Higher Nationals

Internal verification of assessment decisions – BTEC (RQF)

INTERNAL VERIFICATION – ASSESSMENT DECISIONS

Programme title BTEC Higher National Diploma in Computing

Assessor Internal Verifier

Unit 05: Security

Unit(s)

Providing a suitable security solution for METROPOLIS CAPITAL Bank

Assignment title

Student’s name

List which assessment Pass Merit Distinction

criteria the Assessor has
awarded.

INTERNAL VERIFIER CHECKLIST

Do the assessment criteria awarded match

those shown in the assignment brief?

Y/N

Is the Pass/Merit/Distinction grade awarded

justified by the assessor’s comments on the
Y/N
student work?

Has the work been assessed

accurately? Y/N

Is the feedback to the student:

Give details:

• Constructive?

Y/N
• Linked to relevant assessment Y/N
 criteria?

Y/N
• Identifying opportunities for
Y/N
improved performance?

• Agreeing actions?

Does the assessment decision need

amending? Y/N

Assessor signature Date

Internal Verifier signature Date

Programme Leader signature (if

required) Date
 Confirm action completed
Remedial action taken

Give details:

Internal Verifier
signature
Programme Leader
signature (if required)
 Higher Nationals - Summative Assignment Feedback Form

Student Name/ID

Unit Title Unit 05: Security

Assignment Number Assessor
Date Received 1st
submission
Date Received 2nd
submission
Assessor Feedback:

LO1. Assess risks to IT security

Pass, Merit & Distinction P1 P2 M1 D1

Descripts

LO2. Describe IT security solutions.

Pass, Merit & Distinction P3 P4 M2 D1

Descripts

LO3. Review mechanisms to control organisational IT security.

Pass, Merit & Distinction P5 P6 M3 M4 D2

Descripts

Grade: Assessor Signature: Date:

Resubmission Feedback:

Internal Verifier’s Comments:

Signature & Date:

* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and grades
decisions have been agreed at the assessment board.
Pearson

Higher Nationals in

Computing

Unit 5: Security
 General Guidelines

1. A Cover page or title page – You should always attach a title page to your assignment. Use previous page as your cover
sheet and make sure all the details are accurately filled.
2. Attach this brief as the first section of your assignment.
3. All the assignments should be prepared using a word processing software.
4. All the assignments should be printed on A4 sized papers. Use single side printing.
5. Allow 1” for top, bottom , right margins and 1.25” for the left margin of each page.

Word Processing Rules

1. The font size should be 12 point, and should be in the style of Time New Roman.
2. Use 1.5 line spacing. Left justify all paragraphs.
3. Ensure that all the headings are consistent in terms of the font size and font style.
4. Use footer function in the word processor to insert Your Name, Subject, Assignment No, and Page Number on
each page. This is useful if individual sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to help editing your assignment.

Important Points:

1. It is strictly prohibited to use textboxes to add texts in the assignments, except for the compulsory information. eg:
Figures, tables of comparison etc. Adding text boxes in the body except for the before mentioned compulsory
information will result in rejection of your work.
2. Avoid using page borders in your assignment body.
3. Carefully check the hand in date and the instructions given in the assignment. Late submissions will not be accepted.
4. Ensure that you give yourself enough time to complete the assignment by the due date.
5. Excuses of any nature will not be accepted for failure to hand in the work on time.
6. You must take responsibility for managing your own time effectively.
7. If you are unable to hand in your assignment on time and have valid reasons such as illness, you may apply (in writing)
for an extension.
8. Failure to achieve at least PASS criteria will result in a REFERRAL grade .
9. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will then be asked to
complete an alternative assignment.
10. If you use other people’s work or ideas in your assignment, reference them properly using HARVARD referencing
system to avoid plagiarism. You have to provide both in-text citation and a reference list.
11. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be reduced to A REFERRAL
or at worst you could be expelled from the course
 Student Declaration

I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as my
own without attributing the sources in the correct way. I further understand what it means to copy
another’s work.

1. I know that plagiarism is a punishable offence because it constitutes theft.

2. I understand the plagiarism and copying policy of the Edexcel UK.

3. I know what the consequences will be if I plagiaries or copy another’s work in any of the assignments for this
program.

4. I declare therefore that all work presented by me for every aspects of my program, will be my own, and
where I have made use of another’s work, I will attribute the source in the correct way.

5. I acknowledge that the attachment of this document signed or not, constitutes a binding agreement
between myself and Edexcel UK.

6. I understand that my assignment will not be considered as submitted if this document is not attached to the
attached.

Student’s Signature: Date:

(Provide E-mail ID) (Provide Submission Date)

Assignment Brief

Student Name /ID Number

Unit Number and Title Unit 5- Security

Academic Year 2022/23

Unit Tutor

Assignment Title METROPOLIS CAPITAL Bank

Issue Date

Submission Date

IV Name & Date

Submission Format:

The submission is in the form of an individual written report. This should be written in a concise, formal
business style using single spacing and font size 12. You are required to make use of headings, paragraphs
and subsections as appropriate, and all work must be supported with research and referenced using the
Harvard referencing system. Please also provide an end list of references using the Harvard referencing
system.

Unit Learning Outcomes:

LO1 Assess risks to IT security.

LO2 Describe IT security solutions.

LO3 Review mechanisms to control organizational IT security.

LO4 Manage organizational security.

Assignment Brief and Guidance:

METROPOLIS CAPITAL Bank is one of the leading private banking service providers in Sri
Lanka. It operates over 100 branches and 500 ATM machines across the island as well as 8
Branches overseas. In order to provide their services, METROPOLIS CAPITAL Bank has a
primary datacenter located in Colombo and a Secondary datacenter located in Galle. Each branch
and ATM must have connectivity to the core banking system to be able to operate normally. In
order to establish the connectivity between datacenters, branches and ATM machines, each
location has a single ISP link. This link provides VPN services between branches, ATMs and
datacenters as well as MPLS services for the bank and it establishes connectivity between
datacenters, ATMs, and branches.

METROPOLIS CAPITAL Banks Head Office is a 5 Story Building in Kollupitiya with the
Ground Floor allocated for Customer Services, the First Floor allocated for HR, the Second Floor
allocated for Meeting Rooms and Senior Executive Staff, the Third Floor is allocated for the
Technical Support Team and the Fourth Floor hosts High Performance Servers running core
banking systems. Fifth Floor is for some other outside companies that are not related with the
METROPOLIS CAPITAL Bank. Other than this, METROPOLIS CAPITAL bank provides a lot
of services to customers including online and mobile banking facilities. Therefore, their core
banking system must communicate with several outside systems and all communication between
outside systems, Data centers and the Head Office is protected by a single firewall. In Addition,
METROPOLIS CAPITAL Bank has recently implemented a bring your own device (BYOD)
 concept for Senior Executive Staff and HR Departments and to facilitate this, they are providing
employee WiFi as well as a guest WiFi Hotspot.

The bank has signed agreements, AMCs, contracts and NDAs with several Local and foreign IT
service vendors. Some local vendors provide services and supports to foreign companies.
METROPOLIS CAPITAL Banks Technical Support Team is a local third-party vendor,
contracted by METROPOLIS CAPITAL Bank and managed by their Supply chain management
officer. The Technical Support Team provides onsite and remote support for their customers.

METROPOLIS CAPITAL bank strictly follows the rules and regulations enforced by the
government and the Central Bank. Therefore, they have obtained the ISO 31000:2009
certification. In addition to this, the areas of datacenters, branches, ATM and HQ is covered by
CCTV and 24x7 monitoring is happening. Other security functions like VA scanning, internal
auditing, and security operation done by the bank employees. They have purchased a VA scanning
tool, Privilege access management (PAM) system, Endpoint detection and respond (EDR) system,
Data loss prevention (DLP) tool, Web application firewall (WAF) and Secure mail gateway which
are managed by the Technical Support Team.

It has been reported that an emergency is likely to occur where a work from home situation may
be initiated. Therefore, you have been employed by METROPOLIS CAPITAL Bank as a Network
Security Analyst to recommend and implement a suitable Security solution to facilitate this
situation.

Activity 01

Discuss and assess the security procedures and types of security risks METROPOLIS CAPITAL
Bank may face under its current status and evaluate a range of physical and virtual security
measures that can be employed to ensure the integrity of organizational IT security. You also
need to analyze the benefits of implementing network monitoring systems for METROPOLIS
CAPITAL Bank with valid reasons in order to minimize security risks identified and enhance the
 organizational security.

Activity 02

2.1

Discuss how an incorrect/improper configuration for network infrastructure such as firewall and
VPN could impact METROPOLIS CAPITAL Bank. Assess IT security risks that may face by the
employees of METROPOLIS CAPITAL Bank and propose how the organization can facilitate
their employees with a “Secure remote working environment”.

2.2

Discuss how following technologies would benefit METROPOLIS CAPITAL Bank and its
Clients to increase network performance. (Support your answer with suitable illustrations).

i) Static IP

ii) NAT

iii)DMZ

Activity 03

Review risk assessment procedures for METROPOLIS CAPITAL Bank to protect itself and its
clients. Explain the mandatory data protection laws and procedures which will be applied to
data storage solutions provided by METROPOLIS CAPITAL Bank. Explain the topic "ISO
31000 risk management methodology" and summarize the ISO 31000 risk management
methodology and its application in IT security. Analyze possible impacts to organizational
security resulting from an IT security audit. Recommend how IT security can be aligned with
organizational Policy, detailing the security impact of any misalignment.
Activity 04

4.1

Design and Implement suitable security policy to prevent misuse and exploitations in line
with METROPOLIS CAPITAL Bank using the Organizational policy tools for the given
scenario,

While evaluating and justifying the suitability of the tools used in an organizational policy
to meet business needs. Identify the stakeholders who are subject to the METROPOLIS
CAPITAL Bank and describe the role of these stakeholders to build security audit
recommendations for the organization.

4.2

Discuss and present a disaster recovery plan for METROPOLIS CAPITAL Bank for all
their sites to guarantee maximum reliability to their clients. (Student must develop a
PowerPoint-based presentation which illustrates the recovery plan within 15 minutes of time
including justifications and reasons for decisions and options used).
 Grading Rubric

Grading Criteria Achieved Feedback

LO1 Assess risks to IT security

P1 Discuss types of security risks to organizations.

P2 Assess organizational security procedures.

M1 Analyze the benefits of implementing network monitoring systems

with supporting reasons.

D1 Evaluate a range of physical and virtual security measures that can be

employed to ensure the integrity of organizational IT security.

LO2 Describe IT security solutions

P3 Discuss the potential impact to IT security of incorrect configuration

of firewall policies and third- party VPNs.

P4 Discuss, using an example for each, how implementing a DMZ, static

IP and NAT in a network can improve network security.

M2 Propose a method to assess and treat IT security risks.

LO3 Review mechanisms to control organizational IT

Security

P5 Review risk assessment procedures in an organization.

P6 Explain data protection processes and regulations as applicable to

an organization.

M3 Summarize the ISO 31000 risk management methodology and its

application in IT security.

M4 Analyze possible impacts to organizational security resulting from

an IT security audit.

D2 Recommend how IT security can be aligned with organizational

Policy, detailing the security impact of any misalignment.

LO4 Manage organizational security

P7 Design a suitable security policy for an organization, including the

main components of an organizational disaster recovery plan.

P8 Discuss the roles of stakeholders in the organization in implementing

security audits.

M5 Justify the security plan developed giving reasons for the elements

selected.

D3 Evaluate the suitability of the tools used in an organizational policy

to meet business needs
 Contents
Activity 01.................................................................................................................22

Security risk...................................................................................................................................................22

Types of security risks to organizations........................................................................................................22

Careless employees of an organization....................................................................................................22

Password Theft..........................................................................................................................................22

Phishing Attacks........................................................................................................................................23

How to prevent phishing?..............................................................................................................................24

Data breach...............................................................................................................................................24

Computer virus..........................................................................................................................................24

How to prevent computer virus?...................................................................................................................24

Ransomware..............................................................................................................................................24

How to prevent Ransomware?......................................................................................................................25

Computer worm.........................................................................................................................................25

DDoS (Distributed Denial of Service) Attack...........................................................................................25

Spyware.....................................................................................................................................................25

Botnet........................................................................................................................................................26

Most Common Types of Trojan Horse......................................................................................................26

Drive - by Downloads attacks...................................................................................................................27

Crypto jacking...........................................................................................................................................27

Man, in the Middle attacks........................................................................................................................28

SQL Injection............................................................................................................................................28

Rootkit.......................................................................................................................................................28

Cloud attacks.............................................................................................................................................29

How to prevent cloud attacks?......................................................................................................................29

 Malvertising attacks..................................................................................................................................29

How to prevent malvertising?...................................................................................................................29

Organizational security procedures...............................................................................................................30

Types of organizational security procedures............................................................................................31

Technical requirements and hiring practices.................................................................................................32

Access Control..........................................................................................................................................33

Two-Factor Authentication.......................................................................................................................33

URL Filtering and Block listing................................................................................................................33

SSL Certificate..........................................................................................................................................33

Network monitoring......................................................................................................................................34

Importance of network monitoring to METROPLIS CAPITAL bank.......................................................35

Benefits of network monitoring:................................................................................................................36

Network monitoring offers several benefits to organizations:..................................................................38

What is a physical security?..........................................................................................................................40

Key physical security measures................................................................................................................40

Physical security measures.......................................................................................................................41

Types of physical security measures:........................................................................................................43

Advantages of physical security measures................................................................................................47

Disadvantages of physical security measures...........................................................................................49

Virtual security measures..............................................................................................................................51

Types of virtual security measures:..........................................................................................................52

Advantages of virtual security measures..................................................................................................56

Disadvantages of virtual security measures.............................................................................................58

Activity 02.................................................................................................................59

Configuration.................................................................................................................................................59

Misconfigurations..........................................................................................................................................61
 Why do misconfigurations occur?.............................................................................................................63

What causes security misconfiguration.....................................................................................................64

Impact of security misconfigurations........................................................................................................66

How to prevent security misconfigurations..............................................................................................68

Firewall..........................................................................................................................................................70

Firewalls can be used in a variety of ways:..............................................................................................71

How does a firewall work?.......................................................................................................................71

Different types of firewalls........................................................................................................................73

Key components of firewall.......................................................................................................................74

Activity 03.................................................................................................................76

Review of Risk Assessment Procedures.......................................................................................................76

Threat Landscape......................................................................................................................................76

Mandatory Data Protection Laws and Procedures........................................................................................77

ISO 31000 Risk Management Methodology.................................................................................................77

Impact of IT Security Audit on Organizational Security..............................................................................78

Aligning IT Security with Organizational Policy..........................................................................................78

Recommendations for Facilitating Work from Home...................................................................................79

Activity 04.................................................................................................................80

Design and implement suitable security policy.............................................................................................80

Policy Objectives.......................................................................................................................................80

Aligning with METROPOLIS CAPITAL Bank...........................................................................................81

Enhancements to Security Posture............................................................................................................82

Risk Mitigation and Preparedness............................................................................................................82

Organizational Policy Tools..........................................................................................................................82

Alignment with METROPOLIS CAPITAL Bank........................................................................................84

Enhancements to Security Posture............................................................................................................84

 Stakeholder Involvement...........................................................................................................................85

Stakeholders and their Roles.........................................................................................................................85

Alignment with METROPOLIS CAPITAL Bank........................................................................................87

Building Security Audit Recommendations..................................................................................................87

Enhancements to Security Posture............................................................................................................88

Building Security Audit Recommendations..................................................................................................88

References.................................................................................................................93
Activity 01
Security risk

What is the meaning of security risk?

"Security risk" is the chance or likelihood of an event or incident that could negatively impact the
security of a system, organization, or individual. It involves the possibility that a vulnerability will be
taken advantage of, leading to unwanted access, the loss or theft of private information, disruptions in
service, harm to infrastructure, or any other unfavorable outcomes.

By recognizing security threats and adopting proactive measures to protect their resources and uphold
the confidentiality, integrity, and availability of their systems and data, organizations can avert
possible security breaches and incidents.

(https://study.com, 2023)

Types of security risks to organizations

Careless employees of an organization

The biggest security risk to any organization is its employees, as they are the most familiar with how
businesses run, including where sensitive data is stored and how to access it. In addition to hostile
attacks by negligent personnel, organizations have to deal with a range of cyber security challenges.

In addition to sharing passwords, they utilize easy-to-remember passwords. Staff employees opening
questionable email attachments, clicking questionable links, or going to dubious websites that can let
malware into the system are other common problems.

Password Theft

Password theft poses a major threat to businesses that transact a significant amount of business
online. Websites are the biggest security risk to an organization since they know everything about
them, even where data storage is located.

This suggests that a hacker may obtain your password and utilize it for financial gain for the business
from which he obtained it. Password theft can definitely harm an organization's capacity to conduct
business as normal when it propagates from one corporate computer to another.
Any firm, even those with security measures in place, is susceptible to password theft, but
inexperienced organizations are more at risk. To improve security, passwords should be updated on a
regular basis.

If you don't routinely change your passwords, you expose your company to events that might
interfere with its capacity to operate.

Phishing Attacks

Phishing attacks aim to fool staff members into thinking an email is from a reliable, reputable source.
Users' computers get infected when they open an attachment or click a link in an email. The person
posing as the employee's employer or a business that the employee transacts business with could be
the phisher. For example, a request may be described as anything the employee wants, needs, or
anticipates needing in a correspondence from their bank. Regardless of the disguise, a skillfully
executed phishing attempt looks like a legitimate communication but contains considerable harm.

(NJCCIC, 2023)

When a hacker has access to your credit card information, password, or other personal online
information, phishing assaults take place. An impact from a phishing attack can be felt at the highest
levels of an organization. (https://www.techtarget.com, 2023)
How to prevent phishing?

Training and awareness campaigns are among the most successful preventive interventions.
Employees should receive training and education about various security dangers in general as well as
specific phishing tactics.

Data breach

A data breach is a security issue that exposes private or protected information when data is accessed
from a system without the owner's permission.

Customer information, trade secrets, credit card details, and other delicate, private, or proprietary
information could be included.

Computer virus

A piece of software known as a virus spread across computers or across networks without the user's
awareness and conducts hostile attacks. It is capable of erasing files, formatting hard drives, and
destroying or ruining a company's sensitive data. (https://www.britannica.com, 2023)

How to prevent computer virus?

We can use the advanced virus guard for pc.

Ransomware

According to Cybersecurity Ventures, ransomware damage would have cost $265 billion by 2031.
Their analysis predicts that there will be a new attack every two seconds as ransomware offenders
refine their malware payloads and associated extortion schemes. In this kind of attack, the victim's
computer is usually encrypted and locked, preventing them from accessing it or any files on it. The
victim has to pay a ransom, which is usually made up of virtual money, in order to get back access to
the device. These hazards are distributed in various ways. However, hacked websites, malicious
email attachments, compromised software, and infected external storage are the usual ways that
ransomware propagates.

Phishing attacks aim to fool staff members into thinking an email is from a reliable, reputable source.
Users' computers get infected when they open an attachment or click a link in an email. The person
posing as the employee's employer or a business that the employee transacts business with could be
the phisher. For example, a request may be described as anything the employee wants, needs, or
anticipates needing in a correspondence from their bank. Regardless of the disguise, a skillfully
executed phishing attempt looks like a legitimate communication but contains considerable harm.

How to prevent Ransomware?

 Make sure to update software and backup computer devices.

 Steer clear of links in emails from unidentified sources.
 Avoid opening email attachments
 Do everything possible to avoid paying ransom
 A traditional firewall that prevents unauthorized access to computers or networks should be
paired with
 Limit the data a cybercriminal can access

Computer worm

A computer worm is a type of malicious software or program that replicates itself from one computer
within an organization to another computer within the same organization, thereby spreading over the
network to which it is attached.

It can spread automatically, take advantage of security flaws in software, and attempt to gain access
to steal confidential data, corrupt files, and install a back door that allows remote access to the
system.

DDoS (Distributed Denial of Service) Attack

A host that is connected to the internet may have its services temporarily or permanently suspended in
an effort to deny users access to a computer or network resource. In order to overwhelm systems and
prevent some or all legitimate requests from being fulfilled, denial-of-service attacks (DDoS) often
entail flooding the targeted computer with meaningless requests from multiple sources.
Spyware

Since spyware is installed on users' computers and covertly gathers sensitive data, such as credit card
numbers, login credentials, and personal or company data, it is an unwelcome security risk for
businesses.

These risks keep an ear on sensitive information and monitor online activity while keeping an eye on
login credentials. It could be installed through computerized installations, hidden parts of software
packages, or more common malware techniques like tricking you with emails, instant messages, and
advertisements.

Consequently, any organization or individual should implement the appropriate safety measures to
protect themselves from spyware, such as utilizing a firewall, antivirus software, and only
downloading software from reputable websites.

Botnet

A botnet is a combination of the words "robot" and "network" and refers to a group of infected
personal computers that are managed collectively without the users' awareness. They are routinely
used to launch DDoS attacks, disseminate massive amounts of spam, and steal passwords. Botnets
can act as a force multiplier for parties attempting to interfere with or hack targets' systems due to
their combined computing power

Trojan Horse

Trojan horses are malicious programs or codes developed by hackers to pass as reliable software and
access a company's systems. The network or data may be damaged, blocked, erased, altered, or
undergo other detrimental activities. Any malicious code contained therein may begin to run as soon
as the user clicks on the attached file. In that case, neither the victim nor anybody else involved
suspects or knows that the attachment is actually a Trojan horse.

Most Common Types of Trojan Horse

The following are examples of the most typical sorts of Trojan horses:
Backdoor trojan: A backdoor trojan can give an attacker remote access and control of a device. This
enables the hacker to access your systems and perform any actions they desire, including deleting
files, restarting computers, stealing data, and downloading viruses. Using a backdoor malware, a
network of zombie computers is frequently used to create a botnet.

Banker Trojan: A Trojan banker is designed to target users' bank accounts and financial
information. It aims to steal information on credit and debit cards, e-payments, and online banking.

Distributed Denial of service (DDoS) Trojan: Attacks carried out by this Trojan software involve
overburdening a traffic network. It will bombard a target web site with multiple requests from a
system or collection of machines, resulting in a service denial.

Trojan-Downloader: A compromised PC is the target of a Trojan downloader, which downloads and

installs additional malware. This also contains further trojans or other sorts of malware, such adware.

Exploit Trojan: A computer program called a "exploit trojan" contains code or data that takes
advantage of weaknesses in other programs or applications. By deploying a phishing attack to target
specific people, the cybercriminal takes use of a known vulnerability in the software.

Remote Access Trojan: Similar to a backdoor Trojan, this kind of malware gives an attacker total
control over a user's machine. Through a remote network, the cybercriminal keeps control of the
device, which is then utilized to steal or snoop on the user's information.

Trojan Game thief: This Trojan is made primarily to steal user account information from people
playing online games.

Drive - by Downloads attacks

A drive-by download attack happens when an operating system, application, or browser built into the
device unintentionally or unlawfully downloads malicious code from a website. It's possible that the
user can begin the download without even having to click anything. To initiate a download, simply
visit or browse a webpage. Drive-by downloads can be used by cybercriminals to steal and obtain
personal information, install banking Trojans, and install malware on endpoints, among other things.
Crypto jacking

The act of surreptitiously mining cryptocurrency on another person's computer is known as "crypto
jacking." Cybercriminals usually use coercion to get their victims to click on a malicious email link
that downloads cryptocurrency mining software, or they infect websites or online ads with malware
that launches automatically whenever the target browser loads them. The victims are unaware that the
crypto mining software is still running in the background while they use their computers normally.
When the victim is using the computer, decreased performance might be apparent, but it might go
unnoticed otherwise. The promise of more money for less risk alone will lead to a rise in crypto
jacking in 2019.

Man, in the Middle attacks

When a hacker intervenes in a transaction involving two parties, it is referred to as a "man-in-the-

middle" (MITM) attack. Cisco claims that they have the ability to filter and confiscate data after
tampering with the transmission. MITM attacks frequently occur when a visitor connects to an
unprotected public Wi-Fi network. Attackers must first prevent access to the network and the visitor
in order to utilize malware to install malicious software and access data.

SQL Injection

One of the most popular injection attack methods on the internet is SQL injection, which gives
hackers access to the back-end database so they can add, remove, or modify data.

The application contains a security flaw that allows an attacker to insert their own malicious SQL
commands and access the company database because it doesn't fully sanitize the SQL statements.
Using web page input, the attacker inserts malicious code into SQL queries.

Rootkit

Unbeknownst to the user, a malicious program called a rootkit installs and launches malicious code
on a computer or network system to gain administrator-level access.

Among the many different types of rootkit viruses are boot kits, firmware rootkits, kernel-level
rootkits, and application rootkits.
The virus can infect a computer through the exchange of infected devices or disks. It is often used
with compromised passwords or by stealthily taking advantage of social engineering, phishing, and
other vulnerabilities in the system.

Cloud attacks

In our day-to-day lives, cloud services have become indispensable. However, we must keep in mind
that not all cloud services provide safe authentication and encryption. Misconfiguration can result in a
wide range of issues, such as attacks, network vulnerabilities, and data leaks.

According to IBM, simple issues account for more than half of cloud security breaches. On the other
hand, two thirds of cloud security problems might be avoided by looking over configurations.

How to prevent cloud attacks?

 Educate/Train your employees

 Secure a data backup plan
 Identify who can access your data
 Use penetration testing
 Establish cloud governance policies and procedures

Malvertising attacks

Malvertising is a relatively new and emerging form of cybercrime, also referred to as malicious
advertising. Using this technique, cybercriminals introduce malicious code into digital
advertisements, leading users to bogus websites or infecting their gadgets with malware. It is very
difficult to be identified by internet users and publishers. Customers usually get these from reliable
advertising networks as a result. Any internet advertisement has the potential to infect users.

Even well-known companies from throughout the world have unintentionally included harmful
advertising on their websites.
How to prevent malvertising?

Once again, awareness is crucial. To decrease the danger of infection, certain procedures must be
followed. These consist of:

 Ensure that software and extensions are updated

 Install antivirus software and ad blockers
 Avoid using Java or Flash programs

Publishers, on the other hand, are obligated to safeguard web users against harmful advertising.

The following actions should be taken by them to lower risk:

 Evaluate third-party ad networks responsible for choosing, inspecting, and running ads
 Scan ads that they plan to display
 Avoid using Flash or JavaScript in ads

Organizational security procedures

A security procedure consists of the tasks and actions required to keep an organization secure while
conducting regular business. Security procedures carry out instructions for safety operations within
any company in concert with security policies, regulations, and guidelines.

Security procedures can also be used to install, enable, or enforce the security controls outlined in
your company's policies. Every safety process complies with these security laws, rules, regulations,
guidelines, and procedures. Moreover, a company's security policies serve as the cornerstone of its
security program.
 (SketchBubble, 2023)

In terms of the level of specificity, there are fundamental ideas and elements to understand for
security procedures.

 Security policies
 Standards
 Baselines
 Procedures

Types of organizational security procedures

Organizational security protocols are put in place to safeguard private information and assets within a
company from unauthorized access, disclosure, and corruption.

Depending on their unique requirements and industry regulations, organizations can implement a
variety of security procedures. The following are some typical categories of organizational security
protocols:

Access Control: These procedures make ensuring that only people with the proper access can access
locations, systems, or data. Strong passwords, authentication methods (such biometrics or two-factor
authentication), user access management, and role-based access restrictions are examples of access
control techniques.

Physical Security: Protecting an organization's physical assets and facilities is done through physical
security methods. To do this, security precautions including video monitoring, locks, alarms, visitor
management systems, secure entrance points, and limited access to sensitive areas are used.
Information Classification and Handling: Organizations frequently categorize their information
based on how sensitive or important it is. Security policies should outline the labeling, storing,
transmitting, and safely disposing of various forms of information. This comprises data backup,
encryption, secure file storage, and secure data disposal.

Incident Response: The steps to be done in the case of a security incident or breach are outlined in
incident response procedures. This include identifying and assessing security incidents, minimizing
their effects and threats, and recovering from them. Plans for responding to incidents should cover
communication procedures and collaboration with pertinent stakeholders.

Network Security: Computer networks within an enterprise are shielded against illegal access,
threats, and interruptions by network security protocols. These processes involve setting up firewalls,
segmenting networks, implementing intrusion detection and prevention systems, doing frequent
vulnerability scans of the network, and configuring network devices securely.

Security Awareness and Training: Organizations should have policies in place to inform staff
members of security concerns, recommended practices, and their duties. Employees that participate in
security awareness and training programs learn how to spot possible dangers, steer clear of social
engineering scams, and appreciate the value of adhering to security rules and procedures.

Data Backup and Disaster Recovery: Critical data is frequently backed up and can be restored in
the case of data loss or system failure thanks to procedures for data backup and disaster recovery.
Setting up backup schedules, storing backups offsite, conducting recurring recovery drills, and using
redundant systems are all required for this.

Change Management: A controlled and secure implementation of changes to a company's systems,

applications, or infrastructure is guaranteed by change management methods. This entails evaluating
the impact of changes, securing the necessary approvals, testing changes in a non-production setting,
and keeping an eye out for any negative impacts.

Security Monitoring and Logging: Organizations should have policies in place for keeping an eye
out for security-related events on their systems, networks, and applications. In order to detect and
address possible security issues, this involves putting in place security information and event
management (SIEM) systems, intrusion detection systems, log analysis, and real-time monitoring.

Vendor and Third-Party Management: For a variety of services, organizations frequently use
outside providers. The selection, evaluation, and monitoring of suppliers for compliance with security
standards should all be outlined in security protocols. This involves establishing security obligations
in contracts and carrying out routine security audits or assessments.

(https://essentialdata.com, 2023)

Technical requirements and hiring practices

Verifying that the website complies with the necessary technological standards is the first security
measure that needs to be taken. These include setting up an SSL certificate on the server, choosing a
suitable web host, and turning on automatic updates.

Make sure the website has the required security measures in place and is further secured. Consider
creating passwords that are secure, securing the server, and creating accounts that have been
authorized by the company.

These technical specifications will aid the organization in safeguarding the website, but they won't do
much good if no one is aware of them or complies with them. Therefore, METROPOLIS CAPITAL
bank's hiring practices have to adhere to industry norms.

Access Control

Managing server accessibility is the first step towards implementing effective security in a business.
Using the server's access control system, you can ensure that no one else has access to it by limiting
access to only the individuals you designate. By doing this, the possibility of attacks from outside
sources will decrease.

Two-Factor Authentication

Putting in place two-factor authentication is the last but equally crucial action you can take. Since it
boosts security by requiring more than just a password to access your account, many have adopted
this security measure.

Internet business security is an important component that requires more understanding. Having all the
required technological requirements and safeguards in place is the best way to protect the
METROPOLIS CAPITAL bank.
URL Filtering and Block listing

Putting in place URL filtering and block listing is an essential additional step you can take. Because
of their existence, bad actors can access the server through several different channels, so they will
attempt to create information that will enable them to do just that. An intruder may attempt to
fabricate data to be added to or even eliminated from your server's user list.

SSL Certificate

Getting an SSL certificate is the next crucial step in making sure your website is secure. Owners of
verified websites can use an SSL certificate and a digital signature to safely verify their identity to
anybody.

It is important to remember that these are broad categories of security processes, and the specific ones
that an organization chooses to use will rely on its industry, regulatory requirements, and risk
assessments.

Network monitoring

The process of keeping an eye on a network's infrastructure to ensure its availability, security, and
performance is known as network monitoring. It entails gathering information from network
hardware, including servers, switches, and routers, in order to identify problems, understand network
behavior, and make well-informed decisions about network management.

(ITarian, 2023)
Following are some crucial elements of network monitoring.:

Monitoring Tools: Take use of network monitoring solutions that offer capabilities including real-
time network traffic analysis, device performance monitoring, log analysis, and security event
detection. Nagios, Zabbix, PRTG, and SolarWinds are a few well-liked network monitoring software.

Performance Monitoring: Keep track of network performance indicators like device resource usage,
latency, and packet loss. This enables proactive troubleshooting and optimization by assisting in the
identification of bottlenecks, congestion, and performance deterioration.

Availability Monitoring: Monitor the network's hardware and services for availability and uptime.
This include keeping an eye on system availability generally, service response times, device
reachability, and port status. It assists in quickly locating and fixing network failures or service
disruptions.

Traffic Analysis: To obtain insight into usage trends, spot abnormalities, and spot potential security
issues, analyze network traffic patterns and flows. Packet analysis, flow-based analysis, or specialist
network monitoring tools can all be used to accomplish this.

Event and Log Monitoring: To spot security issues, system failures, and configuration changes,
keep an eye on network events and logs. Various network devices and systems' logs can be collected
and analyzed with the use of centralized log management systems, such as SIEM (Security
Information and Event Management) solutions.

Security Monitoring: Utilize tools and techniques for network security monitoring to identify
security lapses, intrusions, or unusual network behavior

and take appropriate action. In order to do so, it is necessary to keep an eye on firewall logs, use
intrusion detection systems (IDS), and scan network traffic for suspicious behavior.

Alerting and Notifications: Set up alerts and notifications to notify network managers of important
events, problems with performance, or security risks. This facilitates quick reaction and cuts
downtime.

A robust, effective, and secure network architecture depends heavily on network monitoring. It
enables network managers to proactively manage network resources, address problems, enhance
performance, and guarantee the network's overall safety and security.
Importance of network monitoring to METROPLIS CAPITAL bank

The majority of network monitoring software continuously monitors a network. This implies that it
can identify and notify users of performance problems before network staff members do. Reducing
the amount of time that passes between an issue occurring and METROPOLIS CAPITAL bank
learning about it is essential for effectively resolving network performance problems. Any problems
with network performance, particularly those that network teams are unable to identify, will also be
reported to you. A small problem that only slightly impairs performance has the capacity to escalate
into a much bigger problem. For this reason, you need to be aware of any performance problems that
are causing your network to lag.

Network monitoring is of utmost importance to METROPLIS CAPITAL bank for several

reasons:

Security: The bank can identify and stop security lapses and unwanted access attempts thanks to
network monitoring. It offers real-time visibility into network traffic and can spot any unusual or
malicious activity that could jeopardize the infrastructure or critical data of the bank. METROPLIS
CAPITAL can quickly respond to any threats by keeping an eye on the network and putting the
required security measures in place to protect their systems.

Performance Optimization: METROPLIS CAPITAL bank uses network monitoring to guarantee

optimal network performance. They can use it to keep an eye on things like network latency,
bandwidth usage, and general network health. By monitoring these indicators, the bank can find and
fix any performance problems or bottlenecks, guaranteeing efficient operations and positive user
experiences for both staff members and clients.

Troubleshooting: METROPLIS CAPITAL can proactively find and fix network faults thanks to
network monitoring. It offers information about device status, network connectivity, and application
performance. By keeping an eye on the network, the bank's IT staff can rapidly pinpoint the source of
any issues and take the necessary steps to reduce downtime and interruptions.

Compliance and Regulatory Requirements: Various compliance and regulatory obligations, such
as those relating to data protection and privacy, are imposed on banks, including METROPLIS
CAPITAL. By keeping an eye on network traffic for any potential infractions or unauthorized access
attempts, network monitoring helps to assure compliance. It enables the bank to produce audit logs
and keep track of network operations, both of which are important for compliance audits and
investigations.

Capacity Planning: METROPLIS CAPITAL can properly plan for future expansion and scalability
thanks to network monitoring. The bank can spot locations that might need more resources or
capacity increases by examining network traffic patterns and consumption trends. With this proactive
strategy, METROPLIS CAPITAL is able to optimize its network architecture and prevent
performance snags as their company grows.

In conclusion, METROPLIS CAPITAL bank needs network monitoring because it improves security,
maximizes performance, helps with troubleshooting, assures compliance, and enables efficient
capacity planning. The bank can maintain a safe and dependable IT infrastructure by constantly
monitoring their network, giving its staff and customers access to a steady and effective banking
environment.

Benefits of network monitoring:

Maintaining full network visibility

Without complete network visibility, it is challenging to comprehend the network's performance in an

efficient manner. Every piece of network traffic that passes through METROPOLIS CAPITAL bank
needs to be able to be monitored, along with all connected devices and SPIs. Comprehensive
monitoring features that cover every facet of the network are a must for any network monitoring
software. Performance-degrading issues won't arise on the network in this manner.

(www.manageengine.com, 2023)

Discovering security threats

Network monitoring tools are primarily used for performance monitoring, but they can also be used to
identify potential security risks in the system. Certain viruses and malware are made to stay on a
network after they have access to it and do nothing at first, while other types can be found carrying
out small, discreet tasks. Through network monitoring technologies, the METROPOLIS CAPITAL
bank will be informed of any unusual or suspicious network behavior (a clue that a security threat is
exploiting network resources).

Predicting and preventing network downtime

Even with the most extensive network monitoring system, you can never guarantee 100% service
availability, but it can still help prevent unplanned network outages. Finding network activity that
suggests a device or network is about to crash is one of the main purposes of network monitoring
systems. By doing this, the METROPOLIS CAPITAL bank is able to reduce service disruptions and,
to the greatest extent feasible, prevent unplanned outages.

Observing bandwidth utilization

The majority of network managers believe that bandwidth use is one of the most important
performance indicators to take into account. As the METROPOLIS CAPITAL bank while ensuring
that should use much bandwidth as is practical each service is performing at its highest level. A
network monitoring system will notify the network and ensure that the quality-of-service (QoS)
protocols are working properly when bandwidth use approaches critical levels.

Reducing mean time to repair

Network performance issues cost the METROPOLIS CAPITAL bank more than just money; in fact,
the time it takes for network staff to fix an issue could be spent on other, more crucial projects. As a
result, businesses must shorten the period of time between the occurrence and resolution of a
performance issue. Network monitoring tools notify staff members as soon as performance problems
are detected, allowing METROPOLIS CAPITAL bank to start fixing them right away. Many
monitoring packages also come with diagnostic features that let your staff evaluate the problem fast
without needing to dig too deeply.

Testing changes to a network or device

It is necessary to test any changes you make to a device or network to make sure everything works as
it should. Errors in adding or changing a device could render the rest of your network inoperable.
With the help of network monitoring tools, you can test new or updated connections and equipment
to see if they might cause issues before your network is seriously harmed.

Generating network performance reports.

A network monitoring system tracks performance data continuously and shows it graphically on their
dashboard. Not only can monitoring systems provide reports that the METROPOLIS CAPITAL bank
may review, but they can also transform them into other printed file formats. The METROPOLIS
CAPITAL bank may choose for the solution to generate these reports on a weekly, monthly,
quarterly, or other schedule.
Finding performance issues that occur after business hours.

Problems with performance can occur at any time, even when no one is available to fix them.
Because network monitoring software keeps an eye on a network constantly, it can help you find
these issues. If a problem arises after regular business hours, it needs to be reported to the
METROPOLIS CAPITAL bank. But a reliable network monitoring system won't alert users to these
problems right away because staff members may have forgotten about the warnings by the time they
get to work. Ideally, the patch would hold off on raising the alert until a time that is designated by the
network administrator.

Network monitoring offers several benefits to organizations:

Early Issue Detection: Organizations can use network monitoring to find flaws and anomalies in
their network infrastructure before they become serious concerns. It gives IT staff immediate access
to information about network traffic, device condition, and performance indicators, enabling them to
quickly detect and fix problems. Early detection reduces user impact, cuts downtime, and maintains a
stable network environment.

Improved Network Performance: Organizations can improve their network performance by

tracking network measurements and traffic. IT teams can discover bottlenecks and optimize network
resources thanks to the information it provides into bandwidth utilization, latency, packet loss, and
other important data. Organizations can improve network efficiency, deliver faster and more
consistent connectivity, and offer a better user experience by tracking and analyzing performance
data.

Enhanced Security: A crucial part of recognizing and thwarting security threats is network
monitoring. It enables businesses to keep an eye on network traffic for viruses, shady activity, and
illegal access attempts. IT staff may identify and respond to security problems in real-time,
preventing potential breaches or data leaks, by analyzing network data and utilizing security
analytics. Additionally, network monitoring aides in ensuring adherence to rules and standards for
security.

Capacity Planning and Scalability: Organizations are able to prepare for future development and
scalability thanks to network monitoring, which offers insightful information on network usage and
trends. IT organizations can identify peak usage periods, forecast resource needs, and schedule
capacity expansions by tracking network traffic patterns. Organizations can minimize performance
snags, guarantee network availability, and maximize resource distribution with this proactive method.

Troubleshooting and Faster Problem Resolution: Network monitoring speeds up problem solving
by simplifying troubleshooting procedures. IT staff can use it to assess network connectivity, keep
tabs on device condition, and evaluate application performance. When problems occur, network
monitoring offers useful information to locate the underlying cause, conduct efficient
troubleshooting, and apply the proper solutions. This lessens downtime, limits productivity losses,
and boosts the effectiveness of IT operations.

Compliance and Auditing: Network security and data privacy compliance and legal requirements
vary widely by industry. By logging network activities, network monitoring assists companies in
meeting these demands. These logs act as an audit trail, documenting compliance and assisting with
security inquiries. Monitoring the network helps to uphold industry standards, preserve sensitive data,
and ensure data integrity.

Cost Optimization: Organizations may optimize their network resources thanks to network
monitoring, which reduces costs. Organizations can plan for resource allocation and capacity by
identifying underutilized resources, tracking bandwidth usage, and reviewing network performance.
This enhances network infrastructure, cuts down on wasteful spending, and increases the return on IT
investments.

Physical and virtual security measures that can be employed to ensure the integrity of
organizational IT security

What is a physical security?

Physical security is commonly defined as any resource that guards against harm to people or property,
as well as security measures intended to restrict access to only authorized individuals.

Physical security, then, can be simply defined as safeguarding organizational assets from damage
resulting from physical occurrences. These occurrences can include man-made risks like theft and
vandalism as well as natural disasters like fires and floods. Incidents that may be covered by a
physical security plan also include accidents and accidental damage.
What then are the contents of physical security plans and systems? Physical security measures include
things like gates, locks, security cameras, and security personnel on the outside. Even though these
are great tactics, when developing a physical security plan, you should consider deeper layers.

An effective plan should include equipment and technology, and can work alongside these
areas:

Training: Ensure your staff has the proper knowledge in implementing your physical security
strategy.

Site design and layout: Equipment and physical security components should be strategically placed
to complement the design and layout of your facility.

Emergency response readiness: Staff in your facility should be trained on what to do during certain
situations and emergencies.

Access control: Understand how you will assign access to your staff and limit access for restricted
spaces.

Environmental components: Create safety measures to mitigate damage from intentional or

unforeseen natural disasters that may happen.

Key physical security measures

You can use a variety of innovations, such as encrypted access cards, security cameras, mobile
credentials, and temperature sensors, to prevent various physical security threats in any kind of
facility. However, before utilizing any of these systems, it's critical to comprehend the various
components that can enhance your overall strategy.

Your physical security plan must have all your security measures working in tandem with one
another. This means that to make sure you're safe from all sides, you need to employ a variety of
physical security measures in a layered manner.

So, what is good practice for physical security? Here are the most common elements in an effective
physical security plan:

Deterrence: The goal of this kind of physical security technology is to keep animals, cars, and
unauthorized individuals out of a specific area. A variety of devices, including access control
systems, security cameras, and signage, can be used for deterrence. Physical barriers like walls, locks,
and doors are also included. It basically refers to any equipment or security systems that can aid in
discouraging trespassers from entering sensitive areas.

Detection: A deterrent's effectiveness is limited. Having tools that can detect possible intruders and
notify the appropriate authorities is essential for complete facility security. Alarms, automated
notifications, and sensors are some technological tools that can be used for physical security
detection.

Delay: Several physical security controls are created to slow intruders down when breaking into a
facility. Simple security measures such as additional

doors, locks and security guards can help delay incidents. More advanced physical security
technology, such as key cards and mobile credentials, can make it more difficult for unauthorized
users trying to enter a building. With this technology in place, it’s easy to mitigate a breach before too
much damage is caused.

Response: Once a breach or intrusion happens, you must also have a response strategy in place, such
as building lockdowns or automatically notifying emergency services.

Successful and effective plans should include these technologies to ensure that a facility can prevent
physical threats and take necessary action if a security breach occurs.

Physical security measures

The actions done to safeguard the physical security of IT assets, including buildings, machinery,
people, resources, and other assets, against harm and illegal access are referred to as physical
security. To safeguard these assets against natural disasters, theft, vandalism, and fire, physical
security measures are put in place.

Structures with a high concentration of assets—especially those housing essential technology for
business operations—generally place a high priority on physical security. Physical security is crucial
for IT resources because the hardware and supporting infrastructure need to be kept free of anything
that could impair their proper functioning. This covers unanticipated incidents like accidents and
natural disasters as well as interference from unauthorized employees.
Physical security measures are crucial for protecting people, buildings, and other physical
assets against physical threats such as theft, damage, and unlawful access. Here are a few
typical physical security measures used by businesses.:

Perimeter Security: First line of defense is to set up a safe perimeter around the property. Physical
obstacles like fences, walls, gates, bollards, or barricades can be used to limit access and prevent
unwanted entry.

Access Control Systems: Access control systems limit access to those who are permitted. This can
involve PIN codes, combination locks, fingerprint, iris, or other biometric scanners, key cards,
proximity cards, or combination locks.

Systems for access control might be installed at a facility's entrances, doors, parking lots, or other
sensitive areas.

Video Surveillance: Cameras placed strategically around the space are used by video surveillance
systems to record and monitor activity. In the event of a security incident, CCTV cameras can serve
as a deterrent and a source of proof. Advanced systems might have capabilities for remote
monitoring, facial recognition, and motion detection.

Security Guards: Employing qualified security staff can give possible dangers a physical presence.
Security officers can patrol the area, respond to problems, patrol access points, and enforce security
rules. Additionally, they can help in an emergency and respond quickly to security breaches.

Intrusion Detection Systems: Sensors, sirens, and other detecting techniques are used by intrusion
detection systems (IDS) to locate and notify staff of unlawful entry or security breaches. This may
include sensors on walls, doors, or windows that, if tampered with, sound an alarm or send a
notification.

Security Lighting: Areas with enough lighting can help with monitoring and deter crime. Ample
illumination helps reduce blind spots and increase visibility for security staff and cameras around
entrances, parking lots, walkways, and other critical locations.

Secure Storage and Locking Mechanisms: Valuable items, delicate data, or confidential
information can be protected in secure storage spaces with locks, safes, cabinets, or cages. These
precautions aid in guarding against theft and illegal access to valuable resources.
Emergency Preparedness: In the event of calamities or natural disasters, it is essential to put
emergency response plans into action, including evacuation protocols, fire safety systems, and
designated assembly points.

Employee Training and Awareness: It is crucial to provide personnel with training on security
processes, access control policies, reporting suspicious activity, and emergency response. Every
employee in the firm should be alert and aware of their responsibility in preserving physical security,
which can be achieved by fostering a culture of security awareness.

Regular Security Audits and Assessments: Regular security audits and assessments help find
weaknesses, gauge how well current security measures are working, and make the required
corrections. This include assessing risks, examining physical security procedures, and fixing any
flaws that are found.

Types of physical security measures:

Locking the server room’s door

Before you turn off the servers or even before you turn them on for the first time, make sure the locks
on the server room doors are operational. The best lock in the world won't help you if you don't use it,
which is why laws mandating that these types of doors be closed whenever a room is unoccupied are
necessary. Who has the key or keycode to gain access should be specified in the policies.

Serving as the central nervous system of your physical network, the server room houses servers,
switches, routers, cables, and other hardware that can be physically accessed by anyone and
potentially dangerous.

Establish surveillance

Although locking the door to the server room is a good place to start, someone could still break in or
abuse their access privileges. To monitor who comes in and goes out at what times, you need a
system. The easiest way to do this is to sign in and out using a log book, but this has a few
disadvantages. A nasty person would most likely just avoid it.

To enter, one must present identification and use a smart card, token, or biometric scan to unlock the
doors. The log book is not a suitable replacement for an authentication system that is integrated into
the locking mechanisms.

A video should be added to the logbook or electronic access system.

Ensure that the devices that are most susceptible are in the secured room.

Considering this, you shouldn't be focused solely on the servers. A hacker can use sniffer software to
record network traffic by connecting a laptop to a hub. Most of your network hardware ought to be in
that locked room, or if they must be elsewhere, in a locked closet someplace else in the building.

Utilization of rack-mount servers.

Rack mount servers take up less room in the server room and are also easier to secure. Despite being
smaller and possibly lighter than (some) tower systems, they can nevertheless be swiftly mounted
into closed racks that can subsequently be fastened to the floor after being filled with several servers,
making the entire setup nearly impossible to move, let alone steal.

(www.getkisi.com, 2023)

Remember the workstations

Any unsecured device linked to the network could be used by hackers to gain access to or erase
important information about your company. Particularly vulnerable places include empty
workstations in vacant offices, empty desks (like those occupied by absentee or departing employees
who haven't been replaced), or places where guests can easily enter the building, like the
receptionist's front desk.

When a worker is absent for even a short period of time—say, for lunch—they should lock their
offices and turn off or remove any computers that aren't in use. Install smart card or biometric readers
on computers that must stay in public areas, usually hidden from employees' view, to make it more
difficult for unauthorized users to log in.

Prevent case opening by trespassers

Servers and workstations should both be guarded against burglars who can open the casing and grab
the hard disk. Much easier to smuggle out of a building than a full skyscraper is a hard disk in your
pocket. To prevent case opening without a key, case locks are frequently incorporated with
computers.

Locking kits, such as the one from Innovative Security Products, can be found everywhere for
incredibly low costs.

Guard the portables.

With regard to physical security, laptops and other portable computers present unique challenges. A
thief can easily access any data on the computer's HDD as well as any saved network login
information. If employees use laptops at their workstations, they should either take them with them
when they leave or secure them using a cable lock, like the one provided by PC Guardian, to a
permanent fixture.

Handhelds can easily be tucked into a pocket and taken with you as you leave the area. Even a drawer
or safe can be used to store them. Motion-sensing alarms are another choice for alerting you if your
portable is moved. The one from SecurityKit.com is one illustration.

Biometric scanners, full disk encryption, and "phones home" software

Pack up the backups

Disaster recovery requires backing up critical data, but it's crucial to remember that the data on those
tapes, CDs, or discs could be stolen and used against the company. The backups are typically kept
near the server in the server room by IT specialists. At the very least, a safe or drawer should be used
to store them. Maintaining a set of backups off-site is best practice, but security precautions must be
taken to guarantee their safety.

Remember that some workers might keep backup copies of their work on floppy disks, USB keys, or
external hard drives. Have policies specifying that if this behavior occurs, the backups must always
be locked up.

Disable the drives

Floppy drives, USB ports, and other external device connections can be disabled or removed if you
don't want staff members sending company data to removable media. Technically proficient
employees might not be discouraged by simply cutting the wires. Even though software mechanisms
forbid it, some organizations will even go so far as to permanently restrict port usage by covering
them with glue or other materials. On PCs that still use floppy drives, disk locks, such as the one from
SecurityKit.com, can be installed to prevent other diskettes from being read.

Keep the printers safe

Printers aren't usually thought of as security risks, but a lot of modern printers have on-board memory
where they store document data. A hacker may be able to duplicate recently printed documents if
they manage to take the printer and get access to its memory. Printers should be kept in secure
locations, just like servers and workstations containing confidential information are locked down.

Physical security measures encompass various types of safeguards designed to protect people,
assets, and facilities from physical threats. Here are some common types of physical security
measures:

Perimeter Security: In order to restrict access and prevent unlawful entry, perimeter security systems
create a perimeter around a building or piece of property. Fences, walls, gates, bollards, obstacles,
and vehicle barriers are a few examples.

Access Control Systems: Systems for controlling access to secure places regulate and keep an eye on
admission. They include devices like key cards, proximity cards, PIN codes, facial recognition
systems, and biometric scanners (fingerprint, iris, or iris recognition). Access control systems may be
installed at building entrances, doors, elevators, parking lots, or certain locations.

Surveillance Systems: Cameras and other sensors are used in surveillance systems to see and
document activity inside and outside a building. For monitoring, recording, and playback, closed-
circuit television (CCTV) cameras are frequently used in conjunction with video management
systems (VMS) and digital video recorders (DVR). Advanced systems might have capabilities for
remote monitoring, facial recognition, and motion detection.

Security Guards: A physical presence and ability to respond to security incidents are provided by
trained security personnel. They can patrol the area, keep an eye on access points, enforce security
rules, and help in an emergency. Security officers deter potential intrusions and can react rapidly to
threats.

Intrusion Detection Systems: Sensors and alarms are used by intrusion detection systems (IDS) to
spot and notify staff of unlawful entry or security breaches. These systems may have earthquake
sensors, glass break sensors, door/window sensors, or motion sensors. Alarms can be noisy or silent,
and they can send notifications to central monitoring stations or security personnel.

Security Lighting: It is essential to have good illumination to deter criminal activity and improve
surveillance. Areas with good lighting eliminate hiding places and enhance visibility for security
guards and monitoring equipment. Around entrances, parking lots, sidewalks, and other sensitive
locations, lighting can be added.

Locking Mechanisms and Secure Storage: Protecting priceless items, delicate information, or
confidential data sometimes involves the use of locking mechanisms like locks, safes, cabinets, or
access-controlled storage places. These security methods guard vital resources from unwanted access.

Emergency Preparedness: Fire safety systems, evacuation plans, designated assembly areas, and
emergency communication networks are examples of emergency preparedness procedures. They
guarantee that staff members can react correctly to crises or natural disasters.

Security Signage and Markings: Staff members and visitors can be directed by clear signage,
warnings, and markings that identify restricted areas, emergency exits, or safety considerations.
These aid in enforcing security regulations and raising security awareness in general.

Physical Barriers and Reinforcements: To defend against particular threats, extra physical barriers
and reinforcements can be put in place. Examples include blast-resistant materials, security doors,
reinforced glass, security film, and anti-ram barriers.

Advantages of physical security measures

For physical security, there are many options with various benefits. The perimeter security system is
composed of electric fences, mantraps, turnstiles, and fences. locks that are difficult to duplicate keys
for. For an employee's identity to be verified, they need to wear a badge. Place the surveillance
equipment in places where it won't be accessible to intruders or susceptible to manipulation. Verify
the security of any fragile or portable electronics. Store the backups in a secure location that is
difficult to access. Use the proper control strategy in the event of an electrical malfunction, explosion,
or fire to potentially save some of the METROPOLIS CAPITAL bank's essential items.

Physical security measures offer several advantages for organizations:

Deterrence: Potential thieves and intruders are discouraged by the presence of obvious physical
security measures, such as fences, security personnel, or

video cameras. It can deter unwanted access or illegal activity since it makes it evident that security is
handled seriously.
Prevention of Unauthorized Access: Unauthorized people cannot access restricted locations because
to physical security measures like access control systems, locks, and obstacles. Organizations can
safeguard sensitive information, assets, and facilities from illegal access, theft, or manipulation by
implementing access controls.

Protection of Assets: Physical security methods protect priceless resources against theft, loss,
damage, and inventory theft. Asset protection measures including secure storage, locking
mechanisms, and surveillance systems can also help find and recover lost or stolen objects.

Safety of Personnel: Physical security measures help to ensure the safety and wellbeing of a facility's
tenants, visitors, and staff. Security officers can make people feel comfortable, deal with crises, and
make sure everyone adheres to safety rules. People are protected during emergencies by emergency
preparedness measures including evacuation plans and fire safety systems.

Detection and Response to Security Incidents: Alarm systems, surveillance cameras, and intrusion
detection systems all aid in the real-time identification of security events. This enables security staff,
law enforcement, or emergency services to react quickly. Threats or security breaches can be lessened
in impact with early discovery and action.

Evidence Collection and Investigation: In the event of security events, accidents, or legal issues,
physical security measures like surveillance systems can offer crucial evidence. In order to
investigate occurrences, identify offenders, or give evidence for legal procedures, video footage,
access records, or sensor data may be employed.

Compliance with Regulations: Organizations can comply with industry standards for security and
safety and compliance needs by using physical security measures. Organizations can show their
dedication to safeguarding sensitive information, client data, and keeping a secure environment by
putting in place the proper physical security measures.

Business Continuity: Physical security measures reduce interruptions and downtime, which
promotes company continuity. Organizations can continue to function even in the event of security
crises or emergencies by protecting key infrastructure, facilities, and assets.

Insurance Benefits: Strong physical security measures can have a positive effect on insurance
coverage and costs. Organizations that demonstrate good physical security measures may receive
cheaper rates or better coverage alternatives from insurance providers, lowering the financial risks
connected with security incidents.
Peace of Mind: Employees, clients, and stakeholders are all given piece of mind by physical security
measures. Trust and confidence in the organization's dedication to safety and protection are fostered
by knowing that adequate security measures are in place.

Disadvantages of physical security measures.

There are a few gaps, though. Some of the approaches could injure or damage animals and intruders.
An intruder could even leap to accomplish the intrusion. Both access control (AC) and authentication
might jeopardize validity. Hackers may be able to obtain keys or smart cards, which will facilitate
their entry into your computer and enable them to retrieve the lost USB. Today's extremely
sophisticated security installations and systems are left up to the users to figure out on their own.

Staying up to speed with security technology is difficult because new updates and development plans
are implemented every year. The issue is that despite the abundance of facilities, employees hardly
ever know how to use them. For instance, the firm is equipped with fire extinguishers.

Physical security measures have many benefits, but there are also some possible drawbacks that
organizations should consider:

Cost: It can be expensive to implement and maintain physical security measures. The initial
installation of systems like access control, security cameras, and alarm systems, as well as continuous
maintenance, upgrades, and labor expenditures, are all included in the costs. Organizations with tight
resources may struggle to cover the cost of physical security measures.

False Sense of Security: Physical security measures alone may give one a false sense of security. It's
common for businesses to believe that their physical defenses, locks, or surveillance measures are
adequate to fend off all dangers. Physical security measures are simply one part of an all-
encompassing security strategy, it's crucial to keep in mind. Additionally crucial are elements like
personnel training, cybersecurity, and procedural controls.

Vulnerability to Physical Attacks: Physical security measures may be there yet determined
intruders or criminals may find ways to get around or get beyond them. Physical security systems
may be compromised by sophisticated methods, technologies, or social engineering strategies. In
order to meet changing threats, organizations must routinely evaluate the efficiency of their physical
security measures and adapt them as necessary.

Privacy Concerns: Employees, tourists, or people in public places may be concerned about their
privacy when using some physical security measures like surveillance cameras or access control
systems. It's critical to strike the correct balance between security and privacy. To ensure compliance
with relevant privacy laws, organizations should develop explicit policies addressing the collection,
storage, and use of personal data collected by physical security systems.

Maintenance and Upkeep: Physical security measures need to be maintained and kept up to date on
a regular basis to ensure their efficacy. Barriers or locks may need to be repaired, access control
systems may need to be updated, and surveillance cameras may need to be calibrated. These systems'
dependability and the intended security benefits can be harmed by inadequate maintenance.

Human Error and Insider Threats: Human error or insider threats are possible with regard to
physical security measures. An employee might unintentionally violate security protocols, open a
locked door, or jeopardize access credentials. Through employee training, awareness campaigns, and

strict access control measures, organizations must address the human element in their physical
security systems.

Integration and Complexity: Integrating many technologies and systems is frequently necessary
when putting in place a thorough physical security system. It may take careful planning, coordination,
and compatibility across several components to complete this integration, which can be challenging.
Organizations may encounter difficulties addressing interoperability concerns or integrating physical
security technologies with current infrastructure.

Limited Flexibility: Physical security measures may limit the comfort and flexibility of authorized
workers. Strict access restrictions, complicated authentication processes, or time-consuming security
measures may obstruct normal business operations, annoying staff members or visitors.

Environmental Limitations: Environmental considerations may have an impact on some physical

security measures. For instance, bad weather might affect the efficiency of security cameras or access
control systems. Specialized equipment or maintenance concerns may be necessary in extreme
temperatures or severe situations.

Psychological Impact: Employees, clients, or visitors may occasionally feel uneasy or uncomfortable
in the presence of conspicuous physical security measures like barricades, guards, or surveillance
cameras. Striking a balance between maintaining a welcome and upbeat mood and offering a secure
environment is crucial.

Virtual security measures

Software-based security solutions intended to function in a virtualized IT environment are referred to

as virtualized security, or security virtualization. On the other hand, traditional hardware-based
network security makes use of fixed hardware components like routers, switches, and firewalls.

Hardware-based security is inflexible, but virtualized security is flexible and dynamic. It is generally
device- and cloud-independent, allowing for network installation anywhere. The flexibility of
security services and operations is critical for virtualized networks, where operators launch workloads
and applications as needed.

Virtual security measures refer to the steps and technologies implemented to protect virtual
environments, such as computer systems, networks, and data, from unauthorized access,
breaches, and other cyber threats. Here are some common virtual security measures:

Firewalls: Firewalls act as a barrier between internal and external networks by filtering incoming and
outgoing network traffic according to pre-established security rules. They assist in blocking
unauthorized access and protecting against network-based threats.

Antivirus and Antimalware Software: Software like antivirus and antimalware is made to find,
stop, and get rid of harmful programs like Trojans, worms, and spyware. To provide security against
the most recent dangers, these programs must be regularly updated.

Intrusion Detection and Prevention Systems (IDS/IPS): IDS/IPS programs keep an eye on
network traffic for unusual activity or well-known attack patterns. They can identify possible dangers
and notify administrators of them, or they can automate the blocking of malicious activity.

Virtual Private Networks (VPNs): Secure remote access to networks is made possible via VPNs
over the internet. Between the user's device and the network, they encrypt network traffic to protect
the confidentiality and integrity of data exchanges.
Access Controls: To protect virtual environments, it is crucial to implement robust access controls.
Enforcing distinct user accounts, secure passwords, and multi-factor authentication are some
examples of this (MFA). By limiting user privileges in accordance with work requirements, role-
based access controls (RBAC) can reduce the danger of illegal access.

Data Encryption: Data is changed by encryption into an unintelligible format that can only be
unlocked with the right encryption key. Sensitive data is protected by encryption both in transit and at
rest (stored data) (data being transmitted between systems or networks).

Regular Patching and Updates: It's crucial to keep software, operating systems, and applications
updated with the most recent security patches. Bug fixes and vulnerability patches that address well-
known security flaws are frequently included in these releases.

Security Audits and Penetration Testing: Penetration testing and regular security audits can help
find holes and vulnerabilities in virtual environments. To identify areas that need improvement, they
entail assessing security precautions, simulating attacks, and analyzing the system's response.

Backup and Disaster Recovery: Regular data backups and a reliable disaster recovery plan are
essential. Backups and recovery procedures help reduce downtime and data loss in the case of a
security incident or system failure.

User Education and Awareness: It is crucial to encourage user education and understanding of best
security measures. Overall virtual security is strengthened by teaching employees how to spot
phishing emails, create secure passwords, and stay away from dubious websites or downloads.

It's crucial to remember that virtual security measures should be put into place using a tiered strategy,
combining several defenses to offer complete protection against developing cyber threats.

Types of virtual security measures:

Implement named users and least privilege

Use only non-root user accounts to connect to ESXi hosts for routine tasks. In vCenter Server, create
a named administrator user and grant administrator privileges to particular users so you can monitor
who used which host, when, and so on, and hold them responsible for any alterations they make to
your environment.
Secure every component of the infrastructure.

All parts of the infrastructure, including the physical parts (hosts, switches, routers, and physical
storage), the virtual parts, the operating systems used by guests, and any cloud environments you use,
must be adequately safeguarded. More specific.

The installed firmware on hosts, as well as the virtualized infrastructure, should be updated with the
most recent security patches (VMware vSphere or Microsoft Hyper-V). It's also critical to have the
most recent versions of the VMware tools updated on your virtual machines.

All active network components, such as switches, routers, load balancers, and other devices used to
distribute workloads, should have the most recent firmware loaded.

Every operating system should receive a complete fix via automated updates. The application of
patches should be scheduled for after-hours and should include automatic reboots.

Install antivirus and antimalware software designed for virtualized environments.

Based on their focal areas, virtual security measures can be divided into several different types. The
following list of popular virtual security measures:

Network Security:

 Firewalls
 Intrusion Detection and Prevention Systems (IDS/IPS)
 Virtual Private Networks (VPNs)
 Network segmentation
 Network monitoring and traffic analysis tools

Endpoint Security:

 Antivirus and antimalware software

 Host-based intrusion detection and prevention systems
 Data loss prevention (DLP) tools
 Device and application control
 Patch management
Application Security:

 Secure coding practices

 Web application firewalls (WAF)
 Secure software development lifecycle (SDLC) processes
 Code analysis tools
 Authentication and access controls within applications

Data Security:

 Data encryption (at rest and in transit)

 Data loss prevention (DLP) solutions
 Database access controls
 Data backup and recovery
 Data classification and access policies

Identity and Access Management (IAM):

 User authentication (e.g., passwords, biometrics, tokens)

 Multi-factor authentication (MFA)
 Role-based access control (RBAC)
 Privileged access management (PAM)
 Identity federation and Single Sign-On (SSO) solutions

Cloud Security:

 Cloud-specific firewalls and security groups

 Encryption of data in the cloud
 Identity and access management for cloud services
 Cloud workload protection platforms (CWPP)
 Cloud access security brokers (CASB)

Incident Response and Forensics:

 Incident response plans and processes

 Security information and event management (SIEM) solutions
 Log analysis and monitoring
 Digital forensics tools
  Incident investigation and reporting procedures

Security Awareness and Training:

 User security awareness programs

 Phishing awareness and simulation training
 Security policies and procedures communication
 Social engineering awareness
 Ongoing security education for employees

Possess a reliable backup and disaster recovery (DR) strategy

Having a solid backup and disaster recovery plan is essential for ensuring company continuity,
regardless of whether you encounter a cyberattack or a storm takes down your production datacenter.
The likelihood of a prolonged outage can be decreased with the use of a DR site in the cloud or at a
remote datacenter. Two essential recommendations to keep in mind while you create your DR plan
are as follows:

Backup physical servers and virtual machines: Although ESXi itself cannot be backed up, its settings
can be utilizing the Power CLI scripting tool and the VMware command line. Nowadays, the same
tools may be used to back up both physical computers running Windows or Linux and virtual
machines running any OS.

Use the fallback: Make at least three copies of your data, keep them up to date, and store two of them
as backups one of which should be offshore. This is known as the 3-2-1 rule.

Consider replication: For further DR protection, you can replicate your production VMs to a different
datacenter, where you can failover quickly if necessary.
Advantages of virtual security measures

Virtualized security not only meets the complicated security needs of a virtualized network better
than traditional physical protection but is also more flexible and effective. Here are a few of its
unique benefits:

Virtual security measures have many benefits for protecting networks, computer systems, and
data from online attackers. Here are several major benefits:

Protection against Unauthorized Access: Virtual security measures assist in limiting unauthorized
access to confidential data and resources. Virtual security measures make sure that only authorized
people may access and manipulate data and systems by establishing robust authentication processes,
access controls, and encryption.

Data Confidentiality and Integrity: The confidentiality and integrity of data are guaranteed by
virtual security mechanisms like as encryption, secure data transmission, and access controls. Secure
transmission techniques stop data interception or tampering while in route, while encryption shields
data from unauthorized access or change.

Mitigation of Cyber Threats: A wide range of cyber dangers, including malware, viruses, phishing
scams, and network-based intrusions, are protected from by virtual security measures. The risk of
data breaches and system compromises is decreased thanks to the assistance of security solutions
such as antivirus software, firewalls, intrusion detection systems, and other.

Regulatory Compliance: Regarding data protection and security, several sectors have their own
legislation and compliance standards. Organizations can achieve these compliance requirements and
adhere to industry-specific rules and standards by using virtual security solutions.

Business Continuity: Maintaining business continuity requires the use of virtual security measures.
In the case of a security issue or system failure, regular backups, disaster recovery plans, and incident
response procedures assist reduce downtime and data loss. This guarantees that crucial business
processes may be swiftly and effectively resumed.

Enhanced Productivity and Efficiency: By saving time and effort on handling security incidents
and fixing system flaws, efficient virtual security solutions can increase productivity. With strong
protection in place, workers can concentrate on their work without interruptions from online risks.

Protection of Reputation and Customer Trust: A security lapse can seriously harm a company's
reputation and lose customer confidence. Virtual security measures show a commitment to securing
sensitive information and assist prevent data breaches. Organizations may improve their reputation
and develop trust with consumers and partners by putting robust security measures in place.

Cost Savings: Although putting virtual security measures in place costs money up front, they can
save money over time. Organizations can avoid expensive legal fights, fines from the government,
and reputational harm by preventing security incidents and data breaches. Strong security measures
also lessen the need for costly incident response and recovery activities.

Cost-effectiveness: A business can maintain a secure network without incurring major additional
costs for pricy proprietary hardware thanks to virtualized security. For companies that properly
manage their resources, usage-based pricing for cloud-based virtualized security services can result in
significant savings.

Flexibility: The ability of security operations to follow workloads wherever they go is critical in a
virtualized environment. It offers security in multiple cloud environments, hybrid clouds, and data
centers, enabling a company to take full advantage of virtualization without compromising data
security.

Operational effectiveness: Virtualized security can be implemented more quickly and easily than
hardware-based security since IT workers don't need to set up and manage multiple hardware
appliances. Alternatively, they might quickly expand security systems by installing centralized
software. IT workers can focus on other tasks by automating security-related tasks when security
technology is implemented.

Regulation adherence: Virtualized security is essential for businesses that need to stay in
compliance with regulations because traditional hardware-based security is static and cannot keep up
with the demands of a virtualized network.

Disadvantages of virtual security measures

The complexity of the virtualized security makes it riskier. In a virtualized environment, it is more
challenging to monitor workloads and applications as they migrate between servers, which
complicates the monitoring of security configurations and policies. Furthermore, security flaws could
arise from how simple it is to set up virtual machines.

It is crucial to keep in mind that many of these risks can still arise in virtualized settings, regardless of
whether security services are virtualized or not. Thus, to strengthen the organization's security and
integrity, METROPOLIS CAPITAL bank can implement the physical and virtual security measures
that have been mentioned above. These risks can be reduced by adhering to business security best
practices (such as spinning off virtual machines when they are no longer required and employing
automation to maintain security rules current).

(www.eccouncil.org, 2023)

Although virtual security measures have many benefits, there are also some potential
drawbacks to consider:

Complexity and Management Overhead: Virtual security measures can be difficult and time-
consuming to implement and manage. To manage security measures properly, organizations may
need to make investments in expert IT personnel or outsource security services. Costs and resource
allocation may go up as a result.

False Positives and Negatives: Antivirus software and intrusion detection systems, for example, may
produce false positives or false negatives. When legal activity are mistakenly labeled as harmful,
false positives happen, causing unneeded alerts and disruptions. False negatives, on the other hand,
take place when real dangers go unnoticed or unidentified, leaving the organization open to attack.

User Convenience and Productivity Impact: Users may feel burdened by stringent security
measures like multi-factor authentication or complex password regulations. The whole security
posture could be jeopardized as a result of resistance or attempts to circumvent security measures.
Furthermore, some security solutions could impose extra procedures or authentication requirements
that could impede operations and lower productivity.

Compatibility and Integration Challenges: Virtual security measures must work with the current IT
infrastructure and systems and be integrated into them. When adopting new security solutions,
compatibility or integration issues may appear, causing disruptions or conflicts with current systems.

Deployment and integration may take more time and effort as a result.

Cost Considerations: Virtual security measures can be expensive to implement and maintain. To
guarantee the efficiency of security measures, organizations must make investments in hardware,
software, licenses, and ongoing maintenance. The entire cost may also increase as a result of hiring
professional security employees or outsourcing services.

False Sense of Security: A false impression of security may be produced by relying entirely on
virtual security measures. These precautions are essential, but they are not impenetrable, and
persistent attackers may discover a way around them. Organizations must create a thorough security
strategy that addresses any weaknesses through proactive monitoring, training, and reaction as well as
teaching and training.

Evolving Threat Landscape: New threats are continually developing, changing the cybersecurity
landscape. To stay up with new threats, virtual security measures must be regularly updated and
modified. Systems and data could become exposed to new attack vectors if updates are not made.

Activity 02
Configuration

Configuration, in the context of technology and computer systems, refers to the organization and
selection of numerous hardware, software, and parameter settings that control how a system or device
functions. It entails defining and modifying the precise properties and choices that control a system or
application's operation, functionality, and presentation.
Hardware settings, network setups, software settings, user preferences, security settings, and other
factors are all included in configuration. To adapt the system or application to particular needs or
desired results, it entails specifying and modifying a variety of characteristics, options, and choices.

A system or application's initial setup, installation, as well as continuing management and

maintenance, can all involve configuration. It frequently entails making decisions and modifications
based on

Configuration can be done through command-line interfaces (CLIs), graphical user interfaces (GUIs),
configuration files, specific configuration tools provided by the system or application, or any
combination of these. Ensuring that the configuration settings are accurate, consistent, and aligned
with the intended goal is essential for optimal performance, functionality, and security.

Configuration management also refers to the methodical process of managing configurations across
various devices, applications, and systems. It requires building and maintaining a consistent and
dependable configuration state, keeping an eye on changes, and implementing version control
systems in order to provide proper configuration integrity and control over time.

In computers and computer networks, Configuration describes how the components of a computer
system are assembled. The specific hardware and software information, including the system's parts,
capacity, and attached devices, are commonly referred to as a configuration. Configuration includes
both software and hardware components. When discussing hardware configuration, people
occasionally make explicit reference to software elements and hardware arrangement. Understanding
computer setup is essential because some hardware or software programs call for a specific
configuration.

Configuration describes the precise options and parameters that specify how hardware
elements, software programs, and network components are set up and function in computers
and computer networks. It entails modifying and altering a number of system components to
guarantee optimal operation, connectivity, and security. Here are several illustrations of
configuration in this situation.:

Hardware Configuration: Setting up and altering the physical settings of a computer system's CPU,
RAM, storage, and peripheral devices is known as hardware setup. Device-specific settings, hardware
drivers, and BIOS configuration may all be included.
Software Configuration: Setting up software applications or operating systems entails adjusting
their settings and options. This involves managing user profiles, setting default behavior, modifying
preferences, and activating or disabling features. Graphical user interfaces, command-line interfaces,
or configuration files can all be used to configure software.

Network Configuration: To create network connectivity and guarantee effective communication

between devices, network setup involves setting up and configuring network devices, such as routers,
switches, firewalls, and wireless access points. It entails allocating IP addresses, constructing routing
tables, configuring network protocols, establishing security constraints, and administering network
services.

Server Configuration: When a server is configured, the software and settings are set up and
customized to match particular needs. It comprises setting up services like web servers, database
servers, email servers, or file servers as well as server roles, security settings, access controls, and
resource allocation.

Security Configuration: Security configuration entails putting in place the right security safeguards
to safeguard computer networks and systems. This involves managing user authentication and
authorization techniques as well as configuring firewalls, access controls, encryption, and intrusion
detection and prevention systems.

In a network, the term "configuration" is frequently used to describe the topology.

Configuration, in installing hardware and software, which is occasionally the purposeful process of
configuring options that are offered.

Misconfigurations

When security settings are maintained and implemented with default values, or when they are
improperly configured during the configuration process, security misconfiguration takes place. Any
tier of the application stack, cloud, or network could be impacted by this. Inadequately configured
clouds are a major contributor to data breaches that end up costing businesses millions of dollars.
 (Aqua, 2023)

Computer systems, software programs, or network component settings and configurations that
are erroneous or unsuitable are referred to as misconfigurations. These errors can be brought
on by human error, ignorance, oversight, or poor configuration management procedures. On
the functionality, performance, and security of the system, they may have substantial
detrimental effects. Here are some instances of incorrect settings:

Security Misconfigurations: Systems and networks that have security setup errors are more
susceptible to online threats. This can include not updating security patches and updates, providing
users excessive user access, misconfiguring firewall rules, and leaving default passwords untouched.
These setup errors may disclose private information, permit unauthorized access, or aid virus
dissemination.

Network Misconfigurations: Misconfigured networks can cause connectivity problems, subpar

performance, or even complete network failure. Incorrect IP address assignments, subnetting
mistakes, incorrectly configured routing protocols, and improperly configured network access control
lists are a few examples (ACLs). These errors can impair data transfer, interfere with network
communication, and interrupt services.

Application Misconfigurations: Software application configuration errors can present vulnerabilities

or have an adverse effect on its functionality. This may involve lax access controls, insecure default
configurations, insufficient authentication methods, or unsuitable database connection options.
Misconfigured applications run the risk of compromising data, allowing unwanted access, or
becoming unstable.
Cloud Misconfigurations: Misconfigurations in cloud settings, like platform as a service (PaaS) or
infrastructure as a service (IaaS), can lead to security breaches or service interruptions. Common
instances include incorrectly setup access controls, storage buckets that are accessible to the public,
unsecure API configurations, or insufficient encryption options. Misconfigurations of the cloud can
disclose confidential information, jeopardize client data, or result in unauthorized access to cloud
resources.

Server Misconfigurations: Misconfigurations on servers can affect its functionality, security, and
reliability, including operating system settings, services, and permissions. Examples include
misconfigured user accounts, enabled insecure protocols, inappropriate resource allocation, and
erroneous file permissions. Misconfigured servers can lead to system vulnerabilities, interruptions in
operation, or illegal access to confidential data.

(www.xaasjournal.com, 2023)

Why do misconfigurations occur?

A misconfiguration can be caused by a variety of factors.

Modern network infrastructures are complex and dynamic, making it easy for businesses to overlook
crucial security settings, such as new network equipment that retains default settings.

To identify configuration drift, the organization must routinely audit configurations and security
protocols even after implementing secure endpoint configurations. When software is updated,
hardware is added to the network, or systems are updated, misconfigurations can happen.

Numerous factors, including human error, insufficient knowledge or experience, a deadline, system
complexity, and inadequate configuration management protocols, can lead to misconfigurations.

The following are some typical causes of misconfigurations.:

Human Error: Misconfigurations are frequently caused by errors committed by users, developers, or
system administrators. Simple mistakes like wrongly inputting values, picking the incorrect options,
or skipping over crucial configuration settings might cause this.

Lack of Knowledge or Training: Misconfigurations may result from a lack of comprehension of

system setups, security best practices, or particular application requirements. Errors and oversights
may occur due to inadequate training or expertise in managing complicated configurations.
Complexity of Systems: Modern computer networks, software programs, and systems are intricately
interconnected and have a wide range of configuration possibilities. Config management in such
complex setups increases the risk of mistakes or oversights.

Time Pressure and Deadlines: System administrators and developers may experience time pressures
or deadlines in fast-paced environments, resulting in hurried configuration procedures. As a result,
there may be a higher likelihood of mistakes or overlooking important settings.

Lack of Standardization and Documentation: It becomes challenging to guarantee uniform and

secure setups across systems in businesses with uneven or poorly documented configuration
standards. The possibility of mistakes or departures from best practices is increased by inconsistent
methods and undocumented setups.

Inadequate Change Management: Misconfigurations may be caused by poor change management

techniques, such as a lack of change control, testing, or approval procedures. Implementing changes
without conducting adequate review and testing may result in configuration conflicts or mistakes.

Lack of Automation and Configuration Management Tools: Human mistake is more likely when
manual configuration methods are used without automation or configuration management solutions.
Automated tools can be used to verify setups, assure consistency, and look for potential configuration
errors.

Complexity of Security Requirements: Configuring numerous levels of security controls is a

common step in the implementation of effective security measures. Access controls, encryption, and
authentication systems are examples of complex security configurations that might be difficult to set
up effectively, increasing the possibility of configuration errors.

Lack of Ongoing Monitoring and Auditing: Misconfigurations may go undetected in the absence of
ongoing monitoring and periodic audits. Misconfigurations can persist and expose systems to security
vulnerabilities or operational problems if they are not quickly detected.

What causes security misconfiguration.

Even after you think your work is done, a secure environment built by a number of stakeholders
(systems administrators, DBAs, or developers) may still have weak points because not all
stakeholders are responsible for upholding the security of the web app and/or infrastructure. These
security deficiencies expose the organization to significant risks in the future, including costly fines
and reputational damage. Ones of the most frequent configuration mistakes is:

 Unpatched systems
 Default/ out of the box account settings (i.e. usernames and passwords)
 Unencrypted that are files
 Applications old and out of date web
 Unsecured that are devices
 Web application and cloud misconfiguration
 Insufficient firewall protection

We are all aware that your business may be affected by these dangerous security anomalies and
threats due to the challenges of operating in a heterogeneous environment for businesses and a lack of
security awareness. In your heterogeneous environment, you must manage security weaknesses like
improper configurations at every level.

Security setup errors can occur for a number of reasons, including the following:

Lack of Secure Defaults: Systems and software frequently have default settings that place more
emphasis on usability than security. Systems may become susceptible if these settings are not
correctly changed during installation or configuration. Security misconfigurations may occur if
default passwords are not changed, necessary security measures are not enabled, or superfluous
services are not disabled.

Inadequate Patching and Updates: Security misconfigurations can result from a delay in applying
security patches and upgrades. These updates frequently include configuration adjustments and
security fixes to address known vulnerabilities. Failure to update software, operating systems, and
firmware can expose systems to known security flaws.

Improper Access Controls: Unauthorized access or excessive permissions may be the result of
configuration errors with regard to access controls. This can happen when authentication mechanisms
are shaky or incorrectly designed, user accounts have excessive rights, or access controls are
improperly implemented. Unauthorized users may be able to access sensitive data or carry out
unlawful actions if access rights and permissions are not clearly stated.

Insecure Communication Protocols: Confidential information may be made accessible to

interception or unauthorized access by improperly configuring communication protocols, such as by
employing weak encryption settings or neglecting to enforce secure communication routes. The
secrecy and integrity of data transmissions can be compromised by improper SSL/TLS
configurations, feeble cipher suites, or the usage of antiquated or unsafe protocols.

Poorly Configured Security Settings: To satisfy certain security requirements, security settings
within software programs, operating systems, or network devices may need to be customized.
Inadequate password policies, insufficient firewall rules, and improperly configured security settings
can degrade system security overall and open the door for future assaults.

Mismanagement of Error Handling and Logging: The discovery and reaction to security issues
might be hampered by inadequate error handling and logging configurations. It may be challenging to
recognize and look into security breaches or unauthorized actions if error messages are improperly
configured or if logs are not enabled and reviewed.

Cloud Service Configuration: Data breaches or unauthorized access to cloud resources can result
from setup errors in cloud settings, such as incorrectly configured access controls, unsecure storage
rights, or faulty implementation of security groups. Cloud service configuration mistakes can leave
sensitive data and assets vulnerable to outside attackers.

Lack of Security Testing and Reviews: Misconfigurations may go undetected as a result of

inadequate security testing and reviews, such as vulnerability scanning, penetration testing, or code
reviews. Security flaws and incorrect setups may go undetected without a thorough examination and
validation of configurations, leaving systems open to attack.

Impact of security misconfigurations

Security errors, which might be the consequence of very simple mistakes, can make an application
vulnerable to attack. Because misconfiguration can occasionally expose data, a cybercriminal may
not even need to initiate an active attack. As users' access to code and data is increased, the danger to
application security grows.

For example, a standard internet search can retrieve data from a database server that isn't configured
correctly. An attacker might be able to access additional data not included in the database or start a
new attack on the company's servers if this data contains administrator credentials.
Due to inadequately designed (or nonexistent) security, many critical and personal bits of information
may be made publicly accessible online.

Organizations that experience security misconfigurations may suffer from a number of

detrimental effects, such as:

Increased Vulnerability to Attacks: Security setup errors can open doors for attackers to use. These
errors can lead to sensitive data being compromised, illegal access, or privilege escalation. Attackers
can use misconfigurations to conduct a variety of assaults, including remote code execution, cross-
site scripting (XSS), and SQL injection, which jeopardize the availability, integrity, and
confidentiality of systems and data.

Data Breaches and Information Exposure: Sensitive data, such as client information, intellectual
property, or financial data, can be made vulnerable by configuration errors. Data breaches can result
in financial losses, reputational harm, and legal repercussions. They can also be caused by inadequate
access restrictions, improperly designed storage or databases, or weak encryption settings. Personal
identifiable information (PII) disclosure can also lead to regulatory non-compliance and data
protection law violations.

Service Disruptions and Downtime: Critical services may be interrupted by misconfigurations,

which could even result in a total system shutdown. Network connectivity can be disrupted when
apps or websites can't be accessed if DNS servers, load balancers, firewalls, or network devices are
configured incorrectly. Such interruptions can have an adverse effect on how a business operates,
cause financial losses, and erode customer confidence.

Compliance and Legal Issues: Misconfigurations may result in a breach of legal or contractual
requirements or industry norms and regulations. Due to security misconfigurations that breach
privacy laws, fail to protect sensitive data, or jeopardize industry-specific compliance standards,
organizations may be subject to legal action, regulatory fines, or loss of business contracts.

Reputation Damage: A company's reputation might suffer greatly from security misconfigurations
that lead to data breaches, service interruptions, or other security events. The rapid dissemination of
information about security events and breaches can erode consumer trust, harm a brand's reputation,
and result in lost sales and missed business prospects.

Financial Losses: Due to a number of variables, security misconfigurations can cause financial
losses. This covers the expense of responding to incidents, taking corrective action, filing lawsuits,
paying regulatory penalties, compensating customers, and putting a stop to business. Long-term
financial effects may result from the loss of clients and possible business possibilities.

Operational Inefficiencies: Misconfigurations can result in operational inefficiencies including

subpar system performance, higher resource usage, or trouble managing and sustaining systems.
Ineffective setups may cause resource scaling issues, system slowdowns, and longer response times,
which can all have an adverse effect on user experience and productivity.

How to prevent security misconfigurations

"It is said that "prevention is better than treatment." Up to this point, we've discussed methods for
identifying and correcting these setup mistakes.

According to a Cypress Data Defense post, there are several doable actions you may take to prevent
security misconfiguration.

It's crucial to implement a repeatable hardening procedure that makes it simple and quick to deploy
another environment that has been completely prepared. To boost security, the development,
production, and QA environments should all be configured similarly, but with unique passwords in
each. This process can be automated to build a new secure environment while also saving time.

Patches and software upgrades should be applied frequently to each environment. Patching a golden
image before deploying it is an alternative. The company should have an application architecture that
is robust enough to provide security and effective component separation.

To keep a well-organized software development cycle and detect any security misconfigurations or
missing upgrades, the business must often conduct periodic audits and scans. The importance of
performing application security testing at each level of the development process cannot be overstated.

Employers play a critical role in limiting vulnerabilities. Employee education and training discuss the
significance of security settings and how they may affect the organization's overall security.

Before introducing customized code into the production environment, run it using a static code
security scanner. Security professionals should also run manual tests as well as dynamic tests.

It takes initiative and the application of certain recommended practices to prevent security
misconfigurations. The following actions businesses can take will help them reduce the danger
of security misconfigurations.:
Follow Secure Configuration Guidelines: Follow industry-accepted security configuration best
practices and guidelines. These recommendations cover how to secure web servers, operating
systems, databases, network devices, and other components. The CIS Benchmarks, NIST Special
Publications, and vendor-specific security configuration manuals are a few examples.

Implement Configuration Management Processes: Establish reliable configuration management

procedures to guarantee configuration control and consistency. To do this, standard configurations
must be established, configuration settings must be documented, and change management processes
must be put in place to monitor and control configuration changes. This procedure can be streamlined
and automated with configuration management solutions.

Regularly Update and Patch Systems: Keep the most recent security patches and upgrades installed
on your systems, programs, and firmware. Ensure that essential security updates are immediately
applied to address known vulnerabilities and misconfigurations by implementing a proactive
approach to patch management.

Harden System Configurations: To reduce the attack surface, disable or delete superfluous services,
ports, and protocols. Apply the least privilege concept when determining who gets what permissions
and access controls. Set up security defaults like encrypted communications, strong passwords, and
strong passwords.

Conduct Security Audits and Assessments: Conduct security audits and assessments frequently to
find configuration errors. To find security flaws and incorrect configurations in systems and
applications, this includes vulnerability scanning, penetration testing, and configuration audits.
Validate configurations against secure configuration guidelines using automated tools and manual
inspections.

Provide Security Awareness and Training: Teach secure configuration techniques to system
administrators, developers, and other relevant staff. Give instruction on secure coding principles,
secure deployment methods, and the potential repercussions of configuration errors. Encourage a
culture of security awareness throughout the company.

Implement Secure Defaults and Templates: When feasible, configure systems, programs, and
gadgets to secure default settings. Use hardened system images that have pre-configured security
settings or secure configuration templates. This lessens the need for human configuration and lowers
the possibility of oversight or mistakes.
Employ Continuous Monitoring and Logging: Put in place reliable logging and monitoring
systems to spot suspicious activity and security setup errors. To gather and analyze logs, create alerts
for suspected misconfigurations, and keep an eye out for signs of compromise, use security
information and event management (SIEM) systems.

Conduct Security Reviews in Development: To find and fix misconfigurations early on, perform
security reviews and testing during the development process. To identify unsafe configuration
procedures in applications and system designs, this comprises code reviews, static analysis, and
security testing.

Regularly Review and Validate Configurations: Review configurations on a regular basis to make
sure they're accurate and following security guidelines. Verify configurations against known-good
configurations and secure baselines. To speed up this procedure, use automated configuration
validation tools or scripts.

Firewall

A firewall is a piece of hardware or software used for network security that divides an internal
network from an external network (such as the Internet). Monitoring and controlling incoming and
outgoing network traffic in compliance with predetermined security policies is its primary goal. The
firewall acts as a filter to protect the internal network from threats, malicious activity, and unwanted
access by permitting or prohibiting network connections based on predetermined standards.

(Swissns, 2023)
Network packets are examined by firewalls, which then apply rules to decide whether to accept or
deny the traffic. Various variables, such as source and destination IP addresses, port numbers,
protocols, or application signatures, can be used to base these rules. Firewalls can be set up to enact
regulations like restricting access to specific ports or services, only permitting authorized
connections, or monitoring for and stopping suspicious activity.

Firewalls can be used in a variety of ways:

Network Firewalls: Located at the network perimeter or within the network infrastructure, network
firewalls are hardware or software-based devices. To manage access between various network
segments or between the internal network and the Internet, they filter traffic based on IP addresses,
ports, and protocols.

Host-based firewalls are software programs that are installed on PCs or servers. By regulating
inbound and outbound traffic specifically for the host on which they are placed, they offer protection
at the system level. Host-based firewalls are helpful for protecting individual systems, especially
when they are connected to unreliable networks.

Deep packet inspection (DPI), intrusion prevention system (IPS), application awareness, and user
identity management are examples of extra security features that are combined with traditional
firewall capabilities in next generation firewalls (NGFW). Improved visibility, granular control, and
threat prevention capabilities are provided by NGFWs.

How does a firewall work?

Your PC is protected from malicious data by firewall filters. Backdoors, denial-of-service attacks,
macros, remote logins, spam, malware, and other common threats can all be thwarted by firewalls.

Backdoors serve as "doorways" through which attackers can access vulnerable apps. This includes
operating systems that might have security holes that hackers could exploit to access your machine.

A denial-of-service attack is launched when a hacker tries to connect to a server and, when the server
responds, it is unable to identify the system. When this is done repeatedly, the server becomes
overloaded and uses so much energy handling all of the requests that it cannot support real users. The
server might occasionally need to be completely shut down.
Some firewalls can authenticate connection requests, protecting your network from denial-of-service
attacks.

Programs run macros, which are scripts, to do out tasks automatically. A macro may contain a series
of linked operations all initiated by the same command. Hackers produce or purchase macros
designed to work with particular software. It's possible for a macro to infiltrate your computer by
hiding among seemingly benign data and wreak havoc on your system. Dangerous macros can be
found when a firewall examines the data packets that try to pass through.

Spam occasionally contains links to untrustworthy websites. These websites install cookies on the
user's computer by activating malicious software. Hackers can access the computer through
backdoors made by the cookies. Regardless of who the sender appears to be, avoiding clicking on
anything suspicious in an email can often put an end to a spam campaign. A firewall can scan your
emails and stop malware from infecting computers.

A firewall's method of operation is to watch over and manage network traffic according to a
predetermined set of rules. It serves as a gatekeeper by inspecting network packets and deciding
whether to allow or block them in accordance with the set rules, separating the internal network from
external networks like the Internet.

Here's a high-level overview of how a firewall operates:

Packet Inspection: The firewall examines the headers and content of network packets as they pass
through it to learn the source and destination IP addresses, port numbers, protocols, and other
pertinent information. The term "packet inspection" or "packet filtering" refers to this procedure.

Rule-Based Decision Making: The packet inspection data is compared by the firewall to a list of
predetermined rules. These regulations outline the standards for approving or rejecting network
connections. Various variables, such as IP addresses, port numbers, protocols, or particular
application signatures, can be used to base rules.

Filtering Decisions: The firewall makes filtering judgments based on comparisons with the rules. A
packet can flow past the firewall if it matches an allowed rule. A packet is lost or rejected and the
connection attempt is ended if it matches a blocked or denied rule. Additionally, the firewall can be
set up to log events for later analysis or auditing.
Network Address Translation (NAT): Network Address Translation (NAT) technology is
frequently present in firewalls. In order to disguise the internal network architecture or save IP
addresses, NAT enables the firewall to change the source or destination IP address and port numbers
of packets.

Stateful Inspection: Stateful inspection techniques are used by several current firewalls. Stateful
inspection monitors the state of network connections, recording details about existing connections
and the sessions they are connected to. This strategy improves security and performance by enabling
the firewall to make more informed filtering decisions depending on the context of the traffic flow.

Application Awareness: Application awareness is incorporated by next generation firewalls

(NGFWs). They have deep packet inspection (DPI) capabilities, which allow them to examine
network packet content at the application layer. This gives the firewall the ability to comprehend
particular apps and the protocols that go along with them, granting it greater granular control and the
capacity to recognize and block dangers related to particular applications.

Virtual Private Network (VPN) Support: Virtual Private Network (VPN) functionality is often
supported by firewalls. By tunneling network traffic across untrusted networks, this enables secure
remote access or site-to-site communications.

Different types of firewalls

There are several different types of firewalls, each with its own characteristics and capabilities.
Here are some of the commonly used types:

Packet Filtering Firewalls: The headers of network packets, including the source and destination IP
addresses, port numbers, and protocols, are examined by packet filtering firewalls. They either permit
or deny packets based on established rules. This kind of firewall is generally integrated into routers or
other specialized hardware devices, operating at Layer 3 of the OSI model, which represents the
network layer.

Stateful Inspection Firewalls: Stateful inspection firewalls combine the capacity to monitor the
status of network connections with packet filtering.

They keep records of relationships that have been made and the sessions that go along with them.
Stateful inspection firewalls can make more informed filtering judgments by comprehending the
context of the traffic flow. They function at the OSI model's network layer (Layer 3) and transport
layer (Layer 4).

Application-Level Gateways (Proxy Firewalls): Proxy firewalls, often referred to as application-

level gateways, operate as a middleman between the client and the server. They create separate
connections with the client and server and look at the OSI model's application layer (Layer 7).
Advanced security features like content filtering, application-specific restrictions, and deep packet
inspection can be provided via proxy firewalls (DPI). But because of the increased processing
needed, they can cause latency to increase.

Next-Generation Firewalls (NGFW): Traditional firewall functions are combined with extra
security measures in next-generation firewalls. They integrate advanced features like user identity
management, deep packet inspection (DPI), intrusion prevention system (IPS), and application
awareness. At various layers of the OSI model, NGFWs offer improved visibility, granular control,
and threat prevention capabilities.

Network Address Translation (NAT) Firewalls: Network address translation (NAT) firewalls
change packets' source or destination IP addresses and port numbers. They're frequently employed to
protect public IP addresses and conceal the internal network layout. NAT firewalls can be used in
routers or standalone firewall hardware.

Host-Based Firewalls: Host-based firewalls are programs that are installed on specific PCs or
servers. They offer system-level security by regulating incoming and outgoing network traffic for the
host on which they are installed. Particularly helpful for protecting individual systems while
connected to unreliable networks are host-based firewalls.

Virtual Firewalls: Software-based firewalls called virtual firewalls are made to function in
virtualized settings. They offer security controls for virtual networks and computers (VMs). Virtual
appliances or firewalls are frequently used in conjunction with virtualization platforms.

Key components of firewall

A firewall is made up of several essential parts that cooperate to ensure network security. These
elements consist of:

Firewall Policy: The firewall policy defines the rules and configurations that dictate how the firewall
will handle network traffic. It specifies criteria such as allowed or blocked IP addresses, port
numbers, protocols, and application signatures. The policy is based on the organization's security
requirements and defines the behavior of the firewall.

Rule Base: The rule base is a collection of individual rules within the firewall policy. Each rule
specifies a specific condition or set of conditions that incoming or outgoing network traffic must meet
to be allowed or blocked. Rules can be based on source and destination IP addresses, port numbers,
protocols, or other parameters. The rule base is evaluated sequentially to determine the appropriate
action for each packet.

Network Interfaces: Firewalls have multiple network interfaces to connect to different network
segments or zones. These interfaces enable the firewall to receive and send network traffic from and
to different networks. For example, a firewall may have separate interfaces for the internal network,
external network (such as the Internet), DMZ (demilitarized zone), or other network segments.

Packet Filtering Engine: The packet filtering engine is responsible for inspecting individual network
packets and making decisions based on the defined firewall policy and rule base. It examines packet
headers and, in some cases, packet contents to determine whether to allow or block the traffic. The
packet filtering engine operates at the network layer (Layer 3) or transport layer (Layer 4) of the OSI
model.

Stateful Inspection Engine: Stateful inspection engines maintain information about the state of
network connections and sessions. They track the sequence and status of packets to identify
established connections and ensure the integrity and security of the traffic. Stateful inspection allows
firewalls to make context-aware filtering decisions and protect against certain types of attacks, such
as TCP/IP-based attacks or session hijacking.

Logging and Monitoring: Firewalls typically have logging and monitoring capabilities to record and
track network traffic and firewall activities. They generate logs that contain information about
allowed and blocked connections, intrusion attempts, and other events. Monitoring tools provide real-
time visibility into network traffic and firewall performance, allowing administrators to detect
anomalies or potential security issues.

Management Interface: The management interface allows administrators to configure and manage the
firewall settings. It provides a graphical user interface (GUI) or command-line interface (CLI)
through which administrators can define the firewall policy, manage rules, monitor logs, and perform
other administrative tasks. The management interface also includes features for software updates,
firmware upgrades, and system maintenance.
 (www.geeksforgeeks.org, 2023)

Activity 03
Review of Risk Assessment Procedures
Threat Landscape

METROPOLIS CAPITAL Bank should conduct a comprehensive analysis of potential threats. This
includes considering cyber threats like malware, phishing, and DDoS attacks, as well as physical
security threats and natural disasters.

Regular threat intelligence updates can aid in staying informed about emerging threats.

Vulnerability Assessment:

Regularly conduct Vulnerability Assessments and Penetration Testing to identify weaknesses in the
bank's systems.

Prioritize and address vulnerabilities based on their severity and potential impact on the bank's
operations.

Asset Inventory:

Maintain an updated inventory of all assets, including hardware, software, and data.

This inventory helps in understanding the bank's IT landscape and ensures that critical assets receive
appropriate security measures.

Incident Response Planning:

Develop a robust incident response plan outlining procedure for identifying, containing, eradicating,
recovering, and lessons learned from security incidents.

Regularly test and update the plan to adapt to evolving threats.

(safetyculture.com, 2023)
Mandatory Data Protection Laws and Procedures

General Data Protection Regulation (GDPR):

Ensure compliance with GDPR, which mandates secure processing of personal data.

Implement measures such as anonymization and pseudonymization to protect customer privacy.

Data Encryption:

Implement end-to-end encryption for data in transit and encryption at rest to safeguard sensitive
information.

Encryption protocols should align with industry best practices and compliance standards.

Access Controls:

Enforce strong access controls to limit access to sensitive data.

Regularly review and update user privileges to ensure that access aligns with job responsibilities.

ISO 31000 Risk Management Methodology

Risk Identification:

Identify potential risks by evaluating the bank's IT infrastructure, processes, and external factors.

Consider the interconnectedness of systems and dependencies.

Risk Analysis:

Assess the likelihood and potential impact of identified risks.

This involves understanding vulnerabilities, evaluating potential threats, and estimating the
consequences of a security incident.

Risk Evaluation:
Prioritize risks based on their severity and potential impact on the bank.

This step guides resource allocation and risk mitigation efforts.

Risk Treatment:

Develop strategies to mitigate or manage identified risks.

This could involve implementing security controls, transferring certain risks, or accepting others
based on a risk appetite assessment.

Impact of IT Security Audit on Organizational Security

Operational Disruptions:

Understand that the audit process may temporarily disrupt normal operations.

Plan for minimal disruption by scheduling audits during off-peak hours and communicating potential
impacts to relevant stakeholders.

Reputational Damage:

Be prepared for potential reputational damage if audit findings become public.

Ensure transparent communication about remediation efforts and improvements to mitigate negative
perceptions.

Aligning IT Security with Organizational Policy

Policy Review and Update:

Regularly review and update IT security policies to reflect the latest security standards and align with
organizational objectives.

Ensure policies cover emerging technologies and changing work environments.

Training and Awareness:

Conduct regular training sessions to educate employees on security policies and procedures.

Provide specific guidance on BYOD security, recognizing phishing attempts, and reporting security
incidents.

Incident Reporting:

Establish a clear and efficient incident reporting mechanism.

Encourage a culture of reporting security incidents promptly to facilitate swift response and
containment.

Recommendations for Facilitating Work from Home

Secure Remote Access:

Implement a robust Virtual Private Network (VPN) for secure remote access.

Ensure encryption of communication channels to protect sensitive data.

Endpoint Security:

Enforce endpoint security measures, including antivirus software and regular patch management for
devices used in remote work.

Implement controls to prevent unauthorized access to devices.

Employee Training:

Provide comprehensive training on secure work-from-home practices, emphasizing the importance of

strong passwords, secure Wi-Fi usage, and vigilance against phishing attempts.

Multi-Factor Authentication (MFA):

Implement MFA to add an extra layer of security for remote access.

This helps protect against unauthorized access even if login credentials are compromised.
METROPOLIS CAPITAL Bank, a prominent private banking service provider in Sri Lanka, faces the
imperative of safeguarding its extensive network infrastructure, including data centers, branches, and
ATMs, while complying with stringent data protection laws and adhering to ISO 31000 risk
management standards. The bank, equipped with ISO 31000:2009 certification, employs a
multifaceted security approach encompassing CCTV surveillance, 24/7 monitoring, and various
security tools managed by its Technical Support Team. In response to the potential initiation of a
work-from-home scenario, the bank has enlisted the services of a Network Security Analyst to
recommend and implement a robust security solution. This entails securing remote access through a
VPN, enforcing endpoint security, providing comprehensive employee training, and implementing
multi-factor authentication. Furthermore, the bank diligently complies with GDPR regulations,
emphasizing data encryption, access controls, and periodic risk assessments to ensure the protection
of sensitive customer information. The alignment of IT security practices with organizational
policies, including regular policy reviews, employee training, and an efficient incident reporting
mechanism, underscores the bank's commitment to maintaining a secure and resilient operational
environment.

Activity 04
Design and implement suitable security policy
Policy Objectives

Remote Access Security:

Objective: Ensure secure and reliable remote access for employees to the bank's network.

Implementation: Deploy a robust Virtual Private Network (VPN) to encrypt data in transit and
authenticate users securely. Enforce multi-factor authentication (MFA) to enhance access controls.

Endpoint Security:

Objective: Safeguard individual devices from security threats and vulnerabilities.

Implementation: Utilize advanced endpoint protection tools, including antivirus software and
endpoint detection and response (EDR) systems. Implement regular patch management to keep all
endpoints updated with the latest security patches.

Data Protection Measures:

Objective: Protect sensitive customer information through comprehensive data protection measures.

Implementation: Enforce encryption for data in transit and at rest to safeguard customer data.
Implement access controls, including role-based access, to restrict and monitor user access to
sensitive data.

Incident Response:

Objective: Develop and implement an effective incident response plan to handle security incidents
promptly and efficiently.

Implementation: Document and regularly update an incident response plan outlining procedure for
identifying, containing, eradicating, recovering, and learning from security incidents. Conduct regular
drills to test the effectiveness of the plan.

Aligning with METROPOLIS CAPITAL Bank

Consideration of Online and Mobile Banking: Given that METROPOLIS CAPITAL Bank provides
online and mobile banking facilities, the policy objectives align with ensuring secure access for both
employees and customers. The emphasis on encryption and access controls is crucial to maintaining
the confidentiality and integrity of customer data.

BYOD Concept: The policy objectives are designed to accommodate the bank's recent
implementation of a bring your own device (BYOD) concept for Senior Executive Staff and HR
Departments. This aligns with the remote access security objective, ensuring that devices used for
remote work adhere to security standards.

ISO 31000 Certification: The policy objectives complement the bank's ISO 31000:2009 certification
by emphasizing a proactive and risk-based approach. For instance, the data protection measures and
incident response objectives align with ISO 31000 principles, ensuring a robust risk management
methodology.

Regulatory Compliance: Considering the bank's strict adherence to government and Central Bank
regulations, the policy objectives are designed to align with these requirements. This includes
implementing measures to protect customer data and ensuring that the bank's operations are resilient
to security threats.

Enhancements to Security Posture

Continuous Improvement: The policy objectives are not static; they reflect a commitment to
continuous improvement. Regular updates to the incident response plan, endpoint security measures,
and access controls contribute to an evolving and adaptive security posture.

User Experience: While prioritizing security, the policy objectives also consider the user experience.
The implementation of a VPN and MFA for remote access, for example, aims to balance security
with user convenience, ensuring a seamless and user-friendly banking environment.

Risk Mitigation and Preparedness

Risk Mitigation: The policy objectives, especially those related to data protection and incident
response, are geared towards mitigating risks associated with cyber threats and potential operational
disruptions. Encryption and access controls serve as proactive measures to reduce the likelihood and
impact of data breaches.

Preparedness for Emergencies: The emphasis on incident response aligns with the reported possibility
of an emergency leading to a work-from-home situation. The policy objectives are designed to ensure
that the bank is prepared to handle security incidents in any operational scenario, fostering resilience.

The policy objectives for METROPOLIS CAPITAL Bank are intricately designed to address the
specific needs and challenges of a modern banking environment. These objectives not only align with
the bank's current operations but also demonstrate a forward-looking approach to security, risk
management, and regulatory compliance.

(nsuworks.nova.edu, 2023)
Organizational Policy Tools

Policy Management System:

Objective: Streamline the creation, review, and update of security policies.

Implementation: Utilize a centralized policy management system to efficiently manage, document,

and update security policies. This system ensures that policies are aligned with industry standards,
regulatory requirements, and the evolving needs of the organization.

Justification: Given the complexity of the banking industry and the need for stringent security
measures, a policy management system provides a centralized repository for policies. It facilitates
collaboration among stakeholders involved in policy creation and ensures that policies are accessible
to all relevant personnel. This tool enhances efficiency in policy management and compliance.

Employee Training and Awareness Platforms:

Objective: Ensure that employees are well-informed about security policies and best practices.

Implementation: Implement a comprehensive training platform that covers security policies,

emerging threats, and best practices. Regularly update training modules to keep employees informed
about the latest security measures.

Justification: In a dynamic and ever-evolving security landscape, continuous employee training is

crucial. An employee training and awareness platform helps in disseminating information
consistently and ensures that employees are aware of their roles in maintaining the security posture of
the bank. It contributes to building a security-conscious organizational culture.

Access Control Systems:

Objective: Manage user privileges effectively to ensure appropriate access to sensitive data.

Implementation: Deploy access control systems that manage, and monitor user access based on job
roles and responsibilities. Regularly review and update access controls to align with changing
organizational structures.
Justification: Access control is pivotal in securing sensitive data and preventing unauthorized access.
Access control systems allow the bank to define and enforce access policies, reducing the risk of data
breaches. Regular reviews ensure that access privileges are aligned with current job responsibilities.

Endpoint Security Tools:

Objective: Provide an additional layer of protection for critical endpoints and sensitive data.

Implementation: Utilize advanced endpoint security tools such as privilege access management
(PAM) systems and data loss prevention (DLP) tools. These tools monitor and control access to
endpoints, preventing unauthorized activities and potential data breaches.

Justification: Endpoints are common targets for cyber threats. Advanced endpoint security tools add
layers of protection by controlling access and preventing data leakage. Given the sensitive nature of
banking operations, these tools are crucial for safeguarding customer data and the integrity of the
bank's systems.

Alignment with METROPOLIS CAPITAL Bank

Policy Management System: Aligning with the bank's commitment to ISO 31000:2009 certification, a
policy management system ensures that policies are documented, reviewed, and updated
systematically. This aligns with the bank's risk management methodology and provides transparency
in policy compliance.

Employee Training and Awareness Platforms: Considering the bank's implementation of a BYOD
concept and the need for continuous employee education, an employee training platform ensures that
staff remains informed about security policies, reducing the risk of human error and enhancing the
overall security posture.

Access Control Systems: Given the extensive network infrastructure and the need to protect customer
data, access control systems play a critical role. They align with the bank's objective of restricting and
monitoring user access to sensitive information, promoting a least privilege principle.
Endpoint Security Tools: With the increasing sophistication of cyber threats, advanced endpoint
security tools align with the bank's commitment to protecting critical endpoints and sensitive data.
These tools are essential for maintaining the confidentiality and integrity of customer information.

Enhancements to Security Posture

Continuous Improvement: All these tools contribute to continuous improvement in the bank's security
posture. A policy management system ensures policies are regularly updated, employee training
platforms adapt to evolving threats, access control systems are reviewed, and endpoint security tools
incorporate the latest threat intelligence.

Adaptability: The tools selected are adaptable to changing business needs and technology landscapes.
This aligns with the bank's requirement to stay abreast of technological advancements and emerging
security threats.

Stakeholder Involvement

Management and Executives: These tools facilitate effective communication between management
and employees regarding security policies and measures. They provide the necessary visibility for
decision-makers to assess and support the organization's security initiatives.

Technical Support Team: The Technical Support Team, as a local third-party vendor, is actively
involved in the implementation and management of these tools. Their role is crucial in ensuring that
the tools are effectively deployed and aligned with the bank's security objectives.

The organizational policy tools selected for METROPOLIS CAPITAL Bank are strategically chosen
to address the specific security needs of a modern banking institution. These tools enhance efficiency,
transparency, and adaptability in policy management, employee training, access control, and endpoint
security, ultimately contributing to a resilient and secure organizational environment.

Stakeholders and their Roles

Management and Executives:

Role: These stakeholders, including top-level management and executives, play a crucial role in
setting the overall strategic direction of METROPOLIS CAPITAL Bank.

Involvement: They are involved in defining the bank's security strategy, allocating resources, and
ensuring that security policies align with organizational goals and regulatory requirements.

Decision-Making: Management and executives are key decision-makers in approving security

budgets, investments in security technologies, and endorsing policies that impact the entire
organization.

Technical Support Team:

Role: The Technical Support Team is a local third-party vendor contracted to provide IT support
services to METROPOLIS CAPITAL Bank.

Involvement: They are actively involved in the implementation and management of security
measures, including tools such as endpoint security solutions, access control systems, and incident
response procedures.

Responsibility: The team is responsible for providing onsite and remote support, managing security
tools, and responding to security incidents promptly and effectively.

Employees:

Role: All employees, from customer service representatives to senior executives, are critical
stakeholders in the security framework of the bank.

Involvement: Employees are involved in adhering to security policies, participating in training

programs, and promptly reporting security incidents.

Responsibility: Their responsibilities include safeguarding customer information, following security

guidelines, and maintaining awareness of security best practices.
Regulatory Bodies:

Role: External stakeholders such as government bodies and the Central Bank act as regulators
overseeing the operations of METROPOLIS CAPITAL Bank.

Involvement: Regulatory bodies are involved in setting and enforcing compliance standards related to
data protection, financial transactions, and overall security practices.

Audit and Assessment: They conduct regular audits and assessments to ensure that the bank complies
with industry regulations and standards, reinforcing the overall security posture.

Alignment with METROPOLIS CAPITAL Bank

Management and Executives: Their involvement is critical in ensuring that security measures align
with the overall business strategy. This alignment is necessary for allocating resources effectively and
endorsing policies that resonate with the organization's goals.

Technical Support Team: As a key player in implementing and managing security measures, their
role aligns with the operational aspect of maintaining a secure IT infrastructure. Their responsibility
in responding to security incidents contributes directly to the bank's incident response capabilities.

Employees: The involvement of all employees in adhering to security policies is pivotal. Their
responsibilities in maintaining the confidentiality and integrity of customer information align with the
bank's commitment to data protection and customer trust.

Regulatory Bodies: Given the stringent regulatory environment in the banking industry, the
involvement of regulatory bodies ensures that the bank operates within legal frameworks.
Compliance with regulations is paramount for the bank's reputation and customer trust.

Building Security Audit Recommendations

Regular Security Audits: Management and executives play a key role in approving budgets for
regular security audits. The Technical Support Team is involved in implementing recommendations
arising from these audits.
Continuous Monitoring: All stakeholders play a role in continuous monitoring efforts. Employees are
the eyes and ears on the ground, reporting incidents promptly. Regulatory bodies ensure that the bank
adheres to continuous monitoring requirements.

Collaborative Incident Response: The Technical Support Team is directly involved in incident
response, collaborating with employees to contain and remediate security incidents. Management and
executives oversee the effectiveness of incident response procedures.

Documentation and Reporting: Regulatory bodies often require comprehensive documentation and
reporting. Management and executives ensure that accurate records are maintained, and the Technical
Support Team is responsible for generating reports based on their monitoring and incident response
activities.

Enhancements to Security Posture

Continuous Improvement: Management and executives drive a culture of continuous improvement by

approving investments in new security technologies and endorsing policies that reflect emerging
threats. The Technical Support Team contributes by implementing and managing these
improvements.

Adaptability: All stakeholders, particularly management and executives, play a role in ensuring that
the organization remains adaptable to changing business needs and evolving security landscapes. This
may involve updating policies, investing in new technologies, and ensuring that employees are
trained on emerging threats.

Stakeholders in METROPOLIS CAPITAL Bank play diverse but interconnected roles in shaping and
maintaining the bank's security posture. Their involvement, collaboration, and commitment to
security contribute to building a resilient and secure organizational environment.

Building Security Audit Recommendations

Regular Security Audits:

Objective: Conduct periodic assessments to evaluate the effectiveness of implemented security

measures.
Stakeholders' Roles:

Management and Executives: Approve budgets for security audits, ensuring that they align with the
organization's risk management strategy.

Technical Support Team: Actively participate in the audit process, providing insights into the
implementation and performance of security measures.

Regulatory Bodies: May mandate or conduct audits to ensure compliance with industry regulations.

Recommendation: Engage external cybersecurity firms for independent audits, covering areas such as
network security, access controls, and data protection. Regular internal audits should also be
conducted to maintain ongoing visibility into the security posture.

Continuous Monitoring:

Objective: Implement tools and processes for continuous monitoring to detect and respond to security
incidents in real-time.

Stakeholders' Roles:

Technical Support Team: Deploy and manage monitoring tools, analyze alerts, and respond promptly
to any identified security incidents.

Employees: Play a role in continuous monitoring by promptly reporting any suspicious activities or
security incidents.

Regulatory Bodies: May require evidence of continuous monitoring practices as part of compliance
checks.

Recommendation: Utilize Security Information and Event Management (SIEM) tools to aggregate
and analyze log data for anomalies. Implement automated alerting systems to ensure immediate
responses to potential security incidents.

Collaborative Incident Response:

Objective: Establish a collaborative incident response framework to ensure swift and coordinated
actions during security incidents.

Stakeholders' Roles:

Technical Support Team: Lead incident response efforts, investigate security incidents, and
implement corrective actions.

Employees: Report security incidents promptly and cooperate with the incident response team.

Management and Executives: Oversee the effectiveness of incident response procedures and allocate
resources for improvement.

Recommendation: Conduct regular incident response drills involving both technical and non-
technical staff. Review and update the incident response plan based on lessons learned from
simulations and real incidents.

Documentation and Reporting:

Objective: Maintain thorough documentation of security policies, incidents, and audit findings.
Provide clear and detailed reports to stakeholders.

Stakeholders' Roles:

Technical Support Team: Document security incidents, responses, and remediation efforts. Generate
reports based on monitoring activities.

Management and Executives: Oversee the creation and maintenance of comprehensive security
documentation. Use reports to make informed decisions.

Regulatory Bodies: May require documentation and reports as part of compliance checks.

Recommendation: Implement a centralized documentation system for security policies, incident

reports, and audit findings. Regularly review and update documentation to reflect changes in the
security landscape.

External Penetration Testing:

Objective: Evaluate the resilience of external-facing systems by simulating real-world cyber-attacks.

Stakeholders' Roles:

Technical Support Team: Collaborate with external penetration testing firms to facilitate tests and
address identified vulnerabilities.

Management and Executives: Approve and allocate resources for external penetration testing.

Regulatory Bodies: May view external penetration testing as a proactive measure for risk
management.

Recommendation: Conduct external penetration tests at regular intervals to identify and address
vulnerabilities in external-facing systems, including online and mobile banking platforms.

User Training and Awareness:

Objective: Regularly educate and raise awareness among employees about security policies and best
practices.

Stakeholders' Roles:

Technical Support Team: Develop and deliver training modules, emphasizing current threats and
security guidelines.

Employees: Actively participate in security training and apply best practices in their daily work.

Management and Executives: Allocate resources for ongoing training initiatives.

Recommendation: Implement a continuous training program covering topics such as phishing

awareness, secure password practices, and the importance of reporting security incidents promptly.

Regular Policy Reviews:

Objective: Ensure that security policies are up-to-date, reflecting current industry standards and
organizational needs.
Stakeholders' Roles:

Management and Executives: Oversee the review and update of security policies to align with
organizational goals.

Technical Support Team: Provide insights into the practical implementation and effectiveness of
security policies.

Employees: Adhere to updated policies and provide feedback based on their experiences.

Recommendation: Conduct regular reviews of security policies, considering changes in technology,

industry regulations, and the organization's risk landscape. Involve key stakeholders in the review
process.

In summary, building security audit recommendations for METROPOLIS CAPITAL Bank involves a
multifaceted approach. Regular audits, continuous monitoring, collaborative incident response,
thorough documentation, external penetration testing, user training, and policy reviews collectively
contribute to a robust security posture aligned with organizational goals and industry best practices.
The involvement of key stakeholders ensures a holistic and effective implementation of these
recommendations.
References

study.com (Security Risk [online] What is the meaning of security risk. Available at:
https://study.com/academy/lesson/what-is-a-computer-security-risk-definition-types.html [Accessed 8
Nov. 2023].

techtarget.com (Phishing [online] How Phishing Works. Available at:

https://www.techtarget.com/searchsecurity/definition/phishing [Accessed 10 Nov. 2023].

britannica.com (Computer Virus [online] Ransomware | Modern Developments. Available at:

https://www.britannica.com/technology/computer-virus [Accessed 10 Nov. 2023].

essentialdata.com (Organizational Security Procedures [online] What is Security Procedure?

Available at: https://essentialdata.com/the-principles-about-a-security-procedure/ [Accessed 10 Nov.
2023].

manageengine.com (Network Monitoring [online] Monitoring Network Devices Available at:

https://www.manageengine.com/network-monitoring/basics-of-network-monitoring.html [Accessed
11 Nov. 2023].
getkisi.com (Security Risk [online] Physical Security System Components. Available at:
https://www.getkisi.com/overview/physical-security [Accessed 12 Nov. 2023].

eccouncil.org (Virtual Security [online] Virtual Network Security Measures. Available at:
https://www.eccouncil.org/cybersecurity-exchange/network-security/what-is-virtual-network-
security/ [Accessed 12 Nov. 2023].

xaasjournal.com (Misconfigurations [online] How do Misconfigurations Occurs? Available at:

https://www.xaasjournal.com/why-firewall-misconfigurations-are-putting-your-clients-at-risk/
[Accessed 12 Nov. 2023].

geeksforgeeks.org (Firewall [online] Firewall Configurations | Pos & Cons. Available at:
https://www.geeksforgeeks.org/introduction-of-firewall-in-computer-network/ [Accessed 12
Nov. 2023].

safetyculture.com (Review of Risk Assessment Procedures [online] Risk Assessment Methodologies.

Available at: https://safetyculture.com/topics/risk-assessment/ [Accessed 13 Nov. 2023].

nsuworks.nova.edu (Security Policy [online] Design and implement suitable security policy.
Available at: https://nsuworks.nova.edu/cgi/viewcontent.cgi?article=1947&context=gscis_etd
[Accessed 13 Nov. 2023].