Pearson

Higher National in
Computing

Unit 5: Security

ASSIGNMENT
BRIEF

This Assignment Brief is the property of

This
THE Assignment
MILLENNIUMBrief is the property
UNIVERSITY COLLEGEof
THE MILLENNIUM UNIVERSITY COLLEGE
Higher National Certificate/Diploma in Computing
Assignment Brief
Pearson Reg. Number
Student Name
Unit Number and Title Unit 5: Security
Academic Year 2020-21
Unit Tutor Zoha Farooq
Assignment Title Security Presentation and Guidebook
Issue Date 8-Mar-2021
Submission Date 30-May-2021
Submitted On
Internally Verified?  Yes  No
IV Name Mir Wajid Ali
IV Date 18-Dec-2020
Student Declaration
I solemnly declare that the work submitted for this assignment is my own and research sources
are fully acknowledged.

Student Signature: Tutor Signature:

Date: Date:

Submission Format

The submission is in the form of one individual report and two policy documents. Report
should be written in a concise, formal business style using single spacing and font size 12. You
are required to make use of headings, paragraphs, subsections and illustrations as
appropriate, and all work must be supported with research and referenced using the Harvard
referencing system. Please also provide a bibliography using the Harvard referencing system.
You are required to submit your work for plagiarism checking. No work will be considered if it
contains plagiarism more than the acceptable level defined as per TMUC’s plagiarism policy:

The individual report will be titled as “Managing IT Security of an Organization” and it will
contain the complete evidences for both the Part 1 and Part 2, and will contain a partial
evidence for Part 3. The evidences required in the report are:

Part 1

A dedicated section in your report having title “IT Security Risks and Procedures” comprising
the evidence as per the requirements given under the scenario. The recommended word count
for this Part is 1500 words but there is no penalty on exceeding this word count.

Part 2

A dedicated section in your report having title “ISO 31000 Risk Management Methodologies”
comprising the evidence as per the requirements given under the scenario. The recommended
This Assignment Brief is the property of
THE MILLENNIUM UNIVERSITY COLLEGE
word count for this Part is 1500 words but there is no penalty on exceeding this word count.

Part 3

In this part, you will create a dedicated section in your report having title “Roles of
Stakeholders in Implementing IT Security in an Organization” comprising the evidence as
per the requirements given under the scenario. The recommended word count for this Part is
1000 words but there is no penalty on exceeding this word count.

Beside, this section in the report, you will create two individual policy documents having
titles “IT Security Policy for BISE” and “Disaster Recovery Plan for BISE”. Both the policies
will carry a formal policy structure having, Introduction, Purpose, Body of the Policy, Policy
Owner, Sign off. Body of the policy will carry the major information about the policy. The
recommended word count for each policy is 1000 words but there is no penalty on exceeding
this word count.
Unit Learning Outcomes:
LO1 Assess risks to IT security
LO2 Describe IT security solutions
LO3 Review mechanisms to control organisational IT security
LO4 Manage organisational security
Assignment Brief and Guidance:
CrypTech Inc. is a digital security company that provides security consultancy and
implementation services to the IT industry in Pakistan. The company is a multi-segment
organization comprising of organizational units of Forensics, Offensive Security, Information
Security Management and Audits, and Secure Development. All these units are extensively
working in the field of Information and Digital Security.
You have recently joined CrypTech as a Trainee IT Security Specialist and currently you are
associated with the Information Security Management Unit. This unit has been involved in the
development of IS policies and procedures and risk assessment for various organizations
followed by their deployment and onwards, their audit. You are currently working with
Information Security Management group of the unit.
Part 1
Your unit has been given a new client organization “Board of Intermediate & Secondary
Education”. The client is a government entity managing educational programs for SSC and
HSSC. The client manages all the data digitally, however, it is experiencing some anomalies in
their digital processes and are doubtful that there is some sort of tempering to their records is
happening either internally or externally. The organization has decided to seek your company’s
expertise in this regard and desire to develop and implement a proper information security
system in their organization.
In this regard, your team lead has assigned you the responsibility to come up with the
list of renowned potential security risks and best possible mitigating procedures used
by the organizations. Assess the client’s organization against these potential risks
using appropriate risk assessment methodology of your own choice i.e. ISO 27001.
Furthermore, from preliminary discussion with the client’s technical team, it is observed that:
 organization has implemented a 3rd Party VPN (CISCO) to connect its main office with 2
This Assignment Brief is the property of
THE MILLENNIUM UNIVERSITY COLLEGE
 branch offices securely and has also implemented a network Firewall (CISCO)
 they have an in-house Webserver hosted within the network which is directly accessible
from both the internet and the intranet at the same time.
In this regard, your team lead has assigned you the responsibility to analyze these
observations and come up with the possibilities where any misconfiguration to VPN
and Firewall may have a potential impact on the organizations IT Security and
whether implementing a Webserver directly connected to both the public and private
networks at the same time is recommended or not. If not, then do share, the best
approaches (i.e. DMZ, Static IP, NAT) that can ensure the security of the
organization’s data. Also, suggest how the implementation of Network Monitoring
Systems will be beneficial for organization’s security.
Suggest and give a conclusive and justified review of minimum three physical and
three virtual security measures that you feel, will be helpful for the client
organization to ensure the integrity of its IT security.
Part 2
The contract has been signed between the client and your company, and you are part of the
project team.

The client has asked about how your team will be taking up this project and, in this regard,
your team lead has tasked you to develop a report where you will cover the following aspects
to support client for developing a proper understanding about the Information Security
Management and Audits:

How the Risk assessment procedures defined in ISO 31000 risk management
methodology are effective in assessing organizational risks and how this standard
plays an effective role in the IT security?

Since the client’s organization is directly handling the public information, which is
extremely critical in nature hence, Data Protection processes needs to be applied to
ensure compliance with the relevant regulations i.e. Data Protection Act.

Security Policy and Organizational Policy, sometimes contradict with eachother and
in this regard, how an organization can align its security policy with its organizational
policy and managing any misalignment through IT Security Audits?

Part 3
The audit of the client’s IT infrastructure with regards to Information Security has been
completed and now your team has developed the Security Policy and disaster recovery plan to
be implemented in the client’s organization.
In this regard, you team lead has assigned you the responsibility to identify the
stakeholders and assign them the roles, and finalizing the security policy and detailed
disaster recover plans, so that the same can be discusses, agreed and implemented
along with the suitable tools that will ensure security of the organization.

Please access HN Global for additional resources support and reading for this unit. For
further guidance and support on report writing please refer to the Study Skills Unit on HN
Global. Link to www.highernationals.com

This Assignment Brief is the property of

THE MILLENNIUM UNIVERSITY COLLEGE
 Grading Criteria
Learning Outcome Pass Merit Distinction
LO1 Assess risks to IT P1 Identify types of M1 Propose a method D1 Evaluate a
security security risks to to assess and treat IT minimum of three
organisations. security risks. physical and virtual
security measures
P2 Describe that can be
organisational security employeed to ensure
procedures. the integrity of the
organizational
LO2 Describe IT P3 Identify the M2 Discuss three security.
security solutions potential impact to IT benefits to implement
security of incorrect network monitoring
configuration of systems with supporting
firewall policies and reasons.
third-party VPNs.

P4 Show, using an
example for each, how
implementing a DMZ,
static IP and NAT in a
network can improve
Network Security.
LO3 Review P5 Discuss risk M3 Summarise the ISO D2 Consider how IT
mechanisms to assessment procedures. 31000 risk management security can be
control organisational methodology and its aligned with
IT security application in IT organisational policy,
P6 Explain data detailing the security
security.
protection processes impact of any
and regulations as misalignment.
applicable to an M4 Discuss possible
organisation. impacts to
organisational security
resulting from an IT
security audit.
LO4 Manage P7 Design and M5 Discuss the roles of D3 Evaluate the
organisational implement a security stakeholders in the suitability of the tools
security policy for an organisation to used in an
organisation. implement security organisational policy
audit
recommendations.
P8 List the main
components of an
organisational disaster
recovery plan,
justifying the reasons
for inclusion.

This Assignment Brief is the property of

THE MILLENNIUM UNIVERSITY COLLEGE