Scribd
Upload
14 views

cyber security enginner

Uploaded by

ayomidekelly21
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
14 views

cyber security enginner

Uploaded by

ayomidekelly21
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Cyber Security

Engineer
Sample
Assessment Brief

NCFE Level 4 Diploma: Cyber Security Engineer


QN: 603/7748/3

Unit 05 Risk assessment in cyber security


(J/651/0937)

Version 1.0 September 2024 Visit ncfe.org.uk Call 0191 239 8000
NCFE Level 4 Diploma: Cyber Security Engineer: sample assessment – full unit 2

Student name / ID
number
Unit 05 Risk assessment in cyber security (J/651/0937)
Unit number, title and
LO1: Examine operating system security features
learning outcomes (LOs)
LO2: Assess risk management in cyber security
Assignment title Risk within cyber security
Scenario
You have recently joined a company as a cyber security intern. This small non-profit
organisation provides support and advocacy for victims of domestic abuse. They rely
heavily on donations and have a very limited IT budget.

Key details

Staff: five full-time employees and several volunteers. Some staff members are less tech-
savvy than others.

Current systems: a mix of older laptops (Windows 7 Professional and Windows 10


Professional) and a donated server (running an outdated version of Windows Server).

Data: sensitive donor information (names, addresses, contact details, and sometimes
financial information). Additionally, they store case notes with potentially identifying
information about the people they help.

Operations: heavy reliance on email, web browsing for research and outreach, and basic
office software. Volunteers sometimes use their personal devices to access the
organisation's shared file storage.

Challenges

Tight budget: limited funds for new hardware or software.

Compliance: there is a concern about potential compliance issues with data protection
regulations, as their practices are not very formalised.

Threats: the sensitive nature of their work makes them a potential target for cyber attacks
aimed at disrupting services or stealing information.
Tasks
Task 1

Write a report describing the security features of Windows Professional (7 and 10). Ensure
you recommend specific security features of the operating system for the company. You
may consider including the use of third-party applications, such as antivirus software.

Task 2

You have been given access to a simulated environment mirroring your company network
and systems. Conduct a risk assessment, paying close attention to vulnerabilities
stemming from outdated operating systems, user practices (personal devices), and
potential lack of security awareness. Create a prioritised mitigation plan with specific
recommendations, keeping in mind the cost constraints.

Version 1.0 September 2024 Visit ncfe.org.uk Call 0191 239 8000
NCFE Level 4 Diploma: Cyber Security Engineer: sample assessment – full unit 3

Evidence requirements
You must provide:

• a written report
• risk assessment documentation, including a mitigation plan.
Unit learning outcomes (LOs)
LO1: Examine operating system security features
LO2: Assess risk management in cyber security

Grading criteria

Learning Pass Merit Distinction


outcomes (LOs)
LO1: Examine P1: Describe M1: Explain how
operating system fundamental the choice of
security features security features operating system
offered by different impacts an
operating systems organisation's
overall security
posture
LO2: Assess risk P2: Define the M2: Explain how D1: Design a
management in scope of cyber risk assessment comprehensive risk
cyber security security risk documentation assessment plan,
assessment and supports risk tailoring it to meet
identify common treatment decisions the requirements of
risk assessment and suggest a recognised cyber
methodologies appropriate risk security standard
treatment options
P3: Apply a basic M3: Apply a risk D2: Justify
risk assessment assessment proactive risk
process to identify process, analysing treatment
security risks and results and strategies,
vulnerabilities in a prioritising risks considering both
given scenario based on likelihood technical and
and impact organisational
countermeasures

Resources

Example vulnerabilities:

• outdated operating systems – Windows 7 and Windows Server 2010 R2 are no longer
supported by Microsoft, making them highly vulnerable to known exploits
• personal devices (bring your own device) – unmanaged personal devices connecting to
the network introduce risks of malware infection and unauthorised data access
• lack of security awareness – staff might be susceptible to phishing scams, poor
password practices, or accidental data leaks.

Other common issues:

• unsecured Wi-Fi network


• lack of encryption on sensitive data
• poor incident response procedures.

Version 1.0 September 2024 Visit ncfe.org.uk Call 0191 239 8000

You might also like