Semester 1, 2024: IT Security Procedures and Risk Management
VerifiedAdded on  2025/05/03
|27
|5130
|399
AI Summary
Desklib provides solved assignments and past papers to help students succeed.
Security
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
TABLE OF CONTENTS
Introduction......................................................................................................................................1
LO 1.................................................................................................................................................2
P1. Identify types of security risks to organizations....................................................................2
P2 Describe organizational security procedures..........................................................................4
M1 Propose a method to assess and treat IT security risks.........................................................5
LO 2.................................................................................................................................................6
P3 Identify the potential impact to IT security of incorrect configuration of firewall policies
and third-party VPNs...................................................................................................................6
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a
network can improve network security........................................................................................7
M2 Discuss three benefits to implement network monitoring systems with supporting reasons8
LO3................................................................................................................................................10
P5 Discuss risk assessment procedure.......................................................................................10
M3 Summaries the ISO 31000 risk management methodology and its application in IT
security.......................................................................................................................................13
LO4................................................................................................................................................14
P7 Design and implement security policy for an organisation..................................................14
P8 List the main components of an organisational disaster recovery plan, justifying the reasons
for inclusion...............................................................................................................................19
M5 Discuss the roles of stakeholder in the organization to implement security audit
recommendation........................................................................................................................21
Conclusion.....................................................................................................................................22
References......................................................................................................................................23
Introduction......................................................................................................................................1
LO 1.................................................................................................................................................2
P1. Identify types of security risks to organizations....................................................................2
P2 Describe organizational security procedures..........................................................................4
M1 Propose a method to assess and treat IT security risks.........................................................5
LO 2.................................................................................................................................................6
P3 Identify the potential impact to IT security of incorrect configuration of firewall policies
and third-party VPNs...................................................................................................................6
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a
network can improve network security........................................................................................7
M2 Discuss three benefits to implement network monitoring systems with supporting reasons8
LO3................................................................................................................................................10
P5 Discuss risk assessment procedure.......................................................................................10
M3 Summaries the ISO 31000 risk management methodology and its application in IT
security.......................................................................................................................................13
LO4................................................................................................................................................14
P7 Design and implement security policy for an organisation..................................................14
P8 List the main components of an organisational disaster recovery plan, justifying the reasons
for inclusion...............................................................................................................................19
M5 Discuss the roles of stakeholder in the organization to implement security audit
recommendation........................................................................................................................21
Conclusion.....................................................................................................................................22
References......................................................................................................................................23
LIST OF FIGURES
Figure 1: Incorrect connection through firewall..............................................................................6
Figure 2: Network address translation.............................................................................................8
Figure 1: Incorrect connection through firewall..............................................................................6
Figure 2: Network address translation.............................................................................................8
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Introduction
For performing various business operations, the organization established effective networks to
connect all the computing devices and peripherals for sharing data and resources. Therefore, the
network formed in the organizations gets exposed to various challenges and risk with time that
leads to loss of data and information, and also resource unavailability. Thus, to maintain the
overall security and to protect the data organization is expected to implement various tools,
methods and procedures. The report currently discusses about various security issues along with
methods that is used for mitigating and controlling them along with disaster recovery plan.
1
For performing various business operations, the organization established effective networks to
connect all the computing devices and peripherals for sharing data and resources. Therefore, the
network formed in the organizations gets exposed to various challenges and risk with time that
leads to loss of data and information, and also resource unavailability. Thus, to maintain the
overall security and to protect the data organization is expected to implement various tools,
methods and procedures. The report currently discusses about various security issues along with
methods that is used for mitigating and controlling them along with disaster recovery plan.
1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
LO 1
P1. Identify types of security risks to organizations
Security risks can be referred to certain events or actions that may cause data loss and may lead
to damage of significant data of the user or organization, these also may impacts the efficiency of
the hardware and software systems installed in the system or network as a whole. Some of the
common security risks that may impact the organization for achieving its business operations and
data availabilities are stated below:
Unauthorized system or data access: One of the significant security risks that may be seen in
the organisation is related to unauthorised access of the system and data (Ahson,. and Ilyas,
2017). The user systems in the network have many information and date regarding the
organisation and users as well. The unauthorised users can use different methods for accessing
various confidential data and information from a system and the same can be used for personal
use harming the organisation and its image.
Unauthorized data copying, system coding: It the network do not follow effective measures,
tools and process for maintaining security of the system and data, the network opens door for
illegitimate users to access the data or system even through remote location. The network breach
allows to unauthorized user to copy or modify the data present in the system to earn the profits
and this reduces the overall loyalty among the stakeholders towards the organization.
Physical Destruction or damage: Unauthorised entry to the premises and even into the
computer system can chose to destroyed or increase the chances of system malfunctioning. If the
network has low control for access then it lowers down overall security of the organisation and
network influencing the organisation and its business regarding its effective functioning and its
data presence (Kettlewell et al 2017).
Damaging data or coding: A system infused with harmful viruses, codes and program can
impacts the overall network security. These codes are created for personal interest to destroy
other application and systems. These programs are capable of interrupting various organisational
services like networking and communication to remote systems.
Naturally occurring risk: The organization also has risks from natural calamity, as these are
unpredictable and uncontrollable resulting huge damage including various resources, the assets
2
P1. Identify types of security risks to organizations
Security risks can be referred to certain events or actions that may cause data loss and may lead
to damage of significant data of the user or organization, these also may impacts the efficiency of
the hardware and software systems installed in the system or network as a whole. Some of the
common security risks that may impact the organization for achieving its business operations and
data availabilities are stated below:
Unauthorized system or data access: One of the significant security risks that may be seen in
the organisation is related to unauthorised access of the system and data (Ahson,. and Ilyas,
2017). The user systems in the network have many information and date regarding the
organisation and users as well. The unauthorised users can use different methods for accessing
various confidential data and information from a system and the same can be used for personal
use harming the organisation and its image.
Unauthorized data copying, system coding: It the network do not follow effective measures,
tools and process for maintaining security of the system and data, the network opens door for
illegitimate users to access the data or system even through remote location. The network breach
allows to unauthorized user to copy or modify the data present in the system to earn the profits
and this reduces the overall loyalty among the stakeholders towards the organization.
Physical Destruction or damage: Unauthorised entry to the premises and even into the
computer system can chose to destroyed or increase the chances of system malfunctioning. If the
network has low control for access then it lowers down overall security of the organisation and
network influencing the organisation and its business regarding its effective functioning and its
data presence (Kettlewell et al 2017).
Damaging data or coding: A system infused with harmful viruses, codes and program can
impacts the overall network security. These codes are created for personal interest to destroy
other application and systems. These programs are capable of interrupting various organisational
services like networking and communication to remote systems.
Naturally occurring risk: The organization also has risks from natural calamity, as these are
unpredictable and uncontrollable resulting huge damage including various resources, the assets
2
and hard drives that are required in the organisation for performing various operations that leadto
loss and disturbance in normal functioning (Ahson,. and Ilyas, 2017).
3
loss and disturbance in normal functioning (Ahson,. and Ilyas, 2017).
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
P2 Describe organizational security procedures
The organisation for enhancing the security of the network and data can implement various
security procedures to enhance the overall security and minimise any kind of losses and to meet
the business aims and objectives considering various constraints. The security procedure includes
various steps as discussed below:
To develop security Plan: The planning phase is mostly about security in the organisation by
consulting the teams regarding budget, scope, time, resources, expertise and data identification to
be considered for providing proper protection (Akhunzada, et al 2016).
Resource management: To carry out the security procedures to enhance and maintain security
in an organization, the network administrator requires a skilled employee’s, who can understand
the need of network security and along with effective security devices like monitoring tools,
firewall and alert systems can ensure regarding proper distribution of resources in the network
for meeting security.
Risk Identification: For developing an effective security plan for the organisation, the
administrators need to identify and determine various security risk and threats along with the
source and its level of impacts upon the data and systems. For identification, the organisation is
liable for managing the available resources and all the practices and risks must be recorded for
further supports(Kizza, 2017. ).
Logging and testing: The overall security processes applied in the organisation, the network
security team must analyze the entire process so that the security objectives are ensured and
attained. With log, handling the procedures become effortless, while testing is very much
necessary for solving upcoming risks and issues in computer devices due to software or hardware
interface.
System Configuration and encryption: various computing devices and software can be
integrated in the organisation for minimising, controlling and mitigating the issues related to
network security. For increasing the data security during data transmission, data storage the
organisation can chose to use data encryption techniques.
4
The organisation for enhancing the security of the network and data can implement various
security procedures to enhance the overall security and minimise any kind of losses and to meet
the business aims and objectives considering various constraints. The security procedure includes
various steps as discussed below:
To develop security Plan: The planning phase is mostly about security in the organisation by
consulting the teams regarding budget, scope, time, resources, expertise and data identification to
be considered for providing proper protection (Akhunzada, et al 2016).
Resource management: To carry out the security procedures to enhance and maintain security
in an organization, the network administrator requires a skilled employee’s, who can understand
the need of network security and along with effective security devices like monitoring tools,
firewall and alert systems can ensure regarding proper distribution of resources in the network
for meeting security.
Risk Identification: For developing an effective security plan for the organisation, the
administrators need to identify and determine various security risk and threats along with the
source and its level of impacts upon the data and systems. For identification, the organisation is
liable for managing the available resources and all the practices and risks must be recorded for
further supports(Kizza, 2017. ).
Logging and testing: The overall security processes applied in the organisation, the network
security team must analyze the entire process so that the security objectives are ensured and
attained. With log, handling the procedures become effortless, while testing is very much
necessary for solving upcoming risks and issues in computer devices due to software or hardware
interface.
System Configuration and encryption: various computing devices and software can be
integrated in the organisation for minimising, controlling and mitigating the issues related to
network security. For increasing the data security during data transmission, data storage the
organisation can chose to use data encryption techniques.
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
M1 Propose a method to assess and treat IT security risks
For assessment and treating the IT security risks different methods can be applied by the
organisation that will be effective in minimising the changes of data loss or every business
losses. Various stages are effective in identification and classification of different network risks
determining and accordingly the controls can be implemented against the risks for elimination,
mitigation and substitution (Bertino, and Islam, 2017). The overall methods for assessing and
treating the security risk can be considered as a consistent procedure that is followed till the
organisation can chose to end risk controls.
Risk matrix
Currently, the organisation can chose to implement risk matrix, using this techniques all the
prevailing risk in the organisation can be recorded, prioritise and appropriate methods and
policies can be applied for solving the issues and minimize its impact base on priority. Example,
if a risk is severe with highest likelihood to occurrence in the network impact the security
systems, therefore the main focus must be given on solving it.
5
For assessment and treating the IT security risks different methods can be applied by the
organisation that will be effective in minimising the changes of data loss or every business
losses. Various stages are effective in identification and classification of different network risks
determining and accordingly the controls can be implemented against the risks for elimination,
mitigation and substitution (Bertino, and Islam, 2017). The overall methods for assessing and
treating the security risk can be considered as a consistent procedure that is followed till the
organisation can chose to end risk controls.
Risk matrix
Currently, the organisation can chose to implement risk matrix, using this techniques all the
prevailing risk in the organisation can be recorded, prioritise and appropriate methods and
policies can be applied for solving the issues and minimize its impact base on priority. Example,
if a risk is severe with highest likelihood to occurrence in the network impact the security
systems, therefore the main focus must be given on solving it.
5
LO 2
P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and
third-party VPNs
Incorrect firewall configuration
The firewall purpose is to provide the security from threats by limiting the access to the
resources. It supports in starting the access port device, that can even result into unauthorised
access or damaging of resources. It shows access loss to the several devices and results into
business service interruptions (Jingyao et.al. 2019). Further, system setting can also impact the
enterprises performance, confidentiality, security and performance as third party can support and
assess on the data sharing.
Figure 1: Incorrect connection through firewall
(Source: Standard Network Configuration, 2019)
Incorrect VPNs impact
VPN stands for virtual private network that is useful in offering the suitable network which
remains covered at the time of internet service application. It also assists in linking the two
systems with high security of data but there can be error in incorrect setting that reflects the data
packets to the system users and service givers can be said as third party. The information which
is transferred between the two nodes can be seen by the service providers and they can take the
benefits by generating any type of profit (Akhunzada et.al. 2016). Moreover, the wrong
configuration can also result into lower performance, risk in encryption and authentication of
data and data theft in transformation.
6
P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and
third-party VPNs
Incorrect firewall configuration
The firewall purpose is to provide the security from threats by limiting the access to the
resources. It supports in starting the access port device, that can even result into unauthorised
access or damaging of resources. It shows access loss to the several devices and results into
business service interruptions (Jingyao et.al. 2019). Further, system setting can also impact the
enterprises performance, confidentiality, security and performance as third party can support and
assess on the data sharing.
Figure 1: Incorrect connection through firewall
(Source: Standard Network Configuration, 2019)
Incorrect VPNs impact
VPN stands for virtual private network that is useful in offering the suitable network which
remains covered at the time of internet service application. It also assists in linking the two
systems with high security of data but there can be error in incorrect setting that reflects the data
packets to the system users and service givers can be said as third party. The information which
is transferred between the two nodes can be seen by the service providers and they can take the
benefits by generating any type of profit (Akhunzada et.al. 2016). Moreover, the wrong
configuration can also result into lower performance, risk in encryption and authentication of
data and data theft in transformation.
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network
can improve network security
In the organization, it is crucial that the firm should conserve, select and manage the resources
that are offered for its effective use. The firm productivity and operational efficiencies can be
highly supervised through the use of suitable design for network and technical controls. The
main techniques that help in meeting the business security requirements are mentioned below:-
Static IP set up: The other way of allowing access to the user present within the organization as
they are important resources and data for providing the limitations in context with IP addresses.
It is recommended that instead of making use of complex IP addresses that develop the security
issues. This complex address can enable the easy addressing of internal users and the devices
used by them as there is not questioning of allowing the newer opinions in the network
connectivity or regularly adding new IP address. It significantly prevents the needs of double
firewall as newer connection with variant IP address that the one is already included in
acceptance list at created time. The requirement of the permission is lowered down and only that
devices that are function by the specific users will assist in connection in network (Collins,
2017). The main issue with the designing is that it is criticalities by placing static IP address as
the end device will have to validate its connections every time it makes efforts in networks
connection or information accessibility.
Demilitarised zone: The enterprise has intricate resources and information that are in some
cases needed to be shared outside business. In addition, it is crucial for managing data and
resources access in unauthorized manner. Finally, in the end, the use of firewall is done in
networking that only allows the access to the authorised user for the information as per their
needs. For the enterprises sources and data internally, the firewall provides the security from the
external users who are taking the efforts to get the information through requesting. The
enterprise can make use of DMZ server in addition with the firewall as it can route the request of
the outsiders for important information to the generalize one (Rababah et.al. 2018). A firewall
which is dual form is also appropriate in which needs for sharing within the network are
scrutinized prior to any request for any kind of information. Such kind of system also verify for
external requirements in private networking.
7
can improve network security
In the organization, it is crucial that the firm should conserve, select and manage the resources
that are offered for its effective use. The firm productivity and operational efficiencies can be
highly supervised through the use of suitable design for network and technical controls. The
main techniques that help in meeting the business security requirements are mentioned below:-
Static IP set up: The other way of allowing access to the user present within the organization as
they are important resources and data for providing the limitations in context with IP addresses.
It is recommended that instead of making use of complex IP addresses that develop the security
issues. This complex address can enable the easy addressing of internal users and the devices
used by them as there is not questioning of allowing the newer opinions in the network
connectivity or regularly adding new IP address. It significantly prevents the needs of double
firewall as newer connection with variant IP address that the one is already included in
acceptance list at created time. The requirement of the permission is lowered down and only that
devices that are function by the specific users will assist in connection in network (Collins,
2017). The main issue with the designing is that it is criticalities by placing static IP address as
the end device will have to validate its connections every time it makes efforts in networks
connection or information accessibility.
Demilitarised zone: The enterprise has intricate resources and information that are in some
cases needed to be shared outside business. In addition, it is crucial for managing data and
resources access in unauthorized manner. Finally, in the end, the use of firewall is done in
networking that only allows the access to the authorised user for the information as per their
needs. For the enterprises sources and data internally, the firewall provides the security from the
external users who are taking the efforts to get the information through requesting. The
enterprise can make use of DMZ server in addition with the firewall as it can route the request of
the outsiders for important information to the generalize one (Rababah et.al. 2018). A firewall
which is dual form is also appropriate in which needs for sharing within the network are
scrutinized prior to any request for any kind of information. Such kind of system also verify for
external requirements in private networking.
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Network address translation
Figure 2: Network address translation
(Source: Network address translation, 2019)
In this case only specific IP address is applied; the enterprise can raise the security networking
by implementing the address in network through translation technique. By this technique, the
enterprise can put particular address for the users within the organization and their end devices in
such manner that gives surety for the future compatibility and use in sustainable way. The
network address use in this manner has to be from same network address particularly in the firm
as it different from other IP addresses (Wang and Jiang, 2016). But in this case, the primary
server will not take the request for giving connectivity from any address type that is coming from
within if address is not specified before.
M2 Discuss three benefits to implement network monitoring systems with supporting reasons
Following the designing of network, it is duty of the IT team to check whether the systems are
working or not efficiently and whether there is need of any changes to have effective results. The
main objective of any organization is network designing that manages communication and
productivity together with the maintaining cost, saving the time and making application simple.
The firm in any case has to take care about the system performance if any changes are needed.
There are several positive things that supports in system monitoring through right sorting.
Software-defined administration
System monitoring can lower down the need for recruiting the network specialist that has
knowledge about solving and rectifying the errors. Such systems can be helpful in prevention of
mistakes and giving time solutions thus saving maintenance hours. For handing of the network in
proper way, the firm want is to place the server, network design implementation, deploying
software for reviewing that will reduce the administrator need in network. The activities that are
8
Figure 2: Network address translation
(Source: Network address translation, 2019)
In this case only specific IP address is applied; the enterprise can raise the security networking
by implementing the address in network through translation technique. By this technique, the
enterprise can put particular address for the users within the organization and their end devices in
such manner that gives surety for the future compatibility and use in sustainable way. The
network address use in this manner has to be from same network address particularly in the firm
as it different from other IP addresses (Wang and Jiang, 2016). But in this case, the primary
server will not take the request for giving connectivity from any address type that is coming from
within if address is not specified before.
M2 Discuss three benefits to implement network monitoring systems with supporting reasons
Following the designing of network, it is duty of the IT team to check whether the systems are
working or not efficiently and whether there is need of any changes to have effective results. The
main objective of any organization is network designing that manages communication and
productivity together with the maintaining cost, saving the time and making application simple.
The firm in any case has to take care about the system performance if any changes are needed.
There are several positive things that supports in system monitoring through right sorting.
Software-defined administration
System monitoring can lower down the need for recruiting the network specialist that has
knowledge about solving and rectifying the errors. Such systems can be helpful in prevention of
mistakes and giving time solutions thus saving maintenance hours. For handing of the network in
proper way, the firm want is to place the server, network design implementation, deploying
software for reviewing that will reduce the administrator need in network. The activities that are
8
repetitive such as requisitions of purchase the firm can use the software to scripts development
(Laudon and Laudon, 2016). By firewall security, networking and other devices can be secured
and efficient. With large operations performance accordingly, this software will directly give
instructions for processing in bunch. Hence, it can be said that this software can significantly
manages the networking and operations with general support of human activities.
9
(Laudon and Laudon, 2016). By firewall security, networking and other devices can be secured
and efficient. With large operations performance accordingly, this software will directly give
instructions for processing in bunch. Hence, it can be said that this software can significantly
manages the networking and operations with general support of human activities.
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 27
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.