Computing Security Report: Analysis of BLH Security Policies 2018
VerifiedAdded on 2020/11/23
|19
|7632
|51
Report
AI Summary
This report provides a detailed analysis of the computing security policies of Bright Level Holdings LLP (BLH), focusing on their 2018 annual review. The report examines BLH's information security policies, including client data protection and digital access controls. It outlines new security policies implemented by BLH, such as data retention, data protection operations, network segregation, and file security measures. The report also addresses operational security, risk management, and compliance frameworks. Furthermore, the report discusses security measures like access control, cross-border data transfer, and the use of cloud storage. The report also covers how the company handles client data, ensuring its confidentiality and protection against misuse or unauthorized access. It highlights the importance of authentication, operational security, and the implementation of technological safeguards. The analysis emphasizes the importance of ethical practices and compliance with data protection regulations to maintain client trust and ensure the secure handling of sensitive information.
COMPUTING SECURITY
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
INTRODUCTION...........................................................................................................................1
TASK 1............................................................................................................................................2
Security Policy of Bright Level Holding LLP ......................................................................2
Information security policy....................................................................................................2
New security polices of BLH.................................................................................................3
TASK 2..........................................................................................................................................10
Detail discussion of different situations...............................................................................10
CONCLUSION..............................................................................................................................15
References........................................................................................................................................1
INTRODUCTION...........................................................................................................................1
TASK 1............................................................................................................................................2
Security Policy of Bright Level Holding LLP ......................................................................2
Information security policy....................................................................................................2
New security polices of BLH.................................................................................................3
TASK 2..........................................................................................................................................10
Detail discussion of different situations...............................................................................10
CONCLUSION..............................................................................................................................15
References........................................................................................................................................1
INTRODUCTION
Computer security can be defined as a proper safety system which protects a computer
from various damages, malfunctioning and from hackers as well. Computing security can also be
known as cybersecurity, or information technology security (IT security). It is needed because,
not only individual employees or departments which stays accountable for security for keeping
the data secured but it is also required for a company to focus on safety reasons (Ahmed and
Saeed, 2014). It is duty of top administrators, who are charged with protecting the institution's
best interests, to ensure that an appropriate and effective security policy is developed and put into
practice throughout the organization.
In modern world, organisations and public uses computers for different purposes which is
directly enhancing reliance of these kind of systems. Apart from this, these also stays enclosed
with different wireless networks, like Bluetooth, Wi-Fi, infrared and so on. These connections
have created ample number of security concerns. Considering complexity, both in terms of
politics and technology, it has become much more challenging in contemporary world because it
is filled with huge number of ethical hackers that keeps their eye on stealing the data for different
purposes. In present report, AmpSpire Solutions Ltd. which is the sister organisation of Bright
Level Holdings LLP is going to keep its focus on developing 2018 annual review of the BLH
security policies. If it is talked about BLH, it consists with 230 employees and performs on a
regular basis as per the requirements of clients. Company's headquarter is in north west of
England, United Kingdom. Since BLH is performing its operations at international level they
have to give services to its clients 24*7. Apart from this, organisation have also made a
permanent security presence for its employees where they have to use ID card while executing
the work and security personnel keeps an eye on it. On the other hand, this organisation's
management team is looking forward to bring change among existing security based policies
which will directly aid them in improvising all the safety concerns. Away with this, report is
going to be enclosed with a brand new security policy so that it can meet requirements of Bright
Level Holdings LLP.
Computer security can be defined as a proper safety system which protects a computer
from various damages, malfunctioning and from hackers as well. Computing security can also be
known as cybersecurity, or information technology security (IT security). It is needed because,
not only individual employees or departments which stays accountable for security for keeping
the data secured but it is also required for a company to focus on safety reasons (Ahmed and
Saeed, 2014). It is duty of top administrators, who are charged with protecting the institution's
best interests, to ensure that an appropriate and effective security policy is developed and put into
practice throughout the organization.
In modern world, organisations and public uses computers for different purposes which is
directly enhancing reliance of these kind of systems. Apart from this, these also stays enclosed
with different wireless networks, like Bluetooth, Wi-Fi, infrared and so on. These connections
have created ample number of security concerns. Considering complexity, both in terms of
politics and technology, it has become much more challenging in contemporary world because it
is filled with huge number of ethical hackers that keeps their eye on stealing the data for different
purposes. In present report, AmpSpire Solutions Ltd. which is the sister organisation of Bright
Level Holdings LLP is going to keep its focus on developing 2018 annual review of the BLH
security policies. If it is talked about BLH, it consists with 230 employees and performs on a
regular basis as per the requirements of clients. Company's headquarter is in north west of
England, United Kingdom. Since BLH is performing its operations at international level they
have to give services to its clients 24*7. Apart from this, organisation have also made a
permanent security presence for its employees where they have to use ID card while executing
the work and security personnel keeps an eye on it. On the other hand, this organisation's
management team is looking forward to bring change among existing security based policies
which will directly aid them in improvising all the safety concerns. Away with this, report is
going to be enclosed with a brand new security policy so that it can meet requirements of Bright
Level Holdings LLP.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
TASK 1
Security Policy of Bright Level Holding LLP
Privacy policy is important in an organisation to protect the information related to clients and
internal information of BLH. The consultancy company can't be transparent, they have to secure
their information. So, for that they are required to build an effective and secure security policy. It
is essential to have strong and stable empowering of IT team. Security policy of Bright Level
Holding LLP :
Information security policy
The information related to client and companies have to secure. The information security
policy of BLH is a systematized information document that provides the protection to the
client information and protect the strategy were framed for the organisation (Ahmed, and
Hossain, 2014). The security also safeguard the digital access of a company. BLH have
international clients as well so they required to have shield in digital part. BLH is a
consultancy company, their work is to provide direction and advice to private and
government clients. Their projects were delicate and sensitive.
BLH have ID card control access building while entering or leaving the premises. This is
because they have 24/7 working hours. Due to gracious security construction they have
strong reputation in the market.
Some information of clients are collected directly from them and some are form other
sources like internet search, third party, and information collected what plans and strategy
the client had made for their company. The data BLH collected will use moderately and
legally.
BLH have the policy that employee can work at client land site as well. For that company
provides mobile phone and laptop to them. But due to security function BLH have their
own sites. Infect employee are not allowed to search or visit any other site either in office
or somewhere else.
BLH provide the exact security measures to assist the client data. Security measures done
through operations and technology (Bajpai, and Srivastava, 2014).
The information which is collected directly will identifies the individual personality, the
information can combination of direct or indirect or the signal information. The personal
Security Policy of Bright Level Holding LLP
Privacy policy is important in an organisation to protect the information related to clients and
internal information of BLH. The consultancy company can't be transparent, they have to secure
their information. So, for that they are required to build an effective and secure security policy. It
is essential to have strong and stable empowering of IT team. Security policy of Bright Level
Holding LLP :
Information security policy
The information related to client and companies have to secure. The information security
policy of BLH is a systematized information document that provides the protection to the
client information and protect the strategy were framed for the organisation (Ahmed, and
Hossain, 2014). The security also safeguard the digital access of a company. BLH have
international clients as well so they required to have shield in digital part. BLH is a
consultancy company, their work is to provide direction and advice to private and
government clients. Their projects were delicate and sensitive.
BLH have ID card control access building while entering or leaving the premises. This is
because they have 24/7 working hours. Due to gracious security construction they have
strong reputation in the market.
Some information of clients are collected directly from them and some are form other
sources like internet search, third party, and information collected what plans and strategy
the client had made for their company. The data BLH collected will use moderately and
legally.
BLH have the policy that employee can work at client land site as well. For that company
provides mobile phone and laptop to them. But due to security function BLH have their
own sites. Infect employee are not allowed to search or visit any other site either in office
or somewhere else.
BLH provide the exact security measures to assist the client data. Security measures done
through operations and technology (Bajpai, and Srivastava, 2014).
The information which is collected directly will identifies the individual personality, the
information can combination of direct or indirect or the signal information. The personal
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
information assist the company to handle the programme or the respond to the quarries
of clients. Through this company can easily communicate with client with any
programme related offers or any other services. The information collected from other
sources through mobile location base.
Passwords; financial data like bank statement, OTP, credit or debit card information;
health related information; biometric information. Any of the above information was not
related to project. So, according to the clause company don't ask for these information. If
any company ask for these information then it is unlawful (Choi, Choi and Kim, 2014) .
The information company ask for which is accessible to public domain.
Any payment that made by credit card or debit card by the client in respect to the
company fee or consulting fee it can't be stored. The companies site don't store such
information because it is unethical and against the value of the company.
The work BLH do with the given data is to facilities the projects related to the market.
Sometimes they connect with the client for the transaction purpose. The company may
approach the client in respect to know the personal aspects. Sometimes Non-Personal
information is also collected by the company. It can't be passwords but regards to the
browsing data of a person, google search, app usage data, IP address, demographic and
aggregate data.
New security polices of BLH
BLH formed the new policy how long the clients data is going to kept with them and why
they have collected the relevant data. The information they gathered it will be kept till the
fulfilment of the purpose data has been collected. If BLH client is permanent then the
data kept with them as long as client is continuing with them. Some information is kept
with them due to the legal and contractual obligation.
Clients can erase their information quickly by deleting each and every e-mail of them.
If the data kept with us for so long and there is no use of that data then it will
automatically delete form the system.
The more data is stored in the system it will damage the sites. So, if the data is useless
and no one is use for so long it automatically the file will delete.
Their new policy is to check the data protection operation and the guidelines they had
made for the company. This work is done by the software, no physical review of
of clients. Through this company can easily communicate with client with any
programme related offers or any other services. The information collected from other
sources through mobile location base.
Passwords; financial data like bank statement, OTP, credit or debit card information;
health related information; biometric information. Any of the above information was not
related to project. So, according to the clause company don't ask for these information. If
any company ask for these information then it is unlawful (Choi, Choi and Kim, 2014) .
The information company ask for which is accessible to public domain.
Any payment that made by credit card or debit card by the client in respect to the
company fee or consulting fee it can't be stored. The companies site don't store such
information because it is unethical and against the value of the company.
The work BLH do with the given data is to facilities the projects related to the market.
Sometimes they connect with the client for the transaction purpose. The company may
approach the client in respect to know the personal aspects. Sometimes Non-Personal
information is also collected by the company. It can't be passwords but regards to the
browsing data of a person, google search, app usage data, IP address, demographic and
aggregate data.
New security polices of BLH
BLH formed the new policy how long the clients data is going to kept with them and why
they have collected the relevant data. The information they gathered it will be kept till the
fulfilment of the purpose data has been collected. If BLH client is permanent then the
data kept with them as long as client is continuing with them. Some information is kept
with them due to the legal and contractual obligation.
Clients can erase their information quickly by deleting each and every e-mail of them.
If the data kept with us for so long and there is no use of that data then it will
automatically delete form the system.
The more data is stored in the system it will damage the sites. So, if the data is useless
and no one is use for so long it automatically the file will delete.
Their new policy is to check the data protection operation and the guidelines they had
made for the company. This work is done by the software, no physical review of
producer. The software review the information on daily bases. BLH priority is to protect
the data whether information is related to client or the company.
BLH build the connection security. Is is a type of network security by which risk of the
company information can be reduce. This security is develop to safeguard the exchanged
information from the copying, misplace, modification (Farooq, and et.al., 2015). To
secure those information BLH have protocols as well. They have decided to use the tools
related to security protection are intrusion detection system etc. The guidelines of the
company are required to be retained and depose with the regular span of time.
Segregation of network will establish by which testing, production and the development
of the social structure can be develop. BLH security construct in that way which help the
social structure of the society. If any information is publish in public or in any journal
then having the proper agreement is required is between the company and the client.
They had develop the another security which is related to their files. Report they make
that have to be secured. If no security is permitted to report it can be easily manipulated.
For more security purpose they mark the code on each report to protect them. First
company will set the manual code for the report after finalization the code will be secure.
In old security policy there is no backup facilities of file. Once the file is out there is no
backup but, through the software protection company can do the backups of files. This
might be possible that data of client may be deleted or misrouted for that the company
have to backup the file not the personal information of a particular person.
BLH develop security by which company can test the daily incident response test plan.
Through this data can be recover from the site. If anyone resolve the security and privacy
have to consultant the company. Otherwise they don't get the access to the data. Testing
are required to be done on daily basis by mistakes and flaws can easily recover from the
file.
Proximate reporting security. If anyone try to disclose the information of client to
anyone, this system will immediately inform the company. To leak any information is
unethical and consider unfair practice in the company.
Operational security is introduced in which they do the cloud computing of data, this
security control the logging and monitoring. With the secure password and protection
logging is possible. This security system will protect the information from malware. This
the data whether information is related to client or the company.
BLH build the connection security. Is is a type of network security by which risk of the
company information can be reduce. This security is develop to safeguard the exchanged
information from the copying, misplace, modification (Farooq, and et.al., 2015). To
secure those information BLH have protocols as well. They have decided to use the tools
related to security protection are intrusion detection system etc. The guidelines of the
company are required to be retained and depose with the regular span of time.
Segregation of network will establish by which testing, production and the development
of the social structure can be develop. BLH security construct in that way which help the
social structure of the society. If any information is publish in public or in any journal
then having the proper agreement is required is between the company and the client.
They had develop the another security which is related to their files. Report they make
that have to be secured. If no security is permitted to report it can be easily manipulated.
For more security purpose they mark the code on each report to protect them. First
company will set the manual code for the report after finalization the code will be secure.
In old security policy there is no backup facilities of file. Once the file is out there is no
backup but, through the software protection company can do the backups of files. This
might be possible that data of client may be deleted or misrouted for that the company
have to backup the file not the personal information of a particular person.
BLH develop security by which company can test the daily incident response test plan.
Through this data can be recover from the site. If anyone resolve the security and privacy
have to consultant the company. Otherwise they don't get the access to the data. Testing
are required to be done on daily basis by mistakes and flaws can easily recover from the
file.
Proximate reporting security. If anyone try to disclose the information of client to
anyone, this system will immediately inform the company. To leak any information is
unethical and consider unfair practice in the company.
Operational security is introduced in which they do the cloud computing of data, this
security control the logging and monitoring. With the secure password and protection
logging is possible. This security system will protect the information from malware. This
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
security is made for the formal policy and procedure of the company. Profit maximised
firm always bear the risk so secure the risk the risk management essential to implement in
the company.
BLH make this as a policy that there is no third-party-sites. They have a full control over
this. Without informing to the company and the client both it can't be leaked or hacked.
The company and client required to have proper contract by which information can't
leaked to the third party (Gangwar, Date and Ramaswamy, 2015). If anything like that
happen then company will answer to the client.
BLH make the compliance by which framework of the company is determined. So, the
procedure and structure of the company have to be up-to the mark. Seeing that the good
structure is made and this system identifies the regular and legislative requirements as to
recognise the defining, documenting and updating of data on regular basis. Business
activities the company conduct it should be lawful. Some companies have intellectual
property right of there software due to this no one have the use that software.
Security measures: BLH has enforced operational security and accepted standards of
technology for protecting information of employees and clients from misuse, loss, destruction or
alteration. Authenticated employees have access to personal identifiable information and this
information should be treated as highly confidential.
Technological, organizational and physical safeguards should be maintained so that
personal information can be protected from misuse, unauthorized access, loss, destruction and
alteration (Goyal, 2014). Only authorised employees should have access to details and account of
clients. Information can be protected by not clicking on emails from random person it can be any
kind of virus or an attempt to get access to into system. If employees feel that information is
breached then they can immediately contact with security officer.
Sharing of information and cross border transfer:
Information accumulated is transferred to third parties or employees present at some
other place anywhere in world, even in those countries which do not have laws for transfer and
use of such kind of information. BLH stores data of clients on servers of Cloud and which are
placed in virtual world. Information is transferred cross border to provide seamless services to
clients. Let us consider that client has shifted to abroad and wants to have same facilities at place
he is residing now so at this moment of time cross border transfer is must.
firm always bear the risk so secure the risk the risk management essential to implement in
the company.
BLH make this as a policy that there is no third-party-sites. They have a full control over
this. Without informing to the company and the client both it can't be leaked or hacked.
The company and client required to have proper contract by which information can't
leaked to the third party (Gangwar, Date and Ramaswamy, 2015). If anything like that
happen then company will answer to the client.
BLH make the compliance by which framework of the company is determined. So, the
procedure and structure of the company have to be up-to the mark. Seeing that the good
structure is made and this system identifies the regular and legislative requirements as to
recognise the defining, documenting and updating of data on regular basis. Business
activities the company conduct it should be lawful. Some companies have intellectual
property right of there software due to this no one have the use that software.
Security measures: BLH has enforced operational security and accepted standards of
technology for protecting information of employees and clients from misuse, loss, destruction or
alteration. Authenticated employees have access to personal identifiable information and this
information should be treated as highly confidential.
Technological, organizational and physical safeguards should be maintained so that
personal information can be protected from misuse, unauthorized access, loss, destruction and
alteration (Goyal, 2014). Only authorised employees should have access to details and account of
clients. Information can be protected by not clicking on emails from random person it can be any
kind of virus or an attempt to get access to into system. If employees feel that information is
breached then they can immediately contact with security officer.
Sharing of information and cross border transfer:
Information accumulated is transferred to third parties or employees present at some
other place anywhere in world, even in those countries which do not have laws for transfer and
use of such kind of information. BLH stores data of clients on servers of Cloud and which are
placed in virtual world. Information is transferred cross border to provide seamless services to
clients. Let us consider that client has shifted to abroad and wants to have same facilities at place
he is residing now so at this moment of time cross border transfer is must.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
In some countries security agencies, law enforcement agencies or regulatory agencies
will access information which is transferred. In such cases policies should be made in such a way
that if anyone either its within organisation or third party (security agencies, courts or regulatory
agencies) leaks or share information with someone else then they will be punished as per
laws(Kaur and Singh, 2015). When client use websites and accepts agreements it means that
client agrees for sharing of information outside place where he is residing. Privacy laws, binding
codes or regulations must be ensured.
Contact us:
If in case clients feel that their information is shared without their consent then they can
contact security agencies of BLH at issues@blh.com and in case clients have any issues
regarding security policies then they can contact at information@blh.com. BLH as a team works
to safeguard information of clients and employees and if clients require any kind of
modifications in their information then they can contact at modify@blh.com.
Promotional & Commercial Communication:
If clients want that they should not receive any kind of promotional messages then they
can send message to BLH so that they do not share clients information and send any kind of
message to them. Message can be sent at officer@blh.com. Employees working at BLH have
right to send messages, calls, emails or Whatsapp to clients who have filled information in BLH's
website or information is received through digital campaigns, emails, online or offline mediums.
By providing details clients explicitly gives consent to BLH to contact him/her for promotional
as well as commercial communications and this will not be considered as against law of 'Do not
call'.
Declarations/User's Responsibility:
User ensures that if inaccurate or erratic information is provided either through websites
or any other medium then he will be responsible for causes.
User agrees that some information will not be shared with them due to security, legal or
any other reasons.
User is responsible of accurateness of data provided by them and will keep information
up to date so that data is effective at any situation.
will access information which is transferred. In such cases policies should be made in such a way
that if anyone either its within organisation or third party (security agencies, courts or regulatory
agencies) leaks or share information with someone else then they will be punished as per
laws(Kaur and Singh, 2015). When client use websites and accepts agreements it means that
client agrees for sharing of information outside place where he is residing. Privacy laws, binding
codes or regulations must be ensured.
Contact us:
If in case clients feel that their information is shared without their consent then they can
contact security agencies of BLH at issues@blh.com and in case clients have any issues
regarding security policies then they can contact at information@blh.com. BLH as a team works
to safeguard information of clients and employees and if clients require any kind of
modifications in their information then they can contact at modify@blh.com.
Promotional & Commercial Communication:
If clients want that they should not receive any kind of promotional messages then they
can send message to BLH so that they do not share clients information and send any kind of
message to them. Message can be sent at officer@blh.com. Employees working at BLH have
right to send messages, calls, emails or Whatsapp to clients who have filled information in BLH's
website or information is received through digital campaigns, emails, online or offline mediums.
By providing details clients explicitly gives consent to BLH to contact him/her for promotional
as well as commercial communications and this will not be considered as against law of 'Do not
call'.
Declarations/User's Responsibility:
User ensures that if inaccurate or erratic information is provided either through websites
or any other medium then he will be responsible for causes.
User agrees that some information will not be shared with them due to security, legal or
any other reasons.
User is responsible of accurateness of data provided by them and will keep information
up to date so that data is effective at any situation.
When users sign up then they agree that they can ask for any kind of information related
with membership which can include previous orders or bookings and transactions made
under specific program for which they are applying.
Security risks and threats that apply to computer systems:
Cybercriminals use various and creative methods to enter into system due to which
business or personal information can be breached. BLH needs to be aware of all these loopholes
which can lead to information breach. Some security risks and threats are mentioned below:
Malware: It is designed with a aim to destroy system intentionally. Employees within
BLH ensure that they do not click on any link or download any software or update from
unknown site(Khan, Parkinson and Qin, 2017). When external drives are connected they
ensure that they will scan it before using to avoid any unwanted attack. Malicious
software which includes viruses, rootkits, spyware, trojan horses, worms are discussed
below:
Virus: Virus is a program which spreads from one system to another system when
connected through LAN. It can steal, delete and corrupt data on system in which it is
present even it can lead to removal of complete information from hard drive. BLH creates
a backup on daily basis so that if anything happens then also information can be
protected. Firewall and anti-virus are activated by BLH to ensure safety. They make sure
that within particular duration operating system is updated.
Rogue security software: A pop-up window which appears on screen when working on
system with a message malicious software has been detected, install anti-virus to remove
it or click here. This can be a rogue software to get eye of user so that they click on it and
download and install malicious software. BLH use RogueKiller software to scan, identify
and destroy any kind of malicious software.
Trojan horse: Users download and install trojan horse by assuming it as a legitimate
application unaware of fact that it can lead to serious affects(Khatoon, and Ikram, 2014) .
Keystrokes can be observed, passwords can be recorded, access to web cam, all these are
adverse impact of trojan horse. BLH makes sure that applications are not executed until it
is confirmed that it is from reliable source. They ensure that anti-spyware, anti-virus are
updated on regular basis. When any application is downloaded it is scanned before using
it and it is first step which employees at BLH follows.
with membership which can include previous orders or bookings and transactions made
under specific program for which they are applying.
Security risks and threats that apply to computer systems:
Cybercriminals use various and creative methods to enter into system due to which
business or personal information can be breached. BLH needs to be aware of all these loopholes
which can lead to information breach. Some security risks and threats are mentioned below:
Malware: It is designed with a aim to destroy system intentionally. Employees within
BLH ensure that they do not click on any link or download any software or update from
unknown site(Khan, Parkinson and Qin, 2017). When external drives are connected they
ensure that they will scan it before using to avoid any unwanted attack. Malicious
software which includes viruses, rootkits, spyware, trojan horses, worms are discussed
below:
Virus: Virus is a program which spreads from one system to another system when
connected through LAN. It can steal, delete and corrupt data on system in which it is
present even it can lead to removal of complete information from hard drive. BLH creates
a backup on daily basis so that if anything happens then also information can be
protected. Firewall and anti-virus are activated by BLH to ensure safety. They make sure
that within particular duration operating system is updated.
Rogue security software: A pop-up window which appears on screen when working on
system with a message malicious software has been detected, install anti-virus to remove
it or click here. This can be a rogue software to get eye of user so that they click on it and
download and install malicious software. BLH use RogueKiller software to scan, identify
and destroy any kind of malicious software.
Trojan horse: Users download and install trojan horse by assuming it as a legitimate
application unaware of fact that it can lead to serious affects(Khatoon, and Ikram, 2014) .
Keystrokes can be observed, passwords can be recorded, access to web cam, all these are
adverse impact of trojan horse. BLH makes sure that applications are not executed until it
is confirmed that it is from reliable source. They ensure that anti-spyware, anti-virus are
updated on regular basis. When any application is downloaded it is scanned before using
it and it is first step which employees at BLH follows.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Malicious spyware: Application of trojan horse is described which was created by
cybercriminals to attack their victims. Let's consider example of keylogger where every
keystroke is recorded. BLH have disabled autorun feature, in this permission is required
to install applications. They have turned on pop-up blocker so that unnecessary
applications are avoided.
Computer worm: This software replicates itself without human consent and have severe
impact on users computer. Let us take a example: a worm replicates itself and sends
various copies of mail to all contacts present in mail box(Lian, Yen and Wang, 2014) .
BLH has installed licensed copy of anti-virus and update them on regular basis. They
made sure that preview feature is disabled on email and made sure that employees are
careful about opening email attachments.
Botnet: Computers are connected on LAN and are accessed by hackers using trojan
horse or virus is referred to as botnet. It can include sending spams to email contacts.
BLH makes sure that unknown or suspicious links are not opened and attachments from
unknown sources are not downloaded. Branded anti-spyware and anti-virus are installed
by BLH to ensure that computer is not affected from malware.
Spam: It basically refers to email-spam that is unwanted or not wanted messages in your
email inbox. It clutter mailbox and accommodate a lot of space in mail server. BLH tries
that employees should not open spam emails and avoid clicking on such messages and
make sure that they should not reply. BLH ensures that each employee has their own
office email and make sure that they should not share official id with anyone outside
office and keep it safe.
Rootkit: It is designed to gain access to a software or computer as pretending to be
authorized user. Root refers to authorized part of operating system and kit refers to
implementation of tool of software component(Osei, Hayfron-Acquah and Kumasi,
2014). They cannot be detected but based on signature scanning, observing system
behaviour and analysing system dump can be used to detect them. BLH has created
policies to patch up vulnerabilities found within system and detect them using static
analysis. They should ensure that trend micro buster, Microsoft rootkit revealer or sophos
anti rootkit is installed within complete system and are in updated condition so that any
kind of malicious attack can be prevented.
cybercriminals to attack their victims. Let's consider example of keylogger where every
keystroke is recorded. BLH have disabled autorun feature, in this permission is required
to install applications. They have turned on pop-up blocker so that unnecessary
applications are avoided.
Computer worm: This software replicates itself without human consent and have severe
impact on users computer. Let us take a example: a worm replicates itself and sends
various copies of mail to all contacts present in mail box(Lian, Yen and Wang, 2014) .
BLH has installed licensed copy of anti-virus and update them on regular basis. They
made sure that preview feature is disabled on email and made sure that employees are
careful about opening email attachments.
Botnet: Computers are connected on LAN and are accessed by hackers using trojan
horse or virus is referred to as botnet. It can include sending spams to email contacts.
BLH makes sure that unknown or suspicious links are not opened and attachments from
unknown sources are not downloaded. Branded anti-spyware and anti-virus are installed
by BLH to ensure that computer is not affected from malware.
Spam: It basically refers to email-spam that is unwanted or not wanted messages in your
email inbox. It clutter mailbox and accommodate a lot of space in mail server. BLH tries
that employees should not open spam emails and avoid clicking on such messages and
make sure that they should not reply. BLH ensures that each employee has their own
office email and make sure that they should not share official id with anyone outside
office and keep it safe.
Rootkit: It is designed to gain access to a software or computer as pretending to be
authorized user. Root refers to authorized part of operating system and kit refers to
implementation of tool of software component(Osei, Hayfron-Acquah and Kumasi,
2014). They cannot be detected but based on signature scanning, observing system
behaviour and analysing system dump can be used to detect them. BLH has created
policies to patch up vulnerabilities found within system and detect them using static
analysis. They should ensure that trend micro buster, Microsoft rootkit revealer or sophos
anti rootkit is installed within complete system and are in updated condition so that any
kind of malicious attack can be prevented.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Need of security policies:
Individual employee or department is not responsible for handling or dealing with
confidential information but organisation itself is responsible for handling it out. To ensure
effectiveness and appropriateness of security policies top administrators are responsible and
implementation of those policies is also their role(Pancholi and Patel, 2016). Policies cannot
solve problems until they are clearly mentioned and should point out towards important factors
which can affect Bright Level Holdings LLP (BLH). Security policies means prototypes, plans
and practices through which employees can get access to organisation's system and information
contained in it. Policies help organisation and employees to protect their system and information.
Threats affecting security policies:
Security policies for preventing phishing attack : Phishing is considered as major
threat. This can be avoided by training employees by creating mock scenarios related to
phishing. Filters should be used to block viruses and blank senders. Two factor authentication
should be used so that if hacker has got employees credentials then also cannot get access to
information (Patidar and Kumbhkar, 2014). Extensions and browser add-ons can be enabled so
that employees cannot click on malicious links. These are some policies which BLH can include
to protect their system and information from phishing attack.
Security policies for preventing hacking : Hacking is considered as most effective
threat which can lead to loss of information. To prevent information from being breached
software should be downloaded from authentic websites and employee should not click on
random emails attachment. Passwords should be complex or biometrics passwords should be
used. External hard drives should be scanned before using them. Anti hacking software should be
used by BLH and above mentioned policies should be used.
Security policies for preventing malware attack : It is a serious issue as intruder can
get access to complete system and can do anything with information. For preventing this
software should be updated, hardware should be protected. Information should be encrypted
using different algorithms and tools. Backup of data should be created, file integrity and log
monitoring should be mandatory. BLH can use these policies in order to stay safe from attack.
Security policies for preventing trojan horse attack : In this intruder tends behave like
a legitimate user to enter into employee's system. Identify loopholes inside system and try to
overcome them so that any third person can enter into a system (Rasheed, 2014). BLH made sure
Individual employee or department is not responsible for handling or dealing with
confidential information but organisation itself is responsible for handling it out. To ensure
effectiveness and appropriateness of security policies top administrators are responsible and
implementation of those policies is also their role(Pancholi and Patel, 2016). Policies cannot
solve problems until they are clearly mentioned and should point out towards important factors
which can affect Bright Level Holdings LLP (BLH). Security policies means prototypes, plans
and practices through which employees can get access to organisation's system and information
contained in it. Policies help organisation and employees to protect their system and information.
Threats affecting security policies:
Security policies for preventing phishing attack : Phishing is considered as major
threat. This can be avoided by training employees by creating mock scenarios related to
phishing. Filters should be used to block viruses and blank senders. Two factor authentication
should be used so that if hacker has got employees credentials then also cannot get access to
information (Patidar and Kumbhkar, 2014). Extensions and browser add-ons can be enabled so
that employees cannot click on malicious links. These are some policies which BLH can include
to protect their system and information from phishing attack.
Security policies for preventing hacking : Hacking is considered as most effective
threat which can lead to loss of information. To prevent information from being breached
software should be downloaded from authentic websites and employee should not click on
random emails attachment. Passwords should be complex or biometrics passwords should be
used. External hard drives should be scanned before using them. Anti hacking software should be
used by BLH and above mentioned policies should be used.
Security policies for preventing malware attack : It is a serious issue as intruder can
get access to complete system and can do anything with information. For preventing this
software should be updated, hardware should be protected. Information should be encrypted
using different algorithms and tools. Backup of data should be created, file integrity and log
monitoring should be mandatory. BLH can use these policies in order to stay safe from attack.
Security policies for preventing trojan horse attack : In this intruder tends behave like
a legitimate user to enter into employee's system. Identify loopholes inside system and try to
overcome them so that any third person can enter into a system (Rasheed, 2014). BLH made sure
that program or application is not installed until it is downloaded from trusted source. External
storage devices like pen drives, cd, hard disk are scanned before they are used. BLH created a
policy so that firewall is always on and software's are updated.
Security policies for preventing worms: They have reproducing capability means they
replicate themselves without human intervention. They overwrite information and create a copy
of original files and hide them which will cause system to run out off space. BLH should create a
policy to install tools and keep them updated for removing malicious software such as Norton
Internet Security, Avast. These software's will protect content or information present within files
such as directory executable files.
TASK 2
Detail discussion of different situations
A brand new computing security policy of BLH based on current threats to data
(information related to organisation, client and of whole project), may aid them in reducing
chances of going through different issues or problems that can be faced in near future. In present
context, developers of security policy of BLH has kept its focus on bringing innovation among
this firm's computer based policy (Reza and Sonawane, 2016). With the help of this, threats
related to data could easily be reduced to minimal. As Chief Security Officer of BLH, mentioned
that “I never like to hear words like 'convenient' or 'good enough' when it comes to the
company's security.”, new policy has been developed through considering this approach of
building out the best one. With the help of this, client's information, organisation's data and
content related to sensitive projects can be kept safe for a longer time frame.
Away with this, new policy which has been proposed for BLH can be considered as much
stronger than the existing one because, it kept overall focus on bringing innovation, boosting up
safety of clients (personal information) so that it do not affect their reputation. Then only firm
can sustain at marketplace for a longer period of time. Since, BLH is delivering consultancy and
advisory services to private and government clients. It is much required to prevent its clients
from many threats like phishing, hacking and many more other menace and the proposed policy
is helping them in reaching to an all new level where information has been prevented from many
security related concerns (Rittinghouse and Ransome, 2016). In present context, there are a
storage devices like pen drives, cd, hard disk are scanned before they are used. BLH created a
policy so that firewall is always on and software's are updated.
Security policies for preventing worms: They have reproducing capability means they
replicate themselves without human intervention. They overwrite information and create a copy
of original files and hide them which will cause system to run out off space. BLH should create a
policy to install tools and keep them updated for removing malicious software such as Norton
Internet Security, Avast. These software's will protect content or information present within files
such as directory executable files.
TASK 2
Detail discussion of different situations
A brand new computing security policy of BLH based on current threats to data
(information related to organisation, client and of whole project), may aid them in reducing
chances of going through different issues or problems that can be faced in near future. In present
context, developers of security policy of BLH has kept its focus on bringing innovation among
this firm's computer based policy (Reza and Sonawane, 2016). With the help of this, threats
related to data could easily be reduced to minimal. As Chief Security Officer of BLH, mentioned
that “I never like to hear words like 'convenient' or 'good enough' when it comes to the
company's security.”, new policy has been developed through considering this approach of
building out the best one. With the help of this, client's information, organisation's data and
content related to sensitive projects can be kept safe for a longer time frame.
Away with this, new policy which has been proposed for BLH can be considered as much
stronger than the existing one because, it kept overall focus on bringing innovation, boosting up
safety of clients (personal information) so that it do not affect their reputation. Then only firm
can sustain at marketplace for a longer period of time. Since, BLH is delivering consultancy and
advisory services to private and government clients. It is much required to prevent its clients
from many threats like phishing, hacking and many more other menace and the proposed policy
is helping them in reaching to an all new level where information has been prevented from many
security related concerns (Rittinghouse and Ransome, 2016). In present context, there are a
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 19
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.