information about security and what they mean, Summaries of Computer Programming

Download information about security and what they mean and more Summaries Computer Programming in PDF only on Docsity!

Student Name: Krystal Latoya Walters

Student ID: S

Unit Number and Title: Unit 05 Security

Unit Tutor: Hassan Adam

Section 1 Introduction I am a Junior Computer engineer by a consulting company that does IT Security I will be preparing materials that will make BROLAN Ltd to succeed with the requirements for the contract with the client and I will be investigating IT Security Risk at Brolan and the potential risk. Internal Threats Internal threats occur when you use a computer system since not everyone who utilizes the system understands how to stay secure and will misuse the system. Human error or operating system damage are examples of potential hazards. Internal dangers are what occur within the firm, such as the Broylan ltd the company's operating Tems are damaged. However, if a company employee opens a file and downloads the files from an infected email, the network will become infected. External Threats External threats include viral attacks, hacking, and data theft. External damage refers to malicious damage that enters the system from the outside. Hacking is the most damaging type of external damage. The impact of the External Threat is that the hacker can breach the company's computer security measures externally from a computer outside of the firm, after which the hacker can steal information or inject viruses into the company's systems. Identify types of security risks to organization The different types of security risk for the BROLAN ltd organization would be IT Threats and Threat when someone such as the clients could lead up to a vulnerability and this is caused because of negative impact on the networks. The IT Security Risks list  Unauthorized use of a system,  unauthorized removal or copying of data or code from a system.  Data or code removal or copying from a system  Naturally occurring risks Unauthorized use of a system

should be analyzed and a contingency plan made within the organization, such as the team, and everyone should collaborate to design a strategy to ensure that no assaults occur within the Brydon Organization. The contingency plan should contain all backups, offsite storage, and data recovery strategies, as well as access to quick hardware replacement and insurance that covers replacements, company loss, and all recovery work. Backup and Restoration of data Meaning of backup and Recovery of data Backup and recovery is the practice of creating and storing copies of data that can be used to protect organizations against data loss. Within the BROLAN Ltd organization, the employees who work there should be responsible for data recovery and should know the procedures to the employees, and the company should plan because the entire system can be up and running again within 24 hours, then disaster recovery should be a simple process if something bad happens. A complete risk analysis must also be used to design the contingency plan, ensuring that every possibility is included. Audits An organization that is uninformed of how and where security breaches may occur may soon find itself in a costly and unpleasant scenario. Auditing refers to on-site verification activities such as inspections or examinations of the process or quality system to guarantee compliance with regulations. An audit can also apply to an entire system. Financial Audit Financial Audit is an investigation where a company's financial statements are affected by an external or internal auditor to make sure that they are correct and free of Erros. Government Audits The purpose of the government audits is to ensure that the financial statements have been made accurately so that the amount of taxable income of the BROLAN Ltd company is not misrepresented. I also discovered that in the United States, the Internal Revenue Service conducts audits to ensure the correctness of a taxpayer's tax reports and transactions. External audits are for both financial statements and the internal controls of BROLAN Ltd Company, while internal audits act as a managerial tool to ensure that improvements to procedures and internal controls are implemented. The BROLAN Ltd Company is audited yearly on its financial accounts, which include income statements, balance sheets, and a cash flow statement.

Procedures for testing hardware An hardware is a physical component of a computer system, but when we connect computers together to share data, software, and hardware, we establish a network. Within the network, there is frequently a classification based on geographical size or space. LAN If LAN testing fails, it is because the LAN device testing message and support adapters are no longer selected using a UI; instead, they are automatically detected based on the network topology; however, if the automatic detection fails, it is because the network topology is different than the recommended topology, and the devices must be renamed on the test and support machines before the test can be run. Wan Technology will be used to transmit data around the ISP network and between other ISPs. It is highly popular for large enterprises to connect to the internet to provide connectivity between their LANs rather than using more traditional WAN solutions. Software testing procedures Software testing is the process of assessing and validating whether a software product or programmer accomplishes what it is designed to do. The benefits of testing include problem prevention, cost reduction, and improved performance. Windows server evaluation Windows server testing is primarily focused on stress, which covers client and server stress as well as network stress, CPU use, and memory consumption. The test will be dependent on the server's features. A strong asset and software inventory is required to identify which security problems and software updates are relevant to the Brydon LTD organization environment. An automated patch management solution is the best way to manage the procedure in a complicated environment. Networking Monitoring systems and security result Network monitoring can detect element failure before it has a negative impact on operations. Network monitoring in the Brydon LTD association allows the IT Support platform to determine which issues are most likely to arise and how to help the situation from recreating, similar to replacing failing factors. The dislocation of the company, loss of reputational damage, and loss of sensitive customer data are all consequences of network failures. Assess and Treat IT Security Risks The Octave is a contemporary that deals with IT Security. The acronym OCTAVE stands for

DMZ

The DMZ forms a security result that has a redundant level of security to an internal network it can limit access to sensitive data and resources also servers between the external users and a private network. The North and South Korea refers to the Demilitarized Zone ( DMZ), which was established after the Korean War in 1953 to lessen conflict between North and South Korea. A zone of demilitarization A DMZ is a network that exposes an association's outside facing services as a subnet, thereby guarding the association. The external association, similar as a customer, can only enter the services that it's authorized to pierce, and the Firewall can be stationed between the DMZ and the internal records of the association (Fortinet, 2023). DMZ provides a redundant level of security to an internal network. It restricts access to sensitive data resources and servers by replacing a buffer between external users and a private network (Fortinet, 2023). The DMZ IP address is 172.16.1.0. The configuration for the LAN is done for the DMZ server subnet which is subnet172.16.1.0255.255.255.0 DMZ outside. DNS

The advantages of having DNS support are that it is easy to set up and manage. It can also have remote access, making it easier to work remotely using any remote access programmer. Hosting server if you are hosting a server that uses a static IP address, it is easier for the client to find the DNS server. The DNS serves as a security solution resolver and offers benefits. These are content filtering, which allows sites known to disseminate malware and spam to be prohibited, and protection, which prevents contact. I P Addresses That Remain Static When using the Internet or a home network, use static IP addresses on the Cisco packet tracer to avoid IP address conflicts. NAT The NAT is both within and outside the subnet, and the LAN address is 192.168.20.0255.255.0. Nat network address restatement is the process of converting a public address into a private address that may be employed within an association applying various devices like firewalls and routers. Because NAT applies just one router, it can only configure one address for the entire network. Nat forces businesses to pass the firewall, the NAT ensures that all inbound and outbound business may be reviewed before being transferred to its destination. Network Monitoring Systems as a security result Discuss three benefits of applying network monitoring systems I've worked in a group of three and we've set up information about the benefits of enforcing network monitoring systems. I've set up one benefit deciding problems before they be within the networking monitoring systems there can be a computer failure and it can be expensive and time when using network technology can reduce the time-out because with computer failures if a problem happens you can fast identify the cause similar as with fixing the issue and to get the computer back over and running( Admin, 2022) Another person in my group has set up an exploration for guarding the association from cyber- attacks. They said that Cyber security breaches have come more common similar as hackers can target companies every day and look for a weak point. But using network monitoring tools you can be suitable to identify the network and make sure that it makes it harder for hackers to gain unauthorized access to the Companys Computers or laptops ( Admin, 2022).

Section 2 Task 1 - Risk Assessment Procedures Discuss four risk assessment procedures that you might use in IT security at BRYLAN Ltd. The risk assessments procedures are hardware and software, Audit control and Potential loss of data and probability of occurrence. Hardware and Software The risk assessment for hardware and software will be used in the IT Security at Brylan LTD because the risk for hardware and software is placed through ISO 27001 Risk Assessment and treatment process. Audit Control The Audit Control is important for the IT Security at Brylan LTD because the company will be unaware of how and where the security breaches is coming from and this will affect the company but it will be good to have Audit Control for the company is because a security audit should be conducted to check what might go wrong and to plan improvements before any hacker takes advantage of the problem. Potential loss of data The Potential loss of data will be good for the IT security at Brylan LTD because the cost for any equipment for the business if the data is loss, then the cost will insure is recovered by the organization. The loss of the business, a security breach can mean it can be an ICT System. The Brylan LTD company, the IT system is to take orders, will be affected by the loss of business during the downtime. But some customers from the Brylan LTD company will come back later but some will not they will already have taken their business somewhere else and if the security breach causes data loss and it proves difficult to recover the data and then the result can be disastrous for the Brylan LTD. Probability of occurrence The Probability of occurrence will be considering the risk of Security will be Disaster and Theft this means that the Brylan LTD must be careful of these Security risks.

The Data Protection processes Contracts and staff responsibilities The Contracts and staff responsibilities will help Brylan LTD company to be securely safe e is because as an employee the employee must give a written statement for employment or contract and how much the client going to get paid this can be a minimum level of paid holidays and a pay slip showing all the deductions such as national insurance contributions. Also make sure that the employees don’t work longer than the maximum, which is allowed with the Brylan contract (GOV.UK,2022) The staff restorability is to provide a state and secure working environment for the employees and to register with HM Revenue and Customs to deal with payroll, tax, and NIC. The Fix term Contracts will have to last for a certain length of time and fix-term employees must have the same treatment as full-time permanent staff (GOV.UK,2022) Information Rights The Information Rights will secure Brylan LTD because use the rights management is a set of technologies that helps ensure that the information is protected from unauthorized use also the IRM Technlogies can be uses to protect sensitive and confidential data such as financial records and customers information (Haissam Abdul Malak,2022). Data Protection Act with DGPR The Data Protection Act to secure Brylan LTD the company will have to make sure that the information is kept secure and accurate and up to date. When's the company collects anyone's personal data you must tell them who you are and how you will use their information, such as with other organizations (GOV.UK,2022). The company has also the right to see any information you hold about then and correct it and to request their data to be deleted and to request their data not used for certain purposes (GOV.UK,2022). Computer Misue Act 1990 The Computer Misue Act 1990 can protect the Brylan LTD company from users attacks and theft of information and the offences under the act which is hacking and unauthorized access to any computer systems and spreading malicious and damaging software such as malware and viruses. The Computer Misuse Act of 1990 is the main Legislations that criminalist unauthorized access to computers systems and data and the damaging or destroying of these systems. The Brylan

The organizational impact will be on the Audit control services security audits can help protect critical data and to do to identify security loopholes and create a new security policy and can track the effectiveness of security strategies. But the regular audit can help ensure that the employees stick to the security practices (Anon,2019). Network change management The organizational impact will be on the network change management that will control and protect the service organization in managing the systems changes and to help to minimize disruption system issues and production outages if changes management controls is poorly executed (Becky,2021). Aligned Organizational Policy how IT security can be aligned with organizational policy, detailing the security impact of any misalignment at BRYLAN Ltd. On-line access (internet, email, game, social network) The Online access such as the Internet will be Antivirus software to protect the system by detecting threats from the BRYLAN ltd Company to ensure that the data is safe some of the antivirus programs has automatic updates and protecting the machine from new viruses that hat happens daily (Freedman,2019). Email An Email Policy is a business that will choose to apply to insure that workers use their emails in a way that's aligned with the organization similar as BRYLAN ltd. The email policy will help to make sure that the workers are apprehensive of their liabilities when using email. This means what they can do and what they cannot do and the terms and conditions the workers have signed and dated (Elliot, 2019). Social Network A Social Media policy is an official company document that provides guidelines and conditions for the BRYLAN LTD social media. The social media policy is intended to cover the brands official channels ( Anon, 2021). Use and development of software The software development policy helps to regulate the software development and law management at BRYLAN ltd. A disorganized software development process can affect in wasted

time and wasted developer resources but creating a software development practice with an eye to effectiveness and reuse is key to cost savings ( Anon, 2019). Physical security types (biometrics, swipe cards, theft prevention) The Biometric systems work based on the behavioral traits of the users similar as voice recognition and signature verification. Voice Recognition The voice patterns change from person to person, the pitch value and frequency value is the same for each person and hence voice patterns are easily used for identity. The BRYLAN ltd company will use this tool to authenticate that a person is indeed the existent they claim to be when speaking (Danielle, 2019). Swipe Cards Swiping cards is an employee attendance tracking technology that can help the BRYLAN ltd business to cover and follow the attendance of their workers and the mortal resource department. The Association of Certified Fraud Observers finds that employee's fraud and abuse cause businesses to lose around 5 percent of their yearly profit( Mitrefinch, 2019). Theft prevention Theft prevention can be Monitoring the staff with CCTV Cameras at the workplace and making steaking unacceptable this means that the BRYLAN ltd company will bring in zero tolerance policy alongside an understanding that stealing from the company is unacceptable begins to create a culture that deters staff from crime (Anon, 2019). Third party accessibility Accessibility means further than putting effects online similar as disabled vision might use a screen reader such as software that lets a user navigate a website and read out the textbook and someone that might use a special mouse or speech recognition software or on- screen keyboard emulator. The Accessibility regulations came into force for public sector bodies on 23 September 2018. They say it must make the website or mobile app more accessible even with companies and organizations. The accessibility regulation's is for being obligations to people who have a disability under the Equality Act 2010 or the disability discrimination Act 1995 in Northern Ireland (Government, 2018).

Disaster Recovery Plan (DRP) What is the purpose of a DRP? List the main components of an organizational disaster recovery plan and justify the reasons for picking each component. (You may use part of the evidence for U05-A1 assignment about business continuance to answer this question). A disaster recovery plan is a disaster recovery implementation plan or IT disaster recovery plan that's a recorded policy and process that's designed to help an association in executing recovery processes in response to a disaster to cover business IT structure and more generally promote recovery (Anon, 2021). Also, a disaster recovery plan formal document created by an association that contains detailed instructions on how to respond to unplanned incidents similar as natural disasters and cyber- attacks. The plan contains strategies to minimize the goods of a disaster so an association can continue to operate or quickly resume key operations (Anon, 2016). The main Components The main components of an organizational disaster recovery plan which is to create a disaster recovery team and to identify and assess the disaster risks and determine critical applications and documents and resources also specify backup and off-site storage procedures and the last one will be to Test and maintain the DRP. Create a disaster recovery team The Organization and the team will have to be responsible with developing and implenting and maintain the DRP and to provide the contact information and the DRP should also identify why should be the employees should be informed of and to understand the responsibilities if anything bad happens. Identify and assess disaster risks The disaster recovery team will be able to identify and assess the risk of the organization this should include items such as natural disasters and technology-related related incidents this will assists the team in identifying the recovery strategies and resources required to recover from the disasters. Determine critical applications The organization has to evaluate the business operations of the organizations. The plan should be short-term, for example generating cash flow and revenue rather than a long-term solution of restoring the organization's full functioning. Also, there should be a process which will have to be delayed, which will be the processing for payroll.

Test and maintain the DRP The backup and location of the backup and how constant backups should be, and the operations and outfit, and documents should be backed up. The documents that should consider backed up are the latest financial statements, duty returns, and the list of workers and their contact information and records this will need daily operations like checks and purchase orders and a copy of the DRP should be stored at an offsite location. Disaster recovery planning is a continual process as the risks of disasters and extremities are always changing. The association will have to routinely test the DRP to estimate the procedures documents in the plan for effectiveness. The recovery team should make regular updates on the DRP to accommodate changes in the business processes and technology and revolving disaster risks. The Stakeholders’ Roles The roles of stakeholders in implementing security audit recommendations at BRYLAN Ltd. The Stakeholders with implementing security audit recommendations at Brylan LTD is that that stakeholders audit is important component if the ongoing Stategic development process The Brylan LTD Company will benefit from the stakeholder's audit in other ways. The Audit provides value to stakeholders is through assessing internal control and making recommendations for improvements such as the identification of key stakeholders and their interest is important such as ensuring the success of an internal audit function and ensuring that the internal audit efforts are aligned with the needs of the Brylan LTD organization. The benefits of stakeholder's plan The Benefits of stakeholders is to keep current with emerging issues and risk and to demonstrate how the internal audit add value and to make the contribution and services of internal audit. The recommendation of stakeholders Application Visibility The Application visibility benefit is reducing productivity losses and compliance issues and threat spread and risk of data leakage. Encrypt company laptop hard disk

Section 1 Referencing www.ibm.com. (2021). Db2 11 - Common Criteria - Organizational security policies. [online] Available at: https://www.ibm.com/docs/en/db2-for-zos/11?topic=db2-organizational-security- policies. VMware. (2022). What is Network Security? | VMware Glossary. [online] Available at: https://www.vmware.com/topics/glossary/content/network-security.html#:~:text=Network %20security%20is%20a%20set. Singh, R. (2022). Software Security Testing: Approach, Types, Tools. [online] Insights - Web and Mobile Development Services and Solutions. Available at: https://www.netsolutions.com/insights/software-security-testing/#:~:text=Software %20security%20testing%20is%20a. Feroot. (n.d.). What is Client-Side Security? [online] Available at: https://www.feroot.com/education-center/what-is-client-side-security/#:~:text=Client%2Dside %20security%20refers%20to. Checkpoint (2023). What is a Firewall. [online] Check Point Software. Available at: https://www.checkpoint.com/cyber-hub/network-security/what-is-firewall/#:~:text=A %20Firewall%20is%20a%20network. Fortinet. (n.d.). What are the Benefits of a Firewall? [online] Available at: https://www.fortinet.com/resources/cyberglossary/benefits-of-firewall#:~:text=Stops%20Virus %20Attacks&text=One%20of%20the%20most%20visible [Accessed 16 Jun. 2023].

Wilson, B. (2020). Why Firewall Misconfigurations Are Putting Your Clients At Risk in 2020. [online] XaaS Journal. Available at: https://www.xaasjournal.com/why-firewall- misconfigurations-are-putting-your-clients-at-risk-in-2020/#:~:text=Breach%20avenues%3A %20A%20firewall%20misconfiguration. www.thousandeyes.com. (n.d.). How Virtual Private Networks Impact Application Performance. [online] Available at: https://www.thousandeyes.com/blog/how-virtual-private-networks- impact-performance#:~:text=Sometimes%2C%20a%20misconfiguration%20or%20connecting. Search Networking. (n.d.). What are the risks of third-party VPN services? [online] Available at: https://www.techtarget.com/searchnetworking/answer/How-can-incorrectly-configuring-VPN- clients-lead-to-a-security-breach#:~:text=Third%2Dparty%20VPN%20services%20work. Fortinet. (n.d.). What Is a DMZ Network and Why Would You Use It? [online] Available at: https://www.fortinet.com/resources/cyberglossary/what-is-dmz#:~:text=A%20DMZ %20provides%20an%20extra. admin (2022). What are the Top Benefits of Network Monitoring? - ExterNetworks. [online] Learning Center. Available at: https://www.extnoc.com/learn/networking/top-benefits-of- network-monitoring#:~:text=Network%20Monitoring%20is%20a%20powerful [Accessed 16 Jun. 2023]. www.netapp.com. (n.d.). What Is Backup and Recovery? - Why It’s Important | NetApp. [online] Available at: https://www.netapp.com/cyber-resilience/data-protection/data-backup- recovery/what-is-backup-recovery/#:~:text=Backup%20and%20recovery%20describes%20the. https://southandcitycollege-my.sharepoint.com/:p:/r/personal/s45313690_sccb_ac_uk/ _layouts/15/Doc.aspx?sourcedoc=%7BBD9BAE13-57B0-4465-9F8F- BD52D78B1D94%7D&file=U05-Slides-21-06- 23.pptx&action=edit&mobileredirect=true&login_hint=s45313690%40sccb.ac.uk&ct= 15784&wdOrigin=OFFICECOM-WEB.START.UPLOAD&cid=bc76c6b2-6dc5-456b-ab32- f806a078dba4&wdPreviousSessionSrc=HarmonyWeb&wdPreviousSession=9e08acbf-d185- 4a1d-bbd3-8a5cf77ef business.com. (n.d.). Secure Remote Access: What It Is and How It Works. [online] Available at: https://www.business.com/articles/secure-remote-access/.