Higher National Diploma Security Project: Lanka Investments

Verified

Added on 2022/09/15

AI Summary

This assignment, designed for a Higher National Diploma program, focuses on IT security for Lanka Investments, an investment company. The project is divided into two assignments. The first assignment requires the creation of a presentation and a report that addresses various aspects of IT security, including risk assessment, organizational security procedures, firewall configurations, and network security improvements. The second assignment involves creating a security policy, designing a disaster recovery plan, and evaluating the suitability of security tools, all tailored to the needs of Lanka Investments. The project also includes a reflection on how IT security aligns with organizational policy. The project covers a range of topics including risk assessment, data protection, ISO 31000 risk management, and the roles of stakeholders in implementing security audit recommendations. It emphasizes the importance of IT security in the context of financial organizations and the increasing threat of cybercrime.

Assignment Brief (RQF)
Assignment Brief (RQF)
Higher National Certificate/Diploma in
Student Name/ID
Number:
Unit Number and Title: Unit: 05 Security
Academic Year: 2020
Unit Assessor: Thilina Rajapakse
Assignment Title: Security
Issue Date: 20th April 2020
Submission Date: Assignment 1 - 28-May-20
Assignment 2 – 25 June 2020
Internal Verifier Name: Nisala Aloka Bandara
Date: 18 April 2020
Submission Format:
Assignment 01
The submission is in the form of two documents/files:
1. A ten-minute Microsoft® PowerPoint® style presentation to be presented to your
colleagues. The presentation can include links to performance data with additional
speaker notes and a bibliography using the Harvard referencing system. The
presentation slides for the findings should be submitted with speaker notes as one copy.
2. The submission is in the form of an individual written report. This should be written in
a concise, formal business style using single spacing and font size 12. You are required
to make use of headings, paragraphs, subsections and illustrations as appropriate, and
all work must be supported with research and referenced using the Harvard referencing
system.
You are required to make use of headings, paragraphs, subsections and illustrations as
appropriate, and all work must be supported with research and referenced using the Harvard
referencing system.
Assignment 02
Part 1: The submission is in the form of an individual written report. This should be written in
a concise, formal business style using single spacing and font size 12. You are required to
make use of headings, paragraphs, subsections and illustrations as appropriate, and all work
must be supported with research and referenced using the Harvard referencing system. Please
also provide a bibliography using the Harvard referencing system. The recommended word
1

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Assignment Brief (RQF)
limit is 2,000–2,500 words, although you will not be penalised for exceeding the total word
limit.
Part 2: The submission is in the form of a policy document (please see details in Part 1 above).
Part 3: The submission is in the form of an individual written reflection. This should be written
in a concise, formal business style using single spacing and font size 12. You are required to
make use of headings, paragraphs and subsections as appropriate, and all work must be
supported with research and referenced using the Harvard referencing system. Please also
provide a bibliography using the Harvard referencing system. The recommended word limit is
250–500 words, although you will not be penalised for exceeding the total word limit.
Assignment 1 - Learning Outcomes:
LO1 Assess risks to IT security
LO2 Describe IT security solutions
Assignment 1 - Brief and Guidance:
Assignment 01
You are hired as security consultant for a leading investment company in Sri Lanka called
Lanka Investments. The company is increasingly relying on technology for improving both its
own efficiency and its accessibility for clients. In light of the increasing proliferation of digital
infrastructure of the organization and the increasing threat of cyber crime around the world,
management has decided to educate all employees about IT security and best practices.
You are tasked with creating an engaging presentation to help train staff members which
includes the following with regard to the organization:
1. Types of security risks.
2. Organisational security procedures.
3. How security risks can be assessed and treated.
4. Potential impacts to IT security from incorrectly configured firewalls, VPNs, etc.
5. Improving Network Security using a DMZ, a static IP, and a NAT.
6. Benefits of network monitoring systems.
In addition to your presentation, you are asked to provide a report on how a “trusted network”
can be used as a part of an IT security solution.
2

Assignment Brief (RQF)
Assignment 2 - Learning Outcomes:
LO3 Review mechanisms to control organisational IT security
LO4 Manage organisational security
Assignment 2 - Brief and Guidance:
Assignment 02
As financial organizations increasingly become targets of security breaches, it is vital to
paying more attention than ever to information security.
Lanka Investments has asked you, in your capacity as an IT Security Consultant, to propose a
Security Policy for the organisation.
Part 1
In preparation for this task you will prepare a report considering:
1. Risk assessment procedures that could be used by the company.
2. Data protection processes and regulations related to the company.
3. How data protection regulations and ISO 31000 risk management standards apply to IT
security.
4. The potential impact that an IT security audit might have on the security of the
organisation.
5. The responsibilities of employees and stakeholders in relation to security, particularly
in implementing security audit recommendations.
Part 2
Following your report, you will now design and implement an organisational disaster recovery
plan, while considering the components to be included and a justification for their inclusion.
This will be a security policy implemented at the company upon your recommendation.
Part 3
To ensure that the security policy is viable for the company, you are required to evaluate the
suitability of the security tools that will be used in your policy. Finally, to highlight the
importance of the IT security recommendations you have made throughout your consultation,
you are asked to discuss how IT security can be aligned with organisational policy, detailing
potential security impacts of any misalignment.
Please review the subsequent grading criteria for more details on the expected elements and
topics that need to be included.
3

Assignment Brief (RQF)
Learning Outcomes and Assessment Criteria:
Learning Outcome Pass Merit Distinction
LO1 Assess risks to
IT security
P1 Identify types of
security risks to
organisations.
P2 Describe
organisational security
procedures.
M1 Propose a method
to assess and treat IT
security risks.
LO1 & 2
D1 Investigate how a
‘trusted network’ may
be part of an IT
security solution.
LO2 Describe IT
security solutions
P3 Identify the
potential impact to IT
security of incorrect
configuration of
firewall policies and
third-party VPNs.
P4 Show, using an
example for each, how
implementing a DMZ,
static IP and NAT in a
network can improve
Network Security.
M2 Discuss three
benefits to implement
network monitoring
systems with
supporting reasons.
LO3 Review
mechanisms to control
organisational IT
security
P5 Discuss risk
assessment
procedures.
P6 Explain data
protection processes
and regulations as
applicable to an
organisation.
M3 Summarise the
ISO 31000 risk
management
methodology and its
application in IT
security.
M4 Discuss possible
impacts to
D2 Consider how IT
security can be
aligned with
organisational policy,
detailing the security
impact of any
misalignment.
4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Assignment Brief (RQF)
organisational security
resulting from an IT
security audit.
LO4 Manage
organisational security
P7 Design and
implement a security
policy for an
organisation.
P8 List the main
components of an
organisational disaster
recovery plan,
justifying the reasons
for inclusion.
M5 Discuss the roles
of stakeholders in the
organisation to
implement security
audit
recommendations.
D3 Evaluate the
suitability of the tools
used in an
organisational policy.
5