HND Assignment BriefSession: February 2021 Programme titleBTEC Higher National Diploma (HND) in ComputingUnit number and title5SecurityAssignment number & title1 of 1SecurityUnit Leader–Assessor (s)Dr Barra TourayIssue Date24/02/2021Final assignmentsubmission deadline07 – 12 June 2021Late submission deadline14 – 19 June 2021The learners are required to follow the strict deadline set by the Collegefor submissions of assignments in accordance with the BTEC level 4 – 7submission guidelines and College policy on submissions.Resubmission deadlineTBAFeedbackFormative feedback will be available on ICON VLE and in class during thesemester.Final feedback will be available within 2 – 3 weeks of the assignmentsubmission date. GeneralGuidelines• The work you submit must be in your own words. If you use a quote or anillustration from somewhere you must give the source.• Include a list of references at the end of your document. You must give allyour sources of information.• Make sure your work is clearly presented and that you use readilyunderstandable English.• Wherever possible use a word processor and its “spell-checker”. Internal verifierDr M. J. HasanSignature (IV of thebrief) *[email protected]Date–/–/2021 Department of Information Technology Page 2 of 6ICON College of Technology and ManagementBTEC HND in ComputingUnit 5: Security (L4)Session: February 2021CourseworkRecommended maximum words 3,000You are strongly advised to read “Preparation guidelines of the Coursework Document”before answering your assignment.ASSIGNMENTAim & ObjectiveThis coursework is designed to demonstrate the broad understanding and knowledge of themodule, assessing, and evaluating the student’s strength and level of analysis; divided into fourlearning outcomes. The information provided is relatively brief, so you will need to make someassumptions. Please note that there is not always one right answer. However, you will need tojustify your reasons for any choices you make to get high marks. The coursework should besubmitted as one document in a report format in final submission.Assignment Scenario:You have just been appointed as IT Security Engineer in a company in Liverpool called the GlassCompany Ltd. Glass Company Ltd has its headquarters in Liverpool while its two branch offices arelocated in Leeds and London. You are responsible for the physical, IT and information/data security.The company specialise in glass manufacturing.These are four departments in the four sites within this company:• Research and Development,• Information Technology,• Production/Manufacturing• Personnel,The HQ is connected to the branch offices through the Internet using a third party VPN services.R&D is the one department with good security (biometric and card-based access controlsystems).The R&D department in the HQ was under attacked and important intellectual properties(IP) and customer information were stolen. The branch office in London was attacked withRansomware while the branch office in Leeds suffered a serious Distributed Denial of Service attack(DDoS) and even with Man in the middle attack. Recent audit has found that there was an incorrectconfiguration of firewall policies in all the three sites. In the HQ it was also discovered that somephishing attacks were also used allowing the attackers to have a backdoor access to the HQ networkAll offices for the three sites are on the ground floor with servers (email, ftp, web servers etc) anddocument filling rooms and photocopiers in the basement which are easily accessible to allemployees of their day to day duties. In each department, there are several workstations, networkprinters, USB based local printer/plotter/scanners, USB and network drives. The company also hassome cloud services for data storage and backup services which is used by all the three sites.There is also a smoking area just outside the building for the three sites, conveniently situated nextto the staff car park which is open for visitors and contractors as well. The company’s Wi-Fi signalscan be sensed by wireless devices in the smoking area.Department of Information Technology Page 3 of 6Initially, you need to carry out investigation about the IT security risks, existing organisational securityprocedure and controls to mitigate the risks. You also need to consider IT security policies, dataprotection laws, risk assessment methods, and security audit necessary for improving the overallsecurity.Part 1:As IT Manager, your first task as part of your new role is to provide an IT security awarenesstraining to all employees. The training presentation shall include different types of IT security risksfor the Glass Company Ltd together with network security tools and risk assessment and treatmentmethods. In addition to the presentation, you should also produce a detailed report containingtechnical review of the topics covered in the presentation.• Your presentation should include different IT security risks and IT security Solutions.• Presentation will be 10 minutes to educate your colleagues and tutor. The presentation caninclude any citation if necessary, with the College referencing format (Harvard system) andany presentation note. The presentation slides with speaker note need to be attached to themain document when you submit your assignment.• Your written report should include a summary of your presentation including detailedorganisational security procedure, critical review of the security solution including security tool,monitoring system, risk assessment, treatment method and their contribution towards a trustednetwork.Presentation should cover the following points.• Identify types of security risks to organisation given in the scenario.• Describe security procedures that should be implemented in the organisation in the givenscenario and present with a method to assess and treat IT security risks.• Present potential impact to IT security of incorrect configuration of firewall policies and thirdparty VPNs.• Present with the discussion by evaluating different network security tools such as DMZ, staticIP and NAT including the benefits to implement network-monitoring systems with example.Part 2:You should follow the assignment brief scenario and produce the followings:Produce a report that contains the followings:• Discussion of Risk assessment procedure including Data protection regulation and riskmanagement standard ISO 31000 applicability to the IT security.• IT security audit impact on organisational security.• Develop an IT security policy based on the scenario context and main components ofdisaster recovery plan with justification for the reason of inclusions.• The responsibilities of employees and stakeholders in relation to implementation of securityaudit recommendationsYou are required to consider and evaluate the alignment of IT security with organisational policyand suitability of using tools used in organisational policy.Department of Information Technology Page 4 of 6AppendicesNote: You should attach all the supporting documents as a separate file in the appendix section ofyour assignment. Without appropriate evidence(s) your assignment will not be marked.• Presentation slides• Configuration fileRelevant InformationTo gain a Pass in a BTEC HND Unit, you must meet ALL the Pass criteria; to gain a Merit, youmust meet ALL the Merit and Pass criteria; and to gain a Distinction, you must meet ALL theDistinction, Merit and Pass criteria.1. Learning Outcomes and Assessment Criteria Learning Outcomes and Assessment CriteriaPassMeritDistinctionLO1 Assess risks to IT securityLO1 & 2D1 Investigate howa ‘trusted network’may be part of an ITsecurity solution.P1 Identify types of security risks toorganisations.P2 Describe organisational securityprocedures.M1 Propose a method to assessand treat IT security risks.LO2 Describe IT security solutionsP3 Identify the potential impact to ITsecurity of incorrect configuration offirewall policies and third-party VPNs.P4 Show, using an example for each,how implementing a DMZ, static IP andNAT in a network can improve NetworkSecurity.M2 Discuss three benefits toimplement network-monitoringsystems with supporting reasons.LO3 Review mechanisms to control organisational IT securityP5 Discuss risk assessmentprocedures.P6 Explain data protection processesand regulations as applicableM3 Summarise the ISO 31000 riskmanagement methodology and itsapplication in IT security.M4 Discuss possible impacts toorganisational security resultingD2 Consider how ITsecurity can bealigned withorganisationalpolicy, detailing thesecurity impact ofany misalignment.LO4 Manage organisational securityP7 Design and implement a security policyfor an organisation.P8 List the main components of anorganisational disaster recovery plan,justifying the reasons for inclusion.M5 Discuss the roles ofstakeholders in the organisation toimplement security auditrecommendations.D3 Evaluate thesuitability of thetools used in anorganisationalpolicy. Department of Information Technology Page 5 of 62. Preparation guidelines of the Coursework Documenta. All coursework must be word processed.b. Avoid using “Textbox” in writing your assignment.c. Document margins must not be more than 2.54 cm (1 inch) or less than 1.9cm (3/4 inch).d. Font size must be within the range of 10 point to 14 points including the headings and body text (preferredfont size is 11) in Arial.e. Standard and commonly used type face, such as Arial and Times New Roman, should be used.f. All figures, graphs and tables must be numbered.g. Material taken from external sources must be properly referred and cited within the text using Harvardsystemh. Do not use Wikipedia as a reference.3. Plagiarism and CollusionAny act of plagiarism or collusion will be seriously dealt with according to the College regulations. In thiscontext the definitions and scope of plagiarism and collusion are presented below:Plagiarism is presenting somebody else’s work as your own. It includes copying information directly fromthe Web or books without referencing the material; submitting joint coursework as an individual effort.Collusion is copying another student’s coursework; stealing coursework from another student andsubmitting it as your own work.Suspected plagiarism or collusion will be investigated and if found to have occurred will be dealt withaccording to the College procedure (For details on Plagiarism & Collusion please see the StudentHandbook).4. Submissiona. Initial submission of coursework to the tutors is compulsory in each unit of the course.b. The student must check their assignments on ICON VLE with plagiarism software Turnitin to makesure the similarity index for their assignment stays within the College approved level. A student cancheck the similarity index of their assignment up to five times in the Draft Assignment submissionpoint located in the home page of the ICON VLE.c. All Final coursework must be submitted to the Final submission point into the Unit (not to the Tutor).The student would be allowed to submit only once and that is the final submission.d. Any computer files generated such as program code (software), graphic files that form part of thecoursework must be submitted as an attachment to the assignment with all documentation.e. Any portfolio for a Unit must be submitted as an attachment in the assignment5. Good practicea. Make backup of your work in different media (hard disk, memory stick, etc.) to avoid distress due to lossor damage of your original copy.6. Extension and Late Submissiona. If you need an extension for a valid reason, you must request one using an Exceptional ExtenuatingCircumstances (EEC) form available from the Examination Office and ICON VLE. Please note that thetutors do not have the authority to extend the coursework deadlines and therefore do not ask them toaward a coursework extension. The completed form must be accompanied by evidence such as amedical certificate in the event of you being sick, and should be submitted to the Examination Office.b. Late submission will be accepted and marked according to the College procedure. It should be notedthat late submission may not be graded for Merit and Distinction.c. All late coursework must be submitted to the Late submission point into the unit (not to the Tutor)in the ICON VLE. A student is allowed to submit only once and that is also treated as the finalsubmission.d. If you fail in the Final or Late submission, you can resubmit in the Resubmission window.Department of Information Technology Page 6 of 67. Submission deadlines Formative feedbackWeek 12Final Submission07 – 12 June 2021Late submission14 – 19 June 2021 Submit to: Online to the ICON VLE onlyGlossary:Analyse: Break an issue or topic into smaller parts by looking in depth at each part. Support each part witharguments and evidence for and against (Pros and cons)Evaluate: When you evaluate you look at the arguments for and against an issue.Critically Evaluate/Analyse: When you critically evaluate you look at the arguments for and against anissue. You look at the strengths and weaknesses of the arguments. This could be from an article you readin a journal or from a text book.Discuss: When you discuss you look at both sides of a discussion. You look at both sides of the arguments.Then you look at the reason why it is important (for) then you look at the reason why it is important (against).Explain: When you explain you must say why it is important or not important.Describe: When you give an account or representation of in words.Identify: When you identify you look at the most important points.Define: State or describe the nature, scope or meaning.Implement: Put into action/use/effectCompare: Identify similarities and differencesExplore: To find out aboutRecommend: Suggest/put forward as being appropriate, with reasons why
