Assignment Brief (RQF)

Higher National Certificate/Diploma in

Computing
Assessment Brief
Student Name/ID
Number

Unit Number and 05: Security

Title

Academic Year 2022/2024

Unit Tutor Ms. Eshandi Aththanayaka

Assignment Title Security HND B14

Issue Date 17/12/2023

Submission Date 05/01/2024

IV Name & Date

Unit Learning Outcomes

LO1 Assess risks to IT Security

LO2 Describe IT Security solutions

LO3 Review mechanisms to control organisational IT Security

LO4 Manage organisational security

Unit Learning Outcomes

1
Assignment Brief (RQF)

LO Learning AC In this assessment you

Evidence
Outcome will have the opportunity
to present evidence that Task (Page
shows you are able to: No Number)
LO1 Assess risks to 1.1 Identify types of security risks to 1
IT Security organisations.
1.2 Describe organisational security 1
procedures.

LO2 Describe IT 2.1 Identify the potential impact 2

Security to IT security of incorrect
solutions configuration of firewall
policies and third party VPNs.

2.2 Show, using an example for 2

each, how implementing a
DMA, status IP and NAT in a
network can improve Network
Security.

LO3 Review 3.1 Discuss risk assessment 3

mechanisms to procedures.
control
organisational 3.2 Explain data protection 3
IT Security processes and regulations as
applicable to an organisation.

LO4 Manage 4.1 Design and implement a 4

organisational security policy for an
security organisation.

4.2 List the main components of 4

an organisational disaster
recovery plan, justifying the
reasons for inclusion.

2
Assignment Brief (RQF)
Submission Format

The submission is in the form of a single word document. You are required to make use of
headings, paragraphs, subsections and illustrations as appropriate, and all work must be
supported with research and referenced using the Harvard referencing system. Make use
the font Times New Roman, size 12, all borders 1 inch, 1.5 line spacing and justified
alignment. No specific word limit given.

Student Assessment Submission and Declaration

When submitting evidence for assessment, each student must sign a declaration
confirming that the work is their own.

Student name: Assessor name:

Issue date: Submission Submitted on:

date:

Programme:

Unit:

Assignment number and title:

Plagiarism
Plagiarism is a particular form of cheating. Plagiarism must be avoided at all
costs and students who break the rules, however innocently, may be penalised.
It is your responsibility to ensure that you understand correct referencing
practices. As a university level student, you are expected to use appropriate
references throughout and keep carefully detailed notes of all your sources of
materials for material you have used in your work, including any material
downloaded from the Internet. Please consult the relevant unit lecturer or your
course tutor if you need any further advice.

3
Assignment Brief (RQF)

Student Declaration
Student declaration

I certify that the assignment submission is entirely my own work and I fully
understand the consequences of plagiarism. I understand that making a false
declaration is a form of malpractice.

Student signature: Date:

Assignment Feedback

Formative feedback : Assessor to student

Action plan

Summative feedback

Formative feedback : Student to assessor

4
 Assignment Brief (RQF)
Qualification

Pearson BTEC Level 4 HND in Computing

Assessor name

Unit Number and title

Unit 5- Security
Student name

Criteria Reference To achieve the criteria Achieved? (tick)

the evidence must
show that the student
is able to:

LO1 Assess risks to IT

Security

P1 Identify types of security risks to organisations.

P2 Describe organisational security procedures.

LO2 Describe IT Security solutions

P3 Identify the potential impact to IT security of

incorrect configuration of firewall policies and third
party VPNs.

P4 Show, using an example for each, how

implementing a DMA, status IP and NAT in a network
can improve Network Security.

LO3 Review mechanisms to control organisational IT

Security

P5 Discuss risk assessment procedures.

P6 Explain data protection processes and regulations

as applicable to an organisation.

5
 Assignment Brief (RQF)
LO4 Manage organisational security

P7 Design and implement a security policy for an

organisation.

P8 List the main components of an organisational

disaster recovery plan, justifying the reasons for
inclusion.

Higher Grade achievements (where applicable)

Grade descriptor Achieved? Grade descriptor Achieved?

(tick) (tick)

M1 Propose a method to LO1 and LO2

assess and treat IT
security risks D1 Investigate how a
'trusted network' may be
M2 Discuss three part of an IT security
benefits to implement solutions
network monitoring
systems with supporting
reasons

M3 Summarise the ISO LO3

31000 risk management
D2 Consider how IT
methodology and its
application in IT Security security can be aligned
with organisational
M4 Discuss possible policy, detailing the
impacts to security impact of any
organisational security
misalignment
resulting from an IT
security audit
M5 Discuss the roles of LO4
stakeholder in the
organisation to D3 Evaluate the
implement security audit suitability of the tools
recommendations used in an organisational
policy

Assignment Brief and Guidance

6
 Assignment Brief (RQF)

General Guidelines

A cover page or title page should be attached to your assignment. Use page 1 of this
assignment brief as your cover page and make sure all details are accurately filled. The
entire assignment brief should be attached as the first section of your assignment report.

The assignment report should be prepared using a word processing software. (A4 Sized
paper) Allow 1” margin on top, bottom and right sides of the paper and 1.25” on the left
side (for binding).

Overall, your report content (answer content) should not be lengthy more than 40 pages.

Word Processing Rules For the Assignment report

The font size (Body text) should be 12 point and should be in the style of Time New Roman.
Set line spacing to 1.5. Justify all paragraphs. Ensure that all headings are consistent in
terms of size and font style.

Use the spell check and grammar check function of the word processing application to
review the use of language on your assignment.

Important Points:

Carefully read the instructions given with the assignment. Do not unnecessarily write
irrelevant content.

Ensure that sufficient time is spent to complete the assignment by the due date. If you use
other people’s work or ideas in your assignment, it must be properly referenced, using the
HARVARD referencing system, in your text or any bibliography. Otherwise, you’ll be found
guilty of committing plagiarism.

Scenario

7
Assignment Brief (RQF)

EMC Cloud Solutions is reputed as

the nation’s most reliable Cloud
solution provider in Sri Lanka.
A
number of high profile businesses
in Sri Lanka including Esoft Metro
Camps network, SME Bank Sri
Lanka and
WEEFM are facilitated by EMC
Cloud Solutions. EMC Cloud
provides nearly 500 of its
customers with SaaS,
PaaS & IaaS solutions with high
capacity compute and storage
options. Also EMC is a selected
contractor for Sri
8
Assignment Brief (RQF)

Lanka, The Ministry of Defense

for hosting government and
defense systems.
EMC Cloud Solutions is reputed as
the nation’s most reliable Cloud
solution provider in Sri Lanka.
A
number of high profile businesses
in Sri Lanka including Esoft Metro
Camps network, SME Bank Sri
Lanka and
WEEFM are facilitated by EMC
Cloud Solutions. EMC Cloud
provides nearly 500 of its
customers with SaaS,
PaaS & IaaS solutions with high
9
 Assignment Brief (RQF)

capacity compute and storage

options. Also EMC is a selected
contractor for Sri
Lanka, The Ministry of Defense
for hosting government and
defense systems.
As an IT Security Specialist at a cybersecurity consultancy firm, you've been
approached by "Tech Solutions," a technology company headquartered in Colombo,
Sri Lanka, seeking to enhance its cybersecurity protocols. Driven by a growing
awareness of the rising cybersecurity threats prevalent in the tech industry, Tech
Solutions is committed to fortifying its defenses. Tech Solutions operates across
multiple locations, with offices in Gampaha, Nugegoda, Matara and Awissawella,
contributing to the company's advancements in technology. With a workforce
exceeding 400 professionals, including developers and engineers, the company
prioritizes the protection of intellectual property and client data, making the
security of their systems a top priority.

Considering Tech Solutions' partnerships with international collaborators and clients

in the technology sector, it is crucial to implement rigorous security measures to
protect sensitive information. The company's current data storage infrastructure
relies heavily on on-premises servers, prompting the need for a more scalable and
advanced solution to accommodate its expanding projects and collaborations.

Tech Solutions also about to expand their company with other products and make it
a group of companies in next year. Hence company requires you to consider the
long-term plan and propose the security solution. Also, company is willing to
allocate a considerable amount from their budget for security and willing to
embrace new suitable technologies for their management.

In preparation for the following tasks, you will be required to prepare a report.

Task 1 (LO1)

10
 Assignment Brief (RQF)
1. The security risks that can be faced by the company. (P1)
2. How data protection regulations and ISO risk management standards can be
applied to IT security. (P2)
3. Propose a method to assess and treat IT security risks. (M1, D1)

Task 2 (LO2)

1. Identify the potential impact to IT security of incorrect configuration of

firewall policies and third-party VPNs according to the given scenario. (P3)
2. Show, using an example for each, how implementing a DMZ, status IP and
NAT in a network can improve Network Security. (P4)
3. Discuss the benefits to implement network monitoring systems with
supporting reasons. (M2, D1)

Task 3 (LO3)

1. Discuss risk assessment procedures applicable to the organization. (P5)

2. Briefly describe the steps to conduct a risk assessment based on ISO 27001
standards and conduct risk management based on ISO 31000 standards for
the organization. (M3)
3. Explain how data protection processes and regulations a can applicable to the
organisation. (P6)
4. The potential impact that an IT security audit might have on the security of
the organization. (M4)
5. Consider how IT security can be aligned with organisational policy, detailing
the security impact of any misalignment. (D2)

Task 4 (LO4)

11
 Assignment Brief (RQF)
Further include the following in your report:

1. A new set of security policies for the organization for the IT infrastructure.
(P7)
2. Explain how those policies can be implemented within the organization and
the responsibilities of employees and stakeholders in relation to security.
(M5)
3. While considering the components to be included in disaster recovery plan for
Tech Solutions, justify why you have included these components in your
plan. (P8)
4. Suggest tools and techniques to be used to improve the security of the
organization and explain how suitable they are for the company. (D3)

12
 Assignment Brief (RQF)
Learning Outcomes and Assessment Criteria
Pass
LO1 Assess risks to IT security
P1 Identify types of security risks to
organisations
P2 Describe organisational security
procedures
LO2 Describe IT security solutions
P3 Identify the potential impact to IT
security of incorrect configuration of
firewall policies and third party VPNs
P4 Show, using an example for each,
how implementing a DMA, status IP
and NAT in a network can improve
Network Security
LO3 Review mechanisms to control organisational IT Security
P5 Discuss risk assessment
procedures.
P6 Explain data protection
processes and regulations as
applicable to an organisation
LO4 Manage organisational security
P7 Design and implement a
security policy for an organisation.
P8 List the main components of an
organisational disaster recovery
plan, justifying the reasons for
inclusion
Merit
M1 Propose a method to assess
and treat IT security risks
M2 Discuss three benefits to
implement network monitoring
systems with supporting reasons
M3 Summarise the ISO 31000 risk
management methodology and its
application in IT Security
M4 Discuss possible impacts to
organisational security resulting
from an IT security audit
M5 Discuss the roles of
stakeholder in the organisation to
implement security audit
recommendations
Distinction
LO1 & 2
D1 Investigate how a
'trusted network' may be
part of an IT security
solutions
D2 Consider how IT
security can be aligned
with organisational policy,
detailing the security
impact of any
misalignment
D3 Evaluate the suitability
of the tools used in an
organisational policy
13