Final Security Assignment 56
Final Security Assignment 56
Final Security Assignment 56
Formative feedback
Student Agreement:
I understand the feedback given to me and agree to carry out the actions in future works as required and indicated.
Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken
place and grades decisions have been agreed at the assessment board.
Form\KIT\020
STUDENT ASSESSMENT SUBMISSION AND DECLARATION
When submitting evidence for assessment, each student must sign a declaration confirming that the work is their own.
Unit: 05 : Security
Plagiarism
Plagiarism is a particular form of cheating. Plagiarism must be avoided at all costs and students who break the rules,
however innocently, may be penalised. It is your responsibility to ensure that you understand correct referencing practices.
As a university level student, you are expected to use appropriate references throughout and keep carefully detailed notes
of all your sources of materials for material you have used in your work, including any material downloaded from the
Internet. Please consult the relevant unit lecturer or your course tutor if you need any further advice.
Student Declaration
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I
understand that making a false declaration is a form of malpractice.
Form\KIT\020
Task Evidence
Student Signature
Assessor Signature
Form\KIT\020
Achievement Summary and Review Feedback
Achieve
Grading criteria Reference Task feedback to student(comments) d(Yes/No
)
Review
Feedback
Part
LO 1&2 1
LO
Summative
Feedback
Review
Feedback
Part
LO 3 & 4 2
LO
Summative
Feedback
Form\KIT\020
Higher National Diploma in Computing
Assignment Brief
Submission Format
Part 1:
The submission is in the form of an individual written report. This should be written in a concise, formal
business style using single spacing and font size 12. You are required to make use of headings, paragraphs,
and subsections as appropriate, and all work must be supported with research and referenced using the
Harvard referencing system. Please also provide a bibliography using the Harvard referencing system. The
recommended word limit is 1500-2,500 words, although you will not be penalized for exceeding the total word
limit
Part 2:
The submission is in the form of an individual written report. This should be written in a concise, formal
business style using single spacing and font size 12. You are required to make use of headings, paragraphs,
and subsections as appropriate, and all work must be supported with research and referenced using the
Harvard referencing system. Please also provide a bibliography using the Harvard referencing system. The
recommended word limit is 1500-2,500 words, although you will not be penalized for exceeding the total word
limit
Part 3:
The submission is in the form of an individual written report. This should be written in a concise, formal
business style using single spacing and font size 12. You are required to make use of headings, paragraphs,
and subsections as appropriate, and all work must be supported with research and referenced using the
Harvard referencing system. Please also provide a bibliography using the Harvard referencing system. The
recommended word limit is2000-2,500 words, although you will not be penalized for exceeding the total word
limit
Security policies must be separately attached. This should be written in a concise, formal business style using
single spacing and font size 12. You are required to make use of headings, paragraphs, and subsections as
appropriate.
Part 1
E- Tec Is a software development company in Kalmuna. Recently E-Tec lost several important data due to
security vulnerabilities. Immediately E-Tec wanted to solve this problem at any cost.
You have been appointed as the Penetration tester to E-tec. As the first part of your duty, you decided to identify
the possible security risks E-Tec might have faced and to required to access and treat the identified risks.
And additionally, you decided to suggest security procedures to E-Tec, to streamline and to avoid any future
security threats.
Part 2
You work as IT security head in E-Tec company. One of your junior network administrators made a mistake by
incorrect configuration of firewall, thankfully you noticed it by regular monitoring and prevented the exposure.
Because of this incident you thought of conducting a workshop for all the junior IT staff members who work
under you. For your workshop you decided to address the following issues.
1. The potential impact of incorrect configuration of Firewalls and third-party VPNs. Provide real time
examples.
2. To improve network security in any organization, how implementing DMZ, static IP, and NAT aid the
security?
3. Discuss the importance of network monitoring, provide benefits with proper reasons.
4. Evaluate suitable physical and virtual security measures for E-Tec company, which can ensure the
integrity of the E-tec’s IT security. (3 security measures for each)
Part 3
As the penetration tester you decided to conduct an IT security Audit for ABC. Before conducting the audit ABC
management asked you to give a report about the possible impacts of an IT security audit to ABC company.
Your report should include the recommendations suggested by the stakeholders.
After you conducted the audit successfully, you found some major flows in the current security system and
procedures.
The problems are listed below
• No proper procedures to assess the risks and ABC does not comply with any data protection processes
or regulations.
• No organizational disaster recovery plans
• No IT security policy
To streamline ABC’s IT security, you decided to create a report to do the following steps as the initial part of the
solution.
• Explain about the applicable data protection processes and regulations to ABC Company with the
guidance of ISO 31000 Standard
• Proper risk assessment procedures and the possible impact of not having a risk assessment procedure
for ABC company.
• Create a disaster recovery plan by identifying the key components of an organizational disaster
recovery plan with the proper justification for the inclusion of the key components.
• Create an IT security policy for ABC, in your IT security policy include 3 of the following policies.
(Password Policy, email policy, acceptable use policy, Ethics policy, DRP policy & clean desk policy)
• Explain how IT security policy can be aligned with organizational policy, and negative impacts of
misalignments of these policies.
• Finally identify the tools used in the organizational policy and evaluate them.
Form\KIT\020
Learning Outcomes and Assessment Criteria
Pass Merit Distinction
LO1 Assess risks to IT security LO1 & 2
P1 Identify types of security M1 Propose a method to assess D1 Investigate how a ‘trusted network’
risks to organisations. and treat IT security risks. may be part of an IT security solution.
P2 Describe organisational
security procedures.
LO2 Describe IT security solutions
P5 Discuss risk assessment M3 Summarise the ISO 31000 risk D2 Consider how IT security can be
procedures. management methodology and its aligned with organisational policy,
application in IT security. detailing the security impact of any
misalignment.
P6 Explain data protection
processes and regulations as M4 Discuss possible impacts to
applicable to an organisation.
organisational security resulting
from an IT security audit.
LO4 Manage organisational security
P7 Design and implement a M5 Discuss the roles of D3 Evaluate the suitability of the tools
security policy for an stakeholders in the organisation to used in an organisational policy.
organisation. implement security audit
recommendations.
P8 List the main components
of an organisational disaster
recovery plan, justifying the
reasons for inclusion
Form\KIT\020