lOMoARcPSD|44278505 Security assignment - good HND In Computing (ESOFT Metro Campus) Scan to open on Studocu Studocu is not sponsored or endorsed by any college or university Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Higher Nationals Internal verification of assessment decisions – BTEC (RQF) INTERNAL VERIFICATION – ASSESSMENT DECISIONS BTEC Higher National Diploma in Computing Programme title Mr.Ravindu Ishara Assessor Internal Verifier Unit 05: Security Unit(s) EMC Cyber Assignment title Sandhil Lakvindhu Wickramaarachchi Student’s name List which assessment criteria the Assessor has awarded. Pass Merit Distinction INTERNAL VERIFIER CHECKLIST Do the assessment criteria awarded match those shown in the assignment brief? Is the Pass/Merit/Distinction grade awarded justified by the assessor’s comments on the student work? Has the work been assessed accurately? Y/N Y/N Y/N Is the feedback to the student: Give details: • Constructive? • Linked to relevant assessment criteria? Y/N Y/N • Identifying opportunities for improved performance? Y/N • Agreeing actions? Y/N Does the assessment decision need amending? Y/N Assessor signature Date Internal Verifier signature Date Programme Leader signature (if required) Date Sandhil Lakvindhu 1 Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Confirm action completed Remedial action taken Give details: Assessor signature Date Internal Verifier signature Date Programme Leader signature (if required) Date Higher Nationals - Summative Assignment Feedback Form Student Name/ID 2 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Unit Title Unit 05: Security Assignment Number 1 Assessor Submission Date Date Received 1st submission Re-submission Date Date Received 2nd submission Assessor Feedback: LO1. Assess risks to IT security Pass, Merit & Distinction Descripts P1 P2 M1 D1 P4 M2 D1 LO2. Describe IT security solutions. Pass, Merit & Distinction Descripts P3 LO3. Review mechanisms to control organisational IT security. Pass, Merit & Distinction Descripts P5 P6 M3 M4 P8 M5 D3 D2 LO4. Manage organisational security. Pass, Merit & Distinction Descripts Grade: P7 Assessor Signature: Date: Assessor Signature: Date: Resubmission Feedback: Grade: Internal Verifier’s Comments: Signature & Date: * Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and grades decisions have been agreed at the assessment board 3 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Pearson Higher Nationals in Computing Unit 5 : Security 4 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 General Guidelines 1. A Cover page or title page – You should always attach a title page to your assignment. Use previous page as your cover sheet and make sure all the details are accurately filled. 2. Attach this brief as the first section of your assignment. 3. All the assignments should be prepared using a word processing software. 4. All the assignments should be printed on A4 sized papers. Use single side printing. 5. Allow 1” for top, bottom , right margins and 1.25” for the left margin of each page. Word Processing Rules 1. The font size should be 12 point, and should be in the style of Time New Roman. 2. Use 1.5 line spacing. Left justify all paragraphs. 3. Ensure that all the headings are consistent in terms of the font size and font style. 4. Use footer function in the word processor to insert Your Name, Subject, Assignment No, and Page Number on each page. This is useful if individual sheets become detached for any reason. 5. Use word processing application spell check and grammar check function to help editing your assignment. Important Points: 1. It is strictly prohibited to use textboxes to add texts in the assignments, except for the compulsory information. eg: Figures, tables of comparison etc. Adding text boxes in the body except for the before mentioned compulsory information will result in rejection of your work. 2. Carefully check the hand in date and the instructions given in the assignment. Late submissions will not be accepted. 3. Ensure that you give yourself enough time to complete the assignment by the due date. 4. Excuses of any nature will not be accepted for failure to hand in the work on time. 5. You must take responsibility for managing your own time effectively. 6. If you are unable to hand in your assignment on time and have valid reasons such as illness, you may apply (in writing) for an extension. 7. Failure to achieve at least PASS criteria will result in a REFERRAL grade . 8. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will then be asked to complete an alternative assignment. 5 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 9. If you use other people’s work or ideas in your assignment, reference them properly using HARVARD referencing system to avoid plagiarism. You have to provide both in-text citation and a reference list. 10. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be reduced to A REFERRAL or at worst you could be expelled from the course 6 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Student Declaration I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as my own without attributing the sources in the correct way. I further understand what it means to copy another’s work. 1. I know that plagiarism is a punishable offence because it constitutes theft. 2. I understand the plagiarism and copying policy of the Edexcel UK. 3. I know what the consequences will be if I plagiarize or copy another’s work in any of the assignments for this programme. . 4. I declare therefore that all work presented by me for every aspects of my programme, will be of my own, and where I have made use of another’s work, I will attribute the source in the correct way. 5. I acknowledge that the attachment of this document, signed or not, constitutes a binding agreement between myself and Pearson UK. 6. I understand that my assignment will not be considered as submitted if this document is not attached to the main submission. Sandhillakvindhu@gmail.com Student’s Signature: (Provide E-mail ID) 23/12/2022 Date: (Provide Submission Date) 7 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Assignment Brief Student Name /ID Number Unit Number and Title Unit 5- Security Academic Year 2020/2021 Unit Tutor EMC Cyber Assignment Title Issue Date Submission Date 23/12/2022 IV Name & Date Submission Format: The submission should be in the form of an individual written report written in a concise, formal business style using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as appropriate, and all work must be supported with research and referenced using Harvard referencing system. Please provide in- text citation and an end list of references using Harvard referencing system. Section 4.2 of the assignment required to do a 15 minutes presentation to illustrate the answers. Unit Learning Outcomes: LO1 Assess risks to IT security. LO2 Describe IT security solutions. LO3 Review mechanisms to control organisational IT security. LO4 Manage organisational security. Assignment Brief and Guidance: 8 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Scenario ‘EMC Cyber’ is a reputed cyber security company based in Colombo Sri Lanka that is delivering security products and services across the entire information technology infrastructure. The company has a number of clients both in Sri Lanka and abroad, which includes some of the top-level companies of the world serving in multitude of industries. The company develops cyber security software including firewalls, anti-virus, intrusion detection and protection, and endpoint security. EMC Cyber is tasked with protecting companies’ networks, clouds, web applications and emails. They also offer advanced threat protection, secure unified access, and endpoint security. Further they also play the role of consulting clients on security threats and how to solve them. Additionally the company follows different risk management standards depending on the company, with the ISO 31000 being the most prominent. One of the clients of EMC Cyber, Lockhead Aerospace manufacturing which is a reputed aircraft manufacturer based in the US, has tasked the company to investigate the security implications of developing IOT based automation applications in their manufacturing process. The client has requested EMC to further audit security risks of implementing web based IOT applications in their manufacturing process and to propose solutions. Further, Lockhead uses ISO standards and has instructed EMC to use the ISO risk management standards when proposing the solution. The director of the company understands such a system would be the target for cyber-attacks. As you are following a BTEC course which includes a unit in security, the director has asked you to investigate and report on potential cyber security threats to their web site, applications and infrastructure. After the investigation you need to plan a solution and how to implement it according standard software engineering principles. Activity 01 9 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Assuming the role of External Security Analyst, you need to compile a report focusing on following elements to the board of EMC Cyber’; 1.1 Identify the CIA Triad concept and evaluate why and how the CIA Triad could be utilize to EMC Cyber in order to improve the organization’s security. 1.2 Identify types of security risks EMC Cyber is subject to its present setup and the impact that they would make on the business itself. Evaluate at least three physical and virtual security risks identified and suggest the security measures that can be implemented in order to improve the organization’s security. 1.3 Develop and describe security procedures for EMC Cyber to minimize the impact of issues discussed in section (1.1) by assessing and rectifying the risks. Activity 02 2.1 Identify how EMC Cyber and its clients will be impacted by improper/ incorrect configurations that are applicable to firewalls and VPN solutions. IT security can include a network monitoring system. Discuss how EMC cyber can benefit by implementing a network monitoring system with supporting reasons. 2.2 Explain how the following technologies would benefit EMC Cyber and its Clients by facilitating a ‘trusted network’. (Support your answer with suitable examples). i) DMZ ii) Static IP iii)NAT 2.3 Identify and evaluate the tools that can be utilized by EMC cyber to improve the network and security performance without compromising each other. Evaluate at least three virtual and physical security measures that can be implemented by EMC to uphold the integrity of organization’s IT policy. 10 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Activity 03 3.1 Discuss suitable risk assessment integrated enterprise risk management procedures for EMC Cyber solutions and the impact an IT security audit will have on safeguarding organization and its clients. Furthermore, your discussion should include how IT security can be aligned with an organizational IT policy and how misalignment of such a policy can impact on organization’s security. (This can include one or more of the following: network change management, audit control, business continuance/disaster recovery plans, potential loss of data/business, intellectual property, Data Protection Act; Computer Misuse Act; ISO 31000 standards.) 3.2 Explain the mandatory data protection laws and procedures which will be applied to data storage solutions provided by EMC Cyber. You should also summarize ISO 31000 risk management methodology. Activity 04 4.1 Design an organizational security policy for EMC Cyber to minimize exploitations and misuses while evaluating the suitability of the tools used in an organizational policy. 4.2 Develop and present a disaster recovery plan for EMC Cyber according to the ISO/IEC 17799:2005 or similar standard which should include the main components of an organizational disaster recovery plan with justifications. Discuss how critical the roles of the stakeholders in the organization to successfully implement the security policy and the disaster recovery plan you recommended as a part of the security audit. (Students should produce a 15 minutes PowerPoint presentation which illustrates the answer for this section including justifications and reason for decisions and options used). 11 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Grading Rubric Grading Criteria Achieved Feedback LO1 Assess risks to IT security P1 Identify types of security risks to organisations. P2 Describe organizational security procedures. M1 Propose a method to assess and treat IT security risks. LO2 Describe IT security solutions P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and thirparty VPNs. P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security. M2 Discuss three benefits to implement network monitoring systems with supporting reasons. D1 Evaluate a minimum of three of physical and virtual security measures that can be employed to ensure the integrity of organisational IT security. LO3 Review mechanisms to control organisational IT security P5 Discuss risk assessment procedures. Sandhil Lakvindhu 12 Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 P6 Explain data protection processes and regulations as applicable to an organisation. M3 Summarise the ISO 31000 risk management methodology and its application in IT security. M4 Discuss possible impacts to organizational security resulting from an IT security audit. D2 Consider how IT security can be aligned with organisational policy, detailing the security impact of any misalignment. LO4 Manage organizational security P7 Design and implement a security policy for an organisation. P8 List the main components of an organisational disaster recovery plan, justifying the reasons for inclusion. M5 Discuss the roles of stakeholders in the organisation to implement security audit recommendations. D3 Evaluate the suitability of the tools used in an organisational policy. Sandhil Lakvindhu 13 Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Sandhil Lakvindhu 14 Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Table of Contents Activity 01...................................................................................................................................15 What is the Information Security Triad.....................................................................................15 Confidentiality........................................................................................................................15 Integrity...................................................................................................................................16 Availability..............................................................................................................................17 Identifying the many security vulnerabilities that EMC Cyber is exposed to, their effects on the company, and possible solutions......................................................................................18 Physical threats.......................................................................................................................19 Virtual threats...........................................................................................................................20 Phishing attacks........................................................................................................................21 Denial of Service (DoS) Attack...............................................................................................21 Security procedures for EMC Cyber to mitigate the identified issues................................22 What is a security procedure?............................................................................................22 Benefits of having proper security procedures in the EMC Cyber.................................22 How to develop a proper security policy..............................................................................22 Set procedures to mitigate the risks identified in EMC Cyber. A unified communication procedure.................................................................................................................................23 Access control procedure........................................................................................................23 Disaster recovery procedure..................................................................................................23 Business continuity plan.........................................................................................................23 Antivirus and Firewall procedure.........................................................................................24 How to encrypt a folder correctly..........................................................................................25 Activity 02...................................................................................................................................30 What is Firewall?....................................................................................................................30 Benefits of a firewall...............................................................................................................30 Broad policy configurations...................................................................................................30 What is VPN?..........................................................................................................................31 Common mistakes when configuring a VPN and its impact on organizations security....32 The correct way to configure a firewall.................................................................................33 DMZ, Static IP and NAT and how they would benefit EMC...............................................49 What is a DMZ?..................................................................................................................49 How a DMZ is used within the EMC Cyber and its benefits...........................................49 What is a Static IP?................................................................................................................50 How static IP is used within the EMC cyber and its benefits..............................................50 What is NAT?..........................................................................................................................51 15 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 How NAT is used in EMC Cyber and its benefits?...............................................................51 Activity 03...................................................................................................................................52 What is risk assessment?........................................................................................................52 Comment on IT Security & Organizational Policy..............................................................54 Process of IT Security Audit...............................................................................................54 Types of IT Security.................................................................................................................56 Data protection processes and regulations as applicable to EMC Cyber............................58 What is data protection?....................................................................................................58 Data protection regulations....................................................................................................58 General Data Protection Regulation (GDPR)...................................................................58 CIS controls.........................................................................................................................59 PCI-DSS (Payment Card Industry Data Security Standard)..........................................60 Data protection processes EMC Cyber uses to protect its and its client’s data..................60 Encryption...............................................................................................................................60 Access controls........................................................................................................................60 Authentication and verification system.................................................................................61 Firewalls..................................................................................................................................61 Physical security system.........................................................................................................61 Activity 04...................................................................................................................................62 What is an IT security policy?..................................................................................................62 Custom designed IT security policy for EMC Cyber................................................................62 Scope........................................................................................................................................62 Maintenance and enforcement of the policy..............................................................................63 Responsibility...........................................................................................................................63 Vulnerability management........................................................................................................63 Antivirus and Firewall policy....................................................................................................65 Policy violation procedure........................................................................................................65 Main components of a disaster recovery plan and justification for them..................................66 Detailed actions plan for recovering from various disasters................................................68 16 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Activity 01 What is the Information Security Triad Confidentiality, Integrity, and Availability are represented by the three letters "CIA triad." A prominent model that serves as the foundation for the creation of security systems is the CIA triad. They are used to identify weaknesses and develop strategies for problem-solving. The CIA triad divides these three concepts into different focal points because they are essential to the running of a business: confidentiality, integrity, and availability of information. This distinction is useful because it directs security teams in determining the many approaches they might take to each issue. When all three requirements have been completed, the organization's security profile should be stronger and more prepared to cope with threat situations. Confidentiality The efforts made by an organization to keep data private or hidden are referred to as confidentiality. To do this, access to information must be restricted to avoid the purposeful or unintentional sharing of data with unauthorized parties. Making sure that individuals without the appropriate authority are barred from accessing assets crucial to your firm is a crucial part of protecting confidentiality. On the other hand, a good system also makes sure that individuals who require access have the proper rights. For instance, employees involved in managing an organization's finances should have access to spreadsheets, bank accounts, and other data pertaining to cash flow. However, it's possible that only a small number of CEOs and the great majority of other staff members will have access. Strict limitations on who can view what is required to ensure that these policies are adhered to. Confidentiality can be breached in a number of ways. This can entail making direct attacks on systems the attacker doesn't have permission to access. Additionally, it can involve an attacker attempting to directly access a database or program in order to steal or modify data. 17 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Integrity Integrity requires ensuring that your data is reliable and unaltered. Only if the data is dependable, accurate, and legitimate will the integrity of your data be preserved. For instance, the information regarding top managers that your business posts on its website must be accurate. People who visit your website looking for information could think your company is unreliable if it is wrong. Someone with a stake in hurting your organization's reputation might attempt to hack your website and change the executive descriptions, images, or titles to reflect poorly on them or the business as a whole. Integrity is frequently compromised knowingly. An attacker may get around an intrusion detection system, modify file settings to provide unauthorized access or manipulate the system's logs to conceal the attack. Integrity can also be compromised accidentally. It's possible for someone to carelessly enter the incorrect code or make another error. Additionally, integrity can be compromised if the business's security policies, safeguards, and procedures are insufficient without any one person in the organization being held accountable for the mistake. You can employ hashing, encryption, digital certificates, or digital signatures to safeguard the integrity of your data. You can use reputable certificate authorities to authenticate your website so that users know they are accessing the website they planned to see. 18 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Availability Even if data is kept private and its integrity is upheld, unless it is accessible to those within the business and the clients they serve, it is frequently meaningless. This requires that all systems, networks, and applications operate properly and at the appropriate times. Additionally, people who have access to particular information must be able to use it when they need to, and accessing the data shouldn't take too long. The availability will be impacted, for instance, if a power loss occurs without a disaster recovery strategy in place to assist users in regaining access to crucial systems. Additionally, users may be unable to reach the workplace due to a natural disaster like a flood or even a strong snowstorm, which could affect the accessibility of their workstations and other devices that deliver mission-critical data or apps. Additionally, purposeful sabotage techniques like ransomware or denial-of-service (DoS) attacks might jeopardize availability. How EMC cyber could increase data confidentiality in the organization. An organization should only provide authorized individuals access to its data. The security and privacy of their clients' data should be a top priority for EMC Cyber.Here are some recommendations to make sure of it. Sort and categorize data based on its sensitivity and worth to the company. EMC Cyber will be able to determine which data sets require the highest level of security as well as the various security and access controls that each collection of data requires. Putting in place strict access controls that specify who should have access to the data and categorize authorized individuals according to the level of access they should have. Encrypting data to maintain data privacy while processing, during transmission, and during storage. How EMC cyber could increase data integrity in the organization. 19 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Because all of an organization's choices and transactions are reliant on its data, that data must always be reliable and correct. Therefore, EMC Cyber should always give safeguarding the integrity of their client’s data first priority. Here are a few recommendations: ensure data integrity throughout a company. Using digital signatures and certificates to validate data integrity. Use intrusion detection systems to detect data breaches. Audit the data on a fixed schedule to detect any discrepancies of data. Use strong access controls to avoid unauthorized personnel modifying or accessing data. Use encryption to secure data. Identifying the many security vulnerabilities that EMC Cyber is exposed to, their effects on the company, and possible solutions. Overview of the company A well-known business with headquarters in Colombo, Sri Lanka, EMC Cyber offers cyber security solutions to businesses and organizations all over the world. Antivirus, firewalls, intruder detection and protection services, and endpoint security are some of the services and products offered by the companies. The business also offers advice on how to spot security issues and counter them. When offering its services, EMC Cyber abides by strict and modern risk management standards like ISO 31000. Types of security risks to EMC Cyber. EMC Cyber is a global provider of cyber security, making it far more vulnerable to security risks than is typical given that it serves as the entry point for all of its clients' data. Therefore, it's critical for EMC Cyber to stay current on the latest security measures and threats. Physical threats and virtual threats are the two main categories into which the security threats to EMC Cyber can be divided. 20 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Physical threats A physical threat is a threat that physically affects the network and its data. This can be further subdivided into 3 main categories. Internal risks are those that originate within the company, such as fires, hardware malfunctions, electrical system problems, and a lack of physical security for the network and data. Natural dangers from outside the organization are considered to be the majority of external threats. The effects on the organization can be reduced by having a robust disaster recovery plan because, unlike other risks, these cannot be prevented because we have no control over nature. Threats of this nature include hurricanes, lightning storms, floods, and tsunamis. Human dangers include those posed by both internal and external parties, including the employees themselves. Both intentional and unintentional risks of this nature are possible. How to mitigate physical threats. Although physical risks to an organization's hardware cannot be entirely eliminated, they can be reduced by taking a few measures. Here are several alternatives to that. Use a physical biometric security system within the organization to restrict access to the organizations system. House the data servers on a physically secure limited access location. Use an automated fire alarm and extinguishing system. Use offsite backups. Train the employees well on the secure use of the network and the data. Use a lightning protection system. Use a power system with backup generators and surge protectors. 21 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Virtual threats A virtual threat is a nonphysical threat that has the potential to cause data loss, data breaches, unauthorized access to the system, and service interruption. These hazards can take many different forms, some of which are listed below. Viruses These are harmful pieces of code created to obstruct an organization's data and services. Infected files are distributed throughout the system by these hooking onto computer programs or files like videos, audios, and texts. Viruses circulate widely on the internet. These can spread with a simple email or an application that is downloaded. There are many different forms of viruses, including stealth viruses, boot sector viruses, macro viruses, and file viruses. Worms These propagate themselves, much like viruses do. A worm is a network aware, which means that it can propagate around the network automatically if the infected machine is connected to one. This distinguishes worms from viruses. These slow down the hardware and interfere with system operations. Trojans The majority of these attach to what appears to be trustworthy software, and when that software is run, they take over the entire machine. Though unlike viruses, these provide hackers and other outside parties access to your system through a backdoor, allowing them to steal data. 22 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Phishing attacks A phishing assault combines technological cunning with social engineering, in which a perpetrator sends an email pretending to be from a reliable source. To get a person's personal information or to influence him to do anything, a phishing attack is conducted. A link to a website that can take user data may be included in the email. Furthermore, it transmits information to a hacker who can drive the user to a different website that can contain malware. Additionally, emails may include malicious attachments that, when opened, might compromise the system and expose private data on the computer. Login credentials, credit card numbers, and salary information are the most common types of personal information used in this assault. Denial of Service (DoS) Attack A Denial of Service attack primarily aims to shut down systems or make them overloaded with requests from users. In this kind of assault, the perpetrator employs extra devices to send a steady stream of requests to the server. Its goal is to persuade the user to use it. They are too busy trying to fulfill these fake demands to fulfill actual ones. To do this, attackers amass a sizable number of computers and use their malware to infect numerous computers all over the world, giving them access to each one. When the load is too great, the servers may occasionally crash as well. However, because the attacker cannot obtain critical and secret data from the server, these attacks provide the attacker no advantages. Instead, they can just keep it active to ensure that genuine users not able to access its services These attacks are occasionally used to divert attention away from a number of other attacks. This is also because organizations often neglect to maintain their servers secure when they begin to concentrate on server downtime. Attackers attempting to prevent citizens from accessing public information on the pandemic by disabling the US Department of Health and Human Services (HHS) website recently used a COVID-19 DoS assault. 23 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Security procedures for EMC Cyber to mitigate the identified issues What is a security procedure? A recognized security vulnerability is addressed by the security method, which is a step-bystep process. Good security practices are straightforward and simple to implement. The company's continued condition of security is due to security processes. A security procedure isn't something you deploy once and then never think about again. To protect the organization's information security, it should never stop iterating within the organization. Benefits of having proper security procedures in the EMC Cyber EMC Cyber will be able to protect both its own data and the data of its clients if they have effective security practices. Additionally, it will help increase organizational efficiency by making the appropriate data accessible to those who need it. Data will be accessible aroundthe-clock with sufficient security measures, which will satisfy clients. By employing appropriate security measures, EMC Cyber's reputation as a provider of cyber security will be elevated. Employees of a corporation that adheres to proper security processes will be more security conscious. How to develop a proper security policy Identifying the security dangers to the firm must come before creating an appropriate security procedure. The most appropriate way to do this is to carry out a complete security audit that looks at the organization's present security policies and determines where they fall short. It should also look at the organization's current vulnerability to new and emerging security threats. The next step is to create or consult a panel of cyber security specialists and then come up with solutions to those problems once all the hazards have been detected in the audit. Following that, a sequence of easy-to-follow, succinct measures must be taken in order to facilitate the generated solutions. 24 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Set procedures to mitigate the risks identified in EMC Cyber. A unified communication procedure. This policy will specify what types of information can be shared internally inside the business and what types shouldn't be shared electronically. Employees shouldn't transmit passwords or other sensitive information within corporate email accounts, for instance. By preventing the leak of something as crucial as a password, this will assist battle the problems associated with employee error. To prevent data breaches, this approach will also require that all internal communications be encrypted. Additionally, this will determine how everyone in the organization, including members and staff, communicates. Access control procedure Employees within the company have access to what data will be determined by this approach. This will make it easier to prevent data access by unauthorized persons. The company will have many levels of information available for managers, employees, and other levels of staff. By establishing a consistent authentication process, this approach will also control how employees access the system, reducing data breaches by hackers. Disaster recovery procedure This will specify the course of action that must be taken following a disaster, such as a data breach or a natural disaster, in order to return the company to normal functioning. This will make it easier for the company to recover from disastrous circumstances. A company's disaster recovery plan is typically created as part of a larger business continuity plan with involvement from the cybersecurity and IT teams. Business continuity plan As previously indicated, a business continuity plan will specify the priority sequence for restoring hardware, application data, and services in the case of a disaster like a flood. Each firm' BCPs are distinctive since they spell out how the company will function in an emergency. FEMA and Kapnick both include sample BCPs that organizations might utilize to make their own. 25 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Antivirus and Firewall procedure Every computer in the corporate network will need to have a current virus guard and firewall in order to protect against viruses and other cyber security risks, according to this approach. Additionally, this will prevent staff from turning off the firewall or virus protection. By doing this, the business will be more protected from hackers, malware, viruses, and ransomware. This procedure will specify who is in charge of keeping the firewalls and anti-virus software up to date and maintained within the company. 26 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 How to encrypt a folder correctly First right click on the folder and then select properties. 27 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Then press the advanced button from properties 28 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Then check encrypt data to secure data then hit ok and then press apply 29 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Then select apply changes to this folder, subfolders and files 30 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Then backup your data if you want and then hit ok again. 31 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Activity 02 How EMC Cyber and its clients will be impacted by improper/incorrect configurations that are applicable to firewalls and VPN solutions. What is Firewall? A firewall is a piece of network equipment that monitors incoming and outgoing traffic and filters data packets in accordance with a pre-established set of rules. As implied by its name, it serves as a barrier between your internal network and incoming traffic from outside sources, such as the internet, and subsequently blocks all dangerous packets, such as viruses and hacking attempts. A firewall functions by screening the data being transmitted at the ports of computers. Firewalls can distinguish between harmful and benign traffic using predefined settings. To further understand how a firewall operates, imagine an IP address as a house with numbered rooms. Only trustworthy persons (source addresses) are allowed admission into the house, and then it is further refined and filtered so that residents may only access certain rooms based on their user privileges. Benefits of a firewall. Firewall protects data in the network. Helps protects privacy of users and data. Increases the security of the network. Can prevent remote access hacking attempts. Protects the network from trojans. Common mistakes when configuring a firewall and its impact on organizations security. Broad policy configurations Since it's difficult for IT experts to know exactly what they need to block when setting up a firewall, they begin with a general set of rules that apply everywhere. This will enable them to gradually tighten the set of rules as they become aware of the demands of the originators, however occasionally the organization will continue to use the same set of general configuration rules owing to time restraints or other factors. They will make the network of the organization more vulnerable to outside hazards like hacking, viruses, and trojans. 32 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Risky management services and rogue services. One error in firewall settings is having services running on the system that are not necessary. The two main offenders are "rogue" DHCP servers that are dispersing IP addresses on the network, which may cause availability problems as a result of IP conflicts and dynamic routing, which is normally not recommended for use on security devices. Inadvertent performance slowdown and network security problems will result from this. Nonstandard authentication methods. The entire organization must employ a centralized authentication mechanism. There is a significant risk of a security breach, for instance, if a branch office utilizes a different authentication mechanism than the main one. Not analyzing log outputs from security devices. Organizations occasionally fail to examine the outputs of security device logs. Because of this, organizations won't only be uninformed of breaches while they are happening but also have no method to track them down after they have occurred. What is VPN? Simply said, a VPN connects your computer, smartphone, or tablet to the internet through a different server. A VPN connects your device to a server as its initial action. After that, you can browse the internet using that server's IP address and internet connection. Therefore, if the server is situated in a different nation, it may seem as though you are from that nation, and you may be able to access resources that you couldn't otherwise. Using a public network, like the internet, a virtual private network creates a private network. This enables a company to grant secure remote access to its network to its employees. VPNs typically encrypt user data connections, making them extremely safe. Benefits of a VPN. 33 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Hides user’s private information. Escape data throttling from the ISP when you are over a certain limit. Access region blocked websites and content like Netflix. Avoid internet censorship. Provide secure remote access to another network Common mistakes when configuring a VPN and its impact on organizations security DNS leaks. Your IP address might be accessible to outsiders if a VPN is improperly configured (i.e., WebRTC is not turned off). This negates the purpose of utilizing a VPN because one of the benefits is anonymity. Your company will be exposed to a variety of outside security concerns and legal issues as a result of this. IPv6 Leaks. Some VPN services are set up to exclusively use IPv4 addresses. The user may find himself in a scenario where a third party can make IPv6 requests that reveal their true identity if their VPN doesn't deal with IPv6 requests and their unique network configuration and ISP are both utilizing IPv6. VPN kill switch configuration. A VPN kill switch is a feature that cuts off a user's internet connection if their VPN connection is interrupted for any reason, preventing the leakage of their information. However, if this setting is incorrectly configured and the user's VPN connection abruptly terminates, the user will continue to browse the internet under the impression that they are using a VPN when they are not. resulting in the disclosure of confidential information. The correct way to configure a firewall How to open firewall settings. 34 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 First, go to windows settings Then click privacy and security Then click windows security 35 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Then click firewall and protection. Then click advanced settings. 36 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 You will finally come to the following screen from where you can change inbound rules. How to set a new outbound rule to block a program from connecting to the internet. First, click outbound rules. 37 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Then click new rule. 38 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Then click select program on radio button and click next 39 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Then select the program you want and then hit next. 40 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Then select block connection or the desired action 41 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Then select where rule applies. 42 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Name the rule and click finish and you are done! 43 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 How to set an inbound rule to stop a program from receiving information from the internet. First, click on inbound rules. 44 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Then click on a new rule. 45 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Then select the program from the radio button. 46 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Then select the program you want. 47 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Then select block connection. 48 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Then select where the rule applies. 49 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Then name the rule and click finish and you are done! 50 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 DMZ, Static IP and NAT and how they would benefit EMC. What is a DMZ? A demilitarized zone, often known as a DMZ, is a subnetwork that houses the network's most exposed and vulnerable parts. These consist of network elements including web servers, FTP servers, and mail servers that are often in touch with the outer world (the internet, etc.). The organization network is further protected by placing these components in different subnetworks and adding a firewall between them and the internal network. As an illustration, if a web server of a company is compromised, the threat can be controlled by the firewall since the DMZ firewall tightly filters all traffic from the DMZ to the internal network. There are two main approaches to creating DMZs. Utilizing a single firewall with three network interfaces and devices is the first method. Within this firewall, the DMZ is situated with the first. The first firewall interface handles connections from the ISP, the second interface handles traffic entering and exiting the internal network, and the third interface handles traffic passing through the DMZ. While inexpensive, this approach is not the safest. The dual firewall approach is the safest way to create a DMZ. In this approach, the frontend firewall, the first firewall, is set up to filter traffic going to the DMZ, while the second firewall solely handles traffic coming from the DMZ to the internal network. Because they are less likely to share the same security flaws, using two firewalls from two separate manufacturers will further improve security. How a DMZ is used within the EMC Cyber and its benefits. Since EMC Cyber is a top provider of cyber security services, protecting the data of both the company and its clients is of the utmost importance. EMC Cyber also has servers that communicate with the outside world continuously. As a result, EMC Cyber has employed the twin firewall strategy, which involves using two firewalls from separate manufacturers, and has placed its mail servers, FTP servers, and web servers on a DMZ. The internet is one source of traffic that one firewall handles and filters for the DMZ, while the other firewall just filters traffic to and from the DMZ to the internal network. This has the advantage of keeping any damage restricted within the DMZ should a sever within the DMZ be compromised. The DMZ back-end firewall will also likely prevent a 51 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 hacker from leaving the DMZ even if they manage to access one of the servers. The dual firewalls of the DMZ have a fair chance of filtering out any incoming emails with viruses attached. What is a Static IP? A static IP address is one that won't change unless the assigned device is decommissioned. These days, the majority of internet-connected devices have dynamic IPs, which means that their IPs fluctuate over time. A static IP, on the other hand, is like a fixed address. A static IP can readily tell other internet-connected devices exactly where it is situated. Static IPs are typically used by businesses when they need to host a file server or a web server so that incoming traffic may find the server with ease. Getting it is quick and simple because of static IPs. This is helpful for a lot of small businesses that need internet-related services, such as hosting a web, email, or FTP server, providing remote access to a corporate network, or housing a webcam for applications like video streaming and videoconferencing. How static IP is used within the EMC cyber and its benefits EMC Cyber hosts a sizable volume of client data in safe storage and focuses mostly on cyber security. These clients require a fast and simple approach to access their data. As a result, all of EMC Cyber's file servers have static IP addresses. Additionally, EMC Cyber uses static IP for their mail servers and other communication servers to improve contact with their clients. This facilitates quick and effective client communication. Customers can locate a company's websites and services more quickly and easily when that company has a static IP address since it substantially simplifies the creation and operation of DNS servers. What is NAT? Network address translation is referred to as NAT. The main purpose of NAT is to preserve IP addresses. NAT converts a network's non-unique local IP address to a unique address so that it can connect to the internet. This is due to IPv4's limitations. Address system that can only accommodate 4 billion different IP addresses. There must be a way to preserve those 4 billion 52 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 IPs, though, given that there are more devices connected to the internet than that. The response to that is NAT. When someone uses a laptop connected to a home router, as an illustration of how NAT operates. when someone uses a laptop to look up the address of their preferred restaurant. This request is sent by the laptop as a packet to the router, which forwards it to the web. However, the router first switches the outgoing IP address from a local private address to a public address. How NAT is used in EMC Cyber and its benefits? EMC Cyber is a well-known provider of cyber security. It makes use of numerous servers, including web servers and file servers. Therefore, using separate public IP addresses for each server is neither practical nor secure. NAT is used by EMC Cyber to resolve this problem. As an illustration, the network is in charge of routing traffic to the appropriate servers, and all of EMC Cyber's file servers connect to the internet using a single public IP address. This is advantageous for EMC Cyber because it enables the corporation to reuse IPs and because it prevents outsiders from seeing the internal IPs of the organization network, which makes hacking more challenging. \ Activity 03 Risk assessment and management procedures and how it’s applicable to EMC Cyber 53 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 What is risk assessment? Any company or organization may run into risks or threats that make it difficult to do business as usual. This might be anything from a minor power outage to a major natural calamity. Such as a tsunami. Therefore, it's crucial for a company to foresee potential risks and study them in order to create a plan of action to mitigate them. The first step in risk assessment is to identify the risk and what it comprises because we cannot estimate the risk without doing so. The next stage is to comprehend and analyze the nature of the threats. This process involves determining the cause, origin, and probable effects of the risk on the organization. Finding a strategy to avoid risk is the last step in risk assessment, and if it is not possible, it is crucial to find a way to lessen its effects (in situations like natural disasters, risk cannot be avoided no matter what we do). An effective risk assessment leads to contingencies like a disaster recovery plan. A risk assessment has a number of objectives. The first step is to determine what dangers can occur and under what conditions. Next, it's necessary to determine the effects of such hazards. After that, it is necessary to determine the likelihood of encountering that risk in order to assign it a priority level and effectively manage it. Finding a solution to avoid or lessen the risk is the ultimate objective of risk assessment. If the scenarios in which a risk assessment is necessary may be specified. As this is uncharted area with a high probability of hazards, the first one should be when new business processes and activities are introduced. When existing business processes are changed or stopped, it is also crucial to undertake a risk assessment because new hazards may be created. From the aforementioned fact, it can be inferred that risk assessment is a crucial step for any firm if it wants to thrive as a market leader and face new problems head-on. A thorough risk assessment process can help a company save time, money, and labor. Additionally, it will assist businesses and organizations in being better ready for any outcome when introducing new goods and services. Risk assessment procedure. The health and safety executive (HSE) the official agency that polices safety and law in UK dictates five steps that consists of the risk assessment procedure. 54 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Step 01 identifies hazards. This step requires the organizations' accountable parties to evaluate the company's existing operating procedure as a whole and then pinpoint any hazards that could materialize during business operations. It's crucial to categorize the risks at this stage as internal, external, human, virtual, and physical threats in order to better support the actions that follow. You must comprehend the distinction between a risk and a hazard in order to recognize risks. A risk is "the possibility of the potential harm being realized," whereas a hazard is "anything with the capacity to cause harm." Risks can be found using techniques like market forecasting, security audits, and interviewing. Step 02 determines which parties are harmed and how. In this phase, we must determine who might be harmed—whether it's the business, a client, or both—how they are impacted, and how serious the repercussions are. To create the most realistic picture of the parties involved, these parties can be further separated into different organizational departments, as well as distinct employee and consumer kinds. Step 03 asses the risks and make an action plan. In this step, selected risks are further examined to ascertain the likelihood of each risk occurring, its likely mode of occurrence, and its potential effects on the organization as a whole. In order to prioritize the potential hazards, it is also required to determine the probability of the risk occurring. By ranking their potential risks, firms will be able to identify the most serious ones and start working to mitigate them. The organization will need to develop an action plan that addresses the risk by avoiding or mitigating it after doing a risk analysis. Step 04 document the risks and the action plan. It is crucial to record your findings during the risk assessment so that they can be referred to if necessary in the future. The risk, its likelihood of occurrence, threat level, priority, those affected, and a plan of action should all be included in this risk assessment report. Step 05 review the risk assessment. Since the documentation and action plan are only the beginning of the risk assessment process, it is a continuous activity. The organization must continue to assess the measures it 55 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 has taken to recognize risks, assess the success of the steps taken, and, if not, making the necessary adjustments before it's too late. Comment on IT Security & Organizational Policy IT Security Audit An IT security audit is a thorough investigation and evaluation of the information security infrastructure of your business. You may find flaws and vulnerabilities in your IT infrastructure, verify security measures, assure regulatory compliance, and more with the aid of routine audits. Process of IT Security Audit 1. Define goals Determine the objectives the audit team hopes to accomplish by conducting IT security audits. To ensure that specific audit goals are in line with your company's larger goals, be careful to clearly state the commercial value of each target.As a beginning point for developing and honing your own set of audit objectives, use this list of questions. Which systems and services do you want to test and evaluate? Do you want to audit your digital IT infrastructure, physical equipment, and facilities, or both? Is disaster recovery on your watch list? What are the specific risks? Is an audit necessary to prove compliance with specific regulations? 2. Plan the audit IT security audits must be carefully planned and organized to be successful. As well as the process timetable and procedures, you must specify the roles and duties of the management 56 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 team and IT system administrators allocated to carry out audit tasks. Determine the tools the team will use for data classification, reporting, and tracking as well as any logistical difficulties you may experience, such as bringing the team offline for review. Please write down and distribute the plan when all the specifics have been decided so that everyone is aware of it before the review begins. 3. Perform audit work. The audits should be carried out by the project team in accordance with the strategies and procedures decided upon during the planning phase. In order to check network security, data access levels, user access permissions, and other system settings, this typically entails scanning IT resources (such as file-sharing services, database servers, and SaaS applications). It is also advised to physically inspect the data center as part of the disaster recovery assessment to check for power surges, floods, and fires. Interview non-IT department staff as part of the process to gauge their expertise. Safety concerns and adherence to organizational safety rules. Policies, so any future vulnerabilities in your company's security measures can be fixed. Record any findings you may have during the audit. 4. Report the results. Create a formal report from all the audit-related materials so that it can be distributed to management stakeholders or regulatory bodies. A list of security threats and flaws discovered on your system should be included in the report, along with mitigation strategies suggested by IT staff. 5. Take the necessary actions. Finally, adhere to the recommendations outlined in the audit report. Examples of steps you can take to increase safety include Correct specific security vulnerabilities or weaknesses in accordance with remedial procedures. Train employees on safety requirements and safety awareness. Implement additional advanced methods to handle sensitive data and identify signs of malware and phishing attacks. Acquire new technologies to strengthen existing systems and regularly monitor your infrastructure for security threats. 57 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Types of IT Security Network security Network security is used to keep malicious or unauthorized users out of your network. Usability, dependability, and integrity are all preserved as a result. This level of security is necessary to stop hackers from accessing network data. Additionally, it stops them from impairing the network access or usage of your users. As businesses increase the number of endpoints and move services to the public cloud, network security is becoming a more difficult task. Internet security Internet security covers both network security using web applications and the safeguarding of data delivered and received in browsers. These safeguards are intended to keep an eye out for viruses and undesirable traffic in incoming Internet traffic. Firewalls, virus, and spyware protection are just a few examples of this protection. The last security post Protection is provided at the device level via terminal security. Endpoint security can be used to secure mobile phones, tablets, laptops, and desktop PCs. Your devices won't be able to access hostile networks that could endanger your company thanks to endpoint security. Examples of endpoint security include sophisticated malware defense and device management software. Cloud Security Users connect directly to the Internet and are not shielded by a conventional security stack as apps, data, and identities move to the cloud. The use of public cloud applications and software as a service (SaaS) can be safeguarded by cloud security. For cloud security, you can utilize Cloud Access Security Broker (CASB), Secure Internet Gateway (GIS), and Cloud Unified Threat Management (UTM). Application Security Applications are specially encrypted at the time of creation due to application security to be as safe as possible to ensure that they are not vulnerable to assaults. The application code is 58 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 analyzed as part of this additional layer of security, and potential software vulnerabilities are found. Advantages of IT Security Audit Measure the flow of data in your business. Identify vulnerabilities and problem areas. Determine whether the organization needs to change security policies and standards. Recommends how to use information technology to keep the organization’s business safe. Provides an in-depth analysis of internal and external IT systems and practices Data protection processes and regulations as applicable to EMC Cyber. What is data protection? Data protection, often known as data security or information privacy, is the process of preserving the availability, confidentiality, and integrity of sensitive data. Companies handling sensitive data, like EMC Cyber, must follow a plan to protect both their own and 59 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 their client’s data from loss, theft, and manipulation. The firm should also have a strategy that will lessen the negative effects that can result in the case of a potential data breach because it is impossible to completely prevent this from happening. This is also covered by data protection laws. Legal requirements specify how businesses must safeguard the data of both themselves and their customers. Data protection regulations. Various states and governing organizations have established a variety of rules and regulations in an effort to set an example and provide guidelines for information and data security. To protect their own data as well as the data of their clients, businesses and organizations are required to abide by certain norms and regulations. This protects each person's right to data privacy and makes businesses more security conscious. The following are some of the primary laws that EMC Cyber may be required to obey since its security company deals with clients from around the world. General Data Protection Regulation (GDPR) The European Union's GDPR, which was established in 2016 and went into force in 2018, aims to provide a consistent approach to data security throughout Europe. The GDPR focuses on an individual's right to control and modify their data as they see fit, as well as the obligation for corporations to be transparent when handling personal data in any way. Organizations must declare every legal reason for utilizing data and all of their processing procedures. The GDPR requires practically all online organizations and businesses to adhere to certain requirements on data privacy. GDPR compliance necessitates the implementation of a data privacy policy to ensure that only essential data is gathered, that people have a say in what data is collected and how it is used, and that any sensitive data is erased as soon as it has served its purpose. CIS controls The center for internet security developed it. A collection of cyber security best practices and guidelines called CIS control tries to safeguard enterprises against the worst cyberattacks. The CIS Controls provide businesses with detailed instructions and a clear path to achieving 60 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 the aims, goals, and objectives outlined by numerous legal, regulatory, and policy frameworks. Information security can be built on a solid foundation by implementing CIS key security controls inside the enterprise. Additionally, it enables the firm to use a tried-and-true information security risk management technique. The goal of CIS controls is to strengthen an organization's protection against cyberattacks by concentrating on the most efficient and specialized collection of technical measurements. The NIST Cybersecurity Framework, NIST 800-53, NIST 800-171, ISO 27000 series, PCI DSS, HIPAA, NERC CIP, and FISMA are among the numerous frameworks and laws that it easily complies with. PCI-DSS (Payment Card Industry Data Security Standard). All businesses that process, store, and transmit credit card information must abide by the PCIDSS, a set of 12 rules that were created to preserve the security of credit card information. The PCI Security Standards Council, an independent organization established by the majority of credit card firms, is responsible for establishing and enforcing this. 61 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 PCI-DSS is concerned with the requirements that businesses follow when storing, sending, and processing credit card information. To this end, the PCI Security Standards Council offers guidelines, benchmarks, and other resources to assist firms in maintaining the security of cardholder data. Data protection processes EMC Cyber uses to protect its and its client’s data. EMC Cyber must take all required precautions to safeguard its private and sensitive data from hackers and other individuals with nefarious motives because it is a top cyber security provider with a global clientele. EMC Cyber implements a number of key procedures to guarantee the integrity and security of its data. Here are a few of them. Encryption. To ensure optimum security, EMC Cyber encrypts all of its data whenever it is stored, processed, or sent. If there is a data breach, the stolen information won't be useful to the attackers because encrypted data are very difficult to decrypt without the right decryption key. As a result, the organization's clients are satisfied and its confidential data is kept private and secure. Access controls. EMC Cyber has very rigorous access control policies that specify what types of clients and staff can access what kinds of data on their system. This policy aids the business in preventing unwanted access to its data. With the help of an access control policy, the company can assign different levels of access to information to each of its employees. Additionally, in some circumstances, highly sensitive data processing, such as processing customer payment information, is totally automated and no employee has direct access to it, ensuring complete security and privacy. Authentication and verification system. For both of its clients, EMC Cyber employs a thorough and stringent authentication process. Clients must use a two-factor authentication mechanism each time they log in to the EMC Cybers system, which requires them to provide both their login information and an OTP code that was delivered to their phones. EMC Cyber uses a variety of biometric and key card systems for its employees to log in or access information, ensuring the highest level of information security. 62 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Firewalls. A firewall is a piece of network equipment that monitors incoming and outgoing traffic and filters data packets in accordance with a pre-established set of rules. As implied by its name, it serves as a barrier between your internal network and incoming traffic from outside sources, such as the internet, and subsequently blocks all dangerous packets, such as viruses and hacking attempts. To safeguard their own data and the data of their clients, EMC Cyber uses a firewall that it designed internally. Physical security system. In addition to protecting their clients' data online, EMC Cyber also physically safeguards their clients' data. Where a committed team of security officers is vetted and engaged by the business to maintain the safety of its facilities. It also uses a cutting-edge surveillance and security system to protect its property. No employee or visitor is allowed on the grounds of EMC Cyber without valid identification and biometric verification. Activity 04 Organizational security policy design for EMC Cyber. What is an IT security policy? The organization's IT security policy specifies the rules and practices that all workers and clients must follow in order to preserve the security of the network's hardware and data. Every organization has a different IT security strategy since each one needs to be specially 63 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 crafted in order to protect the data and other IT assets of the firm. The maintenance of the confidentiality, integrity, and accessibility of the systems and information utilized by an organization's members are the goals of any solid IT security policy. Custom designed IT security policy for EMC Cyber Objectives. This security policy is designed to achieve following objectives This IT security policy is designed to protect the information and IT assets of the EMC Cyber company against compromise of its valuable data of confidentiality, integrity and availability. Promote a holistic way of going about information security. Support EMC Cyber strategic vision through an approach which goes hand in hand with usability and security. Promote a security aware culture at the workplace. Promote a security aware culture among the clients of EMC Cyber. Make the EMC Cyber brand synonymous with information security. Provide EMC Cybers clientele with the best possible service. Scope. This IT security policy's scope includes all information that is stored, transmitted, processed, and deleted in the course of EMC Cyber's operations. As a result, it refers to the behavior of employees, clients, and other company stakeholders who have access to the information as well as the systems, facilities, applications, and equipment used by the EMC Cyber organization to store, process, host, and transfer information. Maintenance and enforcement of the policy. The head of the internal IT department and all of its staff are in charge of creating, maintaining, and enforcing this IT security policy inside EMC Cyber. 64 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Responsibility Clients Clients are responsible for adhering to safety procedures recommended by the company when using the services and products of the company and responsible for informing the company when a data or a security breach happens on their side. Employees. Employees are responsible for adhering to all guidelines that are enforced by this IT security policy and are responsible for reporting any errors or security breaches the discover to the IT department. Vulnerability management. An independent third party will perform penetration testing on set intervals(monthly) or after any significant infrastructure or service introduction. Keep reviewing and addressing threats identified during penetration testing in the order of their severity. Perform monthly data audits. Address the issues found during the IT audit. Perform a monthly risk assessment. Make an action plan for threats identified during risk assessment. Update and review the disaster Do a daily back up all data. 65 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Password policy. Password must be at least 8 characters. Must contain both capital and simple letters. Must contain numbers (0-9). Use of none alphabetical characters is recommended (E.g.! @#$% etc.) Every password must change monthly. Writing down password either physically or digitally is prohibited. Cannot use same password twice. Email policy. All emails should be scanned for viruses. All email must be work related. It is prohibited to log into personal email accounts using work computers. All inter organizational emails should be encrypted. Sharing of jokes and memes via organization network is prohibited. Sharing sensitive information like password via email is prohibited. Internet/social media policy. Logging into any social media services like Facebook, Twitter, Viber, WhatsApp, etc., or using them during work hours is prohibited to everyone but the public relations department. Using torrent sites is prohibited. Using pirate sites is prohibited. Using pornographic sites is prohibited. Using music or movie sites like Netflix is prohibited. Antivirus and Firewall policy. As a top provider of cyber security, EMC Cyber. Every antivirus program and firewall used were created by EMC Cyber security. It is the IT security department's obligation to update 66 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 and maintain these. Every day, new security rules for the firewalls are put into place, and virus guards are updated. Security incident handling procedure. Incident Data loss (Deletion from system). Response Data will be restored using the backup system. Data on the active system will be compared to the backup and restore if necessary. All clients concerned will be notified immediately and will be compensated later depending upon the severity of the breach. All steps necessary according to current data and security regulation and laws will be taken. Identify the virus, try to trace it and then remove it from the system. If necessary, contact expert support. Equipment and services will be restored as soon as possible. Data integrity breach. Data theft. Virus/malware detection. Physical theft and damages. Policy violation procedure. Any employee found to be guilty of violating this IT security policy will be dealt according to organizational disciplinary procedure. Additionally, if warranted authorities will be contacted. The actions taken by EMC Cyber on this will vary on a case-by-case basis. Main components of a disaster recovery plan and their importance. What is a disaster recovery plan? 67 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Not every disaster to an organization is avoidable. As an example, a natural disaster like a flood can be taken. Since there is no way to avoid some disasters, there must be a way to mitigate the consequences of that disaster and get operations running as quickly as possible.Disaster recovery plan is the solution to this. It is a document containing the set of actions, protocols and procedure to be taken in the case of a disaster like an earthquake or a massive hacker attack to minimize the consequences of that disaster and resume normal business operations as soon as possible. Main components of a disaster recovery plan and justification for them. Communication and role assignment. During a disaster successful communication is crucial for an organization to make a successful recovery. Also, it’s important to understand every employee’s role in the disaster recovery process to avoid unnecessary confusion and speeding up the recovery. To facilitate this a disaster recovery plan should include all employees contact details, their role in the recovery process and the chain of command to follow. Equipment safety procedures 68 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 A set of procedures for protecting the organization's equipment in the event of a disaster should be included in a disaster recovery plan. When it comes to natural catastrophes like floods and earthquakes, this is especially crucial. Although 100% equipment safety cannot be guaranteed, a strong disaster plan should be able to minimize the majority of the damage to enable the organization to recover and restart normal activities more quickly. Business continuity plan. A effective disaster recovery plan should specify the bare minimum of supplies, labor, and services required by an organization to carry on with daily operations. Therefore, the company will be able to resume its operations as rapidly as possible with the least amount of work in the event of an emergency by prioritizing which services, manpower, and resources to get up and running first. Data backups. Data backup procedures should be part of the disaster recovery process. This is done so that data may be promptly restored to their original state in the event of a disaster, allowing company operations to restart as soon as possible. It's crucial to pick an off-site location for your backups and to think about how quickly they can restore all of your organization's data. Detailed asset inventory. A good disaster recovery plan should record a detailed records of all the organization assets whether they be physical or virtual. This is so that in the event of a disaster the organization can quickly find out how much damage the disaster cost, assess the loss and then recovering those assets. This will also help the organization claim insurance claims so that it can get financial relief during a disaster. 69 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Detailed actions plan for recovering from various disasters. A disaster recovery plan should include numerous action plans for dealing with all identified disasters by the organization. This is so that the organization is prepared for any disaster scenario. References Anon., n.d. https://cloudian.com/guides/data-protection/data-protection-regulations/. [Online]. Anon., n.d. https://whatis.techtarget.com/definition/Confidentiality-integrity-and- availability-CIA. [Online]. Anon., n.d. https://www.barracuda.com/glossary/dmz-network. [Online]. 70 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 Anon., n.d. https://www.ccohs.ca/oshanswers/hsprograms/risk_assessment.html. [Online]. Anon., n.d. https://www.cisco.com/c/en/us/support/docs/ip/network-address- translationnat/26704-nat-faq-00.html. [Online]. Anon., n.d. https://www.ftc.net/blog/what-is-a-static-ip-address-and-why-would-a- business-needone/. [Online]. Anon., n.d. https://www.guru99.com/potential-security-threats-to-your-computer- systems.html. [Online]. Anon., n.d. https://www.howtogeek.com/133680/htg-explains-what-is-a-vpn/. [Online]. Anon., n.d. https://www.hse.gov.uk/simple-health-safety/risk/steps-needed-to- manage-risk.htm. [Online]. 71 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com) lOMoARcPSD|44278505 72 Sandhil Lakvindhu Unit-05 Security Downloaded by Himeshkar Balakrishnan (himeshraja123@gmail.com)
0
advertisement
Download
advertisement
Add this document to collection(s)
You can add this document to your study collection(s)
Sign in Available only to authorized usersAdd this document to saved
You can add this document to your saved list
Sign in Available only to authorized users