Cybersecurity Report: Threats, Business Continuity, and Security
VerifiedAdded on 2023/01/11
|27
|5578
|23
Report
AI Summary
This cybersecurity report provides an in-depth analysis of various threats and potential solutions, focusing on business continuity management (BCM) and its importance in mitigating risks. The report explores the BCM framework, its advantages, and the critical role of top management support and effective training. It details different types of cyber threats, including viruses, malware, spamming, data theft, spyware, rootkits, and man-in-the-middle attacks. The report also discusses various platforms for data backup, such as hot, warm, and cold sites, and their respective advantages and disadvantages. Furthermore, it covers access control, incident response, auditing, and physical and environmental procedures. The report also addresses how to prevent hackers from finding and reading files, emphasizing the importance of security measures like using encrypted wireless keys, installing anti-malware software, and practicing safe email habits. This report provides a comprehensive overview of cybersecurity concepts and practical solutions to safeguard systems from potential threats.
Cybersecurity
1
1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
Introduction...................................................................................................3
L01...............................................................................................................4
P1..............................................................................................................4
P2..............................................................................................................6
Lo2...............................................................................................................7
P3.................................................................................................................7
1.................................................................................................................7
2.................................................................................................................7
3.................................................................................................................8
P4.................................................................................................................8
Lo3...............................................................................................................9
P5..............................................................................................................9
P6..............................................................................................................9
Lo4.............................................................................................................10
P7............................................................................................................10
P8............................................................................................................10
Conclusion..................................................................................................11
References.................................................................................................12
2
Introduction...................................................................................................3
L01...............................................................................................................4
P1..............................................................................................................4
P2..............................................................................................................6
Lo2...............................................................................................................7
P3.................................................................................................................7
1.................................................................................................................7
2.................................................................................................................7
3.................................................................................................................8
P4.................................................................................................................8
Lo3...............................................................................................................9
P5..............................................................................................................9
P6..............................................................................................................9
Lo4.............................................................................................................10
P7............................................................................................................10
P8............................................................................................................10
Conclusion..................................................................................................11
References.................................................................................................12
2
Introduction
This assessment provides information about the threats of security that can
be faced at a maximum level in the present scenario. This assessment
represents the possible solutions that can be used by users to protect their
systems from hackers. There is a discussion of four tasks. The report will
initiate with task 1 discussion that provides data about the management of
business continuity. In the next phase, this report will discuss 3 different
task which deals with cybersecurity concept. The topics covered in this
report are management of business continuity, techniques for security,
controlling of security & social engineering.
Figure 1: Cyber security breach
3
This assessment provides information about the threats of security that can
be faced at a maximum level in the present scenario. This assessment
represents the possible solutions that can be used by users to protect their
systems from hackers. There is a discussion of four tasks. The report will
initiate with task 1 discussion that provides data about the management of
business continuity. In the next phase, this report will discuss 3 different
task which deals with cybersecurity concept. The topics covered in this
report are management of business continuity, techniques for security,
controlling of security & social engineering.
Figure 1: Cyber security breach
3
You're viewing a preview
Unlock full access by subscribing today!
L01.
P1
Business Continuity Management: The substructure used for knowing
the risk of disclosure of an organization to external risk and internal risk is
referred to as a business continuity management framework. BCM can
react to threats like data breaches and also the business interest of the
organization. It also consists of recovery from disaster, emergency,
business recovery, incident, and the hazards of management(Goff, 2017).
4
P1
Business Continuity Management: The substructure used for knowing
the risk of disclosure of an organization to external risk and internal risk is
referred to as a business continuity management framework. BCM can
react to threats like data breaches and also the business interest of the
organization. It also consists of recovery from disaster, emergency,
business recovery, incident, and the hazards of management(Goff, 2017).
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Figure 2: Business continuity management
Some of the advantages of BCM are discussed below:
It can reduce the risk of loss due to finances, and with that, an
organization disturbance effect can be lowered as well.
It provides constitutional and legal duties.
For getting over with the corrupted or critical systems in a fixed
period, BCM can be used.
BCM also calculates the level of compliance to International Business
Continuity (IBM) standards through the Business Continuity Institute
(BCI).
5
Some of the advantages of BCM are discussed below:
It can reduce the risk of loss due to finances, and with that, an
organization disturbance effect can be lowered as well.
It provides constitutional and legal duties.
For getting over with the corrupted or critical systems in a fixed
period, BCM can be used.
BCM also calculates the level of compliance to International Business
Continuity (IBM) standards through the Business Continuity Institute
(BCI).
5
All the different countries and various organizations are interested in the
implementation of BCM. The reason behind that is, BCM can control all the
threats of the organization. However, for each organization due to the
tough competitive pressure, BCM has become the best high-interest topic,
the reason being the nonstop business. BCM's importance in an
organization is due to many great reasons. Some of the reasons are
discussed below:
a. ‘Top Management Support’, for better implementation of BCM on any
company this is the first important factor. If any company has this
factor than there will be no obstacles in implementing BCM in any
company because it would be funded sufficiently and that’s enough
for enduring the program of the company.
b. 'Ability to deliver the best effective training', for an organization's
implementation this the second important factor. The staff of the
organization gets the best training regarding the use of the system by
the trainers. This step minimizes the level of threats.
c. Companies or organization that supports IT (Information Technology)
department can also get BCM implemented in their company. That
means it is not limited to the IT sector only.
d. For better and flexible delivery of the good to the client, many
companies or businesses use this program.
e. Every staff member of different departments of an organization at
each level must be able to do their job honestly, that is why
awareness is also an essential factor of BCM.
Every business that uses that uses their systems over internet are
surrounded with various risks such as:
6
implementation of BCM. The reason behind that is, BCM can control all the
threats of the organization. However, for each organization due to the
tough competitive pressure, BCM has become the best high-interest topic,
the reason being the nonstop business. BCM's importance in an
organization is due to many great reasons. Some of the reasons are
discussed below:
a. ‘Top Management Support’, for better implementation of BCM on any
company this is the first important factor. If any company has this
factor than there will be no obstacles in implementing BCM in any
company because it would be funded sufficiently and that’s enough
for enduring the program of the company.
b. 'Ability to deliver the best effective training', for an organization's
implementation this the second important factor. The staff of the
organization gets the best training regarding the use of the system by
the trainers. This step minimizes the level of threats.
c. Companies or organization that supports IT (Information Technology)
department can also get BCM implemented in their company. That
means it is not limited to the IT sector only.
d. For better and flexible delivery of the good to the client, many
companies or businesses use this program.
e. Every staff member of different departments of an organization at
each level must be able to do their job honestly, that is why
awareness is also an essential factor of BCM.
Every business that uses that uses their systems over internet are
surrounded with various risks such as:
6
You're viewing a preview
Unlock full access by subscribing today!
1. Virus: These are the malicious files that were entered into the client
system by the hacker to steal data and harm system resources.
2. Malware: These are the type of virus that are known specially for
stealing information from user’s system.
3. Spamming: In this type of risk the user is redirected to the similar
looking website that the user is used to of and steal the information
related to their login credentials, credit card information and more.
4. Data theft: In this type of threat the user data is steal by the hacker
from the users system without knowing the user with the help of
various malicious software.
5. Spyware: it gathers information of user and transmit it to third party
which is unauthorized. It works similar as other forms of malware in
which it takes benefit of web browser and software vulnerabilities.
Due to its undetectable and embedded features, its host might
convince user that it is a legal website, program or email which
convince user to check the link and download a program in order to
get access. It is designed to eliminate detection but can have issues
like increase pop ups, slow computer performance, frequent
unexpected browsing searches etc. It is the most prevalent network
risk which can infect complete network through one computer as well
as can convey crucial information or data back to the attacker (Dalby,
2016).
6. Rootkit: it is a software tools collection that allow administration level
access and remote control over computer networks a computer.
When remote access is acquired once, the rootkit can carry out
various malicious actions which are equipped with antivirus disablers,
password stealers and key loggers. These are installed by hiding
7
system by the hacker to steal data and harm system resources.
2. Malware: These are the type of virus that are known specially for
stealing information from user’s system.
3. Spamming: In this type of risk the user is redirected to the similar
looking website that the user is used to of and steal the information
related to their login credentials, credit card information and more.
4. Data theft: In this type of threat the user data is steal by the hacker
from the users system without knowing the user with the help of
various malicious software.
5. Spyware: it gathers information of user and transmit it to third party
which is unauthorized. It works similar as other forms of malware in
which it takes benefit of web browser and software vulnerabilities.
Due to its undetectable and embedded features, its host might
convince user that it is a legal website, program or email which
convince user to check the link and download a program in order to
get access. It is designed to eliminate detection but can have issues
like increase pop ups, slow computer performance, frequent
unexpected browsing searches etc. It is the most prevalent network
risk which can infect complete network through one computer as well
as can convey crucial information or data back to the attacker (Dalby,
2016).
6. Rootkit: it is a software tools collection that allow administration level
access and remote control over computer networks a computer.
When remote access is acquired once, the rootkit can carry out
various malicious actions which are equipped with antivirus disablers,
password stealers and key loggers. These are installed by hiding
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
legal software. When a business give permission to that software in
order to make changes to operating system, the rootkit installs itself
in system and wait for hacker to active it.
7. Man in the middle attacks: these are the cyber security attacks
which enable attacker to eavesdrop on interaction between two
targets. This attack occurs when attackers want to interrupt a
communication between individual A and individual B. Individual A
send public key to individual B, yet attacker intercepts it and a forged
message is sent to individual B, representing themselves as A.
Apart from these, there are certain another risks including unauthorised
use of a system, damage to or destruction of physical system
environment and asset, destruction of data or code outside or inside the
system, unauthorised copying or removal of data from a system,
naturally occurring risks etc. All these are the other types of risks for
organisation (Nathan, and Scobell, 2015).
8
order to make changes to operating system, the rootkit installs itself
in system and wait for hacker to active it.
7. Man in the middle attacks: these are the cyber security attacks
which enable attacker to eavesdrop on interaction between two
targets. This attack occurs when attackers want to interrupt a
communication between individual A and individual B. Individual A
send public key to individual B, yet attacker intercepts it and a forged
message is sent to individual B, representing themselves as A.
Apart from these, there are certain another risks including unauthorised
use of a system, damage to or destruction of physical system
environment and asset, destruction of data or code outside or inside the
system, unauthorised copying or removal of data from a system,
naturally occurring risks etc. All these are the other types of risks for
organisation (Nathan, and Scobell, 2015).
8
P2
Given below are the platforms available for a different organization for
backing up their important data:
1. HOT SITE:
A hot site is also referred to as a backup site that runs continuously.
This site helps the company to maintain its business process and
perform its operations normally. This will take very little time after
facing any threat or risk. The hot site helps to arrange the business
operations of the company that will be arranged with cloud
technology. A hot site related to the main concept is that it will always
work in online mode & perform all operations vastly. The overall hot
site has to be furnished and connected with appropriate hardware,
software, network & effective internet connection. At this, continuous
back up of data has been taken at the constant tome. The hot site is
not looking the same as the normal sites within an organization due
to disasters happening within an organization as they affect the site.
Hence, hot sites have been used because of its additional
features(wpadmin, 2016).
2. Warm site:
This site is also referred to as the backup file but it seems to differ
with the hot site as per the difference of its equipped. The warm site
has been furnished with the power, network, or the phone. The user
of warm sit works with different resources as it works over multiple
servers. A warm site is not working as same as the hot site as it
responds after some delay as compared to the hot site. The warm
site uses organization can easily affect by the disasters as it takes
9
Given below are the platforms available for a different organization for
backing up their important data:
1. HOT SITE:
A hot site is also referred to as a backup site that runs continuously.
This site helps the company to maintain its business process and
perform its operations normally. This will take very little time after
facing any threat or risk. The hot site helps to arrange the business
operations of the company that will be arranged with cloud
technology. A hot site related to the main concept is that it will always
work in online mode & perform all operations vastly. The overall hot
site has to be furnished and connected with appropriate hardware,
software, network & effective internet connection. At this, continuous
back up of data has been taken at the constant tome. The hot site is
not looking the same as the normal sites within an organization due
to disasters happening within an organization as they affect the site.
Hence, hot sites have been used because of its additional
features(wpadmin, 2016).
2. Warm site:
This site is also referred to as the backup file but it seems to differ
with the hot site as per the difference of its equipped. The warm site
has been furnished with the power, network, or the phone. The user
of warm sit works with different resources as it works over multiple
servers. A warm site is not working as same as the hot site as it
responds after some delay as compared to the hot site. The warm
site uses organization can easily affect by the disasters as it takes
9
You're viewing a preview
Unlock full access by subscribing today!
time to service operations. Its main advantage is that this site is not
costly.
3. Cold site:
A cold site is also referred to as the backup file but it offers very fewer
facilities as compared with the other sites. The switch-off time from an
affection of disaster is very less as compared with both warm and hot
sites. This site provides an effective benefit that it is cheaper from all
other options. This site has to be furnished with tables, chairs,
bathrooms & some technical facilities that are associated with the
organization functioning.
this is also a backup file but it provides fewer facilities than among
other sites such as hot and warm. This site takes more time to switch
over from the disaster affected to the cold site. The main advantage
of this site is that it is the cheapest option. This site is furnished with
chairs, bathrooms, tables, and basic technical facilities but it takes
more than a week to set up correctly and then starts the operation
from this site.
Access control: these are the procedures that can be utilized to
have duties separation among individuals charged with monitoring
and operating the system. These processes are where a business
can show that database managers must not be seeing firewall logs.
Incident response: this type of process covers each thing from
detection to the way to address an incident. Incident response
procedures must discuss the way to involve administration in the
response and when to include law enforcement (Peoples and
Vaughan-Williams, 2014).
10
costly.
3. Cold site:
A cold site is also referred to as the backup file but it offers very fewer
facilities as compared with the other sites. The switch-off time from an
affection of disaster is very less as compared with both warm and hot
sites. This site provides an effective benefit that it is cheaper from all
other options. This site has to be furnished with tables, chairs,
bathrooms & some technical facilities that are associated with the
organization functioning.
this is also a backup file but it provides fewer facilities than among
other sites such as hot and warm. This site takes more time to switch
over from the disaster affected to the cold site. The main advantage
of this site is that it is the cheapest option. This site is furnished with
chairs, bathrooms, tables, and basic technical facilities but it takes
more than a week to set up correctly and then starts the operation
from this site.
Access control: these are the procedures that can be utilized to
have duties separation among individuals charged with monitoring
and operating the system. These processes are where a business
can show that database managers must not be seeing firewall logs.
Incident response: this type of process covers each thing from
detection to the way to address an incident. Incident response
procedures must discuss the way to involve administration in the
response and when to include law enforcement (Peoples and
Vaughan-Williams, 2014).
10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Auditing: this procedure can involve what to audit, the way to
manage audit logs as well as the objective of what is being audited.
Work processes and procedures: workforce of a company must be
enough capable to secure their workstations when they are not in
use. A process of logging off can be imposed by policy before leaving
workstation.
Physical and environmental: the physical and environmental
procedures not only cover environmental controls and air conditioning
in rooms where other equipment and servers are stored, but also
Ethernet cable shielding in order to prevent them of being trapped.
Administrative procedure: this procedure can be utilizing to have
duty separation among individuals charged which monitoring and
operating the systems. These procedures or processes are where a
business can show that the administrators of database must be
seeing the fire wall logs (Schneier, 2015).
The concern of network administrators regarding security of
networks is increasing when they are expose to networking
infrastructure and private date of organisation to internet crackers.
Firewall security policy is act as safeguard to control access between
less trusted and trusted network. Firewall is not a sole component,
yet it is a strategy that helps an organisation in protecting its internet
reachable resources. It also supports in securing segments of intranet
of organisation. It enforces a security policy that helps in securing the
data of business (Ang, Choong, and Ng, 2015).
11
manage audit logs as well as the objective of what is being audited.
Work processes and procedures: workforce of a company must be
enough capable to secure their workstations when they are not in
use. A process of logging off can be imposed by policy before leaving
workstation.
Physical and environmental: the physical and environmental
procedures not only cover environmental controls and air conditioning
in rooms where other equipment and servers are stored, but also
Ethernet cable shielding in order to prevent them of being trapped.
Administrative procedure: this procedure can be utilizing to have
duty separation among individuals charged which monitoring and
operating the systems. These procedures or processes are where a
business can show that the administrators of database must be
seeing the fire wall logs (Schneier, 2015).
The concern of network administrators regarding security of
networks is increasing when they are expose to networking
infrastructure and private date of organisation to internet crackers.
Firewall security policy is act as safeguard to control access between
less trusted and trusted network. Firewall is not a sole component,
yet it is a strategy that helps an organisation in protecting its internet
reachable resources. It also supports in securing segments of intranet
of organisation. It enforces a security policy that helps in securing the
data of business (Ang, Choong, and Ng, 2015).
11
Lo2
P3
1.
Prevent hackers from finding a file.If a user is intending to sell one of the
data storage units, you erase all sensitive details and important information.
For removing the hard drive, D-ban may be included. And you can face
other problems if you are trying to access the data. It serves to eliminate
knowledge by extracting platters of preserved data or even then deleting
them.
i. It’s easier to find a file if someone is using open Wi-Fi on a router
because hackers can steal and control your connection. The use of
encrypted wireless keys will avoid this hazard. Every few years it can
also be helpful to refresh or replace equipment. New routers assist
with regular password changes and allow wireless connectivity to be
segregated(Osborne and Whittaker, 2019).
ii. Installation of anti-malware software has been performed from getting
rid by the risk of ransomware, viruses & spyware. This will help in
maintaining the file safely. AI technology has been used for this
concept because it is a very popular technology nowadays and
provides effective features.
2.
Prevent hackers from reading a file. Cybercriminals are smart; they often
use phishing to read a file of somebody. It is up to a person to do it safely,
like emailing intelligently, whatever job one does. Check for the email from
an actual individual or company that says or may not give it. Pay heed, if
12
P3
1.
Prevent hackers from finding a file.If a user is intending to sell one of the
data storage units, you erase all sensitive details and important information.
For removing the hard drive, D-ban may be included. And you can face
other problems if you are trying to access the data. It serves to eliminate
knowledge by extracting platters of preserved data or even then deleting
them.
i. It’s easier to find a file if someone is using open Wi-Fi on a router
because hackers can steal and control your connection. The use of
encrypted wireless keys will avoid this hazard. Every few years it can
also be helpful to refresh or replace equipment. New routers assist
with regular password changes and allow wireless connectivity to be
segregated(Osborne and Whittaker, 2019).
ii. Installation of anti-malware software has been performed from getting
rid by the risk of ransomware, viruses & spyware. This will help in
maintaining the file safely. AI technology has been used for this
concept because it is a very popular technology nowadays and
provides effective features.
2.
Prevent hackers from reading a file. Cybercriminals are smart; they often
use phishing to read a file of somebody. It is up to a person to do it safely,
like emailing intelligently, whatever job one does. Check for the email from
an actual individual or company that says or may not give it. Pay heed, if
12
You're viewing a preview
Unlock full access by subscribing today!
not aware of the author, to the unusual structure of sentences as well as
sizes. If one does not always have full confidence in a topic on-site,
whether anyone posted it on the scammed tag.
i. Logging into a Website is necessary for accessing specific
functionality on a website either for making a message. Please note
that, if this requires any sort of computer authorization, remove this
access after finishing the job. Service links are broken as well as
spamming the key account is a convenient route.
ii. Do use cloud storage wisely, because very little cloud storage
includes data protection at rest. Under Taggart's view, irrespective of
whether the data is split, cloud-based data is not the same as one the
user stored in it(Osborne and Whittaker, 2019).
3.
Enable alteration of a file by a hacker to be detected.Hackers can easily
attack a user device & collect personal information in case when a user
opened any phished email. Hackers can trap out these emails for their use.
i. By connecting the insecure network, the user's device in the risk of
hacking. It means that all data present at the system get hacked by a
third-party. Hackers use this method for monitoring user activities and
steal their data.
ii. The next way is to malicious apps that hackers will use to detect files
over the user system. These apps are present over Google play store
and have a malicious code that will activate at download time.
Firewall is referred as network security system which assess and
check the entire data that come in the network of business or goes
13
sizes. If one does not always have full confidence in a topic on-site,
whether anyone posted it on the scammed tag.
i. Logging into a Website is necessary for accessing specific
functionality on a website either for making a message. Please note
that, if this requires any sort of computer authorization, remove this
access after finishing the job. Service links are broken as well as
spamming the key account is a convenient route.
ii. Do use cloud storage wisely, because very little cloud storage
includes data protection at rest. Under Taggart's view, irrespective of
whether the data is split, cloud-based data is not the same as one the
user stored in it(Osborne and Whittaker, 2019).
3.
Enable alteration of a file by a hacker to be detected.Hackers can easily
attack a user device & collect personal information in case when a user
opened any phished email. Hackers can trap out these emails for their use.
i. By connecting the insecure network, the user's device in the risk of
hacking. It means that all data present at the system get hacked by a
third-party. Hackers use this method for monitoring user activities and
steal their data.
ii. The next way is to malicious apps that hackers will use to detect files
over the user system. These apps are present over Google play store
and have a malicious code that will activate at download time.
Firewall is referred as network security system which assess and
check the entire data that come in the network of business or goes
13
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
outside from it on the basis of advance as well as defined set of
policies associated with security (Fierke, 2015). The network security
device works as a protective cover for internal network. Basically,
software firewall is one of the program which is installed in the
systems of business in order to communicate safely and securely
over the network. It prevents the system of business from entering of
risk from other network. For execution, hardware firewall requires a
server, so it is expensive and utilized in in the organisation which is of
large size. Router and internet connection are the two components
between which the device is placed. As system of business is
connected with other networks, and various uses can accept them, it
can be a target two threads (Perlman, Kaufman and Speciner, 2016).
Different malwares, worms and viruses can enter to system through
other networks which provides hackers to get unauthorized access to
system if it is not secured. The network security device supports to
develop virtual DMZ server for business that helps in protecting the
actual server from being infected or damaged.
If the system is configured incorrectly, then the user may see error
message. Many unlike things can happen because of a poorly configured
firewall, nevertheless it primarily outcomes into two negative outcomes.
One is that the desired traffic doesn’t reach its envisioned destination. It
was blocked, it could not be routed at all or it was routed to incorrect
destination. The second one is that undesirable traffic ranges a destination
it must not.
14
policies associated with security (Fierke, 2015). The network security
device works as a protective cover for internal network. Basically,
software firewall is one of the program which is installed in the
systems of business in order to communicate safely and securely
over the network. It prevents the system of business from entering of
risk from other network. For execution, hardware firewall requires a
server, so it is expensive and utilized in in the organisation which is of
large size. Router and internet connection are the two components
between which the device is placed. As system of business is
connected with other networks, and various uses can accept them, it
can be a target two threads (Perlman, Kaufman and Speciner, 2016).
Different malwares, worms and viruses can enter to system through
other networks which provides hackers to get unauthorized access to
system if it is not secured. The network security device supports to
develop virtual DMZ server for business that helps in protecting the
actual server from being infected or damaged.
If the system is configured incorrectly, then the user may see error
message. Many unlike things can happen because of a poorly configured
firewall, nevertheless it primarily outcomes into two negative outcomes.
One is that the desired traffic doesn’t reach its envisioned destination. It
was blocked, it could not be routed at all or it was routed to incorrect
destination. The second one is that undesirable traffic ranges a destination
it must not.
14
P4
As per the above discussion or evaluation of key points, it has been
analyzed that there are very fewer possibilities for hackers to hack out the
important data. Still, there are some ideas which hackers can be used to
hack data as they become clever. To get rid of those aspects, there is a
requirement to take effective precautions by side of the user. Hackers can
still out the user information in case if all tactics get failed(KINZIE, 2019).
The best option, in this case, is the data encryption that can help the users
to save their data from hackers. Encryption has been done for anything; it
may be the USB based flash drive, hard drives, etc along with conduct
encryption of web traffic using VPN.
The organization can prevent their network from hacker by implementing
the DMZ in their system.
15
As per the above discussion or evaluation of key points, it has been
analyzed that there are very fewer possibilities for hackers to hack out the
important data. Still, there are some ideas which hackers can be used to
hack data as they become clever. To get rid of those aspects, there is a
requirement to take effective precautions by side of the user. Hackers can
still out the user information in case if all tactics get failed(KINZIE, 2019).
The best option, in this case, is the data encryption that can help the users
to save their data from hackers. Encryption has been done for anything; it
may be the USB based flash drive, hard drives, etc along with conduct
encryption of web traffic using VPN.
The organization can prevent their network from hacker by implementing
the DMZ in their system.
15
You're viewing a preview
Unlock full access by subscribing today!
In the computer security, demilitarized zone (DMZ) is the logical or
physical subnetwork that involves and exposes external-facing services of
business to an untrusted and usually larger network like the Internet.
These are proposed to function as a kind of buffer zone amid public
internet and private network.
Network address translation (NAT) enables a router to transform packets to
enable for numerous devices to share a solitary public IP address.
An Internet Protocol address is referred as a numerical label allocated to
individually device linked to a network of computer that utilizes the Internet
Protocol in order to communicate. An IP address helps with two main
functions: one is network or host interface identification, the another is
location addressing.
Lo3
P5
As per ISO 27001, the risk assessment processes are explored as
under:
1. Risk Identification: The very first stage in context of risk assessment
is identifying the potential risk factors. These could be the potential
methods which could be used to breach cyber security, such as
hacking, firewall breach, data manipulation, etc.
2. Risk Analysis and Owners: The second step requires the firm to
analyze the causes and sources of the risks that are identified, along
with their likelihood. Along with this, the stage also involves in
identifying individuals who are responsible towards managing the
same.
3. Risk Calculation: This stage is associated with the method through
which the risks and their intensity would be calculated, which would
then be segregated appropriately within categories for prioritization.
Moreover, calculations would also be made for determining their
acceptance criteria of the risks.
16
physical subnetwork that involves and exposes external-facing services of
business to an untrusted and usually larger network like the Internet.
These are proposed to function as a kind of buffer zone amid public
internet and private network.
Network address translation (NAT) enables a router to transform packets to
enable for numerous devices to share a solitary public IP address.
An Internet Protocol address is referred as a numerical label allocated to
individually device linked to a network of computer that utilizes the Internet
Protocol in order to communicate. An IP address helps with two main
functions: one is network or host interface identification, the another is
location addressing.
Lo3
P5
As per ISO 27001, the risk assessment processes are explored as
under:
1. Risk Identification: The very first stage in context of risk assessment
is identifying the potential risk factors. These could be the potential
methods which could be used to breach cyber security, such as
hacking, firewall breach, data manipulation, etc.
2. Risk Analysis and Owners: The second step requires the firm to
analyze the causes and sources of the risks that are identified, along
with their likelihood. Along with this, the stage also involves in
identifying individuals who are responsible towards managing the
same.
3. Risk Calculation: This stage is associated with the method through
which the risks and their intensity would be calculated, which would
then be segregated appropriately within categories for prioritization.
Moreover, calculations would also be made for determining their
acceptance criteria of the risks.
16
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4. Risk Treatment and Monitoring: The last step of the overall plan is
associated with treating the risks by determining the safeguarding
measures, communicating and consulting the same with stakeholders
and lastly applying the same over the risk areas to ensure that no
type of cyber security issue takes place within the organization.
P6
There are several processes and regulations which are related to
Data Protection within a company and are important to be taken into
consideration in order to develop a competent, relevant and valid
procedure towards protecting the information. Therefore, in regards to this,
below is the procedure and legislation governing data protection:
Process:
The very first step of this process is related to determining the
whereabouts of the data effectively.
Second step of the process would be to formulate policy associated
with need-to-know basis towards accessing the information.
After the procedure is formulated, then the organization is then
required to include better and more severe methods towards
protecting their data stored through cloud computing. Different
methods such as Firewall enhancement or encryption could be used
by the firm to ensure that the data stays protected.
The last step of the overall process would be to monitor the
effectiveness of these systems, along with education to the
employees in this regard.
Legislation:
Data Protection Act, 2018: One of the most crucial legislative acts
that are related to safeguarding of information is Data Protection Act,
2018. This act has described a range of provisions and regulatory
necessities which is related to processing of information. Therefore,
as per this act, data must be processed in a very appropriate and
lawful manner, adhering to the rights of the individual or company
data of which is being used.
17
associated with treating the risks by determining the safeguarding
measures, communicating and consulting the same with stakeholders
and lastly applying the same over the risk areas to ensure that no
type of cyber security issue takes place within the organization.
P6
There are several processes and regulations which are related to
Data Protection within a company and are important to be taken into
consideration in order to develop a competent, relevant and valid
procedure towards protecting the information. Therefore, in regards to this,
below is the procedure and legislation governing data protection:
Process:
The very first step of this process is related to determining the
whereabouts of the data effectively.
Second step of the process would be to formulate policy associated
with need-to-know basis towards accessing the information.
After the procedure is formulated, then the organization is then
required to include better and more severe methods towards
protecting their data stored through cloud computing. Different
methods such as Firewall enhancement or encryption could be used
by the firm to ensure that the data stays protected.
The last step of the overall process would be to monitor the
effectiveness of these systems, along with education to the
employees in this regard.
Legislation:
Data Protection Act, 2018: One of the most crucial legislative acts
that are related to safeguarding of information is Data Protection Act,
2018. This act has described a range of provisions and regulatory
necessities which is related to processing of information. Therefore,
as per this act, data must be processed in a very appropriate and
lawful manner, adhering to the rights of the individual or company
data of which is being used.
17
General Data Protection Regulation: This act extends the rights of
an individual in relation to the information and places various
obligations that are related to the personal data protection of a person
or an organization. Moreover, it also requires the organization to
follow certain imperative and essential concepts of the Data
Protection Act such as Transparent Processing of data, ensured
accuracy, determined periods of data retention, proper encryption
and so forth.
Lo4
P7
Social engineering: It is an occurrence that depends on comprehensively
over the announcement of social along with functioning individuals. It also
depends upon obsessed by the opening of the uncomplicated safety
technique besides the finest exercise to improve the admission to a
system, arrangement, as well as a fleshly position.
Few methods that are used in social engineering which are explained
below:
Pretexting: This is the method in which the attacker attacks over the
network or system to steal the data. This data can be misused by the
attacker. The methods estimate the ability of the attacker to steal the data.
Moreover, the security level of the method is also tested in this way.
Phishing: The social media is the biggest pate form wherein all the true
and fake people upload the data. The attackers used these plate forms
such as social media, messages, and e-mails. These plate forms consist of
the information by using URL in order to negotiation their arrangement.
Watering hole: It is also a significant occurrence that contains a hateful
puzzle interested in the community network gateway network piece of
paper. The intention is to mark the limited operator that official visit the web
pages.
18
an individual in relation to the information and places various
obligations that are related to the personal data protection of a person
or an organization. Moreover, it also requires the organization to
follow certain imperative and essential concepts of the Data
Protection Act such as Transparent Processing of data, ensured
accuracy, determined periods of data retention, proper encryption
and so forth.
Lo4
P7
Social engineering: It is an occurrence that depends on comprehensively
over the announcement of social along with functioning individuals. It also
depends upon obsessed by the opening of the uncomplicated safety
technique besides the finest exercise to improve the admission to a
system, arrangement, as well as a fleshly position.
Few methods that are used in social engineering which are explained
below:
Pretexting: This is the method in which the attacker attacks over the
network or system to steal the data. This data can be misused by the
attacker. The methods estimate the ability of the attacker to steal the data.
Moreover, the security level of the method is also tested in this way.
Phishing: The social media is the biggest pate form wherein all the true
and fake people upload the data. The attackers used these plate forms
such as social media, messages, and e-mails. These plate forms consist of
the information by using URL in order to negotiation their arrangement.
Watering hole: It is also a significant occurrence that contains a hateful
puzzle interested in the community network gateway network piece of
paper. The intention is to mark the limited operator that official visit the web
pages.
18
You're viewing a preview
Unlock full access by subscribing today!
A policy document is the one which is related to specific rules,
guidance, as well as regulations that are necessary for the whole company
to follow by the overall company. In relation to the data protection, a
security policy document is explored below:
Policy Statement
This policy is associated towards
securing the personal data and
information related to employees
and customers within the company,
along with adhering to various risks
and contingencies towards
determining the strategies towards
addressing the issues associated
with Cyber Security
Policy Scope
The scope of this policy is quite
wide, as it not only includes the
R&D Department of the company,
rather each department and units of
the firm whose data is stored in the
cloud computing systems of the
firm.
Objectives
Ensuring the confidentiality
and security of information
related to client and
employees
Protection against any sort of
anticipated risk or threats to
the security of above
mentioned information
Protection against
unauthorized access which
could lead to future
inconveniences to the
members and the company
as a whole.
Responsibilities This policy applies to each and
every employee in the company, as
well as other individuals too who
19
guidance, as well as regulations that are necessary for the whole company
to follow by the overall company. In relation to the data protection, a
security policy document is explored below:
Policy Statement
This policy is associated towards
securing the personal data and
information related to employees
and customers within the company,
along with adhering to various risks
and contingencies towards
determining the strategies towards
addressing the issues associated
with Cyber Security
Policy Scope
The scope of this policy is quite
wide, as it not only includes the
R&D Department of the company,
rather each department and units of
the firm whose data is stored in the
cloud computing systems of the
firm.
Objectives
Ensuring the confidentiality
and security of information
related to client and
employees
Protection against any sort of
anticipated risk or threats to
the security of above
mentioned information
Protection against
unauthorized access which
could lead to future
inconveniences to the
members and the company
as a whole.
Responsibilities This policy applies to each and
every employee in the company, as
well as other individuals too who
19
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
have the legitimate rights towards
accessing, as well as using the
information within the firm’s
systems.
System Access
Within this policy, the access of the
overall system, inclusive of internal
email and browser would be with
the departmental heads only.
Moreover the new protected
software would be upgraded
fortnightly with new passwords
communicated to the heads
respectively.
Risk Assessment
There are various standards which
the policy would be adhered to,
such as ISO/IEC 17799:2005,
which governs the security of the
overall information systems, human
resources, operations
management, compliance and
development and management of
new solutions.
Information of Responsibilities
The colleagues under this policy
would be communicated about their
security responsibilities through
interview sessions, where their
understanding of the processes
being involved would also be
ensured.
Risk management Process
The risk management process
involves identification, evaluation,
implementation and following of
several security risk areas as per
ISO 31000 standards. The risk area
in question would be related to
cyber security and data handling
which would be given top priority.
Security tools There are various security tools that
would be used in order to ensure an
effective implementation of the
20
accessing, as well as using the
information within the firm’s
systems.
System Access
Within this policy, the access of the
overall system, inclusive of internal
email and browser would be with
the departmental heads only.
Moreover the new protected
software would be upgraded
fortnightly with new passwords
communicated to the heads
respectively.
Risk Assessment
There are various standards which
the policy would be adhered to,
such as ISO/IEC 17799:2005,
which governs the security of the
overall information systems, human
resources, operations
management, compliance and
development and management of
new solutions.
Information of Responsibilities
The colleagues under this policy
would be communicated about their
security responsibilities through
interview sessions, where their
understanding of the processes
being involved would also be
ensured.
Risk management Process
The risk management process
involves identification, evaluation,
implementation and following of
several security risk areas as per
ISO 31000 standards. The risk area
in question would be related to
cyber security and data handling
which would be given top priority.
Security tools There are various security tools that
would be used in order to ensure an
effective implementation of the
20
overall policy. For example, each
individual in the company will have
their separate profiles that would be
protected with passwords.
Moreover, to promote a limited
access to resources, each sensitive
resource would be directly under
the authorization and supervision of
the departmental health. In addition,
simulation programs would be used
to train employees in a better
manner towards handling these
elements effectively.
Audits
The cloud system and user profiles
would be audited internally every
month and externally twice
annually. The purpose for the same
is to ensure that ethical framework
is being followed by all the
individuals, along with efficiency
check for the systems installed in
the firm.
P8
There are many methods through which attackers can be detected. They
are:
Email bluffing
By securing the systems
Research conducted for the sources
Do not click any URL.
Study and analyze before clicking over any URL.
Do not download any unnecessary files.
Avoid seeking any ads or gifts.
21
individual in the company will have
their separate profiles that would be
protected with passwords.
Moreover, to promote a limited
access to resources, each sensitive
resource would be directly under
the authorization and supervision of
the departmental health. In addition,
simulation programs would be used
to train employees in a better
manner towards handling these
elements effectively.
Audits
The cloud system and user profiles
would be audited internally every
month and externally twice
annually. The purpose for the same
is to ensure that ethical framework
is being followed by all the
individuals, along with efficiency
check for the systems installed in
the firm.
P8
There are many methods through which attackers can be detected. They
are:
Email bluffing
By securing the systems
Research conducted for the sources
Do not click any URL.
Study and analyze before clicking over any URL.
Do not download any unnecessary files.
Avoid seeking any ads or gifts.
21
You're viewing a preview
Unlock full access by subscribing today!
The hackers or the attacker’s indication attentiveness in social engineering
as they recognize individuals to use social services. Even though, the
operator’s pieces of information are protected over the community places.
This is the reason the attackers demonstrations the attention in the social
engineering attack. The hackers interconnect from side to side to
community places.
There are various requirements that can be accomplished to by following
various standards provided by ISO 27001 or ISO 31000. These standards
provide all the guidelines such as:
1. Formation of policy
2. Analyzing the threat
3. Analyzing the impact of threat
4. Formation of risk control policy
It is imperative that that the security management of the company is
taken into consideration and is evaluated appropriately. Therefore, for this
purpose, a short report is being prepared below which covers the following
elements: Main Components of a Disaster Recovery Plan:
There are several components of a disaster recovery plan, some of
which are explored below along with justification:
o Communication Plan: This would allow the firm towards being
informed, as well as informing individuals in case contingency
arises.
o Backup Check: It would ensure that the organization’s
information is stored and is backed up securely and in
authenticated manner. Roles of Stakeholders when implementing security audit
recommendations:
22
as they recognize individuals to use social services. Even though, the
operator’s pieces of information are protected over the community places.
This is the reason the attackers demonstrations the attention in the social
engineering attack. The hackers interconnect from side to side to
community places.
There are various requirements that can be accomplished to by following
various standards provided by ISO 27001 or ISO 31000. These standards
provide all the guidelines such as:
1. Formation of policy
2. Analyzing the threat
3. Analyzing the impact of threat
4. Formation of risk control policy
It is imperative that that the security management of the company is
taken into consideration and is evaluated appropriately. Therefore, for this
purpose, a short report is being prepared below which covers the following
elements: Main Components of a Disaster Recovery Plan:
There are several components of a disaster recovery plan, some of
which are explored below along with justification:
o Communication Plan: This would allow the firm towards being
informed, as well as informing individuals in case contingency
arises.
o Backup Check: It would ensure that the organization’s
information is stored and is backed up securely and in
authenticated manner. Roles of Stakeholders when implementing security audit
recommendations:
22
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
o One of the prime roles of stakeholders while implementing
security audit recommendation is to actively participate in the
process and give ideas towards managing the system.
o Another role of stakeholders is in regards with positively
influence the colleagues and subordinates towards extending
their support for implementation of new systems. Evaluation of suitability of tools used in security policy:
o User Profiles used in the security policy are very much suitable
as they are locked with encryptions which are quite complex to
be breached, providing the data with maximum security.
o Simulation used for training employees is also very much
suitable, considering the fact that it allows individuals to act in
mock scenarios which increase their efficiencies during
contingencies.
23
security audit recommendation is to actively participate in the
process and give ideas towards managing the system.
o Another role of stakeholders is in regards with positively
influence the colleagues and subordinates towards extending
their support for implementation of new systems. Evaluation of suitability of tools used in security policy:
o User Profiles used in the security policy are very much suitable
as they are locked with encryptions which are quite complex to
be breached, providing the data with maximum security.
o Simulation used for training employees is also very much
suitable, considering the fact that it allows individuals to act in
mock scenarios which increase their efficiencies during
contingencies.
23
Conclusion
This report had included the detailed information related to the various
cyber security risk with their prevention’s measures. This report had
included the impact of a powerful IT security in an organization with that it
also included diagrammatic presentation of a secure network using DMZ.
This report had included various risk assessment procedures and data
protection applications. This report consists of the designing and creation of
security policy for the organization with various related recovery plan for the
same.
24
This report had included the detailed information related to the various
cyber security risk with their prevention’s measures. This report had
included the impact of a powerful IT security in an organization with that it
also included diagrammatic presentation of a secure network using DMZ.
This report had included various risk assessment procedures and data
protection applications. This report consists of the designing and creation of
security policy for the organization with various related recovery plan for the
same.
24
You're viewing a preview
Unlock full access by subscribing today!
References
Goff, D. (2017). What is Business Continuity Management (BCM)? [online]
Knowledgeleader.com. Available at:
https://info.knowledgeleader.com/business-continuity-management-
defined-and-outlined [Accessed 7 May 2020].
wpadmin (2016). Differences Between a Cold, Warm and Hot Disaster
Recovery Site. [online] OTAVA. Available at:
https://www.otava.com/blog/what-is-the-difference-between-a-cold-warm-
and-hot-disaster-recovery-site/ [Accessed 7 May 2020].
Osborne, C. and Whittaker, Z. (2019). Cyber security 101: Protect your
privacy from hackers, spies, and the government. [online] ZDNet. Available
at: https://www.zdnet.com/article/online-security-101-how-to-protect-your-
privacy-from-hackers-spies-and-the-government/ [Accessed 7 May 2020].
KINZIE, K. (2019). 7 Wi-Fi Security Tips: Avoid Being Easy Prey for
Hackers. [online] Inside Out Security. Available at:
https://www.varonis.com/blog/7-wi-fi-security-tips-avoid-being-easy-prey-
for-hackers/ [Accessed 7 May 2020].
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy
compliance model in organizations. computers & security, 56, pp.70-82.
Moore, Z.E. and Patton, D., 2019. Risk assessment tools for the prevention
of pressure ulcers. Cochrane Database of Systematic Reviews, (1).
25
Goff, D. (2017). What is Business Continuity Management (BCM)? [online]
Knowledgeleader.com. Available at:
https://info.knowledgeleader.com/business-continuity-management-
defined-and-outlined [Accessed 7 May 2020].
wpadmin (2016). Differences Between a Cold, Warm and Hot Disaster
Recovery Site. [online] OTAVA. Available at:
https://www.otava.com/blog/what-is-the-difference-between-a-cold-warm-
and-hot-disaster-recovery-site/ [Accessed 7 May 2020].
Osborne, C. and Whittaker, Z. (2019). Cyber security 101: Protect your
privacy from hackers, spies, and the government. [online] ZDNet. Available
at: https://www.zdnet.com/article/online-security-101-how-to-protect-your-
privacy-from-hackers-spies-and-the-government/ [Accessed 7 May 2020].
KINZIE, K. (2019). 7 Wi-Fi Security Tips: Avoid Being Easy Prey for
Hackers. [online] Inside Out Security. Available at:
https://www.varonis.com/blog/7-wi-fi-security-tips-avoid-being-easy-prey-
for-hackers/ [Accessed 7 May 2020].
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy
compliance model in organizations. computers & security, 56, pp.70-82.
Moore, Z.E. and Patton, D., 2019. Risk assessment tools for the prevention
of pressure ulcers. Cochrane Database of Systematic Reviews, (1).
25
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Wachter, S., Mittelstadt, B. and Floridi, L., 2017. Why a right to explanation
of automated decision-making does not exist in the general data protection
regulation. International Data Privacy Law, 7(2), pp.76-99.
Abdalla, R. and Esmail, M., 2019. Introduction to disaster and emergency
management science. In WebGIS for Disaster Management and
Emergency Response (pp. 1-10). Springer, Cham.
Dalby, S., 2016. Environmental (in) security. International Encyclopedia of
Geography: People, the Earth, Environment and Technology, pp.1-11.
Nathan, A.J. and Scobell, A., 2015. China's search for security. Columbia
University Press.
Peoples, C. and Vaughan-Williams, N., 2014. Critical security studies: An
introduction. Routledge.
Schneier, B., 2015. Secrets and lies: digital security in a networked world.
John Wiley & Sons.
Fierke, K.M., 2015. Critical approaches to international security. John Wiley
& Sons.
Engoulou, R.G., Bellaïche, M., Pierre, S. and Quintero, A., 2014. VANET
security surveys. Computer Communications, 44, pp.1-13.
Perlman, R., Kaufman, C. and Speciner, M., 2016. Network security:
private communication in a public world. Pearson Education India.
26
of automated decision-making does not exist in the general data protection
regulation. International Data Privacy Law, 7(2), pp.76-99.
Abdalla, R. and Esmail, M., 2019. Introduction to disaster and emergency
management science. In WebGIS for Disaster Management and
Emergency Response (pp. 1-10). Springer, Cham.
Dalby, S., 2016. Environmental (in) security. International Encyclopedia of
Geography: People, the Earth, Environment and Technology, pp.1-11.
Nathan, A.J. and Scobell, A., 2015. China's search for security. Columbia
University Press.
Peoples, C. and Vaughan-Williams, N., 2014. Critical security studies: An
introduction. Routledge.
Schneier, B., 2015. Secrets and lies: digital security in a networked world.
John Wiley & Sons.
Fierke, K.M., 2015. Critical approaches to international security. John Wiley
& Sons.
Engoulou, R.G., Bellaïche, M., Pierre, S. and Quintero, A., 2014. VANET
security surveys. Computer Communications, 44, pp.1-13.
Perlman, R., Kaufman, C. and Speciner, M., 2016. Network security:
private communication in a public world. Pearson Education India.
26
Ang, B.W., Choong, W.L. and Ng, T.S., 2015. Energy security: Definitions,
dimensions and indexes. Renewable and sustainable energy reviews, 42,
pp.1077-1093.
Ali, M., Khan, S.U. and Vasilakos, A.V., 2015. Security in cloud computing:
Opportunities and challenges. Information sciences, 305, pp.357-383.
Jing, Q., Vasilakos, A.V., Wan, J., Lu, J. and Qiu, D., 2014. Security of the
Internet of Things: perspectives and challenges. Wireless Networks, 20(8),
pp.2481-2501.
Damodaran, A., 2016. Damodaran on valuation: security analysis for
investment and corporate finance (Vol. 324). John Wiley & Sons.
27
dimensions and indexes. Renewable and sustainable energy reviews, 42,
pp.1077-1093.
Ali, M., Khan, S.U. and Vasilakos, A.V., 2015. Security in cloud computing:
Opportunities and challenges. Information sciences, 305, pp.357-383.
Jing, Q., Vasilakos, A.V., Wan, J., Lu, J. and Qiu, D., 2014. Security of the
Internet of Things: perspectives and challenges. Wireless Networks, 20(8),
pp.2481-2501.
Damodaran, A., 2016. Damodaran on valuation: security analysis for
investment and corporate finance (Vol. 324). John Wiley & Sons.
27
You're viewing a preview
Unlock full access by subscribing today!
1 out of 27
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.