Network Security: A Comprehensive Guide to Protecting Your Organization
VerifiedAdded on  2024/05/21
|28
|5139
|104
AI Summary
This comprehensive guide explores the critical aspects of network security, covering topics such as identifying security risks, implementing organizational security procedures, configuring firewalls and VPNs, and designing disaster recovery plans. It also delves into risk assessment methodologies, data protection regulations, and the role of stakeholders in implementing security audit recommendations. This resource provides valuable insights for individuals and organizations seeking to enhance their network security posture and protect sensitive data.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
NETWORK SECURITY
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
TABLE OF CONTENTS
INTRODUCTION...........................................................................................................................1
LO1..................................................................................................................................................2
P1 Identify types of security risks to organizations [M1]............................................................2
P2 Describe organizational security procedures..........................................................................4
LO2..................................................................................................................................................6
P3 Identify the potential impact to IT security of incorrect configuration of firewall policies
and third-party VPNs...................................................................................................................6
M2 Discuss three benefits to implement network monitoring systems with supporting reasons.
.....................................................................................................................................................7
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a
network can improve network security........................................................................................8
LO3................................................................................................................................................11
P5 Discuss risk assessment procedure.......................................................................................11
M3 Summarize the ISO 31000 risk management methodology and its application in IT
security.......................................................................................................................................13
P6 Explain data protection processes and regulation as applicable to an organization.............14
M4 Discuss possible impacts to organization security resulting from an IT security audit......15
LO4................................................................................................................................................16
P7 Design and implement security policy for an organization..................................................16
P8 list the main components of an organizational disaster recovery plan, justifying the reasons
for inclusion...............................................................................................................................18
M5 Discuss the roles of stakeholder in the organization to implement security audit
recommendations.......................................................................................................................19
CONCLUSION..............................................................................................................................20
REFERENCES..............................................................................................................................21
INTRODUCTION...........................................................................................................................1
LO1..................................................................................................................................................2
P1 Identify types of security risks to organizations [M1]............................................................2
P2 Describe organizational security procedures..........................................................................4
LO2..................................................................................................................................................6
P3 Identify the potential impact to IT security of incorrect configuration of firewall policies
and third-party VPNs...................................................................................................................6
M2 Discuss three benefits to implement network monitoring systems with supporting reasons.
.....................................................................................................................................................7
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a
network can improve network security........................................................................................8
LO3................................................................................................................................................11
P5 Discuss risk assessment procedure.......................................................................................11
M3 Summarize the ISO 31000 risk management methodology and its application in IT
security.......................................................................................................................................13
P6 Explain data protection processes and regulation as applicable to an organization.............14
M4 Discuss possible impacts to organization security resulting from an IT security audit......15
LO4................................................................................................................................................16
P7 Design and implement security policy for an organization..................................................16
P8 list the main components of an organizational disaster recovery plan, justifying the reasons
for inclusion...............................................................................................................................18
M5 Discuss the roles of stakeholder in the organization to implement security audit
recommendations.......................................................................................................................19
CONCLUSION..............................................................................................................................20
REFERENCES..............................................................................................................................21
LIST OF TABLES
Table 1: Organizational security procedure.....................................................................................4
Table 2: Different types of organizational risk..............................................................................11
Table 1: Organizational security procedure.....................................................................................4
Table 2: Different types of organizational risk..............................................................................11
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
LIST OF FIGURES
Figure 1: Different type of security risks for an organization.........................................................2
Figure 2: Configuration of Firewall.................................................................................................6
Figure 3: Demilitarized zone (DMZ)...............................................................................................8
Figure 4: Setting Static IP................................................................................................................9
Figure 5: Network address translator.............................................................................................10
Figure 1: Different type of security risks for an organization.........................................................2
Figure 2: Configuration of Firewall.................................................................................................6
Figure 3: Demilitarized zone (DMZ)...............................................................................................8
Figure 4: Setting Static IP................................................................................................................9
Figure 5: Network address translator.............................................................................................10
INTRODUCTION
In modern days, one of the most important challenge the organization faces are related to
security. For maintenance of proper security and protection of the organization from any kind of
risk various policies and rules must be followed and implemented. In the report IT security for
GHS is studied along with various procedures and policies that are undertaken by the
organization for protecting the organization form any possible risks. Implementation of various
risk assessment procedure is studied for protection of various organizational and patient data
stored and accessed in the organizational network. The report lastly provides a design for
security policies and a plan for disaster recovery for the organization.
1
In modern days, one of the most important challenge the organization faces are related to
security. For maintenance of proper security and protection of the organization from any kind of
risk various policies and rules must be followed and implemented. In the report IT security for
GHS is studied along with various procedures and policies that are undertaken by the
organization for protecting the organization form any possible risks. Implementation of various
risk assessment procedure is studied for protection of various organizational and patient data
stored and accessed in the organizational network. The report lastly provides a design for
security policies and a plan for disaster recovery for the organization.
1
LO1
P1 Identify types of security risks to organizations [M1]
Following are some types of security risks that are involved with the GHS organization:
Figure 1: Different type of security risks for an organization
Unauthorized use of the systems
Security issues for an organization can be raised due to various unauthorized users present in the
organizational network. Global Health System implements various computers for updating and
managing patient’s information and for other business operations and function like bank
transactions. Therefore, accessibility of the computers in the network must be managed
effectively for preserving system security. However, even after taking different control for the
network security there some of the illegal users who find out a way to get system login and
access and damage the confidential information of patient and organization (Acemoglu et al
2016).
Unauthorized data copying
In present days, information burglary is considered to be one of the major problem that
organization like GHS faces. Risk in the organizational security will result in interrupt the whole
2
UNAUTHORIZED
USE OF THE
SYSTEMS
UNAUTHORIZED
DATA COPYING
PHYSICAL
SYSTEM
DAMAGE
NATURALLY
OCCURRING
RISKS
P1 Identify types of security risks to organizations [M1]
Following are some types of security risks that are involved with the GHS organization:
Figure 1: Different type of security risks for an organization
Unauthorized use of the systems
Security issues for an organization can be raised due to various unauthorized users present in the
organizational network. Global Health System implements various computers for updating and
managing patient’s information and for other business operations and function like bank
transactions. Therefore, accessibility of the computers in the network must be managed
effectively for preserving system security. However, even after taking different control for the
network security there some of the illegal users who find out a way to get system login and
access and damage the confidential information of patient and organization (Acemoglu et al
2016).
Unauthorized data copying
In present days, information burglary is considered to be one of the major problem that
organization like GHS faces. Risk in the organizational security will result in interrupt the whole
2
UNAUTHORIZED
USE OF THE
SYSTEMS
UNAUTHORIZED
DATA COPYING
PHYSICAL
SYSTEM
DAMAGE
NATURALLY
OCCURRING
RISKS
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
business functions and damage the trust relation between organization and customer. Illegal
copying and removal of various organizational data leads to stealing of sensitive data and reports
for malicious operation. This security risk mainly raises issues for organizations and also the
patients.
Physical system damage
Various frauds and thefts may occur in organization that generates different issues related to
security like data and information confidentiality supervision. In case of destruction or damaging
of physical devices present in the organizational network like laptops, computers etc. Security
risk may arise. Security lines are implemented in the organization yet unwanted activities are
performed by bad people. Unwanted activities will mutilate the organization’s valuable assets.
Naturally occurring risks
Along with the mentioned security risks, organization can also suffer some kind of natural risk
that damage organizational security by affecting various information and data. Natural risk are
those issues that may happened automatically resulting in data loss in the computer system
(Ahmad, et al 2015). Various organizational information will get damaged and loss due to virus
attack. Systems in the organization can be infected by virus through the internet access.
3
copying and removal of various organizational data leads to stealing of sensitive data and reports
for malicious operation. This security risk mainly raises issues for organizations and also the
patients.
Physical system damage
Various frauds and thefts may occur in organization that generates different issues related to
security like data and information confidentiality supervision. In case of destruction or damaging
of physical devices present in the organizational network like laptops, computers etc. Security
risk may arise. Security lines are implemented in the organization yet unwanted activities are
performed by bad people. Unwanted activities will mutilate the organization’s valuable assets.
Naturally occurring risks
Along with the mentioned security risks, organization can also suffer some kind of natural risk
that damage organizational security by affecting various information and data. Natural risk are
those issues that may happened automatically resulting in data loss in the computer system
(Ahmad, et al 2015). Various organizational information will get damaged and loss due to virus
attack. Systems in the organization can be infected by virus through the internet access.
3
P2 Describe organizational security procedures
Due to unauthorized use of system or natural risk, organization may come across loss of data and
information of the organization and patients. Therefore, it becomes the organizational
responsibility to implement various specific procedure for security of the network
Table 1: Organizational security procedure
ORGANIZATIONAL
SECURITY PROCEDURE
EXPAINATION
Backup/restoration of data For overcoming security risk, the organization can opt for data back-up.
It is a pre-plan procedure that involves storing the confidential
information and data and the same information can be restored in case of
data loss.
In this procedure data are copied and stored in secondary storage
location. Data are then restored to a new location or in original location
as per the need of the organization (Ahuja et al 2016). Restoring various
information of the organizational data will be effective for getting useful
data back in case of damage or system crush.
Testing procedures Organization always concern regarding the security of information
within the network therefore various testing procedures are adopted.
Organization uses the testing techniques for overcoming issues related to
security risk. Testing procedure include testing of network, data or even
systems in the organizational network for maintaining data security.
suitable timescale can be created so that testing on data can be conducted
within the network. It is capable of identifying data security.
Database Organization can adopt a database system (software application) that will
cooperate with other applications and the end-users. Database system is
capable of capturing and analyzing data in the network. Database system
in a network permit creating, updating, administrating and database
querying.
Using the database system can help in lessening issues related to loss of
4
Due to unauthorized use of system or natural risk, organization may come across loss of data and
information of the organization and patients. Therefore, it becomes the organizational
responsibility to implement various specific procedure for security of the network
Table 1: Organizational security procedure
ORGANIZATIONAL
SECURITY PROCEDURE
EXPAINATION
Backup/restoration of data For overcoming security risk, the organization can opt for data back-up.
It is a pre-plan procedure that involves storing the confidential
information and data and the same information can be restored in case of
data loss.
In this procedure data are copied and stored in secondary storage
location. Data are then restored to a new location or in original location
as per the need of the organization (Ahuja et al 2016). Restoring various
information of the organizational data will be effective for getting useful
data back in case of damage or system crush.
Testing procedures Organization always concern regarding the security of information
within the network therefore various testing procedures are adopted.
Organization uses the testing techniques for overcoming issues related to
security risk. Testing procedure include testing of network, data or even
systems in the organizational network for maintaining data security.
suitable timescale can be created so that testing on data can be conducted
within the network. It is capable of identifying data security.
Database Organization can adopt a database system (software application) that will
cooperate with other applications and the end-users. Database system is
capable of capturing and analyzing data in the network. Database system
in a network permit creating, updating, administrating and database
querying.
Using the database system can help in lessening issues related to loss of
4
data. This application helps in controlling user for accessing the data and
securing data of the whole network from any kind of illegal users.
Audits The organization should follow and conduct audit for data security. In
case of audit, auditor deployed in the organization must checks
information or data types in the organizational network. By
understanding the information and the way they are access well-
structured flow document can be created. Data security audit effectively
helps organization to know about all the sensitive information within the
organization.
Auditing can help an organization for identifying the appropriate method
regarding the maintaining data security in the systems. Data theft can be
minimizing the as auditor can identify all the situations related to
security risk.
5
securing data of the whole network from any kind of illegal users.
Audits The organization should follow and conduct audit for data security. In
case of audit, auditor deployed in the organization must checks
information or data types in the organizational network. By
understanding the information and the way they are access well-
structured flow document can be created. Data security audit effectively
helps organization to know about all the sensitive information within the
organization.
Auditing can help an organization for identifying the appropriate method
regarding the maintaining data security in the systems. Data theft can be
minimizing the as auditor can identify all the situations related to
security risk.
5
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
LO2
P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and
third-party VPNs.
For preventing the organisation from unauthorised access firewall system are applied. illegal
users are not allowed to access or connect the available resources in the network.
Figure 2: Configuration of Firewall
Firewall also prohibited various malware and threats from other networks to enter into the
current organisational network. Firewall is considered to be very effective manage the network
security over internet. Though, if the firewall in a network or system is not configured correctly
it may lead to creating various issues and damages to user, security and network management
some of them is discussed below:
Loss in command for various resources: If configuration of the firewall supports attacker then
the genuine users of the network can possibly loss their command over the resources.
Malfunctional configuration of firewall configuration will create threat to the organisational
network compromising in data consistency, security and integrity (Hu et al, 2012).
Access constraints: Firewall is a source for managing network resource permission. In case of
managing the wrong permissions in the network malicious users can effectively access resources
in the network or it can happen that the resources cannot be reached or accessed by authenticated
user. In either of the cases, data security or device communication gets obstructed.
6
P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and
third-party VPNs.
For preventing the organisation from unauthorised access firewall system are applied. illegal
users are not allowed to access or connect the available resources in the network.
Figure 2: Configuration of Firewall
Firewall also prohibited various malware and threats from other networks to enter into the
current organisational network. Firewall is considered to be very effective manage the network
security over internet. Though, if the firewall in a network or system is not configured correctly
it may lead to creating various issues and damages to user, security and network management
some of them is discussed below:
Loss in command for various resources: If configuration of the firewall supports attacker then
the genuine users of the network can possibly loss their command over the resources.
Malfunctional configuration of firewall configuration will create threat to the organisational
network compromising in data consistency, security and integrity (Hu et al, 2012).
Access constraints: Firewall is a source for managing network resource permission. In case of
managing the wrong permissions in the network malicious users can effectively access resources
in the network or it can happen that the resources cannot be reached or accessed by authenticated
user. In either of the cases, data security or device communication gets obstructed.
6
Improper connectivity: In case the user has blocked a service misguidedly and services of other
network cannot be use then it can impact the communication of the network. It may lead to
delivering of deprived connectivity between all the internal users and the private networks.
M2 Discuss three benefits to implement network monitoring systems with supporting reasons.
Network Monitoring system is considered to be a very important aspect of the network
management solution for an organization. It helps in keeping tracks of different network
component within the organization. implementation of the network monitoring system is very
beneficial to the organizational (Network monitoring, 2018).
1. Fixes issues faster: network monitoring tool in the network is capable of solving any
issues in minimum time with the help of a live networking map that find the issue (related
to traffic fluctuation, configuration errors etc.) and its place of origin.
2. Identifies security threats: network monitoring helps in securing the sensitive data of the
organization. it provides first level security any kind of malicious activities are spotted.
3. Manages the growing and changing network: IT environment is rapidly growing in term
of size due to the involvement of various technological innovations. With the growing
network complexities associated with it also rise. Network Monitoring system helps in
monitoring any kind of malicious activities and fluctuation. It also helps in monitoring IP
assets and maintains performance of the network.
7
network cannot be use then it can impact the communication of the network. It may lead to
delivering of deprived connectivity between all the internal users and the private networks.
M2 Discuss three benefits to implement network monitoring systems with supporting reasons.
Network Monitoring system is considered to be a very important aspect of the network
management solution for an organization. It helps in keeping tracks of different network
component within the organization. implementation of the network monitoring system is very
beneficial to the organizational (Network monitoring, 2018).
1. Fixes issues faster: network monitoring tool in the network is capable of solving any
issues in minimum time with the help of a live networking map that find the issue (related
to traffic fluctuation, configuration errors etc.) and its place of origin.
2. Identifies security threats: network monitoring helps in securing the sensitive data of the
organization. it provides first level security any kind of malicious activities are spotted.
3. Manages the growing and changing network: IT environment is rapidly growing in term
of size due to the involvement of various technological innovations. With the growing
network complexities associated with it also rise. Network Monitoring system helps in
monitoring any kind of malicious activities and fluctuation. It also helps in monitoring IP
assets and maintains performance of the network.
7
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network
can improve network security
Demilitarized zone (DMZ)
DMZ is applied in a network for adding a supplementary layer of security in the organizational
private network for protecting it from another big network internet. For an instance, DMZ is
applied for exposing organizational network to external networks which are enumerated with the
DMZ. Consequently, it is effective in delivers additional time for the protection of the
organizational resources and private network if a threat infiltrate (Rababah et al. 2018).
Figure 3: Demilitarized zone (DMZ)
(Source: https://ccm.net/contents/602-dmz-demilitarized-zone, 2018)
Implementation: Triple homed bastion host can be used to ensure the network security where a
sub-network is exposed to external network through DMZ. There is single firewall in between
the DMZ, private network and external network. Using a DMZ helps in ensuring that network is
protected by implementation of firewall. In a screened subnet, two separate firewalls are
implemented for protecting the systems in the network with the help of double traffic screening.
Static IP
Over internet Static IP is effective in connecting and authenticating the devices in the network.
Organization can use Static IP address for securing the network from any kind of undesirable
devices. It will not save the addresses of the devices for connecting in the network system.
8
can improve network security
Demilitarized zone (DMZ)
DMZ is applied in a network for adding a supplementary layer of security in the organizational
private network for protecting it from another big network internet. For an instance, DMZ is
applied for exposing organizational network to external networks which are enumerated with the
DMZ. Consequently, it is effective in delivers additional time for the protection of the
organizational resources and private network if a threat infiltrate (Rababah et al. 2018).
Figure 3: Demilitarized zone (DMZ)
(Source: https://ccm.net/contents/602-dmz-demilitarized-zone, 2018)
Implementation: Triple homed bastion host can be used to ensure the network security where a
sub-network is exposed to external network through DMZ. There is single firewall in between
the DMZ, private network and external network. Using a DMZ helps in ensuring that network is
protected by implementation of firewall. In a screened subnet, two separate firewalls are
implemented for protecting the systems in the network with the help of double traffic screening.
Static IP
Over internet Static IP is effective in connecting and authenticating the devices in the network.
Organization can use Static IP address for securing the network from any kind of undesirable
devices. It will not save the addresses of the devices for connecting in the network system.
8
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Figure 4: Setting Static IP
(Source: https://kb.netgear.com/27476/How-to-set-a-static-IP-address-in-Windows, 2018)
Implementation: each device connected over the organizational network has specific Static IP
address. It is effectively helpful as no other devices can be attached in a network because of
unavailability of address. The identical configuration can be used for the devices in the network
devices for connecting specific addresses in the organization.
Network Address Translation: NAT can be effectively used in the organizational network for
addressing. In case of occurrence of traffic while routing devices IP address can get changed.
NAT can be used for using same IP address in the devices in diverse groups of networks
(Kettlewell et al 2015).
9
(Source: https://kb.netgear.com/27476/How-to-set-a-static-IP-address-in-Windows, 2018)
Implementation: each device connected over the organizational network has specific Static IP
address. It is effectively helpful as no other devices can be attached in a network because of
unavailability of address. The identical configuration can be used for the devices in the network
devices for connecting specific addresses in the organization.
Network Address Translation: NAT can be effectively used in the organizational network for
addressing. In case of occurrence of traffic while routing devices IP address can get changed.
NAT can be used for using same IP address in the devices in diverse groups of networks
(Kettlewell et al 2015).
9
Figure 5: Network address translator
(Source: http://technet2u.com/what-is-network-address-translation/,2018)
Network Address Translation provide network security as precise IP and network addresses are
accessible for translation purpose and at routing devices translation is possible. Moreover,
additional devices can possibly be plotted using the same IP address and devices are protected as
IP address are not process as per configuration.
10
(Source: http://technet2u.com/what-is-network-address-translation/,2018)
Network Address Translation provide network security as precise IP and network addresses are
accessible for translation purpose and at routing devices translation is possible. Moreover,
additional devices can possibly be plotted using the same IP address and devices are protected as
IP address are not process as per configuration.
10
LO3
P5 Discuss risk assessment procedure.
It a generally business function to face various risk associated with the organisation. Proper risk
assessment techniques are used for controlling and managing various risk. The risk assessment
process is achieved through different function, process and applications within the organisation
(Ergu et al 2014). Beforehand to the process of risk assessment, an operational framework must
be developed for the organisation which is effective in describing the scope, size and complexity.
In general risks can be classified in five types:
Table 2: Different types of organizational risk
RISK DESCRIPTION
Strategic Risk This kind of risk are caused mainly due to disapproving
decision in the organization that may affect the aims and
objective.
Operational Risk Operational risk is caused because of internal
organizational system or process failure.
Reputational Risk Negative opinion of public related to the organisation
service impacting the trust.
Transactional
Risk
This kind of risks occur because of incompetent product
and service delivery to customer.
Compliance Risk When the organization fails to follow all the external
and internal policies effectively then these kinds of
risk may occur (Hawthorn, et al 2015).
The risk assessment in an organization is done by following six steps for mitigating risk in the
organizational network and for enhancing the organizational performance:
1. System characterizing: According process, application and function system used in the
organizational network is characterized. Main aim of these step is system identification and
understanding all the threats related to vendors, data flow and internal and external interface.
11
P5 Discuss risk assessment procedure.
It a generally business function to face various risk associated with the organisation. Proper risk
assessment techniques are used for controlling and managing various risk. The risk assessment
process is achieved through different function, process and applications within the organisation
(Ergu et al 2014). Beforehand to the process of risk assessment, an operational framework must
be developed for the organisation which is effective in describing the scope, size and complexity.
In general risks can be classified in five types:
Table 2: Different types of organizational risk
RISK DESCRIPTION
Strategic Risk This kind of risk are caused mainly due to disapproving
decision in the organization that may affect the aims and
objective.
Operational Risk Operational risk is caused because of internal
organizational system or process failure.
Reputational Risk Negative opinion of public related to the organisation
service impacting the trust.
Transactional
Risk
This kind of risks occur because of incompetent product
and service delivery to customer.
Compliance Risk When the organization fails to follow all the external
and internal policies effectively then these kinds of
risk may occur (Hawthorn, et al 2015).
The risk assessment in an organization is done by following six steps for mitigating risk in the
organizational network and for enhancing the organizational performance:
1. System characterizing: According process, application and function system used in the
organizational network is characterized. Main aim of these step is system identification and
understanding all the threats related to vendors, data flow and internal and external interface.
11
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
2. Treats identification: All the treats in organizational network is recognized in this step
including data leakage, unauthorized access etc.
3. Determining intrinsic risk along with their impacts: Effects of risk in an organization are
determined and exercised.
4. Analyzing the controlled environment: In case of control environment different things are
considered including identifying threats for mitigating, detecting, preventing and control
them effectively.
5. Rating: after proper environment analyses, the threats are then rated as per their livelihood.
6. Calculating the risk rate: with the help of an equation the risk is rated (Sadgrove, 2016).
Risk Rating= Impact (if exploited) * Likelihood (of exploit in the assessed control environment)
Management of the risk in an organization along with the control and prevention measure the
risk assessments in an organization is followed.
12
including data leakage, unauthorized access etc.
3. Determining intrinsic risk along with their impacts: Effects of risk in an organization are
determined and exercised.
4. Analyzing the controlled environment: In case of control environment different things are
considered including identifying threats for mitigating, detecting, preventing and control
them effectively.
5. Rating: after proper environment analyses, the threats are then rated as per their livelihood.
6. Calculating the risk rate: with the help of an equation the risk is rated (Sadgrove, 2016).
Risk Rating= Impact (if exploited) * Likelihood (of exploit in the assessed control environment)
Management of the risk in an organization along with the control and prevention measure the
risk assessments in an organization is followed.
12
M3 Summarize the ISO 31000 risk management methodology and its application in IT security.
Proper methodology for risk management can be effectively applied in an organization for
securing the network from various threats and risks. If an organization manages all the security
risks and threats it will secure organization from any kind of malicious activities but also help the
organization to be more productive. ISO 31000 is a standard that is applied internationally for
risk management. ISO 31000 includes various generic guidelines and principles for managing
the risk in every organization. There are two components for the risk management process
1. To provide a framework that is effective in providing guidance to the organizational structure.
2. To define process, that indicates about the authentic technique to be taken for analyzing, of
identifying and mitigating the organizational risk.
ISO 31000 for organization
1. The organization applies ISO 31000 standard for improving operational and efficiency of
the governance.
2. With the application of the standard in the management system for minimizing data loss
by analyzing and controlling the organizational risk (ISO 31000, 2018).
3. The standard is applied for building the confidence among all the stakeholders associated
with the organization though risk mitigating techniques.
4. With the application of ISO standard in the management system of the organization
performance is enhanced along with flexibility.
13
Proper methodology for risk management can be effectively applied in an organization for
securing the network from various threats and risks. If an organization manages all the security
risks and threats it will secure organization from any kind of malicious activities but also help the
organization to be more productive. ISO 31000 is a standard that is applied internationally for
risk management. ISO 31000 includes various generic guidelines and principles for managing
the risk in every organization. There are two components for the risk management process
1. To provide a framework that is effective in providing guidance to the organizational structure.
2. To define process, that indicates about the authentic technique to be taken for analyzing, of
identifying and mitigating the organizational risk.
ISO 31000 for organization
1. The organization applies ISO 31000 standard for improving operational and efficiency of
the governance.
2. With the application of the standard in the management system for minimizing data loss
by analyzing and controlling the organizational risk (ISO 31000, 2018).
3. The standard is applied for building the confidence among all the stakeholders associated
with the organization though risk mitigating techniques.
4. With the application of ISO standard in the management system of the organization
performance is enhanced along with flexibility.
13
P6 Explain data protection processes and regulation as applicable to an organization
The data protection process applied in an organization is a method that are performed for
securing and protecting various information and data from any kind of alteration and loss. With
the development and advancement of technology need for data creation and storage is enhancing
so is the need for data protection. Various policies and strategies are applied in the organizational
network for data security and restoring data while occurrence of data loss.
Management of data in a network is managing the lifecycle as a whole. The procedure comprises
of systematizing network data and its flow over the online platform, storing data even offline,
handling Lifecyle of various information, shielding important information from any kind of user
errors, minimizing virus attacks in the systems.
In an organization, different policies and laws are implemented for Data Protection. However,
personal data of the stuff must be processed in the organization for protecting data.
ï‚· Processing of the data must be done legally through proper, clear, and legalized
principles (Peltier, 2016).
ï‚· All the data in the network should be processed lawfully and in clear manner.
ï‚· Data of the organization should be accurate and up-to-dated as per requirement.
ï‚· All the data in the organizational network should effectively processed as per right
subjected to data for maintaining data security, integrity and privacy.
The organization has the responsibility to use appropriate measures and techniques for holding
organizational principles.
14
The data protection process applied in an organization is a method that are performed for
securing and protecting various information and data from any kind of alteration and loss. With
the development and advancement of technology need for data creation and storage is enhancing
so is the need for data protection. Various policies and strategies are applied in the organizational
network for data security and restoring data while occurrence of data loss.
Management of data in a network is managing the lifecycle as a whole. The procedure comprises
of systematizing network data and its flow over the online platform, storing data even offline,
handling Lifecyle of various information, shielding important information from any kind of user
errors, minimizing virus attacks in the systems.
In an organization, different policies and laws are implemented for Data Protection. However,
personal data of the stuff must be processed in the organization for protecting data.
ï‚· Processing of the data must be done legally through proper, clear, and legalized
principles (Peltier, 2016).
ï‚· All the data in the network should be processed lawfully and in clear manner.
ï‚· Data of the organization should be accurate and up-to-dated as per requirement.
ï‚· All the data in the organizational network should effectively processed as per right
subjected to data for maintaining data security, integrity and privacy.
The organization has the responsibility to use appropriate measures and techniques for holding
organizational principles.
14
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
M4 Discuss possible impacts to organization security resulting from an IT security audit.
Along with the risk assessment process, an organization can opt for applying security audits.
These IT audits for security of an organization helps in finding out gaps between data security
along also reduces the threats accordingly. Assessment of IT system of the organization with
respect to their processes and architecture is known to be as an IT security audit. These processes
also include various procedure and policies that are required for secure data management in the
organization.
In general, auditing is done by a trained professional of the organization, third party hired for
security of data, or federal agencies of government. The auditing process is carried out by the
organization according to the information sensitivity, availability of resources etc.
Impacts of IT security audits on the organizational security
ï‚· With the implementation of the security audit process, organization can now identify all
the risk within the network that is harmful for the organization it will be helpful in
preventing and controlling the risk and a document regarding the vulnerabilities can be
created for future reference.
ï‚· Audits helps in identification both external and internal cyber threats.
ï‚· Audits helps in determining likelihoods in relation to the degree of impacts of each threat
that affects the organizational functionality.ï‚· Auditing helps in finding a way to response towards the threats or risk the organization is
haunted with.
15
Along with the risk assessment process, an organization can opt for applying security audits.
These IT audits for security of an organization helps in finding out gaps between data security
along also reduces the threats accordingly. Assessment of IT system of the organization with
respect to their processes and architecture is known to be as an IT security audit. These processes
also include various procedure and policies that are required for secure data management in the
organization.
In general, auditing is done by a trained professional of the organization, third party hired for
security of data, or federal agencies of government. The auditing process is carried out by the
organization according to the information sensitivity, availability of resources etc.
Impacts of IT security audits on the organizational security
ï‚· With the implementation of the security audit process, organization can now identify all
the risk within the network that is harmful for the organization it will be helpful in
preventing and controlling the risk and a document regarding the vulnerabilities can be
created for future reference.
ï‚· Audits helps in identification both external and internal cyber threats.
ï‚· Audits helps in determining likelihoods in relation to the degree of impacts of each threat
that affects the organizational functionality.ï‚· Auditing helps in finding a way to response towards the threats or risk the organization is
haunted with.
15
LO4
P7 Design and implement security policy for an organization
For the protection of the organisational network from malicious action appropriate policies and
security measures must be applied in the network. The main purpose of applying these security
measure in a network is employees identification and authorisation within the organisation. It is
the responsibility of the organisation that each of the individual of the organisation should be
provided with required and demanded resources for performing all the task effectively.
For verifying all the measures taken for security purpose, appropriate accountability is essential
that knowing and reducing the network flaws. Assessment of risk regarding the organizational
information is required for maintaining the security by undertaking proper measures that will
protect and manage the network (Security Policies, 2018).
Information risk must be accesses for knowing and understanding the type security measures that
is to be taken for network protection. All the organizational data and data of the patients need to
categorized according to their value, priority and sensitivity. Identification of data lose is done
for the organization in case of unauthorized data access.
Various security policies are required to be applied in the organization either informally or
formally depending upon the data size, capital and nature of the organization and data stored and
access in it. Few security policies applied in GHS is studied in this report:
ï‚· all the important employees of the GHS should have appropriate co-ordination among
them. Security manager has the responsibility of understanding all the IT equipment used
in the organizational network.
ï‚· All the arrangement made for the organization should be in such a way that all the
arrangement in the network can be effective for data protection, identification and
recovery.
ï‚· The security measures undertaken for the protection of the organization must be checked
and updated regularly for the network.
ï‚· Suitable user access must be provided for offering resources in the network for proper
functionality.
16
P7 Design and implement security policy for an organization
For the protection of the organisational network from malicious action appropriate policies and
security measures must be applied in the network. The main purpose of applying these security
measure in a network is employees identification and authorisation within the organisation. It is
the responsibility of the organisation that each of the individual of the organisation should be
provided with required and demanded resources for performing all the task effectively.
For verifying all the measures taken for security purpose, appropriate accountability is essential
that knowing and reducing the network flaws. Assessment of risk regarding the organizational
information is required for maintaining the security by undertaking proper measures that will
protect and manage the network (Security Policies, 2018).
Information risk must be accesses for knowing and understanding the type security measures that
is to be taken for network protection. All the organizational data and data of the patients need to
categorized according to their value, priority and sensitivity. Identification of data lose is done
for the organization in case of unauthorized data access.
Various security policies are required to be applied in the organization either informally or
formally depending upon the data size, capital and nature of the organization and data stored and
access in it. Few security policies applied in GHS is studied in this report:
ï‚· all the important employees of the GHS should have appropriate co-ordination among
them. Security manager has the responsibility of understanding all the IT equipment used
in the organizational network.
ï‚· All the arrangement made for the organization should be in such a way that all the
arrangement in the network can be effective for data protection, identification and
recovery.
ï‚· The security measures undertaken for the protection of the organization must be checked
and updated regularly for the network.
ï‚· Suitable user access must be provided for offering resources in the network for proper
functionality.
16
Security policies
Data are lost in a network mainly because of human failure. Organization that follows the culture
of maintaining security will help in reducing various risk in the network. Consequently, the staff
working for GHS should effectively follow measures for the safety of the organization:
ï‚· The users in the network must recognize and know the importance and need of protection
of their personal data.
ï‚· It is the responsibility of the staff to be familiar with various policies the organizational
takes for maintain the network security.
ï‚· All the procedure for the purpose of security must be put into practicing (Perlman et al
2016).
ï‚· Proper training must be provided to all the employees of the organization regarding the
organizational security. The employees must have adequate knowledge of all the Acts
and policies that are applied in the organization.
17
Data are lost in a network mainly because of human failure. Organization that follows the culture
of maintaining security will help in reducing various risk in the network. Consequently, the staff
working for GHS should effectively follow measures for the safety of the organization:
ï‚· The users in the network must recognize and know the importance and need of protection
of their personal data.
ï‚· It is the responsibility of the staff to be familiar with various policies the organizational
takes for maintain the network security.
ï‚· All the procedure for the purpose of security must be put into practicing (Perlman et al
2016).
ï‚· Proper training must be provided to all the employees of the organization regarding the
organizational security. The employees must have adequate knowledge of all the Acts
and policies that are applied in the organization.
17
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
P8 list the main components of an organizational disaster recovery plan, justifying the reasons
for inclusion
Main components of the disaster recovery plan for an organization are:
ï‚· Backup check
ï‚· Role assigning and communication of plan
ï‚· Equipment planning
ï‚· Detailed asset list
ï‚· Data continuity system
ï‚· Service restoration plan
Backup check: For a recovery plan to be effective, the organization should check and guarantee
that information and data in the network should store the data in secondary places or location like
clouds and hard drives that does not get affected even in case of disaster it called as data backup
(Wallace and Webber, 2017).
Role assigning and communication of plans: In case of occurrence of disaster in the
organizational network, it is recommended that appropriate communication must be established
between all the stuff and employees working in GHS. Planning should be accurately done, it will
allow all associate and stuff to fall under same page and guidelines. It will encourage proper
interaction among all. Role and responsibility of all the stuff must be distributed among the
employees in case of occurrence of disaster.
Equipment Planning: for overcoming the raised issues in the organizational network, it is the
responsibility of the organization to be attentive regarding all equipment and tools required for it.
In case of network breach or unauthorized entry of an intruder in the organization That will be
helpful in case any kind of breach in the network is occurred and if an intruder appropriate
security and protection measures need to take such as firewall.
Detailed asset list: For the disaster recovery plan, it is the responsibility of the network
administrator to have precise knowledge regarding all the workstations connected in the
organizational network in a listed form and all the devices attached to it like server, phones,
printer that are frequently used by the users in the network (IT Disaster Recovery Plan, 2018).
18
for inclusion
Main components of the disaster recovery plan for an organization are:
ï‚· Backup check
ï‚· Role assigning and communication of plan
ï‚· Equipment planning
ï‚· Detailed asset list
ï‚· Data continuity system
ï‚· Service restoration plan
Backup check: For a recovery plan to be effective, the organization should check and guarantee
that information and data in the network should store the data in secondary places or location like
clouds and hard drives that does not get affected even in case of disaster it called as data backup
(Wallace and Webber, 2017).
Role assigning and communication of plans: In case of occurrence of disaster in the
organizational network, it is recommended that appropriate communication must be established
between all the stuff and employees working in GHS. Planning should be accurately done, it will
allow all associate and stuff to fall under same page and guidelines. It will encourage proper
interaction among all. Role and responsibility of all the stuff must be distributed among the
employees in case of occurrence of disaster.
Equipment Planning: for overcoming the raised issues in the organizational network, it is the
responsibility of the organization to be attentive regarding all equipment and tools required for it.
In case of network breach or unauthorized entry of an intruder in the organization That will be
helpful in case any kind of breach in the network is occurred and if an intruder appropriate
security and protection measures need to take such as firewall.
Detailed asset list: For the disaster recovery plan, it is the responsibility of the network
administrator to have precise knowledge regarding all the workstations connected in the
organizational network in a listed form and all the devices attached to it like server, phones,
printer that are frequently used by the users in the network (IT Disaster Recovery Plan, 2018).
18
Data continuity system: When a plan for disaster recovery is generated, the organization must
look upon the necessities that will be effective for proper functionality of the organization either
for financial purpose or while other operations.
Service restoration plan: once the network come across disaster, the organization must look
upon running all the process effectively without disturbing the functionality and productivity.
Hence, all the vendors and clients linked with the organization should be up-to-date regarding
the disaster along with proper techniques for data restoration.
while planning for creating a disaster recovery plan for GHS all the above-mentioned points
must be taken into consideration.
M5 Discuss the roles of stakeholder in the organization to implement security audit
recommendations.
Understanding of the various stakeholder associated with the organization is required for
implementing various recommendation after the process of security audit has taken place.
Engagement of the stakeholders like senior management means various opinions of them as per
their expectation and requirement with different conclusion for an issue being discussed during
the process of auditing. Senior manager as a stakeholder must made understood regarding the
auditing process so that he can provide opinion keeping in mind about the organizational
objectives. Feedback from the Stakeholder must be taken as they help in improving
organizational value.
19
look upon the necessities that will be effective for proper functionality of the organization either
for financial purpose or while other operations.
Service restoration plan: once the network come across disaster, the organization must look
upon running all the process effectively without disturbing the functionality and productivity.
Hence, all the vendors and clients linked with the organization should be up-to-date regarding
the disaster along with proper techniques for data restoration.
while planning for creating a disaster recovery plan for GHS all the above-mentioned points
must be taken into consideration.
M5 Discuss the roles of stakeholder in the organization to implement security audit
recommendations.
Understanding of the various stakeholder associated with the organization is required for
implementing various recommendation after the process of security audit has taken place.
Engagement of the stakeholders like senior management means various opinions of them as per
their expectation and requirement with different conclusion for an issue being discussed during
the process of auditing. Senior manager as a stakeholder must made understood regarding the
auditing process so that he can provide opinion keeping in mind about the organizational
objectives. Feedback from the Stakeholder must be taken as they help in improving
organizational value.
19
CONCLUSION
Various risk associated with the security of an organizational network has been studied in this
above report. A network is in risk due to the involvement of various unauthorized users and
activities with the organizational network. The report has studied about various security
measures that are to be undertaken in case of threats and risks. Different firewall policies that are
implemented in an organizational network for maintaining security can get impacted if the
firewall in the network are not implemented appropriately. Protection of the network from
malicious activities can be done by implementation of DMZ, static IP and NAT. the report has
discussed about the risk assessment procedure that helps in maintenance of network security. The
report studies about security policies and their implementation for a secure network and data
protection for GHS. A recovery plan has been created in case of occurrence of disaster in the
network for restating and monitoring the functionality of the organization.
20
Various risk associated with the security of an organizational network has been studied in this
above report. A network is in risk due to the involvement of various unauthorized users and
activities with the organizational network. The report has studied about various security
measures that are to be undertaken in case of threats and risks. Different firewall policies that are
implemented in an organizational network for maintaining security can get impacted if the
firewall in the network are not implemented appropriately. Protection of the network from
malicious activities can be done by implementation of DMZ, static IP and NAT. the report has
discussed about the risk assessment procedure that helps in maintenance of network security. The
report studies about security policies and their implementation for a secure network and data
protection for GHS. A recovery plan has been created in case of occurrence of disaster in the
network for restating and monitoring the functionality of the organization.
20
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
REFERENCES
Books and journals
Acemoglu, D., Malekian, A. and Ozdaglar, A., 2016. Network security and contagion. Journal of
Economic Theory, 166, pp.536-585
Ahmad, A., Maynard, S.B. and Shanks, G., 2015. A case analysis of information systems and
security incident responses. International Journal of Information Management, 35(6), pp.717-
723.
Ahuja, R.P.S., Jha, B., Maini, N., Patel, S., Jain, A.R., Hegde, D.K., Nanganure, R.V. and Pawar,
A.V., McAfee LLC, 2016. System and method for providing data protection workflows in a
network environment. U.S. Patent 9,430,564.
Ergu, D., Kou, G., Shi, Y. and Shi, Y., 2014. Analytic network process in risk assessment and
decision analysis. Computers & Operations Research, 42, pp.58-74.
Hawthorn, T.T., Miller, N. and LoSAPIO, J., 2015. Assessing security risks of users in a
computing network. U.S. Patent Application 14/620,866.
Hu, H., Ahn, G.J. and Kulkarni, K., 2012. Detecting and resolving firewall policy
anomalies. IEEE Transactions on dependable and secure computing, 9(3), pp.318-331.
Kettlewell, P., Mitchell, J. and Arambepola, S., Rockstar Consortium Us Lp, 2015. Network
management across a NAT or firewall. U.S. Patent 8,949,391.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press.
Perlman, R., Kaufman, C. and Speciner, M., 2016. Network security: private communication in a
public world. Pearson Education India.
Rababah, B., Zhou, S. and Bader, M., 2018. Evaluation the Performance of DMZ.
Sadgrove, K., 2016. The complete guide to business risk management. Routledge.
21
Books and journals
Acemoglu, D., Malekian, A. and Ozdaglar, A., 2016. Network security and contagion. Journal of
Economic Theory, 166, pp.536-585
Ahmad, A., Maynard, S.B. and Shanks, G., 2015. A case analysis of information systems and
security incident responses. International Journal of Information Management, 35(6), pp.717-
723.
Ahuja, R.P.S., Jha, B., Maini, N., Patel, S., Jain, A.R., Hegde, D.K., Nanganure, R.V. and Pawar,
A.V., McAfee LLC, 2016. System and method for providing data protection workflows in a
network environment. U.S. Patent 9,430,564.
Ergu, D., Kou, G., Shi, Y. and Shi, Y., 2014. Analytic network process in risk assessment and
decision analysis. Computers & Operations Research, 42, pp.58-74.
Hawthorn, T.T., Miller, N. and LoSAPIO, J., 2015. Assessing security risks of users in a
computing network. U.S. Patent Application 14/620,866.
Hu, H., Ahn, G.J. and Kulkarni, K., 2012. Detecting and resolving firewall policy
anomalies. IEEE Transactions on dependable and secure computing, 9(3), pp.318-331.
Kettlewell, P., Mitchell, J. and Arambepola, S., Rockstar Consortium Us Lp, 2015. Network
management across a NAT or firewall. U.S. Patent 8,949,391.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press.
Perlman, R., Kaufman, C. and Speciner, M., 2016. Network security: private communication in a
public world. Pearson Education India.
Rababah, B., Zhou, S. and Bader, M., 2018. Evaluation the Performance of DMZ.
Sadgrove, K., 2016. The complete guide to business risk management. Routledge.
21
Wallace, M. and Webber, L., 2017. The disaster recovery handbook: A step-by-step plan to
ensure business continuity and protect vital operations, facilities, and assets. AMACOM Div
American Mgmt Assn
Online references
Security Policies, 2018 [Online] [Accessed Through]
<https://nces.ed.gov/pubs98/safetech/chapter3.asp> [Accessed On: 18th April, 2018
Disaster recovery Plan, 2018 [Online] [Accessed Through]
<https://www.ready.gov/business/implementation/IT> [Accessed On: 18th April, 2018]
ISO 31000, 2018 [Online] [Accessed Through] <https://www.iso.org/obp/ui/#iso:std:iso-
iec:14908:-3:ed-1:v1:en> [Accessed On: 18th April, 2018]
Network monitoring ,2018 [Online] [Accessed Through] <https://www.pcwdld.com/best-
network-monitoring-tools-and-software> [Accessed On: 18th April, 2018]
22
ensure business continuity and protect vital operations, facilities, and assets. AMACOM Div
American Mgmt Assn
Online references
Security Policies, 2018 [Online] [Accessed Through]
<https://nces.ed.gov/pubs98/safetech/chapter3.asp> [Accessed On: 18th April, 2018
Disaster recovery Plan, 2018 [Online] [Accessed Through]
<https://www.ready.gov/business/implementation/IT> [Accessed On: 18th April, 2018]
ISO 31000, 2018 [Online] [Accessed Through] <https://www.iso.org/obp/ui/#iso:std:iso-
iec:14908:-3:ed-1:v1:en> [Accessed On: 18th April, 2018]
Network monitoring ,2018 [Online] [Accessed Through] <https://www.pcwdld.com/best-
network-monitoring-tools-and-software> [Accessed On: 18th April, 2018]
22
23
1 out of 28
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.