICIES.
An information security policy is a set of rules that individuals dealing with IT assets must
follow (ISP). An organization's goals and objectives on numerous security problems are
established through an information security policy. A current and updated security policy
guarantees that only authorized people have access to sensitive information. (Irwin, 2020).
Policies answer questions like What and Why while decision making.

Determining how security will be minimized in the company is a part of information security
management. Management creates information security policies to indicate how the company
wishes to safeguard its data. Following the development of policies, standards are developed
to establish the obligatory regulations that will be utilized to carry out the policies. Some
policies may have many guidelines, which provide advice for how to apply the policies.
Finally, information security managers, administrators, and engineers create procedures that
follow the policies using common guidelines.

STANDARDS.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 96


More detailed details are provided in information security standards, allowing rules to be
applied inside an organization utilizing various technologies. An information management
standard, for example, might specify how various forms of media are destroyed in order to
execute a policy. In other terms, a standard is a prescribed activity or rule that supports and
complies to a policy.

These are some key points that should be considered in a standard.

 A standard must have one or more acceptable hardware, software, or behavior


specifications.
 A standard should improve the meaning and effectiveness of a policy.

GUIDELINES.
The term "guideline" refers to broad declarations, suggestions, or administrative instructions
that provide a framework within which to implement procedures in order to fulfill the policy's
objectives. A guideline should be reviewed more regularly than standards and rules since it
might change often depending on the environment. Therefor always guidelines should be
reviewed and modified.

PROCEDURES.
A security procedure is a collection of steps that must be followed in order to complete a
certain security policy or function. Procedures are often developed as a set of actions to be
performed in a consistent and repeatable manner to achieve a certain goal. (John J. Fay,
2018).
Procedures and policies are the rules and regulations that every firm follows to ensure its
security and prevent various sorts of fraud. As a result, both employees and employers must
follow these procedures and policies. Another motivation to create rules and regulations is to
ensure that the firm can continue in the future. Similarly, EMC established a number of
procedures to reduce their risks. These are some of the risks that the EMC company had to
deal with, as stated above.
Procedures answer questions like How, When and Where while decision making.
These are the procedures that are implemented under the policies for EMC Cyber Company.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 97


REMOTE ACCESS POLICY.
PURPOSE.
You will need a remote access policy if you allow workers to work from home or on the road,
or if you allow them to check their work emails in their leisure time. This policy covers the
risks that workers face when they aren't protected by the company's physical and network
security measures.

SCOPE.
A remote access policy provides as a guidance for distant users attempting to join to the
network. It assists in ensuring that only those users who require network access are granted
access, as long as their devices comply with the standards. When properly implemented, it
aids in the protection of the network from possible security risks. (Carklin, 2021). Therefore,
EMC Cyber company too should implement remote access policy. As a security analyst I’ve
implemented the following procedures that should be followed in EMC company to increase
the security features, and they are as follows.

 Use VPN services to access EMC Company remotely.


 Desktop sharing must be done only using company devices.
 After successful authorization, apply connection limitations.
 Dial-in permission is granted or denied based on connection factors such as type,
and time of day should be made.
 Configure remote access permission parameters for EMC Company.

PASSWORD POLICY.
PURPOSE.

Almost every company provides its staff with user accounts that provide them access to
sensitive data. The purpose of this policy is to implement a standard to create a strong
password and protect it.

Cyber attackers will be able to access these accounts in seconds unless staff safeguard them
with strong passwords. Organizations must reduce this risk by establishing tight guidelines
for what makes a valid password. Your password policy should recognize the dangers of bad
login practices and provide ways to minimize the risk of password breaches.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 98


SCOPE.
A good password policy is a collection of rules that regulate password development and keep
sensitive information safe. Make sure you know which systems the policies relate to and how
the plan will be executed. Therefore, EMC Cyber company too should implement a strong
password policy. As a security analyst I’ve implemented the following procedures that should
be followed in EMC company to increase the security features and how to keep up a strong
password, and they are as follows.

 Passwords cannot include the user's whole name or portions of it, such as their
first name (personal data).
 At least three of the four-character kinds are required in passwords: lowercase
letters, uppercase letters, digits, and symbols.
 Further, the local administrator password should be updated every 180 days for
security reasons, and the service account password must be modified at least each
year during EMC Company maintenance.
 When passwords are entered, they must not be displayed.
 Passwords should never be kept in a format that is easily readable (encryption
must always be used).
 Unauthorized persons should never have access to password hashes (irreversible
encoded data).
 At least 8 characters must be included in the password.
 Letters, numerals, special characters, and upper and lowercase characters should
all be included in the password.
 Passwords should not contain easily guessable terms or personal information such
as birthdays, phone numbers, or other identifying information.

ACCESS MANAGEMENT POLICY.


PURPOSE.
The access management policy lays out the methods for safeguarding the structure's
resources as well as the regulations that govern access to them. It allows businesses to track
their clients.

SCOPE.
Access control is the earliest and most effective security for business IT. The access control
policy of the company should be evaluated in order to properly safeguard the data. To avoid

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 99


asset damage, limit business interruption, and secure secret data, controls and safeguards
must be in place. Therefore, EMC Cyber company too should implement a strong access
management policy. As a security analyst I’ve implemented the following procedures that
should be followed in EMC company to increase the security features and how to safeguard
the organization and its resources and they are as follows.

 Access to confidential data must be registered.


 After a predetermined time of inactivity, workstations and laptops must
automatically lock out in EMC Company.
 User identification must be confirmed in person before access is given when
multifactor authentication is used.
 A secure log-on procedure must be required for access to the
(District/Organization) network.
 The file server is only accessible to admins.
 The login site will be closed for an hour or until the IT team resets the password if
the login credentials are repeated five times to login.
 Every 30 days, all usernames and passwords for user and privilege accounts
should be updated. The gateway will be locked if this does not occur.
 When an employee leaves the company, the IT department must update the
account's password or disable it.

NETWORK-CONNECTION POLICY.
PURPOSE.
A network-connection policy is a collection of rules for safe network connections that
includes standards for setting and expanding any section of the network, regulations for
private networks, and detailed information on the network's devices (Gary Hayslip, 2018). It
Protects against unauthorized and unsecured connections, which allow hackers to gain access
to an organization's network and compromise data and system integrity. Only approved
people and devices are allowed to join to the network, and it specifies who may add new
resources to the network.

SCOPE.
The location of an attacker's remote data collection server and whether the subject machine is
beaconing to a command-and-control structure, among other things, can be exposed by
network connections and activity on the target system. (sciencedirect, 2021). These are some

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 100


securities that is implemented inside the organization to protect the data. Therefore, EMC
Cyber company too should implement network connection policy. As a security analyst I’ve
implemented the following procedures that should be followed in EMC company to increase
the security features and how to safeguard the organization’s data and they are as follows.

 A hostname and an Internet Protocol (IP) address are required for all networked
devices in EMC Cyber.
 The device's user/owner agrees to only use the network for legal purposes.

ENCRYPTION POLICY.
PURPOSE.
An encryption policy's purpose is to encrypt data at the appropriate moments. For example,
IPsec and SSL encrypt data while it goes across a network, but they don't safeguard data on
disk or in a database. Encrypted fields in a database, therefore, offer nothing to secure data
while it is accessed via a network.

SCOPE.
Encryption safeguards your company's sensitive data from hackers and illegal employees.
Encryption, for example, can prevent someone from accessing critical data on your hard drive
if your laptop and/or mobile device are stolen. As a result, it's critical to encrypt your
computer or mobile device's hard disk, or at the very least the sensitive data. Therefore, to
increase security measures EMC Company should adopt encryption methods to safeguard the
organization’s data. Hence as a security analyst I’ve suggested few encryption procedures for
EMC Company, and they are as follows:

 Data should be encrypted before storing or shared in EMC Company.


 Every important and sensitive data must be encrypted in EMC Cyber.
 No one employee of EMC Company should have access to all keys or be able to
create new ones.
 Using access control methods for the organization.
 Data should be stored before and after stored and shared.
 Anyone in the company should be able to keep their data safe.
 Wherever feasible, automate security by having papers saved in a specific folder
on a file server secured, for example.
 Utilize CCTV camera in server rooms of EMC Cyber.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 101


EMAIL POLICY.
PURPOSE.
A clear email policy may help you save time, secure your data, and reduce the chance of legal
problems. The policy should address any email monitoring you want to do as well as how
employees can use email.

SCOPE.
Over the last two decades, email has quickly become one of the most widely used business
tools. While email's advantages are obvious, the sheer number of messages sent and received
on a daily basis makes monitoring communications a challenging task. This is why having an
email policy in place is so important. These are some email procedures that are implanted for
EMC Company to safeguard the organization.

 Do not open unauthorized emails.


 Do not download any attachment from anonymous sender.
 Don’t use the EMC Company’s mail for personal purpose and vice versa.
 Notify the appropriate person (typically an IT manager) right away if you get any
suspicious-looking emails.
 Never give away your email password to anybody, even co-workers.
 Don't make a note of EMC’s mail passwords.
 The size of attachments must be regulated according to the Organization's specific
procedures. Restrictions should be imposed automatically wherever possible.
 To provide optimum safety in incoming and outgoing email, virus and malware
scanning technologies must be installed on client PCs and servers.

PHYSICAL SECURITY POLICY.


PURPOSE.
This policy will assist your organization in protecting its hardware, software, and data against
exposure to anyone (internal or external) who may damage your business and/or damage
physical assets knowingly or unknowingly.

SCOPE.
Physical security is concerned with safeguarding sensitive data, confidential information,
networks, software, equipment, facilities, firm assets, and individuals. In order to protect

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 102


these, I’ve implemented the following security procedures for EMC Company, and they are
as follows:

 Physical access to server rooms/areas must be strictly regulated, and servers must
be kept under lock and key in server racks of EMC Company.
 All physical accesses, both by guests and authorized people, must be recorded.
 Identify that the most sensitive devices are kept in that secure location of EMC.
 Pack up the portables and keep them safe.
 Personal devices are not allowed to be plugged to EMC’s devices.
 A security guard should be stationed in each of the organization's server rooms,
and surveillance cameras should be utilized to watch them 24 hours a day, seven
days a week.
 For access to server rooms and special access rooms, smart cards are utilized.
Every year, all smart cards should be refreshed.
 When employees enter the EMC Company, fingerprint access must be utilized.
 Face recognition system of employees should be implemented.

DISASTER RECOVER POLICY.


PURPOSE.
The process of restoring critical technological services required to support business activities
following a large man-made or natural interruption ("disaster") is known as disaster recovery
(Gary Hayslip, 2018). The disaster recovery policy for a company will often involve input
from both the cybersecurity and IT departments and will be established as part of the wider
security strategy. Technology challenges such as connectivity, cloud services, network
infrastructure, servers, applications, and a limited number of client systems are recognized by
the company through formal and/or informal business impact analysis.

SCOPE.
An organization or Business Continuity and Disaster Recovery Policy is intended to give
guidance and basic standards for the development, execution, and administration of the
Organization is the Disaster Recovery Policy. Hence this security measure/policy should be
implemented to EMC Company to protect the organization from disasters. Therefor as a
security analyst I’ve implemented the following procedures for disaster recovery policy, and
they are as follows.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 103


 The DRP should be checked on a regular basis, and the results should be used to
enhance the DRP in the future of EMC.
 In the case of a disaster, the DRP will at the very least identify and protect vital
systems and sensitive information.
 EMC’s disaster recovery strategy should be tested and reviewed.
 Use surge protector for EMC Cyber.
 Keep your device safe.

INFORMATION SECURITY POLICY.


PURPOSE.
Information security policies in an organization are often high-level policies that include a
wide range of security procedures. The company's principal information security policy
ensures that all workers who utilize information technology assets within the scope of the
business, or its networks, follow the company's stated rules and guidelines. (Gary Hayslip,
2018).

SCOPE.
The aim of this policy is that the Employees should be aware that there are regulations under
which they will be held accountable when it comes to the sensitivity of business information
and IT assets. Therefore, EMC Cyber company too should implement a strong information
security policy. As a security analyst I’ve implemented the following procedures that should
be followed in EMC company to increase the security features and how to safeguard the
organization’s information and its resources and they are as follows:

 Examine if employees of EMC are aware of the appropriate processes and procedures in
place.
 Provide guidance on how to use audit logs and other proof to show that rules, processes,
and procedures are being followed.
 Development of any policies that aren't yet in place, ensuring that they accurately
represent the working environment of EMC.
 Save and have backups of regular files and save in multiple location or folders.
 Keep antivirus software’s up to date.
 Don’t delete files if you’re not attending, especially system files.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 104


BUSINESS CONTINUITY POLICY.
PURPOSE.
A business continuity policy is a collection of standards and guidelines that a company
follows to guarantee that it is flexible and risk aware. The organization may establish
reasonable expectations for business continuity and disaster recovery (BC/DR) processes
when the policy is well-defined. (Gary Hayslip, 2018).

SCOPE.
It's critical to have a business continuity plan in place that considers any potential operational
disruptions to the organization. Business continuity aids an organization's survivability by
allowing it to respond swiftly to a disruption. Business continuity saves money, time, and the
reputation of the organization. While considering the facts above EMC Cyber company
should implement business continuity policy. As it is delivering security products and
services across the entire information technology infrastructure. As a security analyst of EMC
Company, I’ve implanted the following procedures that should be followed for a business
continuity policy.

 Determine the most important business sectors of EMC Cyber Company.


 Identify which functions of EMC are critical.
 Analyze how different business areas and functions are interdependent.
 Determine how much downtime is tolerable for each essential function.
 Plan to maintain operations running smoothly of EMC Company.

IT ASSET POLICY.

PURPOSE.

IT asset management policies, which include data security and email, are used to safeguard
corporate assets and interests. Technology devices and software are clearly assets that are
costly, valuable, and deserving of "protection" from failure, loss, destruction, theft, damage,
and other harm (Ttoolkit.com, 2020).

SCOPE.
From physical locks on equipment to inventory tags, asset management policy specifies the
measures to be done to safeguard and maintain technological assets. IT asset Policy is used to

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 105


Determine which hardware and software items (assets) will be used and supported. To find
out how to setup standardized hardware and software components, to determine how physical
and logical security for hardware and software assets will be provided. determine the
procedures for asset-related technical assistance, repair, service dispatch, preventative
maintenance, and problem escalation. To keep track of the whereabouts and responsibilities
of all assigned technological assets (hardware and software), as well as the associated
records. As EMC is a Cybersecurity company it should consider more on security. Therefore,
in order to protect the IT asset of EMC cyber I would prefer to add the following policy. The
procedures of IT Asset Policy are as follows:

 All workers that interface with EMC’s IT assets must be properly trained.
 IT assets must only be utilized for the EMC’s business activities to which they have been
assigned and/or permitted.
 All IT assets must be kept in secure places with strong access controls and appropriate
environmental conditions.
 Non-authorized personnel are not allowed access to assets of EMC Cyber.
 Access to assets at the EMC’s location, including those accessing remotely, must be
controlled and properly authorized.
 Access to assets at the EMC Cyber’s location, including those accessing remotely, must
be controlled, and legally permitted. Laptops, PDAs, and other devices used in off-site
locations must be checked and maintained on a regular basis.
 Before disposing, all asset tags or labels that identify the organization must be removed.
 Physical demolition will be used to destroy electronic material (such as cassettes, disk
drives, multifunction devices, copiers, and so on).

INTERNET POLICY.

PURPOSE.

Personal privacy in relation to internet transactions or data transfer is referred to as internet


policy. It entails exercising control over the sort and amount of personal information a person
discloses on the internet, as well as who has access to that information (USELEGAL, 2021).

SCOPE.
Doing business requires the use of the internet. It may, however, be a fantastic method for
employees to waste time, compromise security, or cause legal difficulties. A well-thought-out

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 106


internet policy allows you to take use of the internet's benefits while avoiding its drawbacks.
It guarantees that employees use the internet effectively, spells out what is and is not
permitted, and establishes risk-mitigation processes. While considering the facts above EMC
Cyber company should implement business internet policy. As it is delivering security
products and services across the entire information technology infrastructure throughout the
world. So, internet is a source that allows to communicate to the clients of EMC. As a
security analyst of EMC Company, I’ve implanted the following procedures that should be
followed for an internet Policy.

 All users of EMC should have limited access to the Internet.


 Firewalls should keep an eye on Internet traffic. Any assault or misuse should be reported
to the Information Security Officer as soon as possible.
 When using the Internet, users must act in a manner compatible with the EMC company’s
reputation. Denial of service attacks, spam, fishing, hacking, and the distribution of
questionable material should all be prohibited.
 Make it clear that the internet should primarily be utilized for business.
 Ascertain that worker are aware of the key internet risks.
 Verify that staff are aware of the dangers of sharing sensitive information of EMC.
 Employees that are good with technology may discover cloud services that they consider
would benefit EMC Cyber.

ANTIVIRUS POLICY.

PURPOSE.

This is an internal IT policy that specifies the anti-virus policy for each machine, including
how frequently a virus scan is performed, how frequently updates are performed, and what
applications will be used to identify, block, and remove malware programs. It specifies which
file attachment types are banned on the mail server and which anti-virus application will be
used. It may also describe how files can join the trusted network and how malicious or
undesirable content will be checked on these files.

This policy is intended to keep viruses and other malware from entering the organization's
resources (LOYOLA, 2020).

SCOPE.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 107


The Antivirus Policy section lays out the guidelines for implementing antivirus and other
kinds of security in the organization. This policy applies to the Organization's servers,
workstations, and equipment, as well as portable devices such as laptops that may be used
outside of the Organization's facilities. External computers and devices accessing the
resources of the organization are subject to some policies. Therefore, EMC Cyber company
too should implement a strong antivirus policy. As a security analyst I’ve implemented the
following procedures that should be followed in EMC company to increase the security
features and how to keep up the company, and they are as follows.

 On all servers and client PCs, the anti-virus software must be run in real time. The
product must be set up to provide real-time protection.
 At least once a day, the anti-virus library definitions must be updated in EMC Cyber.
 On all user-controlled workstations and servers, anti-virus scans must be performed at
least once a week.
 Except for domain administrators, no one should be able to stop anti-virus definition
updates and scans.
 All antivirus programs must update their virus definitions on a regular basis. They
must be closely watched to ensure that updates are completed successfully.

RISK MANAGEMENT POLICY.

PURPOSE.

A risk management policy is a tool used by businesses and other organizations to minimize
threats and act in a way that minimize their effect. Even if most risk policy statements focus
on a company's financial risks, the kind of risks addressed can vary greatly, including the risk
of injury, accidents, and legal issues. (Sarokin, 2020).

SCOPE.
Risks to a business can arise from a variety of sources. Stealing, accidents, and worker unrest
are all internal threats. Natural disasters and pandemics are examples of external hazards, as
are environmental concerns such as global climate change and stakeholder reactions such as
lawsuits and protests. In this sense, a company's risk management policy aids in the
coordination of activities across the organization. Therefore, EMC Cyber company too
should implement a Risk management policy. As a security analyst I’ve implemented the

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 108


following procedures that should be followed in EMC company to increase the security
features, and they are as follows.

 Risks must be prioritized and rated of EMC Cyber Company.


 Every risk must be minimized or eliminated to the greatest extent feasible.
 It is important to assess the degree and significance of the risk by looking at how
many EMC business processes it affects.
 At all levels, ensure that risk management is properly integrated with EMC corporate
planning procedures and considered in the normal course of EMC’s business.
 Senior management of EMC cyber should get quarterly risk management and
treatment progress updates.
 Ascertain that a risk-based strategy is conveyed to our employees and incorporated
into EMC company’s procedures.
 Internal risk management systems should be designed, resourced, operated, and
monitored.
 Examine the effectiveness of the risk management and internal control systems.

DATA TRANSFER POLICY.

PURPOSE.

This policy establishes the processes for safeguarding this information, as well as how
personal and sensitive data should be exchanged securely and safely within and outside the
company. One of the most prevalent methods of cybercrime is data transmission.

The purpose of this Security Policy is to outline the security standards for the Organization's
proper and secure usage of Information Technology services. Its objective is to safeguard the
Organization and its users against security risks that might compromise their integrity,
privacy, reputation, and commercial consequences to the greatest extent possible. Always
remind your staff to spread the message about your new policies and procedures. It's critical
that staff are informed of and up to date on any changes to IT or cybersecurity procedures.

SCOPE.
This policy and procedure create a framework for ensuring compliance with data transfer
obligations that is effective, responsible, and transparent. It is critical to properly establish the
recipient's identification and authorization for any transfers of information including personal
or sensitive data. Therefore, EMC Cyber company too should implement a Data Transfer

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 109


policy as it done transactions between clients on other countries too. As a security analyst
I’ve implemented the following procedures that should be followed in EMC company to
increase the security features and safeguard the sensitive data that are being transferred. and
they are as follows.

 Transferring personal data, such as customer and employee private information,


should be avoided in EMC Cyber.
 Follow the laws that regulate the privacy.
 Only EMC's network can be used to share data.

So, these are the policies implemented for EMC Cyber to minimize the organization from
exploitations and misuses.

CONCLUSION.
Every organization must implement security policies to prevent from threats/risk. These are
some key benefits of implanting policies to an organization. Reduces the danger of data loss
or leakage. External and internal users who are “malicious” are protected from the
organization. Establishes rules and best practices for use, as well as ensuring correct
compliance. Declares that information is an asset, the property of the organization, and that it
must be safeguarded from unlawful access, alteration, disclosure, and destruction both
internally and externally. When legal difficulties develop, encourages the company to take
active steps.
As a security analyst of EMC Cyber company, I prefer adding the abovementioned security
policies to prevent the organization from security threats.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 110


03. LIST THE MAIN COMPONENTS OF AN ORGANIZATIONAL DISASTER
RECOVERY PLAN, JUSTIFYING THE REASONS FOR INCLUSION.

01. WHAT IS A DISASTER RECOVERY PLAN (DRP)?

A DRP is both known as a disaster recovery implementation plan or an IT disaster recovery


plan, is a documented policy or process that assists an organization in successfully
implementing recovery processes in the event of a disaster to prevent business IT
infrastructure and, widely, to promote recovery (druva, 2021).

A disaster recovery plan's goal is to thoroughly describe the activities that must be performed
before, during, and after a natural or man-made disaster so that everyone on the organization
can follow them. A disaster recovery plan should address both deliberate and unintentional
man-made disasters, such as the consequences from terrorism or hacking, as well as
unintentional disasters, such as equipment failure.

Each representative must be made aware of the DRP, and when it is implemented,
compliance is essential. A comprehensive off-site information reinforcement strategy as well
as an on/off-site recovery plan must be included in the DRP.

There are some main components of a Disaster Recovery Plan, and they are as follows.

1. Responsibilities should be evenly distributed - Responsibilities should be divided so


that no one person or group is in charge of the whole organization.
2. Make a backup plan - The organization's backup strategy should be highly effective.
3. Assets and inventory have been prioritized - Assets and inventories should be
prioritized and listed according to their worth to the company. As a result, it is
possible to determine which assets should be saved the most in the event of a disaster.
4. Plan for communication - A good communication strategy should be devised. When
you're in a bad position, it's important to have a communication.
5. How long may a data loss or a system failure be tolerated - If a system failure or data
loss occurs, it is necessary to plan how long company activities will be halted and

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 111


how we will recover. This enables the company to be prepared in the event of a
disaster.
6. Managing confidential information - Information that is sensitive should be treated
with caution.

DISASTER RICOVERY
These are the main components of a Disaster Recovery Plan, and they are included in the
below DRP template.

PLAN FOR
EMC CYBER COMPANY.
IMPLEMENTING ORGANIZATIONAL SECURITY FOR EMC C

UNIT 05 SECURITY ASSIGNMENT.

FATHIMA SHAFIYYA SHIRZARD COL00042812.


ESOFT METRO CAMPUS COLOMBO.
PRIMARY SITE.
EMC CYBER COMPANY COLOMBO.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 112


TABLE OF CONTENTS.

Introduction to EMC Cyber


Company...............................................................................110

Objective...............................................................................................................................110

Revision History of Disaster Recovery


Plan........................................................................110

Policy Statement...................................................................................................................111

Key Personnel Contact Information...................................................................................111

Disaster Recovery
Team.......................................................................................................112

External Contacts.................................................................................................................112

Disaster Recovery Plan


Updating........................................................................................113

Plan for document


Storage...................................................................................................113

Backup
Strategy....................................................................................................................113

Risk Management.................................................................................................................114

Data Recovery Information.................................................................................................115

Make a list of triggering


events............................................................................................115

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 113


The Emergency Response Team is
Activated.....................................................................116

Emergency Alert of Disaster Recovery


Plan.......................................................................116

Financial
Evaluation.............................................................................................................116

Technological Disaster Recovery


Plan................................................................................117

Disaster Recovery Activity


Form.........................................................................................118

Recurring Recovered Business Operations to Business Element


Leadership..................119

Damage Assessment Form...................................................................................................119

Form for DR Activity


Management.....................................................................................119

Completion Form for Business Process/Function


Recovery..............................................120

Introduction to EMC Cyber Company.

EMC Cyber is a well-known cyber security firm located in Colombo, Sri Lanka, that provides
security solutions and services across the whole IT infrastructure. Some of the world's top-
level firms serve in a variety of industries, and the company has a number of clients both in
Sri Lanka and worldwide. Firewalls, anti-virus, intrusion detection and prevention, and
endpoint security are among the products developed by the business. EMC Cyber is in charge
of safeguarding businesses' networks, clouds, web applications, and emails. Advanced threat
prevention, secure unified access, and endpoint security are also available. In addition, they
advise clients on security concerns and treat them.

Objective.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 114


The disaster recovery program's main goal is to create, test, and document a well-structured
and easy-to-understand plan that will assist the company in recovering as quickly and
effectively as possible from an unexpected disaster or emergency that disrupts information
systems and business operations. In the event of a disaster, this report outlines the EMC
Cyber company's process and disaster recovery processes. This study discusses cyber security
risks to their website, apps, and infrastructure. The goal of this document is to address all of
the factors that should be considered in the event of a disaster and for folk's protection. The
Disaster Recovery Plan of EMC Cyber will cover many natural and physical risk’s treatment
to the organization. This report explains the policies and procedures that will assist in
overcoming the disaster with the least amount of disruption to the EMC organization's
operations.

Revision History of Disaster Recovery Plan.

Revision Version. Date Modified. Modified By. Description. Pages


Affected.

First Version 22/07/2021 Mr. John. First Release. All


(original Version)

Table 5: Revision History Of DRP.

Policy Statement.

The following policy statement has been authorized by EMC Cyber management.

 A thorough IT disaster recovery strategy will be developed by the organization.


 To identify the needs for the disaster recovery plan, a risk assessment assessment
must be conducted.
 In line with important business operations, the disaster recovery plan should include
all necessary and crucial infrastructure elements, systems, and networks.
 The disaster recovery plan should be tested in a controlled setting on a regular basis to
verify that it can be implemented in an emergency and that management and
personnel understand how to carry it out.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 115


 The disaster recovery strategy and each employee's responsibility must be
communicated to all employees.
 The disaster recovery plan must be updated on a regular basis to compensate for
changing circumstances.

Key Personnel Contact Information.

Name and Title. Roles and Contact Contact Information.


Responsibilities. Options.

Mr. Saman Perera. A chief information Mobile. 0772143861.


(Director) officer (CIO) is the
Email. Saman.perera@gmail.com
corporate leader in charge
of information and
computer technology
management,
development, and
accessibility.

Mr. Ruwan Siri. The Associate CIO acts as Mobile. 0721971864.


the IT organization's
(Manager) Email. Ruwan.siri@gmail.com
second-in-command and
chief operational officer.

Mr. Wishmika. Application monitor. Mobile. 0734780971.

(Manager) Email. Wishmika@gmail.com

Mr. Aravindh. Business-continuity Mobile 0723487593.


expert.
(Manager) Email aravindh@gmail.com

Disaster Recovery Team.

Manger. Leader. Member.

Networks and telecom Mr. Sumith. Mr. Arun. Mr. James.

Servers Mr. Sachin. Ms. Anne. Ms. Jenny.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 116


Storage Mr. Sarujan. Mr. Virun. Mr. Rishi.

Database Mr. Sumith. Mr. Sarujan. Ms. Amaya.


Administration

Data Center Mr. Rishi. Mr. Zaid. Mr. Deneith.

Back-Up and Ms. Ashini. Ms. Anne. Mr. Wishmika.


Recovery

External Contacts.

Name. Contact Option. Contact Information.

Landlord / Property Mobile 0741671864.


Manager.
Email Realter.solutions@gmail.com

Power Company. Mobile 0723975664.

Email Lecco.limited@gmail.com

Telecom Carrier. Mobile 0777197862.

Email Dialog.customer@gmail.com

Hardware Supplier. Mobile 0777197186.

Email Abans@gmail.com

Server Supplier. Mobile 0727981812.

Email Server.m@gmail.com

Workstation Supplier. Mobile 0777871164.

Email gamestreet@gmail.com

Power Generator. Mobile 0761971321.

Email Agg.powergenerator@gmail.com

Insurance. Mobile 0751991850.

Email Cyber.insurance@gmail.com

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 117


Disaster Recovery Plan Updating.

Updating the EMC Strategy. The process of upgrading the DRP must be appropriately
managed and regulated. Any changes to the strategy should be thoroughly tested, and
relevant adjustments to the training materials should be made. Under the direction of the IT
Director, established change control processes will be used.

Plan for document storage.

Copies of this Plan, including CDs and physical copies, shall be kept in safe places
determined by EMC. A CD and hard copy of this strategy will be given to each member of
senior management to keep at home. Every participant of the Disaster Recovery Team and
the Business Recovery Team will receive a CD and a hard copy of this plan. A master,
password-protected copy will be kept on special facilities set up for this purpose.

Backup Strategy.

The key business processes are outlined below, along with the agreed-upon backup solution
for each. The EMC's office will be used as the recovery site, which will be completely
mirrored.

This method includes maintaining a completely mirrored copy site that allows for quick
changeover between the live and backup sites (headquarters).

Key Business Process. Backup Strategy.

IT Operations Fully mirrored recovery site

Tech Support - Hardware Fully mirrored recovery site

Tech Support - Software Fully mirrored recovery site

Facilities Management Fully mirrored recovery site

Email Fully mirrored recovery site

Disaster Recovery Fully mirrored recovery site

Contracts Admin Fully mirrored recovery site

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 118


Testing Fully Mirrored Recovery site Fully mirrored recovery site

Web Site Fully mirrored recovery site

Risk Management.

There are a variety of possible disruptive threats that might emerge at any time and interrupt
routine company operations. The outcomes of our considerations are given in this section.
We evaluated a wide variety of potential risks. Every possible natural catastrophe or
emergency circumstance has been investigated. The focus here is on the level of business
interruption that each sort of disaster might cause. And they are as follows:

Potential Disaster. Probability Impact Brief Description of Potential


Rating. Rating Consequences & Remedial actions.

Flood 3 4 All serious equipment is placed on 1st


Floor

Fire 3 4 FM200 defeat system installed in key


computer centers. Fire and smoke
sensors on all floorings.

Tornando 5 Substitute

Electrical Strom 5 Substitute

Act Of terrorism 5 Substitute

Act Of Sabotage 5 4 Substitute

Electrical power 3 4 Redundant UPS array organized with


failure auto standby generator that is verified
weekly & remotely observed 24/7.
UPSs also remotely observed.

Server or Device 3 4 Redundant equipment


failure.

Loss of 4 4 2 diversely routed T1 trunks into


communication structure. WAN redundancy, voice

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 119


network services. network flexibility

Probability: 1=Very High, 5=Very Low Impact: 1=Total destruction, 5=Minor annoyance

Data Recovery Information.

Type. Location.

Daily Backup (disk). Datacenter, Computing Services

Weekly Backup. Datacenter, Computing Services

Monthly Backup. Off-site storage.

Annual Backup. Off-site storage.

Make a list of triggering events.

The following are key trigger issues at headquarters that would result in the DRP being
activated:

• Total loss of all communications.

• Complete power outage.

• The premises have been flooded and the building's destruction.

The Emergency Response Team is activated.

The Emergency Response Team (ERT) must be activated when an event happens. The ERT
will next determine the scope of the DRP's application. In the case of a disaster, all
employees must be given a Quick Reference card with ERT contact information. The ERT's
responsibilities include:

 In the event of a disaster, act quickly and ask for help.


 Evaluate the disaster's scope and impact on the business, data center, and other critical
infrastructure.
 Decide which DR Plan elements should be activated.
 Create and manage a disaster recovery team to ensure critical services are maintained
and operations are returned to normal.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 120


 Determine that staff are informed, and assign tasks and activities as needed.

Emergency Alert of Disaster Recovery Plan.

In the order given, the person who discovers the issue contacts a member of the Emergency
Response Team:

Emergency Response:

 Mr. Sirisena (0771971864).


 Ms. Pushpa (0768762341).

If not available, try:

 Mr. Rishi (0721961736).

The Emergency Response Team (ERT) is in charge of activating the DRP in the case of any
of the disasters listed in this plan, as well as any other incident that affects the company's
capacity to function regularly.

Financial Evaluation.

The emergency response team will prepare an early evaluation of the incident's impact on the
company's financial affairs. Loss of financial records should be included in the assessment.

• Revenue is lost.
• Theft of checkbooks, credit cards, and other assets
• There has been a cash loss.

Technological Disaster Recovery Plan.

Disaster Recovery Plan for EMC Cyber System.

System EMC Cyber System.

Overview Technological Disaster Recovery Plan for


EMC Cyber Company.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 121


Production Server: Location: Colombo

Server Model: Dell EMC server

Operating System: MS Windows

CPUs: Intel Core i9-10900K Processor


DirectX

Memory: SanDisk Extreme PRO SD UHS-


I. (256 GB)

Total Disk: 200GB

IP Address:192.168.2.1 255.255.255.0

Other

Key Contacts

Hardware vendor FB Hardware Colombo.

System owners Mr. Saman Perera.

Database owners Mr. Sarujan.

Application owners Mr. Wishmika.

Backup strategy for EMC System

Daily 

Monthly 

Quarterly 

EMC system disaster recovery


procedures

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 122


Scenario 1 The DRP must specify where, on which
devices, and in which folders each data
Total Loss of Data
resource is backed up, as well as how the
team should retrieve each resource from
backup.

Disaster Recovery Activity Form.

After the initial disaster recovery response is completed, the DRT leader should write a report
on the actions that were completed. The report should include details on the emergency, who
was alerted and when, and the measures taken by members of the DRT, as well as the results
of those efforts. The influence on routine corporate operations will also be evaluated in the
report. The report should be delivered to the head of the company recovery team, with a copy
to senior management if necessary. After the initial disaster recovery response is completed,
the DRT leader will write a disaster recovery report. The report will be given to top
management in addition to the business recovery team leader.

The report will contain the following information.

 A description of the occurrence or emergency.


 Those who were alerted about the emergency (including dates).
 Members of the DRT acted.
 Actions have resulted in certain outcomes.
 An evaluation of the influence on regular company activities.
 Evaluation of the BCP's efficacy and lessons gained
 Lessons have been learnt.

Recurring Recovered Business Operations to Business Element Leadership.

 Once regular company operations have been restored, responsibility for individual
activities must be returned to the appropriate business unit leader.
 This procedure should be established to ensure that all parties are aware of the change
in overall responsibility and the return to normal operations.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 123


 It's likely that the business recovery process lead was given total responsibility during
the recovery process.
 Although it is anticipated that business unit management will be actively involved
during the recovery, overall responsibility for the recovery process should most likely
rest with a business recovery process team.

Damage assessment form.

Key Business Process Description Of Problem. Extent Of Damage


Affected.

Form for DR Activity Management.

• All operations will be decided using a standard framework during the disaster recovery
process, and this plan will need to be updated on a regular basis whenever possible during the
disaster recovery period.

• All acts that take place during this phase must be documented.

Activity Name:

Reference Number:

Brief Description:

Commencement Completion Resources In Charge.


Date/Time. Date/Time. Involved.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 124


Completion Form for Business Process/Function Recovery.

For each process recovered, the business recovery team leader and the appropriate business
unit leader should fill out and sign the accompanying transition form.

For each recovered business process, a different form should be utilized.

Name of Business Process

Accomplishment Date of Work Provided


by Business Recovery Team

Date of Transition Back to Business Unit


Management

I confirm that the effort of the business recovery team has been accomplished in accord
with the disaster recovery plan for the above procedure, and that normal business actions
have been successfully restored.

Business Recovery Team Leader Name: ________________________________________


Signature: ________________________________________________________________
Date: __________________________

I confirm that above business process is now acceptable for normal working conditions.

Name: ___________________________________________________________________

Title: ____________________________________________________________________
Signature: ________________________________________________________________

Date: _________________

04. DISCUSS THE ROLES OF STAKEHOLDERS IN THE ORGANIZATION TO


IMPLEMENT SECURITY AUDIT RECOMMENDATIONS.

1. WHO IS A STAKE HOLDER?

A stakeholder is someone who has an interest in an organization and may affect or be


influenced by it. In a business, a stakeholder might be internal or external. A stakeholder is

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 125


someone who has a strong interest in the company or its activities. Possession and property
interests, as well as legitimate interests and communication, can all be included. An ethical
right may include a buyer's preference not to be intentionally harmed by commercial activity.
Investors, workers, customers, creditor, director, and suppliers are the key stakeholders of a
business activity. Not all Stake holders are same and not involved in decision making of a
company.

Stakeholders can be of three types they are:

1. Influence a business.
2. Influenced by a business.
3. Influence a business and influenced by a business.

2. ROLES OF THE STAKEHOLDERS IN EMC CYBER COMPANY.

These are the stakeholders of EMC Cyber Company who manage to keep up the company
safe and secure during any kinds of risks. And make sure the organization functions properly
and securely during any crisis and they are as follows:

Risk manager: In terms of analyzing, managing, and responding to cyber risks, risk
managers may ensure that various stakeholders are linked. It's also crucial to understand the
expanding cyber insurance industry as well as risk financing solutions in overall.

Security Manager: Security managers are in charge of safeguarding assets for organizations
and corporations, from the safety of employees and customers to the prevention of theft and
inventory loss. These experts create and implement security policies, ensuring that they are
followed by all employees.

Chief Financial Officer /CFO: Concerns vary from the possible costs of a cyber incident to
the influence on the bottom line, as well as the security of the office's sensitive data.

Board of Directors/CEO: They have a legal duty to analyze and manage cyber risk since
they are responsible for overall business and company performance. Regulators such as the
Securities and Exchange Commission and the Securities and Exchange commission have
stated that they expect top management to be involved in the matter.

Legal/Compliance: As cyber rules evolve, legal and compliance responsibilities become


more critical in keeping other stakeholders aware and involved. And, if a cyber-attack
happens, suits are sometimes filed within hours.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 126


Keeping daily operations: company procedures, and workplace stability running smoothly is
important during a cyber incident.

Employees/Human Resources: Employees' simple mistakes — or purposeful acts — can


result in costly cyber disasters. With the growth of complex "phishing attack" assaults
targeting specific employees, training on ethical practices is essential.

Customers and Vendors: Interactions with customers and vendors might put you at risk of
being attacked. You must be aware of the safeguards they have in place so that they do not
become a weak spot in your cyber security.

Protecting your company's data and people' privacy is getting increasingly tough. Cyber-
defense methods that work is multifaceted and thorough. Understanding and clarifying the
roles and responsibilities of all important stakeholders is a critical component.

03. THE ROLES OF SECURITY POLICIES, AUDITS, AND RECOMMENDATIONS.

A stakeholder in business is generally a speculator in the organization whose actions


determine the outcome of corporate decisions. Stakeholders do not have to be value investors
to be valuable. They might also be employees who are active in business concerns. As
previously mentioned, EMC Cyber has a number of stakeholders that are responsible for
implementing security solutions in order to keep up with the changing environment and
stakeholder demands.

An information security audit is a thorough study and evaluation of your company's


information security infrastructure. Regular audits may help you discover weak areas and
vulnerabilities in your IT infrastructure, check security measures, and ensure data security,
among several other things. A qualified security auditor from the appropriate regulatory
agency or an independent third-party vendor generally conducts a compliance audit. Internal
audits may be conducted by your company's staff in some situations to ensure regulatory
compliance or overall security posture. You'll need support and assistance from the top levels
of your company, particularly the chief security officer and chief information officer, for an
infrastructure project like a security audit to succeed. This level of management support will
guarantee that the audit receives the time and resources it requires.

04. SECURITY RECOMMENDATIONS THAT COULD BE PROVIDED BY THE


STAKEHOLDERS.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 127


These are the stakeholders of EMC Cyber company who are responsible to prove security and
audit recommendations to keep up the company upgoing and protect from threats and risks.

Auditor – keeps track of all system activities, including user account logins, file access, and
data and configuration modifications. Detailed event logs allow you to determine the exact
cause of security flaws and other issues, allowing you to fix them and enhance your
cybersecurity strength.

Security Manger - Identify and safeguard corporate assets by creating and implementing
security policies. Through training and evaluations, ensure that employees follow security
procedures and requirements, ensure that employees and customers are safe in the workplace,
conduct assessments and inspections of security processes, Prepare the company and its
employees for external inspections.

Data Classification enables you to inventory all of your data and categorize it according to
its sensitivity and worth to the company, allowing you to apply different security measures to
different levels of data at a granular level. Compliance audits are also substantially
accelerated by data categorization.

Understanding the weaknesses in the current security strategy allows you to design a far
better plan than the one you have now. A thorough security audit may help an organization's
defense system improve. There are some steps that should be followed to have a proper
security audit and they are as follows:

1. Plan for your audit – the auditor has to recognize the risks associated with computer
equipment, customer data and other important documents. After finding the risks
mange only the very important and sensitive assets.
2. Make a list of your potential threats - Human error, malware and logical attack,
password insecurity, and natural disasters can all cause damage. Along with assessing
the risks, the auditor must examine how they might influence the performance of the
organization.
3. Examine the current state of security – the auditor has to identify the risks and
evaluate it. The preset security structure will help to minimize the risks associated
with the organization.
4. Organizing (Risk Scoring) - All threats are ranked in this phase based on their
priority. Risks with larger dangers are ranked higher, whereas risks with smaller
threats are ranked lower. When rating, various criteria such as the organization's

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 128


history, current developments in the security industry, and rules and regulations
should be evaluated.
5. Prepare a security plan - Finally, based on the observations made in the development
phase, the auditor might propose and design security measures. Measures that can be
taken include educating employees about the security threats that the organization is
facing and will face in the future, tightening passwords, providing access controls
such as fingerprint and smartcard, email-related protection, improved backup plans,
and constant network monitoring.

When these five stages are followed correctly, the company has undergone a complete
security audit.

Conclusion.

Simply publishing a report on your results isn't enough. By giving clear and realistic
suggestions for implementing cybersecurity changes, the audit should contribute to the
security of your company. Create a plan for resolving any system vulnerabilities. Take the
required steps to bring a file or data system into conformity with regulatory requirements.
And these activities will be carried out by the security manager, auditor, and data
classification manager of EMC Cyber who are the stakeholders interested in the company and
wanted to have a successfully and continence business.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 129


PRESENTATION SLIDES.

SLIDE – 01.

SLIDE – 02.
This slide contains the contents of the presentation.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 130


Slide – 03.
This is the introduction of the presentation. This slide includes the introduction of what is a
disaster and how does it impact the organization. A disaster is something that happens in an
unexpected situation. To overcome and continue the business a disaster recovery plan must
be implemented. A disaster can be a physical or a virtual attack. To rectify it and solve before
occurring a disaster recovery plan must be implemented (IFRC, 2020).

SLIDE – 04.
This slide includes a brief introduction about the EMC Cyber company and about its services
and products that they deliver. EMC Cyber is a security company which provides security

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 131


products around the entire IT infrastructure. They also provide security advice to their clients
to solve the security risks. The products they deliver are firewalls, antivirus, and many others.
EMC also perform tasks like offering threat protections, endpoint security for their clients.

SLIDE – 05.
This slide includes the brief explanation of what a disaster recovery plan and how does it help
the organization with it. And also states about the purpose of it. A disaster recovery plan is a
document that directs how to respond to an unexpected situation. This situation can be a
natural disaster physical or logical attacks, which can have an impact on the organization. To
minimize such occurrence a disaster recovery plan must be implemented (EVOLVE IP,
2021).

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 132


SLIDE – 06.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 133


This slide completely includes about the main components of a disaster recovery plan. There
are some main components of a disaster recovery plan.

Which includes the plan scope, roles and responsibilities, amount of tolerance of the disaster,
strategy of communication when a disaster occurs. And scheduling the time for testing,
reviewing ad improving the organization’s posture from the occurred disaster.

SLIDE – 07.
This slide states the benefits of implementing a disaster recovery plan of an organization.
There are many benefits when an organization implements a disaster recovery plan. Some of
them are stated in the above slide. The benefits are like DRP reduces the amount of stressed
environment because the advance plans are already implemented. DRP also reduce the risks
of critical process being disrupted and protected business operation. Therefore, every
organization should have a suitable DRP for them.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 134


SLIDE – 08.
This slide contains the cover page of the EMC Cyber’s disaster recovery plan. I’ve created a
DRP for EMC cyber company and this is the cover page of the created DRP.

SLIDE – 09.
This slide includes the snapshot of the Disaster Recovery Plan of EMC Cyber. The snapshot
includes the table of contents, introduction of EMC Cyber company, objective of the
company, revision history of the Disaster recovery plan (when the DRP was created), policy
statement (how and to whom the policy is authorized in EMC), key personal contacts of EMC
Cyber when disaster occur, Disaster recovery team and the external contacts of EMC Cyber
company.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 135


SLIDE – 10.
This slide includes the snapshot of the Disaster Recovery Plan of EMC Cyber. The snapshot
includes the disaster recovery plan updating of EMC, plan for document storage of EMC
Cyber, backup strategy of EMC, risk management, data recovery information, make a list of
triggering events, emergency response team is activated of EMC Cyber, emergency alert of
disaster recovery plan of EMC Cyber and the financial evaluation of EMC Cyber company.

SLIDE – 11.
This slide includes the snapshot of the Disaster Recovery Plan of EMC Cyber. The snapshot
includes the technological disaster recovery plan of EMC Cyber, disaster recovery activity
form, returning recovered business operations to business unit leadership, damage assessment

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 136


form for EMC Cyber, form for DR activity management and completion form for business
process/function recovery for EMC Cyber company.

SLIDE – 12.
This slide includes a small conclusion about why Disaster Recovery plan should be
implemented and how will it benefit the organization. To have a successful and a continuous
business any organization must implement a DRP as it provides many securities feature for
the organization. As a result, EMC Cyber company also have a suitable DRP plan to
overcome and minimize security threats to the organization (druva, 2021).

SLIDE – 13.
This slide includes all the references that are used overall the presentation slides.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 137


SLIDE – 14.
This slide is for question and answers regarding the presentation.

SLIDE – 15.
This is the final slide of the presentation.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 138


CRITICAL EVALUATION OF THE REPORT.
This report is mainly prepared for EMC Cyber Company which has been assigned a task
from Lockhead Aerospace manufacturing which is a reputed aircraft manufacturer based in
the US, has given the company the job of researching the security concerns of creating IoT-
based automation solutions in their manufacturing process. I’ve been appointed as an external
security analyst by EMC Directors to investigate and report on potential cyber security
threats to their web site, applications, and infrastructure. So, these are the procedure that I
stated in the report.
In Activity 01 I’ve briefly explained about the CIA triad, types of security risks and the
countermeasures to EMC Cyber Company to reduce them with proper procedures.
In Activity 02 I’ve identified some technologies that should be implemented in EMC Cyber
like Firewalls, VPN, IP’s, NAT, DMZ with advantages and disadvantages of it. And also
explained about network monitoring and management system that should be implemented for
EMC Cyber with tools.
In Activity 03 I’ve discussed about the risk assessment and management methodologies with
laws like ISO and many others.
In Activity 04 I’ve implemented security policies and Disaster Recovery Plan to implement
security for EMC Cyber company.
Furthermore, I’ve added the presentation slides which includes the EMC Cyber’s Disaster
Recovery Plan.
So, by implementing new security processes, we can create a new system for EMC, and by
utilizing firewalls, VPNs, DMZs, and NAT, we can create a solid network security system for
EMC. So, based on that you know how to keep the firm running well, and if there are any
dangers, we know how to mitigate them. Aside from that, we now understand what audit is,
why audit is important, who is a stakeholder, and what function stakeholders perform.
I hope that I have prepared a better solution for the companies. The provided security solution
for EMC Cyber company will be successful if there is a proper maintenance and backups are
taken on time and mange risks and if treated.

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 139


REFERECES.
Aravindan, S., 2021. Trusted Network: Solutions, Environment & Technologies. [Online]
Available at: https://study.com/academy/lesson/trusted-network-solutions-environment-
technologies.html#:~:text=A%20trusted%20network%20is%20a,secure%20data%20to%20be
%20transmitted.&text=Encryption%3A%20the%20data%20should%20be,and%20transmitted%20to
%20unauthorized%20us
[Accessed 9 june 2021].

avast, 2021. Static vs. Dynamic IP Addresses. [Online]


Available at: https://www.avast.com/c-static-vs-dynamic-ip-addresses
[Accessed 8 june 2021].

Brooks, R., 2019. What is the CIA triad?. [Online]


Available at: https://blog.netwrix.com/2019/03/26/the-cia-triad-and-its-real-world-application/
[Accessed 24 may 2021].

Carklin, N., 2021. What Is a Remote Access Policy, and Why Is It Important for Your Organization?.
[Online]
Available at: https://www.parallels.com/blogs/ras/remote-access-policy/#:~:text=A%20remote
%20access%20policy%20serves,users%20connecting%20to%20the%20network.&text=It%20helps
%20ensure%20that%20only,network%20from%20potential%20security%20threats.
[Accessed 2 june 2021].

CCOHS, 2021. Risk Assessment. [Online]


Available at: https://www.ccohs.ca/oshanswers/hsprograms/risk_assessment.html
[Accessed 4 july 2021].

CFI Education Inc., 2021. Risk Management. [Online]


Available at: https://corporatefinanceinstitute.com/resources/knowledge/strategy/risk-
management/
[Accessed 1 june 2021].

Check Point , 2021. What is a Firewall?. [Online]


Available at: https://www.checkpoint.com/cyber-hub/network-security/what-is-firewall/#:~:text=A
%20Firewall%20is%20a%20network,network%20and%20the%20public%20Internet.
[Accessed 9 june 2021].

cisco, 2019. What Is IT Security?. [Online]


Available at: https://www.myassignmenthelp.net/sample-assignment/unit-5-security
[Accessed 9 july 2021].

cisco, 2021. What Is Network Management?. [Online]


Available at: https://www.cisco.com/c/en/us/solutions/enterprise-networks/what-is-network-
management.html
[Accessed 12 july 2021].

cisco, 2021. What Is Network Monitoring?. [Online]


Available at: https://www.cisco.com/c/en/us/solutions/automation/what-is-network-
monitoring.html
[Accessed 9 june 2021].

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 140


Crocetti, P., 2021. What is data protection and why is it important?. [Online]
Available at: https://searchdatabackup.techtarget.com/definition/data-protection
[Accessed 4 july 2021].

Doug, 2018. Risk Management Process: Security Analysis Methodology in SecureWatch. [Online]
Available at: https://riskwatch.com/2018/03/19/risk-management-process/
[Accessed 7 july 2021].

druva, 2021. Disaster recovery plan. [Online]


Available at: https://www.druva.com/glossary/what-is-a-disaster-recovery-plan-definition-and-
related-faqs/
[Accessed 22 july 2021].

enisa, 2021. Risk Treatment. [Online]


Available at: https://www.enisa.europa.eu/topics/threat-risk-management/risk-management/
current-risk/risk-management-inventory/rm-process/risk-treatment#:~:text=According%20to%20its
%20definition%2C%20Risk,optimizing%2C%20transferring%20or%20retaining%20risk.
[Accessed 1 june 2021].

Forcepoint, 2021. What is Network Security?Network security defined, explained, and explored.
[Online]
Available at: https://www.forcepoint.com/cyber-edu/network-security
[Accessed 25 may 2021].

Gary Hayslip, 2018. 9 policies and procedures you need to know about if you’re starting a new
security program. [Online]
Available at: https://www.csoonline.com/article/3263738/9-policies-and-procedures-you-need-to-
know-about-if-youre-starting-a-new-security-program.html
[Accessed 7 june 2021].

Hornetssecurity, 2021. IT Security What is IT Security, and why is IT Security so important?. [Online]
Available at: https://www.hornetsecurity.com/en/knowledge-base/it-security/
[Accessed 24 may 2021].

Irwin, L., 2020. How to write an information security policy – with template example. [Online]
Available at: https://www.itgovernance.eu/blog/en/how-to-write-an-information-security-policy-
with-template-example#:~:text=What%20is%20an%20information%20security,when%20out%20of
%20the%20premises.
[Accessed 1 june 2021].

Irwin, L., 2021. An introduction to ISO 27701: the international standard for data privacy. [Online]
Available at: https://www.itgovernance.eu/blog/en/iso-27701-the-new-international-standard-for-
data-privacy
[Accessed 13 july 2021].

John J. Fay, D. P., 2018. The Importance of Policies and Procedures. [Online]
Available at: https://www.sciencedirect.com/topics/computer-science/security-procedure#:~:text=A
%20security%20procedure%20is%20a,to%20accomplish%20an%20end%20result.
[Accessed 1 june 2021].

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 141


Kaspersky, 2021. What is VPN? How It Works, Types of VPN. [Online]
Available at: https://www.kaspersky.com/resource-center/definitions/what-is-a-vpn
[Accessed 9 june 2021].

Kristina, 2019. Complete Guide to Improving Physical Security In Your Workplace. [Online]
Available at: https://www.opensourcedworkplace.com/news/complete-guide-to-improving-physical-
security-in-your-workplace
[Accessed 5 july 2021].

LOYOLA, 2020. ITS Antivirus Policy. [Online]


Available at: https://www.luc.edu/its/aboutits/itspoliciesguidelines/antivirus_policy_.shtml
[Accessed 23 june 2021].

PETTERS, J., 2020. What is an IT Security Audit? The Basics. [Online]


Available at: https://www.varonis.com/blog/security-audit/
[Accessed 7 july 2021].

Posey, B., 2019. How to fix the four biggest problems with VPN connections. [Online]
Available at: https://www.techrepublic.com/article/fix-the-four-biggest-problems-with-vpn-
connections/
[Accessed 1 july 2021].

Protective Security Policy Framework, 2021. 3 Security planning and risk management. [Online]
Available at: https://www.protectivesecurity.gov.au/governance/security-planning-risk-
management/Pages/default.aspx
[Accessed 4 july 2021].

Sampera, E., 2019. What to Know About Logical Security vs Physical Security. [Online]
Available at: https://www.vxchnge.com/blog/logical-security-vs-physical-security
[Accessed 24 may 2021].

Sarokin, D., 2020. What Is a Risk Management Policy Statement?. [Online]


Available at: https://smallbusiness.chron.com/risk-management-policy-statement-68528.html
[Accessed 23 june 2021].

sciencedirect, 2021. Network Connection. [Online]


Available at: https://www.sciencedirect.com/topics/computer-science/network-connection
[Accessed 2 june 2021].

The Secret Security Wiki, 2021. DEMILITARIZED ZONE (DMZ). [Online]


Available at: https://doubleoctopus.com/security-wiki/network-architecture/demilitarized-zone/
[Accessed 15 june 2021].

Thomas, M., 2018. GDPR: What You Need to Know and How Bluehost Helps You Comply. [Online]
Available at: https://www.bluehost.com/blog/gdpr-what-you-need-to-know-and-how-bluehost-
helps-you-comply/?
utm_source=google&utm_medium=genericsearch&gclid=CjwKCAjw87SHBhBiEiwAukSeUQFvtFZQtt8
AenERa-L9H5enPzGjSA79TenpKDsJYnc5xvCe7mi7ghoC7GEQAvD_BwE&gclsrc=aw.ds&nclid=_R_
[Accessed 13 july 2021].

Ttoolkit.com, 2020. Protecting Business Interests With Policies for IT Asset Management. [Online]
Available at: https://www.ittoolkit.com/articles/asset-management-policies
[Accessed 23 june 2021].

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 142


USELEGAL, 2021. Internet Policy Law and Legal Definition. [Online]
Available at: https://definitions.uslegal.com/i/internet-policy/#:~:text=Internet%20policy%20refers
%20to%20personal,who%20may%20access%20such%20information.
[Accessed 23 june 2021].

WatchGuard Technologies,, 2021. Static and Dynamic IP Addresses. [Online]


Available at: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/
Fireware/overview/networksecurity/ip_address_static_dyn_c.html#:~:text=A%20dynamic%20IP
%20address%20is,using%20either%20DHCP%20or%20PPPoE.
[Accessed 8 june 2021].

What Is My IP Address., 2021. What is Network Address Translation?. [Online]


Available at: https://whatismyipaddress.com/nat
[Accessed 15 june 2021].

Wickert, K., 2015. 5 Most Common Firewall Configuration Mistakes. [Online]


Available at: https://www.darkreading.com/operations/5-most-common-firewall-configuration-
mistakes-/a/d-id/1322225
[Accessed 1 july 2021].

FATHIMA SHAFIYYA SHIRZARD (COL00042812) SECURITY ASSINGNMENT 143

You might also like