Pearson
Higher National in
Computing
Unit 5: Security
ASSIGNMENT
BRIEF
This
This Assignment
Assignment Brief
Brief is
is the
the property
property of
of
THE
MILLENNIUM
UNIVERSITY
COLLEGE
THE MILLENNIUM UNIVERSITY COLLEGE
Higher National Certificate/Diploma in Computing
Assignment Brief
Pearson Reg. Number
Student Name
Academic Year
Unit 5: Security
2021-22
Unit Tutor
Zoha Farooq
Assignment Title
Computer System Security, Policies and Procedures
Issue Date
7-Mar-2022
Submission Date
29-May-2022
Unit Number and Title
Submitted On
Internally Verified?
IV Name
 Yes
 No
Mir Wajid Ali
18-Dec-2021
IV Date
Student Declaration
I solemnly declare that the work submitted for this assignment is my own and research sources
are fully acknowledged.
Student Signature:
Date:
Tutor Signature:
Date:
Submission Format
The submission is in the form of one individual report and two policy documents. Report should
be written in a concise, formal business style using single spacing and font size 12. You are
required to make use of headings, paragraphs, subsections and illustrations as appropriate, and
all work must be supported with research and referenced using the Harvard referencing system.
Please also provide a bibliography using the Harvard referencing system. You are required to
submit your work for plagiarism checking. No work will be considered if it contains plagiarism
more than the acceptable level defined as per TMUC’s plagiarism policy:
The individual report will be titled as “Managing IT Security of an Organization” and it will
contain the complete evidences for both the Part 1 and Part 2, and will contain a partial
evidence for Part 3. The evidences required in the report are:
Part 1
A dedicated section in your report having title “IT Security Risks and Procedures” comprising
the evidence as per the requirements given under the scenario. The recommended word count
for this Part is 1500 words but there is no penalty on exceeding this word count.
Part 2
A dedicated section in your report having title “ISO 31000 Risk Management Methodologies”
This Assignment Brief is the property of
THE MILLENNIUM UNIVERSITY COLLEGE
comprising the evidence as per the requirements given under the scenario. The recommended
word count for this Part is 1500 words but there is no penalty on exceeding this word count.
Part 3
In this part, you will create a dedicated section in your report having title “Roles of
Stakeholders in Implementing IT Security in an Organization” comprising the evidence as
per the requirements given under the scenario. The recommended word count for this Part is
1000 words but there is no penalty on exceeding this word count.
Beside, this section in the report, you will create two individual policy documents having
titles “IT Security Policy for BISE” and “Disaster Recovery Plan for BISE”. Both the policies
will carry a formal policy structure having, Introduction, Purpose, Body of the Policy, Policy
Owner, Sign off. Body of the policy will carry the major information about the policy. The
recommended word count for each policy is 1000 words but there is no penalty on exceeding
this word count.
Unit Learning Outcomes:
LO1 Assess risks to IT security
LO2 Describe IT security solutions
LO3 Review mechanisms to control organisational IT security
LO4 Manage organisational security
Assignment Brief and Guidance:
CrypTech Inc. is a digital security company that provides security consultancy and implementation
services to the IT industry in Pakistan. The company is a multi-segment organization comprising
of organizational units of Forensics, Offensive Security, Information Security Management and
Audits, and Secure Development. All these units are extensively working in the field of
Information and Digital Security.
You have recently joined CrypTech as a Trainee IT Security Specialist and currently you are
associated with the Information Security Management Unit. This unit has been involved in the
development of IS policies and procedures and risk assessment for various organizations followed
by their deployment and onwards, their audit. You are currently working with Information
Security Management group of the unit.
Part 1
Your unit has been given a new client organization “Board of Intermediate & Secondary
Education”. The client is a government entity managing educational programs for SSC and HSSC.
The client manages all the data digitally, however, it is experiencing some anomalies in their
digital processes and are doubtful that there is some sort of tempering to their records is
happening either internally or externally. The organization has decided to seek your company’s
expertise in this regard and desire to develop and implement a proper information security system
in their organization.
In this regard, your team lead has assigned you the responsibility to come up with the
list of renowned potential security risks and best possible mitigating procedures used
by the organizations. Assess the client’s organization against these potential risks using
appropriate risk assessment methodology of your own choice i.e. ISO 27001.
Furthermore, from preliminary discussion with the client’s technical team, it is observed that:
This Assignment Brief is the property of
THE MILLENNIUM UNIVERSITY COLLEGE


organization has implemented a 3rd Party VPN (CISCO) to connect its main office with 2
branch offices securely and has also implemented a network Firewall (CISCO)
they have an in-house Webserver hosted within the network which is directly accessible
from both the internet and the intranet at the same time.
In this regard, your team lead has assigned you the responsibility to analyze these
observations and come up with the possibilities where any misconfiguration to VPN and
Firewall may have a potential impact on the organizations IT Security and whether
implementing a Webserver directly connected to both the public and private networks
at the same time is recommended or not. If not, then do share, the best approaches
(i.e. DMZ, Static IP, NAT) that can ensure the security of the organization’s data. Also,
suggest how the implementation of Network Monitoring Systems will be beneficial for
organization’s security.
Suggest and give a conclusive and justified review of minimum three physical and three
virtual security measures that you feel, will be helpful for the client organization to
ensure the integrity of its IT security.
Part 2
The contract has been signed between the client and your company, and you are part of the
project team.
The client has asked about how your team will be taking up this project and, in this regard,
your team lead has tasked you to develop a report where you will cover the following aspects
to support client for developing a proper understanding about the Information Security
Management and Audits:
How the Risk assessment procedures defined in ISO 31000 risk management
methodology are effective in assessing organizational risks and how this standard plays
an effective role in the IT security?
Since the client’s organization is directly handling the public information, which is
extremely critical in nature hence, Data Protection processes needs to be applied to
ensure compliance with the relevant regulations i.e. Data Protection Act.
Security Policy and Organizational Policy, sometimes contradict with eachother and in
this regard, how an organization can align its security policy with its organizational
policy and managing any misalignment through IT Security Audits?
Part 3
The audit of the client’s IT infrastructure with regards to Information Security has been
completed and now your team has developed the Security Policy and disaster recovery plan to
be implemented in the client’s organization.
In this regard, you team lead has assigned you the responsibility to identify the
stakeholders and assign them the roles, and finalizing the security policy and detailed
disaster recovery plans, so that the same can be discusses, agreed and implemented
along with the suitable tools that will ensure security of the organization.
Please access HN Global for additional resources support and reading for this unit. For further
guidance and support on report writing please refer to the Study Skills Unit on HN Global.
Link to www.highernationals.com
This Assignment Brief is the property of
THE MILLENNIUM UNIVERSITY COLLEGE
Grading Criteria
Learning Outcome
Pass
LO1 Assess risks to IT P1 Identify types of
security
security risks to
organisations.
Merit
M1 Propose a method
to assess and treat IT
security risks.
P2 Describe
organisational security
procedures.
LO2 Describe IT
security solutions
P3 Identify the
potential impact to IT
security of incorrect
configuration of
firewall policies and
third-party VPNs.
M2 Discuss three
benefits to implement
network monitoring
systems with supporting
reasons.
Distinction
D1 Evaluate a
minimum of three
physical and virtual
security measures
that can be
employeed to ensure
the integrity of the
organizational
security.
P4 Show, using an
example for each, how
implementing a DMZ,
static IP and NAT in a
network can improve
Network Security.
LO3 Review
P5 Discuss risk
M3 Summarise the ISO
mechanisms to
assessment procedures. 31000 risk management
control organisational
methodology and its
IT security
application in IT
P6 Explain data
security.
protection processes
and regulations as
applicable to an
M4 Discuss possible
organisation.
impacts to
organisational security
resulting from an IT
security audit.
D2 Consider how IT
security can be
aligned with
organisational policy,
detailing the security
impact of any
misalignment.
LO4 Manage
organisational
security
D3 Evaluate the
suitability of the tools
used in an
organisational policy
P7 Design and
implement a security
policy for an
organisation.
P8 List the main
components of an
organisational disaster
recovery plan,
justifying the reasons
for inclusion.
M5 Discuss the roles of
stakeholders in the
organisation to
implement security
audit
recommendations.
This Assignment Brief is the property of
THE MILLENNIUM UNIVERSITY COLLEGE