Higher Nationals
Internal verification of assessment decisions – BTEC (RQF)
INTERNAL VERIFICATION – ASSESSMENT DECISIONS
Programme title
BTEC Higher National Diploma in Computing
Assessor
Unit(s)
Assignment title
Student’s name
Internal Verifier
Unit 05: Security
EMC Cloud Solutions
Randara Maneth Gerard De Mel
List which assessment
criteria the Assessor has
awarded.
Pass
Merit
Distinction
INTERNAL VERIFIER CHECKLIST
Do the assessment criteria awarded match
those shown in the assignment brief?
Is the Pass/Merit/Distinction grade awarded
justified by the assessor’s comments on the
student work?
Has the work been assessed
accurately?
Y/N
Y/N
Y/N
Is the feedback to the student:
Give details:
• Constructive?
• Linked to relevant assessment
criteria?
Y/N
Y/N
• Identifying opportunities for
improved performance?
Y/N
• Agreeing actions?
Y/N
Does the assessment decision need
amending?
Y/N
Assessor signature
Date
Internal Verifier signature
Date
Programme Leader signature(if
required)
Date
Confirm action completed
Remedial action taken
Give details:
Assessor signature
Date
Internal Verifier
signature
Date
Programme Leader
signature (if required)
Date
Higher Nationals - Summative Assignment Feedback Form
Student Name/ID
Randara Maneth Gerard De Mel
Unit Title
Unit 05: Security
Assignment Number
1
Assessor
Submission Date
Date Received 1st
submission
Re-submission Date
Date Received 2nd
submission
Assessor Feedback:
LO1. Assess risks to IT security
Pass, Merit & Distinction
P1
Descripts
LO2. Describe IT security solutions.
P2
M1
D1
Pass, Merit & Distinction
Descripts
P4
M2
D1
P3
LO3. Review mechanisms to control organisational IT security.
Pass, Merit & Distinction
P5
P6
M3
Descripts
M4
D2
LO4. Manage organisational security.
Pass, Merit & Distinction
Descripts
Grade:
P7
P8
M5
D3
Assessor Signature:
Date:
Assessor Signature:
Date:
Resubmission Feedback:
Grade:
Internal Verifier’s Comments:
Signature & Date:
* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and grades decisions have
been agreed at the assessment board.
Pearson
Higher Nationals in
Computing
Unit 5 : Security
General Guidelines
1. A Cover page or title page – You should always attach a title page to your assignment. Use previous page as
your cover sheet and be sure to fill the details correctly.
2. This entire brief should be attached in first before you start answering.
3. All the assignments should prepare using word processing software.
4. All the assignments should print in A4 sized paper, and make sure to only use one side printing.
5. Allow 1” margin on each side of the paper. But on the left side you will need to leave room for binging.
Word Processing Rules
1. Use a font type that will make easy for your examiner to read. The font size should be 12 point, and should be
in the style of Time New Roman.
2. Use 1.5 line word-processing. Left justify all paragraphs.
3. Ensure that all headings are consistent in terms of size and font style.
4. Use footer function on the word processor to insert Your Name, Subject, Assignment No, and Page Number
on each page. This is useful if individual sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to help edit your assignment.
Important Points:
1. Check carefully the hand in date and the instructions given with the assignment. Late submissions will not be
accepted.
2. Ensure that you give yourself enough time to complete the assignment by the due date.
3. Don’t leave things such as printing to the last minute – excuses of this nature will not be accepted for failure
to hand in the work on time.
4. You must take responsibility for managing your own time effectively.
5. If you are unable to hand in your assignment on time and have valid reasons such as illness, you may apply (in
writing) for an extension.
6. Failure to achieve at least a PASS grade will result in a REFERRAL grade being given.
7. Non-submission of work without valid reasons will lead to an automatic REFERRAL. You will then be asked to
complete an alternative assignment.
8. Take great care that if you use other people’s work or ideas in your assignment, you properly reference them,
using the HARVARD referencing system, in you text and any bibliography, otherwise you may be guilty of
plagiarism.
9. If you are caught plagiarising you could have your grade reduced to A REFERRAL or at worst you could be
excluded from the course.
Student Declaration
I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as my own
without attributing the sources in the correct way. I further understand what it means to copy another’s work.
1. I know that plagiarism is a punishable offence because it constitutes theft.
2. I understand the plagiarism and copying policy of the Edexcel UK.
3. I know what the consequences will be if I plagiaries or copy another’s work in any of the assignments for this
program.
4. I declare therefore that all work presented by me for every aspects of my program, will be my own, and where
I have made use of another’s work, I will attribute the source in the correct way.
5. I acknowledge that the attachment of this document signed or not, constitutes a binding agreement between
myself and Edexcel UK.
6. I understand that my assignment will not be considered as submitted if this document is not attached to the
attached.
Student’s Signature:
(Provide E-mail ID)
Date:
(Provide Submission Date)
Assignment Brief
Student Name /ID Number
Unit Number and Title
Unit 5- Security
Academic Year
2017/2018
Unit Tutor
Assignment Title
EMC Cloud Solutions
Issue Date
Submission Date
IV Name & Date
Submission Format:
The submission is in the form of an individual written report. This should be written in a concise, formal
business style using single spacing and font size 12. You are required to make use of headings, paragraphs
and subsections as appropriate, and all work must be supported with research and referenced using the
Harvard referencing system. Please also provide an end list of references using the Harvard referencing
system.
Unit Learning Outcomes:
LO1 Assess risks to IT security.
LO2 Describe IT security solutions.
LO3 Review mechanisms to control organisational IT security.
LO4 Manage organisational security.
Assignment Brief and Guidance:
EMC Cloud Solutions is reputed as the nation’s most reliable Cloud solution provider in Sri Lanka.
A number of high profile businesses in Sri Lanka including Esoft Metro Camps network, SME Bank Sri
Lanka and WEEFM are facilitated by EMC Cloud Solutions. EMC Cloud provides nearly 500 of its
customers with SaaS, PaaS & IaaS solutions with high capacity compute and storage options. Also EMC
is a selected contractor for Sri Lanka, The Ministry of Defense for hosting government and defense
systems.
EMC’s central data center facility is located at Colombo Sri Lanka along with its corporate head-office in
Bambalapitiya. Their premises at Bambalapitiya is a six story building with the 1st floor dedicated to sales
and customer services equipped with public wifi facility. Second-floor hosts HR, Finance and Training &
Development departments and the third-floor hosts boardroom and offices for senior executives along
with the IT and Data center department. Floor 4,5,6 hosts computer servers which make up the data
center.
With the rapid growth of information technology in Kandy area in recent years, EMC seeks opportunity to
extend its services to Kandy, Sri Lanka. As of yet, the organization still considers the nature of such
extension with what to implement, where is the suitable location and other essential options such as
security are actually being discussed.
You are hired by the management of EMC Solutions as a Security Expert to evaluate the security-related
specifics of its present system and provide recommendations on security and reliability related
improvements of its present system as well as to plan the establishment of the extension on a solid
security foundation.
Activity 01
Assuming the role of External Security Consultant, you need to compile a report focusing on following
elements to the board of EMC Cloud Solutions;
1.1 Identify types of security risks EMC Cloud is subject to, in its present setup and the impact, such
issues would create on the business itself.
1.2 Develop and describe security procedures for EMC Cloud to minimize the impact of issues discussed
in section (1.1) by assessing and treating the risks.
Activity 02
2.1 Discuss how EMC Cloud and its clients will be impacted by improper/ incorrect configurations which
are applicable to firewalls and VPN solutions.
2.2 Explain how following technologies would benefit EMC Cloud and its Clients by facilitating a
‘trusted network’. (Support your answer with suitable illustrations).
i) DMZ
ii) Static IP
iii)NAT
2.3 Discuss the benefits of implementing network monitoring systems.
Activity 03
3.1 Formulate a suitable risk assessment procedure for EMC Cloud solutions to safeguard itself and its
clients.
3.2 Explain the mandatory data protection laws and procedures which will be applied to data storage
solutions provided by EMC Cloud. You may also highlight on ISO 3100 risk management methodology.
3.3 Comment on the topic, ‘IT Security & Organizational Policy’
Activity 04
4.1 Develop a security policy for EMC Cloud to minimize exploitations and misuses while evaluating
the suitability of the tools used in an organizational policy.
4.2 Develop and present a disaster recovery plan for EMC Cloud for its all venues to ensure maximum
uptime for its customers (Student should produce a PowerPoint-based presentation which illustrates the
recovery plan within 15 minutes of time including justifications and reasons for decisions and options
used).
4.3 ‘Creditors, directors, employees, government and its agencies, owners /
shareholders, suppliers, unions, and the other parties the business draws its resources’ are the main
branches of any organization. Discuss the role of these groups to implement security audit
recommendations for the organization.
Grading Rubric
Grading Criteria
LO1 Assess risks to IT security
P1 Identify types of security risks to organisations.
P2 Describe organizational security procedures.
M1 Propose a method to assess and treat IT security risks.
LO2 Describe IT security solutions
P3 Identify the potential impact to IT security of incorrect
configuration of firewall policies and thirparty VPNs.
P4 Show, using an example for each, how implementing a DMZ,
static IP and NAT in a network can improve Network Security.
M2 Discuss three benefits to implement network monitoring
systems with supporting reasons.
D1 Investigate how a ‘trusted network’ may be part of an IT security
solution.
LO3 Review mechanisms to control organisational IT
security
P5 Discuss risk assessment procedures.
Achieved
Feedback
P6 Explain data protection processes and regulations as applicable
to an organisation.
M3 Summarise the ISO 31000 risk management methodology and its
application in IT security.
M4 Discuss possible impacts to organizational security resulting
from an IT security audit.
D2 Consider how IT security can be aligned with organisational
policy, detailing the security impact of any misalignment.
LO4 Manage organizational security
P7 Design and implement a security policy for an organisation.
P8 List the main components of an organisational disaster recovery
plan, justifying the reasons for inclusion.
M5 Discuss the roles of stakeholders in the organisation to
implement security audit recommendations.
D3 Evaluate the suitability of the tools used in an organisational
policy.
Activity 01
1.1
EMC is a major multinational company now renamed as Dell EMC after the acquisitions by Dell Inc.,
and it provides cloud computing systems and storage systems along with other benefits to business
organizations. But with this there are risks that EMC cloud is subjected to which can create an impact
on the business as well. Some of the security risk EMC is subjected to will be discussed below along
with how it would impact on the business.
I. Property damage.
Property damage could take place due to natural disaster such as earth quakes or in case of fire.
Another way could be data wipe by service provider where by accidental deletion by the cloud
service provider and also data could be lost due to malicious attacks. These sensitive data losses
could lead to devastation of the firm, since it may contain valuable information.
II. Malware injections and data breaches
In this an attacker would try to inject a malicious service or a virtual machine to the cloud. This
malicious attack would act as a part of the cloud’s program or a service, and this could lead to
eavesdropping which could be a major problem for the cloud service which the attacker could
steal, erase or modify data. This also impacts on the business which could lead to losses and
bankruptcy.
III. Hijacking
Hijacking is a process where an unrelated third-party accessing data by stealing credentials of
a user which can be accessed remotely. An attacker could steal credential by using phishing
method and keylogging. This could not only put the firm on risk but the employees of the firm
as well since the attacker may have the details of the employee.
IV. Misuse of data
Misuse of data could is a sign that there is no security within the EMC cloud provider and this
could impact negatively to the firm such as sensitive data could be in the hands of an attacker
or even the person who could be working within the business which could cause losses for the
business.
Activity 02.
Incorrect configuration of security controls such as firewall and VPN solution will have a negative
impact to EMC cloud and its clients. The following could be negative impacts of incorrect
configuration of firewall and vpn solutions.