Learning Outcomes

By the end of this unit students will be able to:

LO1 Assess risks to IT security
LO2 Describe IT security solutions
LO3 Review mechanisms to control organisational IT security
LO4 Manage organisational security.

Pearson BTEC Levels 4 and 5 Higher Nationals in Computing

Specification – Issue 2 – March 2022 © Pearson Education Limited 2022
117
Essential Content

LO1 Assess risks to IT security

IT security risks:
Risks of unauthorised use of a system, including unauthorised removal or
copying of data or code from a system, damage to or destruction of physical
system assets and environment, damage to or destruction of data or code inside
or outside the system, naturally occurring risks, internal and external sources of
risk.
Legal restrictions on the access to data, including UK and international data laws
(walled garden laws), e.g. General Data Protection Regulation (UK) (GDPR).
Organisational security, including business continuance, backup/restoration of
data, audits, areas of systems to be secured, e.g. data, network, systems
(hardware and software), WANs, intranets, wireless access systems, security
culture and the approaches to security in the work place, operational impact of
security breaches.
The concepts, main functions and features of a range of Operating Systems (OS)
and their security functions and associated security features.

LO2 Describe IT security solutions

IT security solution evaluation:

Network security infrastructure, including evaluation of network address
translation (NAT), demilitarized zone (DMZ), static and dynamic IP addresses.
Network performance: redundant array of inexpensive disks (RAID),
Main/Standby, Dual LAN, web server balancing.
Data security, including asset management, image differential/incremental
backups, storage area network (SAN) servers, encryption.
Data centre, including replica data centres, virtualisation, secure transport
protocol, secure MPLS routing, segment routing and remote access
methods/procedures for third-party access, physical mechanisms, e.g. air flow
and cooling to prevent overheating.
Security vulnerability, including logs, traces, honeypots, data mining algorithms,
vulnerability testing, zero-day exploits.
Educating staff and customers on IT security issues and prevention methods.
Understand how cyber security technology components are typically deployed in
digital systems to provide security and functionality, including hardware and
software to implement security controls.

Pearson BTEC Levels 4 and 5 Higher Nationals in Computing

118 Specification – Issue 2 – March 2022 © Pearson Education Limited 2022
LO3 Review mechanisms to control organisational IT security

Mechanisms to control organisational IT security:

Risk assessment and integrated enterprise risk management: network change
management, audit control, business continuance/disaster recovery plans,
potential loss of data/business, intellectual property, hardware and software
Probability of occurrence, e.g. disaster, theft.
Staff responsibilities.
Legal mechanisms, both UK and international, including Data Protection Act
2018, Computer Misuse Act 1990 and amendments, ISO 31000 Risk Management
standards.
Company regulations: site or system access criteria for personnel; physical
security types, e.g. biometrics, swipe cards, theft prevention.
Awareness of common security architectures and methodologies that
incorporate hardware and software components, and sources of architecture
patterns and guidance.
Assess the security culture within an organisation (the approach to security,
including how user actions impact on security).
Ensure system defences are informed by the most up-to-date legislation and
guidance on best practice from professional bodies.

Pearson BTEC Levels 4 and 5 Higher Nationals in Computing

Specification – Issue 2 – March 2022 © Pearson Education Limited 2022
119
LO4 Manage organisational security

Manage organisational security:

Organisational security policies, e.g. system access, access to internet email,
access to internet browser, development/use of software, physical access and
protection, third-party access, business continuity, responsibility matrix.
Reviewing and monitoring of security risk assessments and ensuring stakeholder
compliance with security procedures and standards.
Collect information from various sources (e.g. log files, system monitoring tools,
Secure Information and Event Management (SIEM) tools, access control systems,
physical security systems) and compare to known threat and vulnerability data to
determine a digital system security breach.
Using enterprise risk management (as part of system management and lifecycle)
for identifying, evaluating, implementing and follow up of security risks according
to ISO 31000 standards.
Understand appropriate security tools and methods, e.g. user log-on profiles to
limit user access to resources, online software to train and update staff.
Auditing tools to monitor resource access, security audits and penetration
testing.
Investigate organisation policy on ethical hacking and bug bounties.
Gathering and recording information on security and initiating suitable actions
for remediation.

Pearson BTEC Levels 4 and 5 Higher Nationals in Computing

120 Specification – Issue 2 – March 2022 © Pearson Education Limited 2022