Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Maintaining SLAs While Handling Major Incidents

Verified

Added on 2019/09/21

AI Summary

The assignment content focuses on IT professionals' codes of practice and ethics in responding to security breaches at the Te Mata Estate company. It highlights the importance of Service Level Agreements (SLAs) in incident management, creating unique workflows for major incidents, and adhering to professional practices such as relationship management, security, safety engineering, and quality management. The content also emphasizes the need for IT professionals to act with integrity, good faith, and continuous development while providing services. By following these codes of practice and ethics, IT professionals can ensure that their work does not compromise the well-being of the company or society.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Task 1. Based on the case study, identify and analyse at least four (4)
components of information security risk management that the Te Mata Estate
company could have applied in response to security breaches of its system.
Ans. As mention in above case study of “Te Mata Estate company” that one of the
employees shared some sensitive information to a hacker in exchange of money, so
there is need to follow these component as I mention below.
 Identify — In this part our aim to develop an understanding of the
cybersecurity risks to systems, people, assets, data and capabilities. Need to
aware our staff members about the hacking and how it is so risky to share a
little bit of company data to a stranger. Understanding the business context,
current business needs and related risks helps organizations determine
threats and assign prioritize to their security efforts.
 Protect — Organizations implement appropriate safeguards and security
controls to protect their most critical assets against cyber threats. For
Example, here we can apply identity management system (Like ISE 2.0
identity service Engine), that is very popular now a days and parallel apply
some access control policies on network devices to set privileges, role and
rules and keep promoting /awareness and provide training to staff.
 Detect — Organizations need to quickly detect events that could pose risks to
data security with the help of some security device like IDS (intrusion
Detection System) helps to quickly detect intrusion on network (As it was an
old technique). Usually organizations rely on continuous security monitoring
by some monitoring tools and incident detection techniques and remedy tools.
Organizations take action against a detected cybersecurity easily if they have
some auto prevention system Example IPS (intrusion prevention
System),Its not only detect but also prevent from unnecessary attacks/
malware as it is embedded by AMP (Advanced malware protection ) that is
always connected with Cloud to update the latest signature of worms etc.
 Recover — Organizations develop and implement activities to restore
capabilities by having some personal data centre services that were
impacted by a security incident. This group of activities aims at supporting
timely recovery to normal operations to reduce the impact from attack, it also
includes recovery planning, improvements (e.g., introduction of new policies
or updates to existing policies).
( Reference – CCNP Security SIAS)

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Task 2. You are working as a security expert, evaluate whether the Te Mata
Estate company has followed the recommended assurance and compliance
components in enhancing the system security. At least three (3) components
to be
evaluated.
Ans. Three components of enhancing the system security are:
1. Confidentiality:
When protecting information, we want to be able to restrict access to those who can
see it; everyone else should be disallowed from learning anything about its contents.
This is the essence of confidentiality. For example, federal law requires that
company restrict access to unauthenticated user of sensitive information. The
company must be sure that only those who are authorized have access to view
data / files.
2. Integrity:
Integrity is the assurance that the information being accessed has not been altered
and truly represents what is intended. Just as a person with integrity means what he
or she says and can be trusted to consistently represent the truth, information
integrity means information truly represents its intended meaning. Information can
lose its integrity through malicious intent, such as when someone who is not
authorized makes a change in function to intentionally down something. An example
of this would be when a hacker is hired to go into the company’s system and shoot a
attack in system to downgrade it.
3. Authentication:
The most common way to identify someone is through their physical appearance, but
how do we identify someone sitting behind a computer screen or any system. Tools
for authentication are used to ensure that the person accessing the information is,
indeed, who they present themselves to be. Authentication can be accomplished by
identifying someone through one or more of three factors: something they know,
something they have, or something they are. For example, the most common
form of authentication today is the user ID and password. In this case, the
authentication is done by confirming something that the user knows (their ID and
password). But after successfully authentication next step is to push user an
authorization policy with access list.
(Reference CCNA – secure)

Task 3.
a. Select three (3) information security risk management controls and three
standards.
b. Identify and analyse these six controls and standards, which the Te Mata
Estate company could have utilised prior to setting up the information system.
Ans. Three information security risk management controls are:
1. IT Security Policies- This document sets the baseline standards of IT
security policy for Government bureaux/departments. It states what aspects
are of paramount importance.
2. IT Security Guidelines: The document says on the policy requirements and
sets the implementation standard on the security requirements specified in the
Baseline IT Security Policy.
3. Security Risk Assessment - This document provides the practical guidance
and reference for security risk assessment & audit in the Government.
Three information security risk Standard are:
1. ISO 27001- This document provides the ISO standards of the requirements
for establishing, implementing, maintaining and continually improving an
information security management system within the context of the
organization.
2. COBIT - The Control Objectives for Information and related Technology
(COBIT) is published by the Standards Board of Information Systems Audit
and Control Association (ISACA) providing a control framework for the
governance and management of enterprise IT.
3. ITIL - This document introduces a collection of best practices in IT service
management (ITSM) and focuses on the service processes of IT and
considers the central role of the user.
Task 4. Based on the case study, the incident (unethical hacking) which took
place in 2008, evaluate how ethical hacking could have helped overcome Te
Mata company system breach.
Ans. First we must go through it “What is Hacker or what its shades”
Hackers may be good or bad depending upon the intentions or motivation behind
their work.
Black Hat Hacker (unethical Hacker)
A black hat hacker is also known as a cracker, as these kinds of hackers possess a
piece of good knowledge in computer networking, Network protocols, and system
administration, but these kinds of hackers are a reason for cybercrime as they hack
the systems for unethical reasons.

White Hat Hacker (Ethical Hacker)
A white hat hacker is the opposite version of the Blackhat hacker, these hackers
possess the same amount of knowledge as black hat hackers, but they use the
knowledge in an ethical way, and they are network security professional so known as
ethical hackers.
The ethical hacker works according to the ethics of hacking and protect the interest
of individuals (like Te Mata company system) on the internet as they are the
cybersecurity professional. Ethical hacking is the authorized way of gaining
permission for the same. Ethical hackers are involved in an organization to penetrate
networks and systems with the purpose of discovering the vulnerabilities and fixing
them. The role of the ethical hacker is like that of a penetration tester, but they break
into the systems legally and ethically.
As ethical hacking is likely to be done with the permission of the victim or the
targeted system, the only way to tackle black hat hacking is tackling it through ethical
hacking.
Task 5. Based on the case study, the security breach that took place in 2011 is
an example of a Social engineering technique known as phishing. Identify and
analyse how phishing takes place and the counter measures that can be
applied to protect the company.
Ans. Phishing is a method of trying to gather personal information using
deceptive e-mails and websites. Phishing is a cyber-attack that uses disguised email
as a weapon. The goal is to trick the email recipient into believing that the message
is something they want or need — a request from their bank, for instance, or a note
from someone in their company — and to click a link or download an attachment.
Phishing take place with a help of phishing kit bundles phishing website
resources and tools that need only be installed on a server. Once installed, all the
attacker needs to do is send out emails to potential victims.
But we have counter measure that helps to protect over these attacks are:
1. Inbound email sandboxing
Deploy a solution that checks the safety of an emailed link when a user clicks on it.
This protects against a new phishing tactic that I've seen from cybercriminals. Bad
guys send a brand-new URL in an email to their targets to get through the
organization's email security. The other tactic is when they inject malicious code into
the website right after delivery of the email URL. This URL will get past any standard
spam solution.
2. Real-time analysis and inspection of your web traffic
First, stop malicious URLs from even getting to your users' corporate inboxes at your
gateway. Even if you have inbound email sandboxing for your corporate email, some

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

users might click on a malicious link through a personal email account, like Gmail. In
that case, your corporate email spear-phishing protection is unable to see the traffic.
Bottom line: your web security gateway needs to be intelligent, analyse content in
real time, and be 98 percent effective at stopping malware.
3. Security awareness training.
Teach your employees what good emails look like. Try to teach and show people
what bad emails tend to look like. To coincide with that teaching is testing. Perform
phishing attempts against your own staff to gauge their level of sophistication
handling phishing attempts. This will help you know if your staff is ready to handle
such intrusion. Also test your management to see if they are adequately enforcing
the policies.
Task 6. Identify and analyse at least three (3) approaches that the Te Mata
Estate company could have adopted to improve the security of network
components to prevent future security breaches.
Ans. Three Approaches that the Te Mata Estate Company should have adopted to
Improve the security of network components to prevent future security.
1. Password Security:
Good password policies must be put in place in order to ensure that passwords
cannot be compromised. Below are some of the more common policies that
organizations should put in place.
 Require complex passwords. One reason password is compromised is that
they can be easily guessed. A recent study found that the top three passwords
people used in 2012 were password, 123456 and 12345678. A password
should not be simple, or a word that can be found in a dictionary.
 Change passwords regularly. It is essential that users change their passwords
on a regular basis. Users should change their passwords every sixty to ninety
days, ensuring that any passwords that might have been stolen or guessed will
not be able to be used against the company.
 Train employees not to give away passwords. One of the primary methods that
is used to steal passwords is to simply figure them out by asking the users or
administrators. Pretexting occurs when an attacker calls a helpdesk or security
administrator and pretends to be a authorized user having trouble logging in.
2. Apply Firewalls:
 Another method that an organization should use to increase security on its
network is a firewall. A firewall can exist as hardware or software (or both). A
hardware firewall is a device that is connected to the network and filters the
packets based on a set of rules. A software firewall runs on the operating

system and intercepts packets as they arrive to a computer. A firewall protects
all company servers and computers by stopping packets from outside the
organization’s network that do not meet a strict set of criteria.
3. Work on Virtual Private Networks:
 Using firewalls and other security technologies, organizations can effectively
protect many of their information resources by making them invisible to the
outside world. But what if an employee working from home requires
access to some of these resources? What if a consultant is hired who
needs to do work on the internal corporate network from a remote
location? In these cases, a virtual private network (VPN) is called for.
 A VPN allows a user who is outside of a corporate network to take a detour
around the firewall and access the internal network from the outside. Through
a combination of software and security measures, this lets an organization
allow limited access to its networks while at the same time ensuring overall
security.
(Reference CCNP Secure-VPN/ASA)
Task 7. The finance department has to decide, based on an email, whether a
breach in the communication has occurred between the company and
suppliers. Evaluate at least three (3) recommendations/solutions that could be
given to the company regarding the security of communication and channels.
Ans. The Three solution that help to company financial department regarding
security of communication are:
1. Verify a Site’s Security – It’s natural to be a little wary about supplying sensitive
financial information online. As long as you are on a secure website, however, you
shouldn’t run into any trouble. Before submitting any information, make sure the
site’s URL begins with “https” and there should be a closed lock icon near the
address bar. Check for the site’s security certificate as well. If you get a message
stating a certain website may contain malicious files, do not open the website. Never
download files from suspicious emails or websites. Even search engines may show
certain links which may lead users to a phishing webpage which offers low cost
products. If the user makes purchases at such a website, the credit card details will
be accessed by cybercriminals.
2. Check Your Online Accounts Regularly – If you don’t visit an online account for
a while, someone could be having a field day with it. Even if you don’t technically
need to, check in with each of your online accounts on a regular basis. Get into the
habit of changing your passwords regularly too. To prevent bank phishing and credit
card phishing scams, you should personally check your statements regularly. Get
monthly statements for your financial accounts and check each and every entry
carefully to ensure no fraudulent transactions have been made without your
knowledge.

3. Use Next Generation Firewalls for Non-Tech Departments – Next–generation
firewalls act as buffers between you, your computer and outside intruders. You
should use two different kinds: a desktop firewall and a network firewall. The first
option is a type of software, and the second option is a type of hardware. When used
together, they drastically reduce the odds of hackers and phishers infiltrating your
computer or your network.
Task 8. Identify and analyse at least three (3) components of information
security operations that could have been utilised by the company in enhancing
the system security after the 2008 incident.
Ans. Three components of information security operation for system security
is AAA model:
Authentication:
Authentication is important because it enables organizations to keep their networks
secure by permitting only authenticated users (or processes) to access its protected
resources, which may include computer systems, networks, databases, websites
and other network-based applications or services.
Once authenticated, a user or process is usually subjected to an authorization
process as well, to determine whether the authenticated entity should be permitted
access to a protected resource or system. A user can be authenticated but fail to be
given access to a resource if that user was not granted permission to access it.
Authorization:
Authorization refers to the process of adding or denying individual user access to a
computer network and its resources. Users may be given different authorization
levels that limit their access to the network and associated resources. Authorization
determination may be based on geographical location restrictions, date or time-of-
day restrictions, frequency of logins or multiple logins by single individuals or entities.
Other associated types of authorization service include route assignments, IP
address filtering, bandwidth traffic management and encryption.
Accounting:
Accounting refers to the record-keeping and tracking of user activities on a computer
network. For a given time period this may include, but is not limited to, real-time
accounting of time spent accessing the network, the network services employed or
accessed, capacity and trend analysis, network cost allocations, billing data, login
data for user authentication and authorization, and the data or data amount
accessed or transferred.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Task 9. The Te Mata Estate company could have avoided the 2008 incident by
utilising vulnerabilities assessment and testing. Critically analyse how this
assessment and testing is implemented for a security system.
Ans. This Assessment can help to this company in several points:
1.Fully discover your attack surface—everything that touches your network,
and every way it might get attacked.
Organizations must cover all internal, cloud, and third-party IT assets that touch their
network and could act as an entry point for cybercriminals. This includes servers,
applications, managed IT infrastructure, and cloud assets, but also BYOD (Bring
Your own Device), Internet of Things (IoT) devices, industrial control systems (ICS),
and third-party assets from other business partners, the report noted. Businesses
should also be aware of the more than 200+ attack vectors, including phishing and
malware, that could lead to an attack.
2. Understand your overall cyber-risk and the specific business risk of each
asset if it were breached.
Most organizations have not incorporated cyber risk into their vulnerability
management program, the report found. Adding the ability to assess the cyber risk of
every asset touching your network can help determine the total cyber risk of your
enterprise, and ways to assess and improve your cybersecurity posture.
3.Use risk-based analysis to prioritize to fixed issue and IT teams should work
on, postpone, and ignore.
Since most organizations reported a gap between the number of security alerts
received and the resources available to work through them, understanding your
device and cyber risks can help prioritize what issues to fix in what order, including
unpatched software, password issues, and misconfigurations.
Task 10. Identify and analyse at least four (4) incident management practices
that the company could have applied in the 2008 incident.
Ans. The best incident management practices that the company should have
applied in the 2008 incident.
1. Offer multiple modes for incident logging.
An incident can be logged through phone calls, emails, SMS, web forms
published on the self-service portal or via live chat messages, so that
associate can log a ticket by multiple option without wasting precious time.
2. Automatically categorize and prioritize IT incidents.
Incidents can be categorized and sub-categorized based on the area of IT or
business that the incident causes a disruption in like network, hardware etc

The priority of an incident can be determined as a function of its impact and
urgency using a priority matrix. The impact of an incident denotes the degree
of damage the issue will cause to the user or business. The urgency of an
incident indicates the time within which the incident should be resolved.
Based on the priority, incidents can be categorized as Low, High, Moderate
and Critical.
3. SLA management and escalation.
While the incident is being processed, the technician needs to ensure the SLA
isn't breached. An SLA is the acceptable time within which an incident
needs response (response SLA) or resolution (resolution SLA). SLAs can be
assigned to incidents based on their parameters like category, requester,
impact, urgency etc. In cases where an SLA is about to be breached or has
already been breached, the incident can be escalated functionally or
hierarchically to ensure that it is resolved at the earliest.
4. Handle major incidents by creating unique workflows.
This plays a key role in the process of incident management by monitoring how
effective the process is, recommending improvements, and ensuring the
process is followed, among other responsibilities.
Task 11. As an IT professional working for the Te Mata Estate company,
identify and analyse at least four (4) Codes of Professional Practice of IT
Professionals in New Zealand that are deemed appropriate while responding to
the various security breaches in the company.
Ans. The codes of Professional Practice of IT Professionals are:
1.Relationship Management:
When Seeking to new Customers it ensures that a common understanding exists
throughout the organisation of its corporate objectives, market position, product lines
and development plans and that these form the basis of marketing strategy.
When Selling to Prospective Customers Do not overstate the capabilities,
performance and benefits of the proposed products or services. Ensure the
organisation has the necessary resources available to deliver on schedule. Make
your prospective client aware of any risks in your proposed solution.
Assure yourself that your prospective client will have or have access to the
necessary skills, equipment and organisation to make effective use of your proposed
solution. Identify to your prospective client any additional costs or changes
necessary to make effective use of the proposed products and services.
2. Security

Maintain a thorough understanding of relevant regulations and guidelines. Keep up
to date with the threats, vulnerabilities to those threats and the range of
countermeasures available to avoid, reduce or transfer risk.
Resist any pressure to oversimplify the risk analysis; involve personnel at all levels
within the organisation to elicit the threats and the vulnerabilities to those threats.
Ensure that the decision-makers are fully aware of all the relevant facts and the
possible consequences of their decisions.
3.Safety Engineering
At all times, take all reasonable care to ensure that your work and the consequences
of your work cause no unacceptable risk to safety. Take all reasonable steps to
make your management, and those to whom they have a duty of care, aware of the
risks you identify; make anyone overruling or neglecting your professional advice
formally aware of the consequent risks. When Building a System , Beware of novel
approaches to specification, design and implementation of knowledge-based
computing and control systems; be attentive to their attendant problems of
verification, validation and the effect on safety- related operation.
4.Quality Management
Express the organisation's commitment to quality through a clear and concisely
written quality policy. Make all members of the organisation aware of the quality
policy. Provide a means for all members of the organisation to find standards and
procedures applicable to their work. Make a clear distinction between mandatory,
optional and advisory standards.
When Constructing New Quality Standards Involve those who will follow the new
standards in the writing and reviewing. Keep the language simple avoid jargon
wherever possible.
(Reference - IITP Code of Good Practice circa 1972)
Task 12. Examine the IT Professionals New Zealand’s Code of Ethics and
discuss how it is related to the case study.
Ans. The Code of ethics that can relate to this case Study are:
1. Good faith – Associate shall treat people with dignity, good faith and equality,
without discrimination, and have consideration for the values and cultural sensitivities
of all groups within the community affected by their work. So that each employee
should get respect in their own domain and never pretend to do anything that is
wrong in favour of company.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

2. Integrity – Employers shall act in the execution of their profession with integrity,
dignity and honour to merit the trust of the community and the profession, and apply
honesty, skill, judgement and initiative to contribute positively to the well-being of
company society.
3. Skills - Members shall apply their skills and knowledge in the interests of their
clients or employers for whom they will act without compromising any other of these
Tenets. Employee shall use their skills and talent in respect of company to give
future benefits. A skilled employee is always a valuable asset for a company.
4. Continuous Development – Developers should develop their knowledge, skills
and expertise continuously through their careers, contribute to the collective wisdom
of the profession, and actively encourage their associates to do likewise.
Development is very crucial part for reducing a risk for a company.
5. Competence - Members shall follow recognised professional practice and provide
services and advice carefully and diligently only within their areas of competence.
(Reference - IITP Code of Professional Conduct)

1 out of 11

+13062052269

info@desklib.com

Maintaining SLAs While Handling Major Incidents

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Understanding and Prioritizing Cybersecurity Alerts

Cyber-Risk Assessment and Incident Management

Four Incident Management Practices to Fix in Order

Risk Analysis in Software Development

Signs of a Network Data Breach & How to Prevent One

Cybersecurity Threat Name of the Student