D/618/7406 Unit 5: Challenges of IT Security in Modern Organizations – Risks, Solutions & Best Practices

Submission Format

• The submission is in the form of an individual written report. This should be written in a concise, formal business style using single spacing and font size 12.
• You are required to make use of headings, paragraphs, and subsections as appropriate, and all work must be supported with research and referenced using the Harvard Referencing system.
• The recommended word limit is 2000-2500 words, although you will not be penalized for exceeding the total word limit.
• All figures, graphs, and tables must be numbered.
• The report should include a fully completed test plan including an evaluation of the results and recommendations for improvement to LAN.
• Investigate what functionalities would allow the system to support device growth and the addition of communication devices.

Unit Learning Outcomes

By the end of this unit students will be able to:

• LO1 Assess risks to IT security
• LO2 Describe IT security solutions
• LO3 Review mechanisms to control organisational IT security
• LO4 Manage organizational security

Transferable skills and competencies developed

• Students will develop skills such as communication literacy, critical thinking, analysis reasoning, and interpretation which are crucial for gaining employment and developing academic competence.
• The aim of this unit is to give students knowledge of Security, the associated risk and how it has an impact on business continuity.
• Students will examine security measures involving access authorization and regulation of use.
• The unit also introduces students to the detection of threats and vulnerabilities in physical and IT security.

Vocational Scenario

Security is one of the most important challenges modern organizations face. It is about protecting organizational assets, including personnel, data, equipment, and networks, from attack through the use of prevention techniques in the form of vulnerability testing/security policies and detection techniques, exposing breaches in security and implementing effective responses.

The aim of this unit is to give students knowledge of security, the associated risks and how it has an impact on business continuity. Students will examine security measures involving access authorization and regulation of use. They will implement contingency plans and devise security policies and procedures. The unit also introduces students to the detection of threats and vulnerabilities in physical and IT security, and how to manage risks related to organizational security.

“Qatar CyberX” is a reputed cyber security company based in Doha, Qatar that is delivering security products and services across the entire information technology infrastructure. The company has a number of clients both in Qatar and abroad, which includes some of the top-level companies of the world serving in a multitude of industries. The company develops cyber security software including firewalls, anti-virus, intrusion detection and protection, and endpoint security. “Qatar CyberX” is tasked with protecting company’s networks, clouds, web applications, and emails. They also offer advanced threat protection, secure unified access, and endpoint security. Further, they also play the role of consulting clients on security threats and how to solve them. Additionally, the company follows different risk management standards depending on the company, with the ISO 31000 being the most prominent.

One of the clients of Qatar CyberX, Lockheed Aerospace manufacturing which is a reputed aircraft manufacturer based in the US, has tasked the company to investigate the security implications of developing IoT-based automation applications in their manufacturing process.

The client has requested Qatar CyberX to further audit security risks of implementing web-based IoT applications in their manufacturing process and to propose solutions. Further, Lockheed uses ISO standards and has instructed Qatar CyberX to use the ISO risk management standards when proposing the solution.

Assignment Activity and Guidance

Activity-1

Your manager has given you the task of preparing a report for the CEO of Qatar CyberX that explains the concept related to risk in IT Security. Your report should include:

• Discussion on type of security risk to organizations.
• Assess organizational security procedures.
• Analyze the benefits of implementing a network monitoring system with supporting reasons.
• Evaluation of a range of physical and virtual security measures that can be employed to ensure the integrity of organizational IT Security.

Activity-2

Further, you are required to explain the various IT Security Solutions. Your report should include the following:

• Discuss the potential impact to IT Security of incorrect configuration of firewall policies and third-party VPN.
• Discuss using an example for each, how implementing a DMZ, static IP, and NAT in a security network can improve Network.
• Propose a method to assess and treat IT Security risks.

Activity-3

You are required to Review Mechanism to Control Organizational IT Security. You should produce your evidence as an implementation plan. Your plan should include the following:

• Review risk assessment procedures in an organization.
• Explain data protection processes and regulations as applicable to an organization.
• Summaries an appropriate risk management approach or ISO standard and its application in IT Security.
• Analyze possible impact to organizational security resulting from an IT security audit.
• Recommend how IT security can be aligned with an organizational policy detailing the security impact of any misalignment.

Activity-4

You are required to make and evaluate a plan to manage any organizational Security. The evaluation report should include:

• Design of a suitable security policy that includes main components of an organizational disaster recovery plan.
• Discussing the role of stakeholders in the organization.
• Justifying the security plan developed giving reasons for the elements selected.
• Evaluate the suitability of the tools used in the organizational policy to meet business need.

Recommended Resources

Please note that the resources listed are examples for you to use as a starting point in your research – the list is not definitive.

Textbooks

• Alexander, D. et al. (2020) Information Security Management Principles. BSC.
• Collins, R. (2017) Network Security Monitoring: Basics for Beginners. A Practical Guide. CreateSpace Independent Publishing Platform.
• Sanders, C., Smith, J. (2013) Applied Network Security Monitoring: Collection, Detection, and Analysis. Syngress.
• Steinberg, R. (2011) Governance, Risk Management, and Compliance: It Can’t Happen to Us – Avoiding Corporate Disaster While Driving Success. Wiley.
• Tipton, H. (2010) Information Security Management Handbook. 4th Ed. Auerbach Publications.

Web

• www.bcs.org – BCS, The Chartered Institute for IT (General reference)
• www.bsa.org – Software Alliance (General reference)
• www.fast.org.uk – Federation Against Software Theft (General reference)
• www.ico.org.uk – Information Commissioners Office (General reference)

Links

This unit links to the following related units:

• Unit 29: Network Security
• Unit 30: Applied Cryptography in the Cloud
• Unit 31: Forensics
• https://hnglobal.highernationals.com/learning-zone/reading-lists
• HN Global (2021) Student Resource Library
• HN Global (2021) Textbooks

Answer

Request Answer of this Assignment