Table of contents

LO1: Assess risks to IT security..................................................................................Error! Bookmark not defined.

P1. Identify types of security risks to organizations.........................Error! Bookmark not defined.
P2 Describe organisational security procedures................................Error! Bookmark not defined.
M1 Propose a method to assess and treat IT security risks............Error! Bookmark not defined.
D1. Investigate how a ‘trusted network’ may be part of an IT security solutionError! Bookmark not
LO2. Describe IT security solutions..........................................................................Error! Bookmark not defined.
P3. Identify the potential impact to IT security of incorrect configuration of firewall
policies and third- party VPNs....................................................................................................8
P4. Show, using an example for each, how implementing a DMZ, static IP and NAT in
a network can improve Network Security..............................................Error! Bookmark not defined.
M2. Discuss three benefits to implement network monitoring systems with supporting
reasons....................................................................................................................Error! Bookmark not defined.
LO3. Review mechanisms to control organizational IT security........................................................... 13
P5. Discuss risk assessment procedures.................................................Error! Bookmark not defined.
P6. Explain data protection processes and regulations as applicable to an organization............14
M3. Summarize the ISO 31000 risk management methodology and its application in IT
security...................................................................................................................................... 16
M4. Discuss possible impacts to organizational security resulting from an IT security
audit........................................................................................................................................... 18
D2. Consider how IT security can be aligned with organizational policy, detailing the
security impact of any misalignment......................................................................................... 18
LO4. Manage organizational security...................................................................................................... 18
P7. Design and implement a security policy for an organization............................................... 18
P8. List the main components of an organizational disaster recovery plan, justifying the
reasons for inclusion.................................................................................................................. 24
M5. Discuss the roles of stakeholders in the organization to implement security audit
recommendation........................................................................................................................ 25
D3. Evaluate the suitability of the tools used in an organizational policy.................................. 26
References............................................................................................................................Error! Bookmark not defined.
LO1: Assess risks to IT security
P1. Identify types of security risks to organizations
 Identify securities threats in the organization

Threats have large quantity and forms and mostly use malicious code called malware.
Malware is a application specifically designed to break, corrupt or gain unauthorized
access to the most popular computer systems and delivery methods via email ,suspicious
websites.

Types of malware

Malware Description

Virus The classic malware that most people have know, a virus can Intrusion
itself to other programs and copy itself when files are opened or
transferred from one computer to another.
Worm A program can copy to other computers on the network by exploiting
vulnerabilities in systems.
Troia horse as name is familiar and is often seen in illegal sources (BenSanders,
2017)
Rootkit Software designed to robbery administrator rights (or Root) on the
computer without being detected. Sometime programs can hide their
tracks, making them very difficult to detect. After installation, they can
be used to access remote computers or take information from another
places.
Spyware An application that collects information about a person or organization
they unaware.
Adware often installed with other reputable applications, the adware will insert
unsolicited ads and offensive into the user's browser.
Ransomware one of the most popular malware in recent years, software designed to
exploit a known Windows vulnerability and software traditional and
authoritative antivirus protection. From this point, it starts encrypting
all user files and after done, it locks the victim out of their computer
and required to force users to pay to unlock the computer .
Polymorphic A special malware that changes its own code when copying, making it
malware difficult for anti-malware programs to detect infection.How to reduce
malware infections.

- How to destroy malware infections

 When there is an attack on any business or organization, it will have a very high level
of risk that makes the organization stop working immediately, and below are some
ways to reduce risk for organizations when they are attacked by malware:

 Install antivirus softwares and make sure the software is fully updated and safe.
 Always consider the email files you open or the websites you visit. As a rule of
thumb, you should not open file or click links in emails from people you do not
know or even from people you know, but from friends who don't expect
attachments or links.
 Turn on the Windows firewall.

Security breaches and types of organizational security risks are a very important and
essential issue in today's system security. Although there are many stories about
security leaks and distributed denial of service attacks and repetitive alerts from security
experts that businesses and individuals need to implement.
 Identify other security threats in the organization

The risks outside the organization when being attacked into the data system, we have
some cases on the inside of the organization and when attached to the system, it is
even more dangerous to be attacked by an external virus. Have a few cases:

- Staff dissatisfied:

Employees are the biggest security risk for any organization because they
know where the company's valuable data is stored and they know to access it.

The cause of data breach is from an old employee, who is not promoted or raises
a salary.

If a employee is against you, the result may be disastrous if you are not prepared. The
best ways to prevent an attack are:

+ Be sure to change your password regularly, authenticate information when an

employee leaves or gets fired, just like you took his or her access card.

+ Monitor and manage access information closely and ensure privileged account
log activity and monitor unusual behavior.

- Careless staff:
 o In addition to malicious attacks, careless employees can pose huge network security

risks. Another common problem is that employees open the attached gmail files or surf
malicious websites, which can bring malware into the system.

The solution is to train employees with appropriate security procedures and effective.
Other hand, we must ensure that they absolutely must understand the importance of data
security and remind employees to constantly on the risks of malware and suspicious emails.
For system protection, encrypt the data so it cannot be read even if the system is hacked.
- Outdated software

o A network security vulnerability is very common in all networks that are outdated
software and used too long. The virus is being updated every day and more and more.
Similarly, operating systems need to be updated periodically with security version.
Obsolete and customized software can also contain serious network security issues.

o Your best way now is to ensure that all patches and software are constantly updated,
even for business software.
P2 Describe organisational security procedures.

 What are Security Procedures?

Security procedures are detailed step-by-step instructions on how to implement, enable, or

enforce security controls as enumerated from your organization’s security policies. Security
procedures should cover the multitude of hardware and software components supporting your
business processes as well as any security related business processes themselves.

Why are security processes and purposes necessary in the organization?

The purpose of security procedures is to ensure consistency in the implementation of a security

control or execution of a security relevant business process. They are to be followed each time
the control needs to be implemented or the security relevant business process followed. Here is
an analogy. Following the checklist ensures consistency of behavior each and every time. Even
though they may have executed the checklist hundreds of times, there is risk in relying on
memory to execute the checklist as there could be some distraction that causes them to forget
or overlook a critical step.
 If the hardening procedure is not followed, the system administrator could leave out a step
that results in an unacceptable exposure of the server or data . The best option would be to
automate the hardening procedure through scripts or other automation tools. This will
ensure the consistent execution of the hardening “procedure.”
 What is the relationship between security policy and security procedures?

- Security procedures build upon your organization’s security policies.

Organizational security policy is an important foundation for an organization's security

program. All important principles of all security policies are required to focus on guiding the
implementation of all organizations security policies. Like all security policies, all security
procedures must also be focused on the behavior of the organization. In addition, all security
policies once mentioned who, what and why are required, all security procedures must notify
all individuals in the organization at the same time. In order to help focus on implementing all
security procedures within the organization, all the best standards must be enforced and the
baseline is also required to be clearly defined. In addition, all standards and baselines must
be geared towards technology to implement within an organization, while all policies and
procedures must focus on guiding behaviors.

Your organization’s security policies are the foundation of its security program. An important
principle of security policies is that they focus on guiding behavior. Like security policies,
security procedures also focus on guiding behavior. While security policies address the who,
what, and why, security procedures inform individuals in your organization of the when,
where, and how relating to security. To help focus the security procedures within your
organization, standards and baselines should also be defined. Standards and baselines are
directed at the technology implemented in an organization, whereas policies and procedures
focus on guiding behaviors.
- Security Procedures should contain sufficient detail to be executable.
Security policies outline security needs in a general or high-level fashion. Security procedures,
on the other hand, must provide sufficient detail that an individual who is not familiar with the
process or technology can successfully reach the desired outcome for the procedure. Many
organizations have those one or two superstar tech geniuses who know how to do everything.
Avoid such circumstances by developing security procedures to define the how, where and
when things get accomplished. Beware to avoid developing procedures that rely on expert
knowledge as a foundation to execute the procedure, doing so often results in gaps in the
procedure. A good test for the level of detail for your procedure is to have some of your more
junior staff execute the procedure. If they can do it cleanly, then there is likely sufficient detail
to your procedure. If not, provide additional detail to your procedure. Also, make sure
everyone who may execute the procedure has the proper access/permissions. All of the
organization's security procedures include problems

Without any organization without an organization's own security policies and procedures in
the organization's and post-data systems, one of the most popular organization's security
policies includes:
- Organizational information

The purpose of this information is to declare the organization's privacy policies and all of these
policies belong to the organization's ownership of your organization. Apply policy

The purpose of the application This policy will apply to all information created, received and for
the organization's data including: Use, management and storage, information and data. The
application of this policy covers all areas, such as: Access control, information security incident
management, development and maintenance.
Policy principles

The principle of an organizational security policy is to identify the principles to establish all
security measures to makesure the integrity of the organization security and minimize all
security risks organization, such as: Take all appropriate control measures to protect
information from being disclosed to the outside, delete or copy all information of the
organization.
M1 Propose a method to assess and treat IT security risks.
Establishing a risk management framework

These are the rules governing how you will identify risks; who you assign risk ownership to;
how the risks affect the security, integrity and availability of the information; and the method
of calculating the estimated damage of each scenario and the likelihood of it occurring.

A formal risk assessment methodology needs to address four issues:

 Baseline security criteria

 Risk scale
 Risk appetite
 Methodology: scenario- or asset-based risk assessment
- Identify risks

Identifying the risks that can affect the confidentiality, integrity and availability of information is
the most time-consuming part of the risk assessment process.
- Analyse risks

You should identify the threats and vulnerabilities that apply to each asset. For instance, if the
threat is ‘theft of mobile device’, the vulnerability is ‘a lack of formal policy for mobile devices’.
- Evaluate risks

You need to weigh each risk against your predetermined levels of acceptable risk ,
and determine which risks you need to address and which ones you should ignore.

Select risk treatment, there are four ways you can treat a risk:
o Avoid the risk by eliminating it entirely
o Modify the risk by applying security controls
o Share the risk with a third party
o Retain the risk
D1. Investigate how a ‘trusted network’ may be part of an IT security solution
LO2. Describe IT security solutions
P3. Identify the potential impact to IT security of incorrect configuration of firewall
policies and third- party VPNs.
 Firewall policies:

Non-standard authentication will receive the impact of firewall failure failure. The wrong
remote control results in traffic not reaching your goal, it can be noticed quite quickly when the
process doesn't work
Configuration mistakes:
- It was blocked
- Get wrong limiting, too much or too little network traffic passed the firewall.
- Policy configuration is too large
- It has been moved to the wrong destination
- It cannot be located

Risky rogue services, management services and false sense of security it could generate, making
troubleshooting other part of system more difficult.

Dangerous ports open (Get error possible this could cause some negative conseque by
accident), it’s can a possible good attack vector for individuals with malicious intent (The cyber
threat).

 Problems of misconfiguration VPN:

Understanding how to set up VPNs correctly in an organization will avoid problems that
occur later. Here are some VPN issues and related technical problems:
- VPN client software work on all user devices, such as PCs, laptops, tablets and
smartphones; this makesure your company avoid a VPN security breach.

- VPN protocols makesure work end-to-end through firewalls, routers and switches.

- Should pick VPN devices that are compatible and interoperable with
concentrators, appliances and servers.

- Balance security and protection against ease and convenience of using your chosen
VPN to avoid technical VPN issues.

- They request your security, privacy . They folow your activity, they limit the amount of
data You should use

- They slow down your internet connection

- Using your computer for their activity you don’t know.

P4. Show, using an example for each, how implementing a DMZ, static IP and NAT in
a network can improve Network Security

DMZ which stands for demilitarized zone is strip of land that separated North Korea and
South Korea. A network DMZ is a buffer between the Internet and your internal network. DMZ
is not another fancy word for a firewall, but it does provide a similar kind of protection—just in
a different way. The devices included in the DMZ can be mail server, web server or public data.
It applies to office or corporate networks to makesure that the entire network will not be
affected by any external threats or threats.
Assume that we have the network below that has servers and workstations connected to the
same router.

Any malicious request from the outside that gets through the secure layer of the internal
network will Intrusion the server and system data. Because all the devices connecting to
the same network, the harmful packets can travel throughout all of the devices which
causes services and all offices stop working.

Therefore, we need to put the servers and office computers on the different network segments
which helps to reduce the harms from the outside.

Currently traffic from outside the network will point to the servers in that local network. We
have set firewalls as the intersection of network traffic to filter all unknown or unauthorized
requests that could harm the entire network. When there is public access, many companies
may need to open their servers to the internet to provide the necessary services to the
public but also ensure that other parts of the network are secure and not available.
accessible from external requests. Therefore, the area in the image above contains the Web
server, the mail server is called the demilitarized zone.

There is also a more advanced way to increase network security by using a dual firewall
with DMZ between them.
 The NAT which stands for Network address translation and static IP configuration can
help to improve network security.

NAT is meant to be an abbreviation of network address translation and static IP

configuration to support improved network security.

NAT is a method of converting a public IP address into a private or local IP address. The
purpose of NAT is its re-use feature which helps to avoid the lack of IP address so that every
time the device connects to any network, it only receives a single IP address. Although all
devices in that network have different IP addresses, they only need a public IP address to easily
access the Internet.
When we look at the image above, all local IP addresses will use a unique IP address to exit the
intranet. By using NAT, all packets going through the router will have the IP address converted
into the same IP. If any device on the local network tries to connect to the remote network or
device, it cannot detect the real IP address of that device as the sender because all devices
from the LAN are used. share a public IP address. If someone intends to harm such a dangerous
message, it will be difficult to get where the device package comes from because all they can
see is the public IP provided by the Internet Service Provider. not the private IP address
provided by the DHCP server.

M2. Discuss three benefits to implement network monitoring systems with supporting reasons.
Three benefits of network monitoring:
 Identify security threat

When you don't have budget for intrusion detection software, but still want a tier 1 method to
help protect against data breaches, network monitoring can help secure your business-critical
data.

A network monitoring tool can provide that first level of security. The biggest benefit you get is
a picture of what "normal" performance looks like for your organization, making it easy to spot
anything out of the ordinary—whether that's a spike in traffic levels or an unfamiliar device
that's connected to your network. By drilling in to figure out when and on what device an
event occurred, you're able to take a proactive approach to network security.

 Fix issues faster

In a bad situation, time is money. Network monitoring will makes problem-solving easier and faster for
time-strapped network professionals.

Whether you're dealing with a configuration error or an abnormal traffic fluctuation, network
monitoring software helps you get to the bottom of issues once and for all. Live network maps lead you
to the origin of problems, and status windows give you performance metrics over time.

Also, network automation tools help you go one step further. Not only can you identify problems via
network monitoring, but you can fix them automatically, without having to get a person involved.

 Stay ahead of outages

What causes IT outages? Human error, configuration issues, and environmental factors can all
contribute. Implementing network monitoring is one of the most basic and simple ways to prevent
these outages from happening in the first place.

Network monitoring gives you the visibility you need to stay one step ahead of potential issues. By
showing live network performance data in an easy-to-read interface, network monitoring software
helps you identify outages that could cause bottlenecks.

LO3. Review mechanisms to control organizational IT security

P5. Discuss risk assessment procedures.

Risk Identification Action Steps

1. Inventory the assets.

A. Asset identification 2. Record asset attributes.

3. Determine the asset’s relative value.

1. Inventory the assets.

2. Determine what threats exist against the assets and by which

B. Risk analysis threat agents.

4. Investigate whether vulnerabilities exist that can be exploited.

5. Decide what to do about the risks.

1. Classify threats by category.

C.Threat identification 2. Design attack tree.

1. Determine current weakness in assets.

D.Vulnerability appraisal 2. Use vulnerability scanners on hardware and software

1. Estimate impact of vulnerability on organization.

2. Calculate loss expectancy.

E.Risk assessment 3. Estimate probability the vulnerability will occur.

4. Decide what to do with the risk.

P6. Explain data protection processes and regulations as applicable to an organization.

 Identity and Access Management (IDAM)

The proper IDAM controls will help limit access to personal data for authorized employees. The
two key principles in IDAM, separation of duties and least privilege, help ensure that
employees have access only to information to their job function.
What does this mean in terms of GDPR? Only those who need access to personal information
to perform their job have access to system. In this situation, privacy training should be available
to those individuals to makesure that the intended purpose for collection of personal data will
maintained.

 Data Loss Prevention (DLP)

Used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users.it
classifies regulated, confidential and business critical data and identifies violations of policies
defined by organizations or within a predefined policy pack, typically driven by regulatory
compliance such as HIPAA, PCI-DSS, or GDPR. Once those violations are identified, DLP
enforces remediation with alerts, encryption, and other protective actions to prevent end
users from accidentally or maliciously sharing data that could put the organization at risk.

 Encryption & Pseudonymization

Pseudonymization is a data management and de-identification procedure by which personally

identifiable information fields within a data record are replaced by one or more artificial
identifiers, or pseudonyms. A single pseudonym for each replaced field or collection of replaced
fields makes the data record less identifiable while remaining suitable for data analysis and
data processing

Pseudonymization can be one way to comply with the European Union's new General Data
Protection Regulation demands for secure data storage of personal
information.Pseudonymized data can be restored to its original state with the addition of
information which then allows individuals to be re-identified, while anonymized data can never
be restored to its original state.

 Incident Response Plan (IRP)

A mature IRP should address phases such as preparation, identification, containment, destroy,
recovery and lessons learned. But, what if an incident occurs and it was identified that data may
have been breached?

Well, GDPR has requirements for your organization’s. Breach notification requirements are
among the most special in the legislation. Under GDPR, “In the event of a potential data breach
that involves personal information, an organization must notify the Data Protection Authority
without undue delay, within 72 hours if impossible, after becoming aware of the breach; and
Communicate high-risk breaches to affected data subjects without undue delay” .

 Third-Party Risk Management

If an organization entrusts the processing of personal data to a processor or a breach
occurs, who is the one responsible for this?

 Policy Management

Policy management is the process of creating, communicating, and maintaining policies and
procedures within an organization. An effective policy management system can mitigate risk
in two ways. First, it makes policies more quickly accessible to direct care staff, guiding care
and safety decisions. Second, it can protect an organization from litigation by staying up to
date on accreditation standards and creating an audit trail in the case of legal action. Because
the process of managing policies can be expensive and time consuming, hospital boards
should make the implementation of an efficient policy management system a priority. A
comprehensive and well-managed set of policies can support GRC activities by communicating
boundaries and expectations, establishing a culture of compliance within the organization,
protecting the organization from litigation, and helping achieve the organization’s objectives.

M3. Summarize the ISO 31000 risk management methodology and its application in
IT security

 Apllication ISO 31000 risk management in IT security can

help us: Enhancing the ability to achieve planned objectives;

Raising awareness about the need to identify and handle risks in the
organization; Improve the identification of opportunities and threats;

Help to comply with legal requirements, international regulations and standards;

Creates and protects value

Is an integral part of all organizational and decision-making processes

Is systematic, structured and timely

Is based on the best available information

Takes human and cultural factors into

account Is transparent and inclusive

Is dynamic, iterative and responsible to change

Facilitates continual improvement of the organization

Improve governance;
Establishing a reliable basis for decision making and planning;

Improve management methods more effectively;

Phân bổ và sử dụng hợp lí các nguồn lực để xử lý rủi ro;

Improve the effectiveness of activities and implementation results;

Enhance health, safety, as well as protect the environment;

Improve the learning environment inside the organization;

Improve organizational capacity.

 Implementing the Risk management process

Steps to an effective implementation/integration of the Risk Management process:

- Risk analysis: The organization must analyze each identified risk in the step. Based on
the level of risk identified after risk analysis, the organization may consider whether the
risk should be accepted. If the risk is not acceptable, the organization may perform
preparatory actions to modify the risk to correspond to an acceptable level of risk. The
organization should use a formal technique to examine the consequences and
capabilities of each risk and these techniques may be contemplated, quantified or
combined based on the circumstances and objectives used.
- Risk assessment: This step provides the organization with an opportunity to have a
mechanism to help them rank relative to each risk, so that they can establish
treatment priorities.
- Risk Management: Proper risk management requires rational and wise decisions on how
to handle risks. Typically, such treatments include: avoiding activities that risk
originates, risk sharing, risk management by applying control measures, not taking any
further action, or accept risks and increase risks to pursue opportunities. Organizations
do not always find themselves in trouble because of their excessive and reckless
behavior. Sometimes organizations lag behind their opponents due to reluctance to
take risks and pursue these opportunities.
- Communication and consultation: Appropriate risk management requires structured
and continuous communication with people affected by the organization's activities.
The media must find ways to promote awareness and understanding of risks and
means to meet its requirements, while consultation includes collecting feedback and
information to support decision making. .
- Recording and reporting: Another step of risk management process based on ISO 31000
method is recording and reporting, ie the results of the risk management process will be
 recorded and reported through mechanisms suitable. Recording and reporting
are important.

M4. Discuss possible impacts to organizational security resulting from an IT security audit.
 Possible impacts to organizational security:

The IT security audit process ensures that your cyber defense measures are always
updated as quickly as possible.

And to deal effectively with threats caused by false information and these criminals
manipulate IT systems.

Security audits will save you money by finding the most effective ways to protect your
information system and minimize resource wastage for outdated or inefficient operations.

Security audits can use the criteria necessary to support your location and provide
appropriate utilities. We can help you make the most of your involuntary investment.

D2. Consider how IT security can be aligned with organizational policy, detailing the
security impact of any misalignment.

LO4. Manage organizational security

P7. Design and implement a security policy for an organization.
 Network Security Policy
Identifying Settings Related to Password Policies

Maximum password age determines how many days a password can be used before the user
is required to change it. The value of this between 0 and 999; if it is set to 0, passwords never
expire.

Minimum password age determines how many days a user must keep new passwords
before they can change them.

Minimum password length determines how short passwords can be.

Passwords must meet complexity requirements determines whether password complexity

is enforced. If this setting is enabled, user passwords meet the following requirements:

The password is at least six characters long.

The password contains characters from at least three of the following four categories:
English uppercase characters (A - Z)

English lowercase characters (a - z)

Base 10 digits (0 - 9)

Non-alphanumeric (For example: !, $, #, or %)

When checking against the user's full name, several characters are treated as delimiters that
separate the name into individual tokens: commas, periods, dashes/hyphens, underscores,
spaces, pound-signs and tabs. For each token that is three or more characters long, that
token is searched for in the password; if it is present the password change is rejected. For
example, the name "Erin M. Hagens" would be split into three tokens: "Erin," "M," and
"Hagens." Because the second token is only one character long, it would be ignored.
Therefore, this user could not have a password that included either "erin" or "hagens" as a
substring anywhere in the password. All of these checks are case insensitive.

Deploy the Password Policy:

After setting up your password will be complex and security will be very high (minimum 8
characters).

 Device Security

You will most likely identify these network segments with other security requirements while
designing the security for your network. For example, some servers will need to have access
staff. Some are still publicly accessible. Therefore, in order to implement security for different
departments, you will build belts that can only be overcome by a number of major types of
traffic in the form of Public Networks, Private Networks, and sold networks. The limitations of
such network segments are set by devices such as routers, ports, bridges and switches that
can adjust and control the flow of incoming and outgoing segments. Communication and
monitoring devices are often deployed in the network for many different purposes, must be
properly configured as required and accessed on the basis of privileges and profiles of users of
their available software. updated. In addition, the following measures should be taken in the
context of device security:
The company must sign an NDA for each employee about not disclosing details of the
devices deployed within the perimeter.

Regularly update security patches and updates released by the vendor.

ACLs should be maintained to allow or deny TCP and UDP traffic.

Service must be disabled if they are not used.

 Internet Access

Internet access policies include systems that automatically block all websites identified as
inappropriate and unspecified for corporate users. Moreover, internet access should be based
on the nature of the work of each employee in each company. The Internet builds its own
network topology and connects itself to the various important assets of the company, such as
servers, accounts, etc., so it must be filtered and monitored properly.

 VPN Policy

VPN systems provide a means to protect data while it moves to an unreliable network. VPN is
only for employees who use computer systems owned by the organization. All types of remote
access to the corporate network must go through VPN with the company's standard operating
system, along with certain security systems. Do not allow access to company computers when
coming from home via the internet. To protect the network when VPN is used to access remote
users, security administrators need to ensure that full protection is always performed on
endpoints using L2TP with IPSec. Furthermore, VPN providers must turn on their client's
firewall function to filter traffic.

 Port Communication Policy

Ports that communicate in or out of the workstation for services that do not need to be
blocked in addition to services such as HTTP, HTTPS, etc. since most have noticed that open
ports for some of the services that are opened are not appropriate, this often makes it easier
for hackers to break the system. Such security measures may be applied by the system
administrator as a defensive line. Therefore, a workstation communicates directly with the
internet and only uses authorized services or interfaces in the inbound connection.

 Wireless LAN Policy

To prevent possible abuse of wireless networks, the user must first authenticate the user in
accordance with the WEP replacement and the abnormal monitoring mechanism on the
wireless LAN. Furthermore, 802.11i security measures such as TKIP and CCMP should be used
to encrypt information. At the same time, having a list of the following suspicious events on
wireless LAN is always considered for intrusion detection:
Beacon frame from untrusted access point

non-authentication framework (attack MITM)

Many SSIDs are incorrect on closed networks

Frame with MAC address overlaps with other ip.

Randomly change the MAC address of another device.

 Remote Connection Policy

Data security is becoming a common problem when many organizations establish network
links between their employees to share information and increase high security performance.
Security begins with the last session between the authorized user and the remote server on
the network and the user can perform all of his functions on the remote server. At the same
time, mismanagement of user information can also lead to exploitation. Therefore, direct
access to an organization's important server or system must be strictly limited through remote
login or SSH utility except authorized users. However, encrypted access is still allowed.

 Firewall Rules Policy

When a user connects to an unsecured network, he may open up a large door containing large
unidentified data. One of the best ways to protect against exploits from insecure networks is
to use a firewall, as it is necessary to protect their private networks and computers. Policies to
enforce rules vary according to the type of firewall and resource deployment:

In the case of dedicated server access, the proxy firewall must be located between the
remote user and the dedicated server to hide the identity of the server.

Secondly, if filtering is required based on IP / source and destination IP addresses,

packet filtering firewall locations are quite useful, this also increases the transfer rate.

On the other hand, when speed is not a concern, configuring the status table filter (state
inspection firewall) is an appropriate option to automatically confirm connectivity and
packet forwarding.

Furthermore, NAT should also be used because it complements the use of firewalls in
providing an additional security measure for an organization's intranet, especially preventing
DDOS or other attacks.

 Intrusion Policy

IDS applications should be located in a location that can detect abnormalities and monitor
unauthorized access, because for extreme defensive lines, firewalls or anti-viruses are not
sufficient. The security administrator must constantly check the system log files and must
secure something suspicious. In addition, use Advance Antivirus with IDS / IPS feature, for
inappropriate control, advanced privileges, incorrect group, permission to change,
change registration, and inactive users. Most importantly, IDS software is configured on
top of an operating system, but network blocking IDS is increasingly being deployed as a
hardware application because of its performance.

 Proxy Server Policy

A proxy server is usually located between the server and the user, both for attack and defense
purposes. When deploying a proxy server, the following checklist must ensure:

The logging facility should be enabled for all services

Never allow proxies to accept external access.

Proxy must be run with most updates.

 DMZ Policy

Certain systems or servers, such as e-mail, web servers, databases, etc. . A potential attack
against critical systems can be destructive or even negligible by putting them together with
the firewall.

 Create and manage Account:

The account must be secured with a complex password (password length, password
complexity).

Account holders are only allowed to access information and services when necessary.

Disable accounts that are not in use, delete unused accounts.

Accounts on the system will receive 2 main rights:

- User rights: A type of privilege that the User is allowed by the system to perform special
actions (for example: Right to back up files and folders, change system time, ...).

- Permissions: Controlled by the DACLs of the system, allowed to access files / directories or
Active Directory objects (eg User A has Read / Modify permissions with Directory C: Data,
User B is the complete control for the OU enterprise ...).
P8. List the main components of an organizational disaster recovery plan, justifying the
reasons for inclusion.
- Communication plan and role assignment.

A plan is essential because it puts all employees on the same page and makes sure to
clearly outline all communication. The document should contain all of the employee
contact information and should understand their role in the days following the disaster.
Tasks like setting up workstations, evaluating damage, redirecting phones and other tasks
to help you organize things.

- Planning for your device

It is important that you plan to protect your device when a major storm is coming. You need to
take all the equipment out of the floor, move into a room without a window and make sure it
is covered with plastic to ensure that there is no water in the device. It is obviously best to
completely seal the device to keep it safe from flooding, but sometimes in the case of severe
flooding, this is probably not an option.

- Continuous data system.

When you create a disaster recovery plan, you will want to discover what your business requires to
run. You need to understand exactly what your organization needs to do, financially, related to
supplies and with the media. Whether you are a large consumer business that needs to complete
shipments and contact their customers about those shipments or a small business to a business
organization with many employees to be able to make backup plans , business continuity and have
a full understanding of the needs and logistics around those plans.

- Check backup.

Make sure your backup is still running and include running an additional full local backup on all
servers and data in your disaster preparedness plan. Run them as far as possible and ensure
that they have backed up to a location that will not be affected by any disaster. You should
also be cautious when putting that backup on an external hard drive that you can carry around
without knowing it at any time.

- Inventory of detailed assets.

In your disaster preparedness plan, you should have a detailed repository of components,
servers, printers, scanners, phones, tablets and other technologies that you and your
employees have used. daily use This will give you a quick reference for insurance claims after a
disaster by providing your moderators with a simple list of any inventory you have.
M5. Discuss the roles of stakeholders in the organization to implement security
audit recommendation

The security audit process is an accurate systematic assessment of the security of the
information system by measuring its suitability with an existing set of criteria. Security
audits are often used to determine regulatory compliance, according to laws (such as HIPAA,
Sarbanes-Oxley Act and California Security Infringement Information Act) that have been
designated organizations to address believe.

To accomplish the purpose of collecting information from businesses, support from third
parties is needed to analyze data, market and support customer service or provide better
services to customers. In the process of information security of enterprises, stakeholders will
support the process according to the following table:

STAKEHOLDERS ROLE
Server manager A person always monitors and controls business data closely.

Branches will help support each other in security audits to enhance

Branches enterprise security.

The second party will cooperate with businesses and help security
Business Partners audit businesses, two units will work together to comply with
security policies.
People who interact with businesses through VPN. Is the person
Customers who makes requests, reports incidents to fix the system.

 Server and Branch Manager: Server managers need to follow security measures
such as:

Security measures Task

Application security - Web application firewall solution.
solutions - Solution against counterfeit transactions.
Data security solution - Strict database system security monitoring solution.
- Data encryption solution.
Network security - UTM multi-purpose firewall solution
solutions - Anti-intrusion and anti-denial of service solutions.
- Solution to detect security holes.
- Gateway spam / virus blocking solution.
- Network security and encryption solutions
- Solution to monitor and analyze malicious code.
Security services - Black box: Assume that an attacker does not know the information
about the enterprise system and proceeds to attack the
components of the system.
- Check white box: Hackers are provided with complete system
information such as system diagrams, list of operating
applications and operating systems.
-Verify gray box: hackers are provided accounts as a regular user
and attack the system as an employee of a business.

 Business
Partners: Business
consulting services:

- Overall security consulting: HPT will conduct a survey of the entire system, analyze
in detail the security risks and general security advice as well as the security
investment roadmap appropriate to the system of customers. .

- Security consulting on demand: Depending on the specific needs of customers, HPT will
check and analyze the system of detailed and related components, then advise in detail
solutions / services Security will be deployed to help meet customer security needs.

 Customer:

Customers using the service will include survey and evaluation of the following information:

- System data connection model.

- Basic network equipment (Router, Switch, ...)

- Network security software and devices (Firewalls, attack detection and prevention
systems, VPN systems, etc.)

- System to backup and restore lost data.

D3. Evaluate the suitability of the tools used in an organizational policy

References
https://linfordco.com/blog/security-procedures/ https://www.itgovernance.eu/blog/en/5-

steps-to-an-effective-iso-27001-risk-assessment

https://www.helpsystems.com/resources/articles/top-benefits-network-monitoring
https://en.wikipedia.org/wiki/Pseudonymization

https://digitalguardian.com/blog/what-data-loss-prevention-dlp-definition-data-
loss-prevention

https://www.policymedical.com/what-is-policy-management/

http://www.itgeared.com/articles/1013-how-to-implement-active-directory/