UNIT 5 SECURITY

ASSIGNMENT: Managing Network Security for an Organisation

Anusha Asim
Pearson ID: RF64842
HND
Regent Middle East
TABLE OF CONTENTS
UNIT 5 SECURITY........................................................................................................................1
Introduction..................................................................................................................................3
Post-Presentation Evaluative Report......................................................................................19
Analyzing the Benefits of Implementing Network Monitoring Systems...............................19
Proposal for IT Security Risk Management at Capital College.............................................21
Evaluating Security Measures..................................................................................................23
Summary of ISO 31000:2018 (A Key Risk Management Standard).......................................31
Analyzing the Impact of an IT Security Audit.........................................................................33
Recommendation for IT Security Alignment with Organizational Policy.............................34
Security Policy...........................................................................................................................37
Justifications for Security Policy Proposal............................................................................52
Evaluation of Security Tools for Capital College................................................................55
References.................................................................................................................................57
Student Declaration...................................................................................................................58
Activity 1
This report evaluates Capital College's information technology architecture and suggests
detailed measures to enhance its network's security. It examines the security breach in depth
which pinpoints the weaknesses and necessities for immediate solutions.

Slide 1

Supporting Notes:
Let's visit the topic of information security within Capital College. The example of the recent
ransomware attack makes clear the urgency and importance to improve. I will now describe
other potential IT security risks and suggest measures to strengthen overall security.

Slide 2
Supporting Notes:
Various IT security risks loom before Capital College. Data breach and attacks like ransomware
are few of the major problems, even unintentional actions by staff could put the college in risk.
Here are some examples with their impact:

1. Ransomware Attacks:
- Example: A few weeks ago, the college went through a ransomware attack affecting
access to its critical data and the functioning of services. Access to things such as
teaching materials and students' records was completely cut off.

Impact: This attack made the college experience financial loss, work disruption and
damage to reputation.

2. Unauthorized Access:
- Example: As the network server room is not secured, anyone can easily invade it. As for
the IT labs, the system can be exploited is if someone misplaces or loses their cards.
This could allow confidential student and staff data to be breached.

- Impact: Security breaches may void trust, which is very important for stakeholders.
Furthermore, unauthorized access could even jeopardize sensitive data; like the leak the
of a student's academic record, which will have legal ramifications.

3. Inadequate Email Security:

 - Example: The email server, fileserver, backup, NAS drive and Domain Network Server
are still kept in a non-secured room. This is so risky that intruders can literally enter the
room by default.

- Impact: Unauthorized access to email servers will compromise confidential Capital

College communication.

4. Weak Endpoint Security:

- Example: The use of older versions of Windows 8.1 on the college computers, along
with the freeware VPN, makes the college vulnerable. Outdated operating systems often
lack important security updates, which makes them easy to exploit.

- Impact: Outdated operating systems and unreliable software opens up the risk of
malware infections, unauthorized access and exploitation of security weaknesses by
hackers. This erodes the confidentiality and integrity of the college’s stored data.

5. Insufficient Data Backups:

- Example: Capital College solely relies on an 8TB NAS drive for data backup without any
alternatives or extra measures.

- Impact: In the case of physical damage to the drive by intruders or natural disasters, the
data will be completely lost.

Slide 3

Supporting Notes:
Now that I was able to spot some of the big threats to the Capital College, I will be shifting my
focus to the present security measures and what is needed to be done next.

1. Physical Security Measures:

● Strengths: Using swipe cards to access to IT labs creates physical security.

● Weaknesses: The non-secured IT Technicians' office might allow unauthorized access

to the network server room.

● Recommendations: Apply a strong physical security policy that will restrict access to
server rooms, lock sensitive areas of the college and make it compulsory to have regular
security audits.

2. Endpoint Security Practices:

● Strengths: Capital College uses virus scanners which are configured to scan USB drives
Optical drives have also been removed from computers. Both of these methods reduce
the probability of IT security attacks.

● Weaknesses: Relying on an outdated operating system (Windows 8.1) and using

freeware VPN compromises the IT security of the college.

● Recommendations: Upgrade to a more secure operating system and consider investing

in a more reliable VPN solution.

3. Data Backup and Recovery:

● Strengths: College data is backed up weekly to an 8TB NAS Drive.

● Weaknesses: Depending on a single backup location poses a risk since hardware failure
or a disastrous incident could occur. The frequency of the backups is also low. A week’s
worth of data could be lost in case of a data breach.

● Recommendations: Implement a more elaborate backup strategy, one which includes

offsite backups or cloud-based solutions. Additionally, daily backups can be done.

3. Email and Server Security:

● Strengths: The existence of an Acceptable Use Policy for students is a positive aspect
since they are made aware of what is acceptable use of the resources given by the
email and file server.

● Weaknesses: Non-secured location of critical servers opens the path for unauthorized
access to take place.
 ● Recommendations: Strengthen server room security, consider encryption for sensitive
email communications and update the Acceptable Use Policy to apply to both students
and staff.

4. Remote Access Security:

● Strengths: Implementation of a VPN for remote access is a positive step.

● Weaknesses: Relying on a freeware VPN and direct Remote Desktop access to the file
server creates a security risk due to poor encryption of sensitive data and potential
malware.

● Recommendations: Invest in a secure VPN solution and use multi-factor authentication

for remote desktop access.

5. Security Awareness Training:

● Strengths: An Acceptable Use Policy exists for students, which means they are
somewhat aware of security practices and acceptable use of the college’s IT resources.

● Weaknesses: No specific staff policies.

● Recommendations: Build a security awareness to train both students and staff with a
focus on safe online practices, detecting phishing attempts and following security policy.

This evaluation is the backbone of the security plan.

Slide 4
Supporting Notes:
The Acceptable Use Policy (AUP) is a must-have measure to ensure that Capital College’s IT
resources are being used ethically. The AUP of Capital College has some strong aspects.
However, there is potential to improve.

Strengths:

1. Access to Resources:
Capital College has a network of computers, internet and Virtual Learning Platform (VLP) that is
available for every student and teacher. This creates a virtual learning environment where
academic needs and teaching duties can be fulfilled.

2. Encouraged Use for Academic Goals:

The policy specifies that these resources are only to be used for academic and teaching
purposes. This encourages its fair use.

3. Consistency with Standards of Conduct:

According to the policy, behavior on the Virtual Learning Platform (VLP) must align with Capital
College’s standards of conduct. This makes sure that the online environment remains respectful
and appropriate for learning.

4. Adherence to UK Law:
The policy also makes it clear that the IT resources of Capital College must adhere to UK law.
This shows a commitment to legal compliance.

5. Monitored Use:
It is also made clear by the policy that the use of intranet/internet, email and other IT resources
will be monitored for security and network management. This helps with security, and with
allocating IT resources fairly.

Limitations:

1. Lack of Explicit Monitoring Details:

The policy says monitoring will only be carried out for security and network management but it
doesn’t tell deeper about its scope and the nature of monitoring. This lack of details might
become an issue for users, leading to privacy concerns.

2. Unclear User Limitations:

The policy imposes restrictions on the user of resources but does not define these limitations.
These ambiguities might make the users unknowingly break rules.

3. Scope of Academic Use Not Clearly Defined:

Though the policy comes down on how the resources can only be used for learning and
teaching purposes, it does not go in details of defining what makes something “academic use”.
This creates subjectivity and makes it tricky to enforce.

4. Vague Consequences for Illegal Violations:

The policy briefly mentions consequences for illegal use, but it does not describe the strength
and severity of those consequences when UK law is violated.

5. Not Inclusive of Staff:

Employees are not being seen as a security threat, being left out of the acceptable use policy.

Recommendations:

1. Detailed Educational Purpose Definition:

Make a properly pronounced and explicit definition of what educational and academic means for
users.

2. Inclusion of Remote Learning Considerations:

Update the policy to directly cover remote learning circumstances.

3. Inclusion of Staff:
The Acceptable Use Policy should contain explicit guidance for staff.

4. Regular Review and Update:

Regularly review and update the Acceptable Use Policy, so that it remains aligned with the
evolving world.

Slide 5
Supporting Notes:
The UUP (Unacceptable Use Policy) of Capital College sets the ground for responsible digital
behavior within the its academic community.

Strengths:

1. Clear Prohibitions:
The section on unacceptable use is crystal clear in specifying the activities that are off-limits on
the network of Capital College. This draws a straight line between what actions are limited to
users and what must never be done.

2. Preservation of Network Integrity and Data:

The policy clearly states that activities like unauthorized access, data manipulation and other
kinds of disruptions are strictly unacceptable. This protects the integrity of the network as well
as user data.

3. Consequences for Violations:

The policy mentions the consequences of breaking rules, like an immediate ban for serious
violations.

4. Acknowledgment of Legal Consequences:

The policy highlights that illegal use will be dealt with appropriately, in accordance with UK law.

Limitations:

1. Lack of Specific Definitions:

The policy is short on details in terms of unacceptable activities - it provides only broad overview
but does not give specific examples for each category.

2. Ambiguity in Legal Consequences:

The consequences of disregarding UK law while using IT resources is mentioned in the policy
but detail is missing.

3. Absence of Incident Reporting Guidance:

The policy does not offer any information about the way users should report unacceptable use.
This will discourage users from reporting.

4. Not Inclusive of Staff:

The policy does not mention what could be considered unacceptable use for staff.

Recommendations:

Recommendations:

1. Clearly Defined Prohibitions:

Clearly stipulate in the unacceptable use policy what, as far as educational and academic
activities are concerned, contain, and give examples so that users can have guidelines.

2. Clarification on VPN and Proxy Use:

Communicate and give to the student the acceptability and unacceptability of the use of VPN
and proxy services. Explain the specific times that its usage by a student will result in a
violation, for college policies; and any other time whereby its usage is allowed.

3. User Training and Awareness:

An intensive training program is to be developed on the consequences arising from involving
students and staff in unacceptable use, but most importantly on the urging to exercise
responsible online activity, where, for that matter, it is understood that it can also have serious
legal effects.

4. Incident Reporting Procedures:

Maintain clearly-defined, accessible procedures for reporting unacceptable use of systems, and
empower users to be in a position to report previous violations and encourage a swift response
for mitigation of perceived threats.

5. Inclusion of Staff:
There will be a clearly defined set of prohibitions; employees will know what the consequences
are, so they will know what is allowed and what is not allowed.

6. Regular Review and Update:

Develop a systemized, regular review process for the Unacceptable Use Policy in order to make
sure that the changes brought about by technology, changing standards, and adjustments in the
delivery of education are continually assured.

Slide 6

Supporting Notes:
Firewall policies combine a bunch of other firewall rules together under a firewall policy that has
an explicit intention by being applied and updated in that way. In defining how the traffic can
flow across from one interface to another, firewall rules define the flow of traffic across the
firewall device by either allowing or denying. Few typical factors that are kept in mind while
writing firewall rules are port/protocol, action, destination object (IP address/range, DNS Name,
or group), source object (IP address/range, DNS Name, or group).

Risk to the institution itself is high due to poor firewall policy configuration.

1. Correct Configuration:
A firewall is properly configured hardware and/or software meant to be a barrier that is able to
monitor and control traffic to and from a network according to some given security rules. This
barrier, when well configured, is meant at preventing unauthorized access to the network so that
sensitive information is not interfered with by people outside the network, who may have
malicious intent.

2. Incorrect Configuration Risks:

On the other hand, if the firewall policies are not properly put in place, they create security
loopholes which in turn open out avenues for security threats. For an instance, a misconfigured
firewall can easily allow access to student records or confidential data of the staff against the
integrity and confidentiality of such sensitive information.

3. Example Scenario:
Let me illustrate with an example: the situation where the firewall policy was also not
comprehensive and had allowed non-required firewall logging, hence causing a lag to
immediate security threat detection. This would then have delayed the immediate required
response to the security attack, hence currently providing an outsider entity access to the filer
server's collective of this college, which is holding student records. By then, the outsider would
have an ability to manipulate data and release private students' information.

4. Potential Consequences:
An incorrectly configured firewall may lead to many adverse effects: unauthorized access can
lead to data breaches, reputational damage, and even legal penalties. Penalties and erosion of
trust by students, staff, and other stakeholders in an organization may even pull down the
standing of the institutions.

5. Recommendations for Firewall Configuration Policies:

To mitigate these risks, it is imperative to establish and regularly review firewall policies.

Recommendations include:
a. Regularly updating and reviewing firewall rules to align with current security best practices.
b. Conducting periodic security audits to identify and rectify any misconfigurations.
c. Implementing a policy of least privilege, ensuring that only necessary network services are
exposed.

At the moment, the capital college has a firewall that is wrongly configured, only able to do the
blocking of blacklisted malicious IP addresses. Therefore, this is something that it should correct
so that the firewall at the college is properly configured to allow only Hypertext Transfer Protocol
Secure (HTTPS) requests.

Slide 7
Supporting Notes:
A poorly set up third-party VPN is vulnerable and exposes one's data with low-level encryption,
creating a reduction in the level of reliability.

This is typified very well in a recent incident that Capital College was facing: insecure VPN
configurations that were a way to a ransomware attack. Periodic security audit and review of the
VPN settings need to be done to ensure that Capital College enforces a secure set-up for a
VPN, especially in light of remote accessibility trends that educational institutions are currently
undergoing to add vigor and more protection from outside.

Slide 8
Supporting Notes:
I will now be sharing some suggestions to improve Capital College’s IT security.

Slide 9

Supporting Notes:
A De-Militarized Zone (DMZ) will separate the resources in the critical network from any
potential threat. A demilitarized zone (DMZ) refers to a network position or location isolated from
an organization's internal network but sandwiched between the untrusted external network and
the trusted inside network, hence adding another security layer.

The main goal should be to protect critical network resources, such as servers and databases,
against exposure so that any possible external threat is mitigated to literally giving direct access
to the internal network.

How DMZ Enhances Security:

1. Provides a controlled environment for external-facing services.

2. Limits the potential impact of security breaches by segregating critical systems.
3. Facilitates secure communication between external and internal networks.

Example Scenario:
For example, if an external force tries to make a susceptible exploit to a public-facing server, the
DMZ acting as a buffer will smite the effort and bar further insurgency into the internal network.

The DMZ can also isolate the virtual learning platform (VLP) of Capital College.
This strategic measure recommends the addition of a DMZ into the Capital College network
architecture such that weaknesses were created resilient against any possibly presented cyber
threats.

Slide 10

Supporting Notes:
A static internet protocol address is an address that does not change and is assigned to a
device on a network so that the communication over the network remains consistent and
dependable. Basically, this is a security feature requirement for the entire community, inclusive
of students and staff. This will give the network managers an easy time to trail and monitor the
activities among students.

Purpose of Static IP:

1. Ensures consistent identification of devices on the network.

2. Facilitates reliable and secure communication, crucial for network stability.

How Static IP Enhances Security:

1. Simplifies network management by allowing secure device identification.

2. Enables precise control over access permissions, reducing the risk of unauthorized network
access.

As a result, at Capital College, it is highly recommended to use static IPs for crucial parts inside
the network.

Slide 11

Supporting Notes:
NAT stands for Network Address Translation. It is a mechanism where addressee information in
the headers of packets is changed by changing the network address in the header while the
packet is in transit to a locally expressed one.
It also conceals all the identity of the host systems behind a private network, hides the internal
network addresses from getting exposed by external networks, and hence the several devices
on the local network are able to share a single public address.

How NAT Enhances Security:

1. It masks internal network structure, making it challenging for external entities to identify
specific devices.

2. NAT also works as a firewall that cuts direct access inside devices, which therefore reduces
the chance of unauthorized access into the device.

Visualize NAT as the primary part of the security strategy in Capital College by incorporating an
extra layer to the threats. Subsequently, it will enhance the NAT capability in securing sensitive
data and maintaining the integrity of the network.

Slide 12

The highlighted points above are the combination of the measures that Capital College is going
to take toward strengthening its general network system security.

Post-Presentation Evaluative Report

Analyzing the Benefits of Implementing Network Monitoring Systems

The installation of a network-monitoring system provides an organization with a much-needed
proactive approach to the management and securing of the systems' infrastructure. This report
identifies the benefits of installing a network-monitoring system by presenting reasons why such
systems are essential for optimal operation and protection of the IT environment.

1. Early Detection of Anomalies:

Network monitoring keeps an eye on the performance of different network components in real
time. In particular, the system remains in a kind of constant analysis of network traffic. In cases
of any type of anomaly and irregular patterns, this can be a sign of a security threat or even an
operational problem. It would also assist in the case of early detection for Capital College,
wherein many computer labs and various education resource centers are placed.

2. Improved Network Performance and Reliability:

Active network management leads to improved performance across the whole network and
assures its full reliability. Weak points and inefficiencies are easily detected and then worked on
through routine check-ups on bandwidth usage, latency, and health of devices. The approach to
real-time network management is mostly proactive and can help in optimization of network
resources, downtime prevention, and fair assurance of a smooth network.

Similarly, a college of the nature of Capital College, which runs programs basically focused on
computer science and engineering, will surely require top network performance.

3. Enhanced Network Security:

Network monitoring helps in improving defenses related to IT security. It points out the
suspicious activities that may happen, such as unauthorized attempts to access resources and
also discloses various malware infections or even DDoS attacks to the system, letting the
administrators know and alerting them in time.

Besides its guarding measures, Capital College will also ensure that it detects the possible
threats to security when monitoring its network, safekeeping personal and educational assets
which might also be accessible to others, for example, the Virtual Learning Platform (VLP).

4. Efficient Resource Utilization:

The changes in the network should be monitored for a sound count of students and staff
members so that the resources at Capital College are properly utilized. The network monitoring
system reports comprehensively the status of usage of network resources towards allowing
optimized allocations for the bandwidth.

5. Streamlined Troubleshooting:
In a dynamic learning environment, network issues can disrupt classes and academic activities.
The network monitoring system provides one with visibility since it always points out the point of
trouble immediately when it occurs, speeds up troubleshooting, and at the same time, it
eliminates downtime by minimizing user impact, fostering overall resilience of operations.

6. Compliance Adherence:
As a responsible teaching institution, Capital College, therefore, is expected to follow the
regulations set about data protection. Monitoring systems will help in tracking activities in the
network and give records on the activities, thus assisting the institution to gain a mark of
implementation as per the set current standards.

7. Availability of Historical Data for Analysis:

Network monitoring provides benefit to Capital College in the case of a deep trend analysis
framework. More so, in helping in realizing long-term performance of a network with an aim
towards identification of patterns in the future for planning of the network.

8. Cost Savings:
Efficient allocation of resources based on the network monitoring data will enhance the
economic scenario for Capital College. The spike in expenditure for extra resources used will be
eliminated when Capital College knows the actual pattern of use and demand for the network.

Network Monitoring Benefit Application to Capital College

Early Detection of Anomalies Swift anomaly detection for a prompt

response to maintain access to educational
resources.

Improved Performance and Reliability Ensures uninterrupted access to online

course materials.

Enhanced Security Protects sensitive student and staff data and

valuable educational resources.

Efficient Resource Utilization Insights into bandwidth usage for cost-

effective resource allocation to meet
educational demands.

Streamlined Troubleshooting Rapid identification and resolution of issues,

minimizing downtime and ensuring
uninterrupted academic activities.

Compliance Adherence Documentation of network activities,

supporting compliance with data protection
regulations.

Historical Data for Analysis Accumulation of historical data for trend

analysis, aiding in informed decision-making
and future network planning.

Cost Savings Efficient resource allocation based on

monitoring data, leading to potential cost
savings in network maintenance and
operations.
Proposal for IT Security Risk Management at Capital College
This proposal outlines a methodology that aligns with Capital College’s need for managing risks
related to IT security.

1. Risk Identification
Regular workshop opportunities involving IT staff, educators, and key stakeholders will provide
a forum that pools insights and positions into personal and collective lines. This participative
process will make it possible for people to develop a collective understanding of unique risks at
Capital College.

In addition, to the aforementioned, there are Threat Intelligence Platforms (TIPs) and
frameworks available, such as the Operational Critical Threat, Asset, and Vulnerability
Evaluation (OCTAVE) Allegro, which can further enrich the identification process for the risk.
Here are some cost-effective options of Threat Intelligence Platforms for Capital College to
choose from the most budget-compatible and size-fitting: Safetica, Microsoft Sentinel, or
ThreatWatch.

These tools will help provide in detail what threats are focused on student data, the threats
which focus on the student/student community, including those that apply to data on online
learning platforms, or administrative systems.

2. Risk Assessment
Risk assessment could be executed with both quantitative as well as with a qualitative analysis
approach in order to ensure more comprehensive estimation. For example, the use of a data-
driven viewpoint using the Factor Analysis of Information Risk (FAIR) and others will help avail
an estimation of both the probability and impact of the identified risks.

The FAIR (Factor Analysis of Information Risk) Model:

Risk matrices would provide an enriched context that quantification on its own cannot get. Some
of those risks impacting things like student online learning, data for students, and the continuity
of operation will be prioritized.

3. Risk Treatment:
The treatment needed for the identified risks will have to be very targeted in the approach—with
high focus on the high level, which is practical and effective controls, in putting all the necessary
systems in place, like firewalls, advanced endpoint protection, encryption techniques, among
others. In that regard, Zero Trust Architecture—considered in reducing risks possibly related to
lateral movement across the network—allots peak consideration toward its capability.

Zero Trust Architecture is a security concept centered on the philosophy that organizations must
not trust on autopilot anything inside or outside its perimeters but must verify any and all things
that try to connect to the systems before finally granting access, thus enhancing overall security
by continuous user and device authentication and authorization.

Special attention shall be given toward secure access controls to guide the staff in their comfort
and safeness of their information.

4. Continuous Monitoring

Some of the continuous monitoring to be adopted will include the use of some of the following
security information and event management (SIEM) tools: Splunk, SolarWinds, or any other
relevant tool to go a long way in real-time detection of threats.
There is the need of updating the protocols on an ongoing basis and determining the insights
from potential threats that can affect Capital College’s IT resources.

5. Education and Training

In this regard, Capital College is supposed to run regular awareness programs at different times
in recognition of IT security being a combined role of the systems staff and the student users.
These, at least, must contain topics such as phishing attempts detection, safe password
practices enforcement, and compliance with acceptable use policies.

The content of the training will be built around the lines of the possible challenges within such
an educational environment: the role of educators and staff in general in securing an online
environment. The reasons are that training and educational programs themselves will never
cease to be is due to new threating growing in IT and changing best practices in the industry.

6. Incident Response Plan

The organization shall ensure that an incident response plan supports its risk management to
clearly outline roles, responsibilities, and how to act if there is a security incident. This shall be
supported by way of regular exercises and drills to test the level of preparedness and measure
effectiveness, as decided upon in the plan.

7. Regular Audits and Compliance Checks

Internal audits will be scheduled using tools like Nessus. This way, Capital College is set to
identify and rectify any kind of noted possible security vulnerability within the IT infrastructure,
something that is bound to happen periodically whenever there is a need to do so. The audits
will be intensive in terms of its alignment to the respective local and international applicable
regulations guiding educational data protection for the student information under Capital
College.

Evaluating Security Measures

Although each physical and virtual security measure is instantly needed to be taken at Capital
College, still, the differently taken measures are checked for the respectively taken integrity and
strength on how these are able to secure the IT setup of the college.

Physical Security Measures:

1. Biometric Access Control to Server Rooms:

● Advantages: It can be used to physically limit entry to sensitive areas, which will
lower the chances of unauthorized access as well as the potential incidences of
tampering or theft.
● Disadvantages: It is likely to be highly costly in its installation and running. False
positives can also be quite high, perhaps restricting access inappropriately.

2. Surveillance Cameras:
● Advantages: Visually monitoring sensitive areas through CCTV cameras can act
as an effective mechanism of prevention against intrusion, and also for marking a
possible suspect for easy identification in the case of any security breach.
 ● Disadvantages: They require constant monitoring (which might be an overload
for the staff), and they dismiss certain 'blind' spots which the determined intruder
can use.

3. Security Guards:
● Advantages: Problems can be solved quickly; that is, with someone on a site to
deal directly with an unplanned element; hence, there is a reduction in
unauthorized access.
● Disadvantages: Could be costly, and the guards will not be all over, especially
when you would want them to be present in multiple places at once. The margin
of human error also opens up since full reliance is put on them.

Virtual Security Measures

1.Firewalls:
● Advantages: Performs the role of a barrier between the internal and external
networks, in which it filters any suspicious attempts, hence stopping any
unauthorized access.

● Disadvantages: Need regular updates and tweaking, and might not catch some
advanced security threats.

2.Antivirus Software:
● Advantages: Detects and eliminates known malware, keeping Capital College’s
devices safe from infection.
● Disadvantages: Doesn't always catch new attacks or advanced malware. It can
also slow down computers.

3.Intrusion Detection Systems (IDS):

● Advantages: It is easy to monitor network activity thoroughly and raise an alert in
case of any kind of danger, so in a way it is a forerunner to a security attack.

● Disadvantages: Highly prone to false alarms, hence may lead to massive

wastage of time and resources. It requires a swift response to the alert. Failure
instantaneously may allow aimed attacks, to be successful.

Although physical security provides the necessary physical layer of protection, it may be quite
pricy and is subjected to breakthroughs. Virtual security, however, confronts the unseen level of
security risks that are invisible to the humans – as long computer systems are timely updated,
and competently executed. Together, with these two kinds of securities combined, a great shield
is produced, one which offers organizations protection against the security risks faced and
keeps the activities related to IT safe.
Physical Security Advantages Disadvantages Supplementation
Measures

Biometric Access Keeps important Expensive to set up Add extra methods

Control to Server areas safe from and manage, may let like PINs to decrease
Rooms unauthorized access, unauthorized people the chance of
reducing theft or in by mistake. mistakes (e.g.,
tampering. Capital College’s pre
existing swipe cards).

Surveillance Watches over key Needs constant Add motion sensors

Cameras spots, discouraging watching, has blind and keep cameras in
intruders and helping spots and can be good condition to
to spot suspects in fooled by determined cover more areas
cases of IT security intruders. and work better.
incidents.

Security Guards Respond quickly to Can cost a lot, can't Use remote
security problems, be present monitoring and
lowering the chances everywhere and regular training to
of unauthorized entry. human errors can cover more areas
happen. and reduce errors.

Virtual Security Advantages Disadvantages Supplementation

Measures

Firewall Blocks out suspicious Needs regular Add extra systems to

access attempts, updates and might catch threats in real-
keeping networks not catch some new time and protect
safe from outsiders. threats. against new dangers.

Antivirus Software Finds and deletes Not great against Use extra tools for
known malware, new threats and can spotting new threats
keeping devices safe slow devices down. and reacting quickly
from harm. to problems.

Intrusion Detection Monitors network for Can raise false Use other systems to
Systems (IDS) suspicious activity, alarms, necessitates sort through warnings
warning when any a quick response and react faster to
red flags appear. real problems.

Process Review Document

This process review evaluates the current mechanisms and legislation for data security at
Capital College. The focus is on assessing the existing risk assessment procedures outlined in
Appendix 2 – Current Risk Assessment for Capital College.

Review of Current Risk Assessment Procedures:

1. Computer Lab PCs - Virus:

● Threat Probability: Very Likely
● Impact: Minor
● Risk Assessment Priority: 1

Review: This threat is identified as having low severity and being very likely. As for how it will
affect Capital College, the impact being assessed for the threat turns out as low, with the result
leading to low priority assessment of the risk as an outcome of the assessment. Building user
awareness, frequent updates, and strong antivirus protection are rather the main goals for
mitigation of this type of threat.

2. Computer Lab PCs – Data Getting Deleted:

● Threat Probability: Likely
● Impact: Minor
● Risk Assessment Priority: 1

Review: Due to malware, unintentional factors and many other cases, data deletion is a very
common IT security issue, therefore, justifying the likely probability awarded to this risk. The net
overall effect however, is a small one, resulting in a combined total risk assessment indicative of
low priority. Possible mitigation strategies include having regular written data backups, access
control, and training staff on protection.

3. Computer Lab PCs – Potential Breach of Copyright:

● Threat Probability: Very Likely
● Impact: Moderate
● Risk Assessment Priority: 2

Review: This threat would be very likely to happen with a high probability of materializing: a
breach of copyright. The likely potential impact would be moderate—probably medium—
justifying a low risk assessment of priority. The mitigation should include exposure to copyright
education, plus content filtering and monitoring with a copyright focus.

4. Computer Lab PCs – Spreading Unauthorized Material:

● Threat Probability: Likely
● Impact: Moderate
● Risk Assessment Priority: 2
Review: This threat is assessed as likely, justified due to the lack of stringent controls on the
internet to restrict the spread of unauthorized materials, as well as due to commonly used
blocks by institutes being passable through the use of technologies like VPNs. As for
institutional impact, there would not be significant damage, thus justifying the classification of
moderate impact and medium risk priority. The possible mitigative measures are content
monitoring, user awareness programs, and strict policies against the different forms of
unauthorized material.

5. Staff Laptops - Virus:

● Threat Probability: Unlikely
● Impact: Moderate
● Risk Assessment Priority: 1

Review:
Given how surprisingly sophisticated malware development has become, this threat comes
across as "very likely". Although the impact is rated at very little, it is important to note that
modern viruses can still echo farther into the future. Class 1 priority given for risk assessment of
is sensible but a little inadequate to describe the need to be proactive. Mitigative measures
should involve strong thrust on the use of antivirus, regular updating of staff and spreading
awareness about safe computing practices.

6. Staff Laptops - Deletion of Data:

● Threat Probability: Unlikely
● Impact: Moderate
● Risk Assessment Priority: 1

Review:
A "likely" probability of data loss on Computer Lab PCs is based on how data loss is an
incredibly common IT security issue, due to both user and system error. The "likely" probability
is true from the number of accidental or intended loss of the data. The loss of data, even if it is
small, disrupts academic and administrative operations, justifying its moderate impact
classification. Some of the mitigation strategies that can be put in place include regular backup
of data, access controls, and training of staff and students on data protection.

7. Staff Laptops – Potential Violation of Copyright:

● Threat Probability: Unlikely
● Impact: Moderate
● Risk Assessment Priority: 1

Review:
Due to the rapid increase in troubles controlling digital content, the probability of breaching
copyright on computer lab PCs is very high. The final categorization, consisting of classifying
online sharing as a likely copyright violation, must be classified as "very likely" based on the
high level of prevalence. The moderate impact is also amenable to the well-reasoned approach
based on irreparable damage to reputation and legal precedence. A classification ranking of 2
for risk assessment priority is sensible. Mitigation efforts must start with education of the
population on copyright issues and then proceed to content filtering and tracking to monitor any
massive violations of copyright.

8. File Server - Virus:

● Threat Probability: Unlikely
● Impact: Major
● Risk Assessment Priority: 1

Review:
The "moderate" type of impact reflects that a considerable amount of concern will be given to
the respective legal and reputational impacts of this threat.
Furthermore, the priority 2 appropriately points to high risk requiring tight policies, user
education, and monitoring to prevent the unauthorized distribution of content. Mitigation
measures will include the deployment of antivirus protection, specifically for the file server;
frequent updating; and monitoring of any suspicious activities on the file server.

9. File Server - Deletion of Data:

● Threat Probability: Unlikely
● Impact: Major
● Risk Assessment Priority: 2

Review:
The low occurrence of user errors on staff laptops, as well as general staff behavior and usage
patterns justify the threat probability categorization of unlikely.
Since the file server is the digital heart of online teaching resources and learning material at
Capital College, missing data from it could have disastrous effects on the college’s operations,
justifying the potential impact marked as major. The priority 2 risk assessment categorization
points to the following mitigation strategies: data should have backup, access should be
monitored, and login attempts to the file server activities must be tracked.

10. Network - DDoS attack:

● Threat Probability: Very Likely
● Impact: Major
● Risk Assessment Priority: 3

Review:
This threat is perceived to be imminent, based on threat research which makes the growing
incidences of DDoS attacks on networks quite evident. Myltics research found record-breaking
rates of the size and pace of DoS attacks made in the year 2023.

Another similar report indicates that besides the fact that the use of AI in attacks will increase as
from 2024, it also shows that IoT botnets will now have a chance to become more powerful and
sophisticated and in so doing could result in massive DDoS attacks. This, therefore, exposes
small institutions such as Capital College to major risks, thereby justifying the "very likely"
probability categorization. End of quotation. Appropriately, it is labeled to have a major potential
impact by effect on the network infrastructure as a whole, which is a risk assessment priority of
the highest level. In this regard, the mitigating strategy would have to incorporate strong network
security mechanisms, DDoS prevent strategies, and real-time monitoring upon check for any
abnormal network traffic.

11. Network - Virus:

● Threat Probability: Unlikely
● Impact: Major
● Risk Assessment Priority: 1

Review:Due to Capital College’s preexisting firewall, the threat of a virus impacting the network
is rendered unlikely. However, in the case of occurrence, the potential impact would be major
due to the reliance of most Capital College IT resources on its network. The risk assessment
priority of 1 seems reasonable considering the low likelihood, but the potential major impact
necessitates strong mitigation strategies that could include: antivirus measures, regular
updates, and monitoring for any unusual network activities.

Application of Data Protection Processes and Regulations to Capital

College
Possessing proper data protection systems is necessary for institutes such as Capital College,
due to the fact that they handle various data types with highly sensitive information.

Legal Mechanisms
1. Data Protection Act 2018:
Capital College is required to abide by the Data Protection Act 2018, since it handles the
personal data of staff and students for its various operations. The Act requires that
personal information be kept and processed safely. However, there is a hint at a
possible breach of this act, due to the unsecured network server room and how it
potentially compromises critical data.

2. Computer Misuse Act 1990:

The Computer Misuse Act 1990 is, one of the United Kingdom legislations, that covers
offenses relating to unauthorized access, interference, or modification of computer
systems. Capital College can apply this set of laws in its legal mechanism to fight all IT
security threats or cyber bullying, so that any instance through which the sensitive data
of the institution will be brought to risk, is governed by law. The Act may guide the
institution in the prosecution process of all potential individuals who have unauthorized
access or ill motives towards its information systems.

3. ISO 31000 Risk Management Standards:

ISO 31000: This is an internationally recognized standard that provides a code of

practice and principles for an effective risk management framework in any organization.
Capital College can apply the ISO 31000 standards in improving its plan in managing
risks associated with its data.

4. International Regulations:
Capital College will be dealing with data either within or outside the UK; provisions of the
following international standards also apply: like General Data Protection Regulation
(GDPR). First of all, this is to ensure that the transfer and processing of data are made in
promises to be consistent with global privacy expectations, and moreover, to make
certain that legal requirements are met.
Additionally, IT and administration at Capital College can look at the guidelines from
varying international quarters with regard to data protection and privacy in managing
their data from international students.
For this purpose, one can refer to comprehensive and valid records, such as the United Nations
Foundation Data, in the field of international policies on the protection of personal data.

Summary of ISO 31000:2018 (A Key Risk Management Standard)

One of the ways Capital College is going to beef up its overall IT security is by relating to a well-
acknowledged global standard on risk management by the International Organization of
Standardization, called ISO 3100:2018, through which organizations may know how best to
manage IT security risks safely.

Overview
The ISO 31000:2018 outlines and compiles the criteria that should be utilized by institutions like
Capital College, in order to manage risks effectively. It lays out a framework for the purpose of
identification, analysis, realization of risk and risk monitoring in operations in every day. The
systematic nature of this standard makes it a convenient tool for risk management activities
such as incident response plan, risk models and any other strategies that an organization wants
to include.

ISO 3100:2018 does the following things:

1. It gives organizations a rulebook for successful and smooth management of hazards.

2. It helps organizations in making more accurate decisions across the board.
3. It lets organizations stay on top of risks and opportunities before they become major
problems.
4. It encourages organizations to cultivate a culture where the members are aware of risks
and take responsibility for them.

Benefits

Organizations gain the following benefits by following the ISO 3100:2018 standard:

1. Their decision-making is improved, as having better awareness and planning of risks will
lead to better choices.

2. The internal processes of organizations become more resilient to risks, lowering

chances of disruption and service interruption.

3. Stakeholders trust them to a higher degree, having confidence that the organization is
staying on top of risks.

4. Organizations can ensure that their risk management approach aligns with what they are
trying to achieve i.e their long term goals, which keeps them moving in the right
direction.

5. Organizations are continuously looking for ways to improve things since they are
keeping an eye on lurking risks and what could go wrong.

6. They're doing their bit for a sustainable future by minimizing the impact of their actions
on society and the environment.

Life Cycle

The ISO 31000:2018 evolves with the world, being periodically reviewed and updated every five
years. The latest check-up and confirmation happened in 2023.
Sustainable Development Goals (SDGs):
The United Nations has set several major sustainable development goals to achieve a more
peaceful and prosperous planet. It encourages all nations, organizations and individuals to work
towards this goal. The ISO 31000:2018 aligns with the following SDGs, which organizations will
be contributing to if they follow it:

1. Goal 3: Keeping communities healthy and happy by managing risks well.

2. Goal 8: Ensuring growth of jobs and the economy by minimizing losses through
managing risks.
3. Goal 9: Creating a stable and secure environment for innovation..
4. Goal 11: Building a safe community that can recover from risks.
5. Goal 16: Ensuring that their institution remains strong and peaceful.

Application to Capital College

Capital College can benefit significantly from following ISO 31000:2018. It is especially useful as
the college tackles risks like IT security threats and anything else that might risk the disruption
of its day-to-day operations. The framework provided by the ISO 31000:2018 will help in
keeping the systems resilient, the student and staff information safe, as well as the education
services running smoothly. Additionally, following the standard will reflect positively on Capital
College, boosting its reputation and improving stakeholder trust.

Analyzing the Impact of an IT Security Audit

IT security audits evaluate how secure an organization is by taking a deeper look at its security
measures and searching for potential vulnerabilities. The structure, processes and stakeholder
of an IT security audit in the context of Capital College will be explored later on in the policy
proposal in this report. The current section will analyze the ways in which such an audit can
impact organizational security.

1. Identification of Weaknesses:
An IT security audit can uncover weaknesses in an organization's infrastructure, policies
or procedures. This could be outdated software, misconfigured systems or anything that
creates a security risk that can be exploited by attackers.

2. Reducing Risks:
By shining a light on the weak spots and organizational areas where security isn't as
tight, an audit helps the organization identify where the biggest risks are and how it can
reduce them. As the organization makes the suggested changes and builds up its
security measures, the chances of IT security incidents are slimmed down. This
improves overall organizational safety.

3. Better Compliance to Regulations:

All industries have regulations about handling information securely. A security audit
helps make sure the organization is following these rules. It can spot any misalignments
and suggest ways to improve how a regulation is being followed. This results in the
organization being more in line with regulations, as well as more aware of them.

4. Strengthening the Safety Net:

Through the audit, weaknesses in an organization’s incident response procedures could
be identified. For example, incomplete logging or depending on an unreliable network
monitoring tool. Being made aware of these weaknesses will help the organization rectify
them and strengthen its overall safety net.

5. Education and Awareness:

An audit might show where employees (and other key stakeholders) of the organization
need a bit more training on how to keep things secure. It could raise their awareness on
important IT security habits like setting secure passwords, staying aware against social
engineering tactics and avoiding phishing attempts.

6. Protecting Reputation and Trust:

By staying one step ahead with audits and fixing any identified problems, the
organization shows that it is serious about protecting its stakeholders’ information and
building a safe environment. This increases stakeholder trust and improves the
reputation of the organization, helping it maintain an image of trustworthiness and
security.

Recommendation for IT Security Alignment with Organizational Policy

To align IT security at Capital College with its organizational policy of not allowing unsupervised
students to the IT labs, I recommend the implementation of biometric authentication. Biometric
authentication, like iris (eye) scanning, provides a quick and convenient method to confirm a
staff member’s identity before allowing them into the IT labs. Then, once the lab unlocks, the
accompanying students can follow them behind. The swipe card system that Capital College
currently follows isn’t foolproof since students could get their hands on a card and use it to
access the lab unsupervised. However, this method relies on identity confirmation so it will
enforce the policy far more effectively.

Recommendation:
Use Biometric Authentication (Iris scanning) to ensure that only staff members can unlock the IT
labs unsupervised.

Reasons:

1. Higher Level of Security:

While passwords or swipe cards can be stolen and shared, the uniqueness of biometrics
makes sure that only the right people get access. This higher level of security makes it
impossible for students to sneak into the IT lab alone, since the access will be based on
the identity verification of the staff member who will be supervising them.

2. High Scalability:
Iris recognition (eye scanning) systems are an ideal choice for an organization like
Capital College with a large number of users (around 2000 students and 65 staff
members). As the college grows, new users can be added to the system and the system
will keep on processing them without any downtime. This is due to the system working in
 “exhaustive search mode”, which means that it runs on an algorithm that carefully
checks every matching possibility present in the database before deciding on absence or
presence.

3. User Convenience:
Biometric authentication comes as a more convenient way for users of Capital College to
do identity authentication, considering there will no longer be a need to remember
passwords or physically carry swipe cards.

Security Impact of Misalignment

In case it is determined that the organizational policy of Capital College that restricts access to
the IT labs is being violated or compromised by the iris scanning system of the biometric
authentication, many serious menacing risks are opened up:

1. Unauthorized Access:
Without staff supervision, students might be able to get their hands on sensitive
equipment, or confidential information stored within IT lab, as well as obtaining access to
unmonitored computer resources like printers. This will compromise the security of the
college, therefore creating a hole for more exposure to IT security attacks.

2. Malicious Activities:
Left on their own, the students may start messing around—doing things they aren't
supposed to do—installing unauthorized software, disrupting security mechanisms, or
even releasing malware into the network. This will compromise the IT security of the
college, cause a chaotic environment, and may even open up the the risk of losing data.

3. Lack of Accountability:
Security incidents or violations of policies among students cannot easily be detected
without getting supervision. This complicates the case of responding to the incidents or
the punishment to perpetrators.

4. Compromised Learning Environment:

Unsupervised access to IT labs may easily turn into a recipe for chaos, with distractions,
clashes, and disruptions ruining the learning environment. This would stop the college
from making the academic space secure and welcoming for everyone.

In a nutshell, the implemented biometric authentication will need to be further supervised for
successful alignment with the organizational policy of supervised access to the IT lab. By doing
so, only then can Capital College minimize security threats mentioned above, hence keeping
them at a minimum and creating a welcoming academic space for learning and teaching.

Alignment Misalignment

Successfully enforced supervision ensures Lack of supervision increases risk of

 only authorized access. unauthorized entry.

Reduced chance of malicious student Increased chance of malicious student

activities in the IT lab. activities in the IT lab.

Easy to identify suspects and offenders in More challenging to identify suspects and
case of IT security incidents. offenders in case of IT security incidents.

A secure and welcoming learning A chaotic learning environment with

environment. disruptions and conflicts.

Security Policy
With newer, and increasingly advanced, IT security threats rising and sneaking in to public
digital spaces, a suitable security policy is becoming severely needed for Capital College to
prevent its assets, data and operations from falling at risk to potential attacks. Also, unexpected
disasters, whether natural or human-made, make the need for a solid disaster recovery plan
urgent.

The security policy proposal below aims to outline the main aspects of a security framework
especially created for Capital College. By focusing on network security, data protection, incident
response and disaster recovery, the goals are to:

1. Reduce risks
2. Meet regulations
3. Maintain trust among students, faculty, staff and other key stakeholders.

Through careful planning, strong procedures and ongoing assessment, Capital College can
create a safe environment for learning and innovation.
 CAPITAL COLLEGE
SECURITY POLICY

ANUSHA ASIM,

JUNIOR NETWORK SECURITY SPECIALIST,

BAYT SECURITY SOLUTIONS LIMITED (BSS),

DUBAI

OVERVIEW

This Security Policy describes the key steps that Capital College will take to protect its information assets, systems and network
infrastructure in order to protect the college data and maintain a secure learning environment. It outlines roles, appropriate
user conduct and security protocols.

SCOPE
This policy applies to any instructor, staff member, student, independent contractor and vendor who accesses, uses or stores
Capital College's data or IT resources.
INFORMATION CLASSIFICATION

Highly Sensitive Data:

o Personal information of students and staff (e.g., Virtual Learning Platform log in credentials, full names, home
addresses, contact information)
o Medical records of students and staff (e.g., doctors’ notes, health history)
o Financial data (e.g., budget information, banking information, tuition balance of students, staff salaries)
o Student records (attendance records and behavioral assessments)
o Staff records (attendance records and professional development plans)
o Special Educational Needs (SEN) data

Lightly Sensitive Data:

o Internal college communication (e.g., Microsoft Teams messages, emails containing private discussions)
o Assessment data (e.g., students’ grades, assessment scores, graded coursework)
o Research data and intellectual property (ongoing research findings and innovations)
o Legal data (e.g., documents and contracts)
o Staff training materials
o Classroom schedules
o Supplemental course materials (templates provided for assignment, further reading recommendations, pdfs)
Moderately Sensitive Data:
o Admissions statistics and decisions (e.g., student enrollment numbers, unspecified acceptance and rejection criteria)
o Course-specific educational content (e.g., teaching materials like presentations, lesson plans)
o College information that is already publicly available (e.g., course options, faculty list, event calendars)
o General administrative documents (e.g., meeting minutes, policy documents like this one)

Non-Sensitive Data:
o Publicized college information (e.g., social media posts, website content, promotional materials like pamphlets)
o Non-confidential communication (e.g., frequently asked questions)
o General information about student clubs and activities
o General campus rules and policies

SECURITY AUDIT
A security audit must take place at Capital College at least once or twice a year. This will be a deep dive into the IT setup,
ensuring that the highest possible level of security is achieved. Special time and resources must also be allocated to the
resolution of identified flaws. The security audit will follow the following structure:

1. Define Scope:
Specify objectives of the audit, as well as its ideal timeline.

2. Roles and Responsibilities:

Assign tasks to key stakeholders: senior management, IT, faculty, staff, students and external auditors.

3. Information Gathering:
Document preexisting security policies, assets, concerns and incidents.

4. Risk Assessment:
Identify vulnerabilities in the IT setup, assess risks and analyze potential threats (using a Threat Intelligence Platform like
Microsoft Sentinel).

5. Testing and Analysis:

Conduct penetration testing, review controls and analyze logs.

6. Documentation and Reporting:

Summarize findings, assess current state of the IT setup and come up with practical recommendations.

7. Presentation and Feedback:

Communicate results to senior management, gather feedback and address concerns.

8. Implementation of Recommendations:
Use the recommendations derived from the sixth step and the senior management feedbag to develop a plan that will patch up
security vulnerabilities, as well as boosting security where opportunity presents. Execute this plan.

9. Continuous Improvement:
Schedule follow-up audits and stay updated about emerging threats.
ROLES AND RESPONSIBILITIES FOR SECURITY AUDIT

1. Senior Management:

Role: To the extent possible, initiating the security audit and offering assistance to ensure a fair and less complicated process.

Responsibilities:

Focusing the budget and resources on the security audit.

Promoting collaboration and cooperation among the departments through programs and communication.
Developing a safety-oriented, and IT-security conscious culture for school staff and students.
Checking, approving, and signing off on the final audit report.

2. IT Department:

Role: The technical experts should be working closely with the security auditors apart from providing any support required.

Responsibilities:

Providing the auditors with access and data to the IT systems.

Addressing address queries and issues invoked by the auditors.
Implementing the mitigation measures proposed in the report on security audit and using them to improve the security
systems.
Vigilantly maintaining and updating the security documentation.

3. Faculty and Staff:

Role: Providing the information required by the auditors, as well as performing any tasks requested.

Responsibilities:

Take note of and knowing the campus's security practices.

Reporting any acts of IT-security-rule-breaking to the IT department.
Volunteering for security awareness training.
Coordinating with the security auditing team.

4. Students:

Role: Behaving appropriately to ensure security of learning environment and actively understanding the college security
policies.

Responsibilities:

Making use of Capital College’s IT resources ethically, taking into account the type of security policies adopted by it.
Ensuring protection of all personal digital information (such as passwords and contact details).
Informing the IT department immediately of any suspicious digital behaviour/activities.
 Attending the college security training sessions when they are offered.

5. Security Auditors:

Role: Carrying out an independent assessment of Capital College’s IT security, one that is lacking any prejudice and bias.

Responsibilities:

Planning and conducting the IT security audit within the framework of it aligning with the jointly set scope and goals.
Identifying possible security lapse and risks.
Evaluating the degree of the efficiency of Capital College’s present security controls.
Summing up security audit findings and recommendations within a report.

ACCESS CONTROL

DATA PROTECTION AND PRIVACY

Legal Mechanisms

1. Data Protection Act 2018: Capital College to abide by the 2018 Data Protection Act, following its requirement of
personal information to be stored, handled, and processed securely.

2. General Data Protection Regulation (GDPR): Capital College must comply to the General Data Protection Regulation
(GDPR), hence, maintaining records of data processing activities for evidentiary purposes, and appointing a Data
Protection Officer.

3. Computer Misuse Act 1990: This UK law deals with unauthorized access, modification, or interference with computer
systems. Capital College is recommended to weaponizing it against IT security threats.

4. ISO 31000 Risk Management Standards: Capital College must be following ISO 31000 standards for improved
managing of risk, especially concerning data security. These standards will ensure appropriate identification and
 evaluation of possible risk that might rise in handling sensitive information.

5. International Regulations: This is one area where the college will have to legislate internationally and globally on the
benchmarks of laws such as GDPR (General Data Protection Regulation), thereby ensuring that the individuals who are
stakeholders even living outside the UK stay within the international privacy expectations.

6. Data Protection Agreements with Third Parties: Where Capital College is to grant access to its data to 3rd party
service providers, it will have to enter into legal binding agreements. Such agreements should be made at the time of
processing by laying out responsibilities and regulations.

NETWORK SECURITY

Strengthening Firewall Security:

Capital College can upgrade its simple firewall to boost organizational safety. Firstly, the existing firewall policy, which currently
is too lax, can be modified. Capital College firewall installations must adhere to the "least privilege" principle and by default
reject all incoming traffic. It is best to gradually open the ruleset so that only authorized traffic is allowed.

Secondly, while Capital College’s current firewall protects the network from outside threats, organizational devices connected
to the network still lack an individual security mechanism. To fill in this gap, the college can install a software firewall (like
Zenarmor) in the computer lab PCs and staff laptops. Software firewalls installed on individual computers can perform more
detailed data analysis. They can even stop certain apps from sending data to the Internet.

The following information must be logged by each firewall device in the college to a system that is separate from the actual
firewall:

1. Any modifications to the firewall's settings, enabled services, and allowed connectivity.
2. Any unusual activity that could point to the possibility of either illegal use or an effort to get beyond security measures.

The logs must be reviewed at least once a month.

Reliable Virtual Private Network (VPN):

Capital College should make an investment in a reliable VPN solution with strong encryption techniques and secure tunneling
processes, instead of relying on freeware VPNs which lack many important security features. A cost-impact study could be used
to select a cost-effective VPN solution, taking into account the college's financial limits.

For the new VPN to be secure by preventing the sensitive information leakage and also establishing remote connections, it
needs additional encrypted endpoint security measures and multi-factor authentication.

Demilitarized Zone (DMZ):

Properly configured, the deployment of a demilitarized zone (DMZ) at Capital College will increase the network's security
situation. The website and outside email servers can strictly be public facing services. This should be able to define the DMZ.

A way to strengthen it further is through setting up two firewalls that will address the internet and an internal network. To be
able to detect, track, and turn such threats away easily, there will also be a necessity for intrusion prevention systems in the
demilitarized zone (DMZ). Clear security rules will need to be set for the DMZ on protections, access controls, and data
transfer.

Adopting Static IP Addressing and NAT Configuration:

The present method of IP addressing in place at the college is an insecure one. The corresponding vulnerability ought to be
neutralized by ensuring that the element of fixed IP addressing is used. The method of the provision of fixed IP addresses to
critical network devices ensures that no other unregistered device interacts with certain network resources; thus, reducing the
overall risk experienced through unauthorized access.

Another technology that must be put in place is NAT to hide the internal IP addresses of users of the Capital College network
from the outside. NAT is the process of translating private IP addresses to a single public IP address, which then suit the
purpose of hiding the interior network topology from direct focus by the attacker.

INCIDENT RESPONSE PLAN

Objective:
The aim of this Incidence Response Plan (IRP) is to outline how minor security incidents shall be handled within Capital College,
and how the magnitudes of their impacts can be reduced. The scope of the plan is wide and covers a range of incidents. This
covers data breaches, attacks on IT resources, and disruptions to the Virtual Learning Platform (VLP)

Roles and Responsibilities:

1. Incident Response Team (IRT):

a. Incident Response Coordinator:
 Central point of contact for security incidents.
 Coordinates overall response efforts.

b. Technical Analyst:
 Investigates and analyzes security incidents.
 Identifies and contains threats.

c. Communication Coordinator:
 Handles internal and external communications.
 Updates stakeholders on the incident status.

2. Administrators:
 If needed, collaborate with the Incident Response Team (IRT) in implementing security controls.
 Assist in the recovery process in cases of data loss.

3. Educators and Staff:

 Report any suspicious activity immediately.
 Cooperate with the Incidence Response Team (IRT) during investigations.
 Participate in awareness and training programs.

Procedures:
1. Incident Identification:

a. Applying SIEM (Security Information and Event Management) technologies or TIP (Threat Intelligence Platforms) to
track the events of College’s network in real-time.
b. Educating students and staff to be able to recognize threats and report accordingly wasting no time.
c. Setting up communication channels through which the complainants can be allowed to lodge in their complaints e.g. by
putting up a Google Form to receive reports.

2. Incident Containment

a. Isolating all suspicious devices to avoid any further damage that may follow after.
b. Exploring the possibility of restoring vital services.
c. Coordinating with the IRT in directive action for final solution.

3. Investigation and Analysis:

a. Conducting an analysis about the incident.

b. Preserving the evidence for further future evaluation.
c. Working with an external expert in the field of IT security if need be.

4. Communication and Notification:

a. If a security breach incident arises, contact the Incident Response Coordinator at once.
b. Ensure stakeholders are frequently informed by providing them regular updates.

5. Recovery

a. Formulating specific recovery plans for common incidents like malware infections, or DDoS attacks.
b. Restoring some services in a step-by-step manner.
c. In case of data loss, taking measures to restore lost data.
d. Conducting post-incident reviews.

6. Post-Incident Review

a. Conducting a thorough review of the incident response process.

b. Identifying gaps and fix them in the IR program, based on the findings.
c. Engaging key players and running them through the findings.

Each incident where the plan has been used can be recorded separately on a spreadsheet, for the purposes documenting,
training and making future improvements.
DATA BACKUP AND RECOVERY

Capital college supports weekly data backup on an 8TB NAS Drive. In addition, the use of offsite and cloud-based solutions will
fortify the provided security for the data. More so, Capital College can go further and have an offsite backup in terms of
external hard disks or USB drives, for example, kept in a separate building apart from the college building. These backups
ensure data will not disappear during happening natural disasters like fires and floods.

Cloud platforms can also be used. The solutions that Capital College can use include Google Drive, Dropbox, or Microsoft's
OneDrive, under which files, documents, and others are safely stored on servers that are remotely kept by the companies. It
will organize the retrieval of data from any corner where an internet connection is available, providing flexibility and
suppressing the risk of data loss due to hardware accidents.

DISASTER RECOVERY PLAN

Objective:
The Disaster Recovery Plan (DRP) below is aiming to ensure that Capital College can keep running smoothly, protecting its
resources. In the case of major incidents where the incident response plan is insufficient, Capital College will be referring to the
DRP alongside.

Key Components:
Even when technology changes and Capital College expands, the plan can be modified and updated. In either case, these
crucial sections shall not be preserved in all proposed versions:

1. Data Restoration:
After the incident is resolved, the Incident Response Team (IRT) will be taking steps for extracting
data back from backups. They will access the data stored offsite or in a cloud platform, restoring it
as soon as possible. This helps the college bounce back faster from challenging situations and
prevents any loss of critical data.

2. Infrastructure Resilience:
Activate backup systems and plans to keep services going even in the case of disastrous incidents.
For example, an alternate offline platform could be use in case of natural disasters that disrupt
Internet services makes the Virtual Learning Platform (VLP) inaccessible.
 3. Communication Protocols:
Set up clear ways to communicate during a disaster, like emergency emails or alerts on Microsoft
Teams. The Communication Coordinator must ensure that alerts are reaching all departments and
the Incident Response Team.

4. Training and Tests:

Regular drills must be done to test the effectiveness of the disaster recovery plan. This will help in
ensuring that everyone, from the Incident Response Team (IRT) to key stakeholders like students
and staff, know what to do in an emergency.

5. Regulation Check:
See that the DRP follows all the laws and regulations that are laid down, with regular updates and
reviews.

Activation:
A few triggers will put the DRP into motion when a disaster takes place, leading to the measures being taken. Immediately, the
Incident Response Team (IRT) will be applying a strategy with clear priorities and goals. Senior management will keep closely
monitoring this. Other staff might be assigned to help the IRT if need be.

Triggers for Disaster Recovery Plan Activation:

Any event that causes an extended outage or makes critical IT resources and services inaccessible for a long period of time will
activate the disaster recovering plan. The following are some triggers:

1. Incident Detection:
Really suspicious activity on the network that is not within the scope of the incident response plan or when there is
destructive physical damage to essential hardware from occurrences such as natural disasters or vandalism. This could
be indicated in the local news alerts, a tool to monitor network behavior, or an incident reported by a student or staff
person.

2. Service Issues:
Loss of an essential service or system—like the internet or Virtual Learning Platform (VLP), which has many
dependencies—for a long period of time.

3. IT Security Attack:
Disastrous data loss of a severe scale, from malwares attacks or attacks on the internet systems of Capital College.

4. Physical Security Issues:

Unauthorized access leading to the theft or damage of hardware, servers or network devices.

Procedures:

1. Incident Response Team Actions:

When a disastrous incident is detected, the IRT will get moving with their set roles and plans, led by the incident
 response coordinator. For critical decisions

2. Assessment and Resolution:

The Incident Response Team (IRT) will evaluate the severity of the disaster and decide the resolution steps to take.
They will monitor the situation and carry out the appropriate processes to resolve the incident or reduce its impact.

3. External Resources:
If the disaster falls out of the scope of the Incident Response Team (IRT), they may reach out to external resources like
external IT experts or emergency services.

4. Notifications:
Regular updates and status reports will be shared with key stakeholders like senior college management, staff,
students and external partners.

5. Restoration:
Once the situation is made stable, the focus will shift to recovery and restoration efforts. The focus must be on
restoring critical services, systems and data.

6. Post-Disaster Review:
After resolution of the disaster, there will be a review to see what went well and what didn't, as well as how to do
better next time. The lessons learned will go into updating the Disaster Recovery Plan for the future.

UPDATED ACCEPTABLE USE POLICY (AUP)

To improve the deficiencies in the Acceptable Use Policy and address its gaps, the following adjustments will be made:
1. Clearly define what activities are considered educational and academic purposes within the policy.
2. Update the policy to include specific considerations for remote learning situations.
3. Add guidelines for staff members within the Acceptable Use Policy to ensure they understand the permitted use and its
boundaries.
4. Schedule a regular review process for the policy to keep it aligned with evolving technology, security standards and
educational needs.

Purpose
The updated proposal for Acceptable Use Policy (AUP) outlines the acceptable and forbidden uses of Capital College's IT
resources for both staff and students in explicit detail.

Educational and Academic Use

The IT resources of Capital College (network, software and VLP) are meant only the following for educational and academic
activities:

1. Using and interacting with course materials, lectures and projects.

2. Discussing or writing collaboratively with classmates or teachers in an academic project.
 3. Making academic inquiries in connection with relevant topics.
4. Participating remotely in courses online or over the internet.
5. Giving virtual feedback on course material to teachers.

Remote Learning & Teaching Guidelines

The policy mandates the following on all virtual participants and instructors:

1. Your internet connection is secured and your personal information is safe.

2. Copyright and intellectual properties are taken care of while sharing or using the materials through virtual way of
learning. Make sure that the PDFs and textbooks are legally downloaded.
3. The same conduct must be followed through the virtual communication as the one which is followed in in-person
communication at Capital College.

Guidelines for Staff Members

1. Usage of Capital College’s IT resources is restricted and must be in accordance with the policy of the college.
2. Protect sensitive information while handling student data.
3. Provide technical support to students about the college’s IT resources. If you are unable to offer such guidance,
connect them with the IT department.
4. Report any violations of the acceptable use policy (AUP).

Policy Review
The Acceptable Use Policy (AUP) must be reviewed annually. The review process must include:

1. Reviewing updates in IT systems, software and technologies.

2. Gathering feedback from key stakeholders through annual surveys (students, faculty and all staff members).
3. Updating the policy based on the relevant feedback, best practices, regulations and key trends.

PHYSICAL SECURITY

To boost physical security at Capital College, a few adjustments can be made. Most importantly, access control must be
improved through the addition of biometric authentication alongside the preexisting to the swipe card systems. This will ensure
that only authorized staff has access to the IT labs. It will also strengthen Capital College’s policy of supervised student
presence, as they would be unable able to enter the IT labs without an authorized staff member. The network server room
must be secured with strong locks and access control systems to deter unauthorized access. Additionally, CCTV cameras can be
placed in critical spots like the network server room and the IT lab. Additionally, visitor logs can be used for the purpose of
solidifying Capital College's physical security, and in turn, access to its IT resources.
SECURITY ARCHITECTURE

Up-to-date Operating Systems

There needs to be an upgrade for operating systems in Capital College. The college needs to retire usage of the older version of
Windows 8.0, for better alignment with modern security architecture methodologies.

Modern Security Architecture

For updates and guidance in improving the security of IT resources, Capital College needs to be referring to updated
architectural frameworks, such as those provided by NIST (National Institute of Standards and Technology), is essential. These
frameworks will help in ensuring that the college stays informed about the best practices, and that it is meeting modern
standards.

Zero Trust Architecture

Zero Trust architecture can assist Capital College in reducing many kinds of potential risks that come with lateral movement
within its network. This is an approach to IT security in which trust is inherent in nothing by default, hence, requiring
confirming anything and everything trying to connect to IT resources (either from inside or outside perimeters),
before granting access.

TRAINING AND AWARENESS

1. Conduct Regular Security Awareness Sessions:

 Cybersecurity Basics: Explain and demonstrate different types of attacks, like phishing, malware and social engineering
techniques.

 Password Management: Educate on creating strong passwords, using password managers and avoiding password
reuse.

 Email Security: Teach how to identify suspicious emails, recognize phishing attempts and avoid clicking on malicious
links.

 Safe Web Browsing: Show ways to browse safely, how to detect harmful sites and how to avoid be misled into giving
away money / personal information..

 Social Media Safety: General education on privacy settings, as well as concerns, on social networking sites, and not
sharing too much of private life.

2. Customize Training Programs to Roles:

 IT Staff Training: Technical training in the area of network security, techniques for carrying out vulnerability
assessments, incident response, and tool usage for security.

 Administrative Staff Training: Focus on data handling procedures, compliance requirements and best practices for
protecting sensitive information.

 Faculty Training: Train them on cybersecurity principles that help in promoting digital literacy and guiding them
towards making the security-aware culture sit well with the student community.

 Student Training: Some of the areas to be emphasized in training the students will include best practices for passwords,
safe use of the internet, and identification of internet threats.

3. Provide Practical Examples:

 Share real-life case studies and examples of security incidents to show potential risks and consequences.

 Conduct simulated phishing exercises to demonstrate how attackers target individuals and organizations.
4. Promote a Culture of Security:

 Encourage staff and students to report suspicious immediately.

 Encourage faculty to incorporate IT security awareness in their lessons.

 Allow the students to carry out innovative activities that raise awareness for IT security threats, like a student-
organized play covering a phishing scam or debating the topic of ethical IT use.

5. Stay Up-to-Date:

 Regularly update training materials to reflect emerging threats and trends.

 Provide access to online resources, webinars and security news updates.

6. Use Multiple Communication Channels:

 Provide training materials through different ways such as email newsletters, physical posters, on-site workshops and
social media content.

 Engage with staff and students via on-site conversations and virtual Q&A sessions

ETHICAL HACKING AND BUG BOUNTIES

Ethical hacking can be well put to use through an ethical hacking program at Capital College where skilled IT professionals will
be simulating potential attacks on IT resources, therefore, spotting security weaknesses before they are exploited. Another
cheaper measure could include setting up a bug bounty program where students are paid or recognized to discover critical
vulnerabilities.

1. Kick off with setting up a bug bounty program, throwing the invitation out there for students to jump in and get
involved.

2. Offer some tempting incentives, like certificates or gift vouchers, for who identifying and reporting security flaws in the
college’s IT setup.

3. Roll out a platform that's not just secure but also user-friendly, making it easy for students to share any security
vulnerabilities they come across.

4. Assign some IT staff members to sift through student submissions and patch up those security gaps they've uncovered.

5. Inspect the issues the students find, ranking them based on how serious and impactful they are.

6. Get the IT department to brainstorm and implement the solutions to fix up those security security flaws and secure the
IT setup.

7. Give students feedback on their submissions.

 8. Keep on fine-tuning the program within the following cycle: take in the feedback, implement security solutions to
address it, and make sure the IT setup stays as secure as possible as Capital College continues to grow and operate.

MONITORING TOOLS

The approach that the Capital College will adhere to in ensuring that the domain is safe in real-time can be executed by
employing the help of networking monitoring tools such as SIEM (Security Information and Event Management) and TIPs
(Threat Intelligence Platforms) in the following manner:

1. Selection of a SIEM and TIP under the budget for Capital College.
2. Installing and also implementing these two networking monitoring devices on the critical devices.
3. Identifying all connected devices in the network.
4. Monitoring network traffic under search of suspicious movements.
5. Measuring different network performance metrics, such as bandwidth and latency.
6. Collecting, analyzing, and reviewing the logged data from all the network devices.
7. Configuring critical network events alerts and/or notifications.
8. Responding to instances that have been detected by tools.
9. Keeping the tools up-to-date, as well as documenting their usage.

COMPLIANCE AND AUDITS

For Capital College to be able to verify compliance with the applicable laws and regulations, it should keep up with internal
audits on a regular basis.
They can be designed and carried out in the following steps.

1. Determine areas for the audit that can be covered during the procedures and how it aims to achieve such objectives.

2. Obtain the records and policies for reviewing.

3. Make sure the policies and systems are consistent with the legal and industry requirements.

4. Interact with the staff, students and review Capital College’s IT activities, assessing digital compliance to requirements.

5. Run tests to find vulnerabilities and weaknesses in the system, including strengths.

6. Carry out tests that will identify vulnerabilities.

7. Record the findings, making recommendations on their basis.

9. In collaboration with relevant Capital College departments, develop a plan to fix issues and make improvements.

10. Take steps in making sure that changes, and thus, compliance as well is improvement, is maintained.

CONCLUSION
Hence, the referred policy will be a strategy for the college to reinforce its security measures and to safeguard the confidential
data of the school, as well as implement a plan that will keep operations from being disrupted by malevolent entities

These are the measures my college ought to apply to ensure the integrity and functionality of its systems for stakeholders use.
Constant reviewing, updating and innovating of organizational security is a vital undertaking in the secure and resilience of
today’s digital business landscape.

Justifications for Security Policy Proposal

In this part of my report, I will make my arguments in support of each security measure in the
proposal, and how these actions are appropriate and effective to meet Capital College's needs.

Updated Acceptable Use Policy (AUP) Justification

1. Clearly Defined Educational and Academic Use:

Initially the policy only included academic and educational purposes in a general way,
without direct examples or detailed definition. It was somewhat inconclusive. In response
to this drawback, the revised version precisely states what educational and academic
purposes are, as well as providing specific examples for permissible uses. This clarity
will help the students and staff understand the intended purpose of IT resources better.

2. Remote Learning and Teaching Guidelines:

The original policy did not take remote learning situations like virtual classes into
account. The updated policy addresses this gap by listing specific guidelines for remote
learning and teaching situations, as well as specifying that the usual constraints of the
acceptable use policy (AUP) apply to remote learning too. This will ensure that students
and staff will understand their responsibilities better in virtual learning environments.

3. Guidelines for Staff Members:

In the original policy, staff members were not directly included or addressed.The
updated policy fills in this gap by including guidance for staff members (i.e instructors) in
the remote learning guidance. Aside from this, there is also a specific section in the
policy of guidelines that explicitly describe what can be considered acceptable use for all
staff members.

4. Policy Review Process:

There was no mention of any review processes in the original policy, risking outdated
guidelines. In order to ensure that the guidelines of acceptable use stay in line with
growing regulations, technology and social expectations, the updated policy mandates
an annual review process.
Justification of Training and Awareness Programs:
The policy highlights the need for training and awareness programs, giving specific guidelines.
Teaching both staff and students about IT security basics is needed for creating a culture where
everyone is alert to security risks and knows how to handle them. Periodical workshops on
subjects that include recognizing phishing emails, securing passwords and using the internet
safely will enlighten Capital College members with various aspects of IT security. The training
will be matching the roles of stakeholders in the college too, ensuring that it is task applicable.
The reason training includes actual examples about real-life is to ensure that people find it
interesting and are able to remember what they have learned.

Justification of Ethical Hacking and Bug Bounties

Incorporating ethical hacking and bug bounty programs helps the college get a clear sighting of
potential security threats, before they are exploited by actual attackers. Ethical hackers will play
"good samaritans", who will attack the college's IT networks in order to expose their
weaknesses, thus, leading the development of rapid response and a strong IT defense.
Additionally, bug bounty programs might incentivize students to discover and report the security
problems at Capital College.

Justification of Monitoring Tools and Compliance Audits

Aside from providing real-time insight into what's happening in the network - the monitoring tools
make it possible to raise the yellow flag for any suspicious activity. Auditing for compliance
purposes helps the college to stay in compliance with the laws providing protection for the
sensitive data and information. Through regular examination of its actions and ensuring
adherence with set rules, Capital College creates an impression that it takes privacy security
seriously which consequently facilitates gaining the trust of the community.

Justification of Incident Response Plan (IRP) and Disaster Recovery Plan (DRP)

Incident Response Plan

Establishing a plan of action that deals with IT security incidents helps the college to respond to
these threats instead of waiting until they become a problem. If there is an IT security attack,
this plan will outline what actions to take, which teams are expected to be involved and how to
communicate, so that each individual (from the Incident Response Team to each staff and
students) knows their job in protecting the college. Through testing and practice runs everyone
has a chance to be prepared for the moment when it is time to perform their work.

Disaster Recovery Plan

This extra backup plan guarantees the college can work efficiently during severe disruptions,
such as natural disasters, or major system breakdowns. The DRP differs from the IRP as it
manages significant incidents rather than minor ones. The blueprint provides the sequence of
actions to be taken to restore normalcy, in conjunction with the Incident Response Plan (IR), if
the situation goes beyond control.

Justification for Physical Security Elements:

 1. Biometric Authentication:
This adds another layer of security: identification relying on individual unique physical
marks, like iris patterns. With the installation of the biometrics, in place of the swipe
cards that breed theft or can get lost, only personnel with cleared traits or habits are
allowed to pass to the sensitive zones. The possibility of potential insider threats or
impostors gaining entry into the IT lab is reduced.

2. CCTV surveillance:
Rooms equipped with a watchful eye discourage unauthorized access. In the case of
any IT security issue, the scenario is being captured in real-time by the cameras of the
CCTV. This helps to investigate the scenario of security breaches, identification of the
suspects and to gather evidence if in case there are any legal actions following the
event.

3. Locks and Visitor Logs:

Locking the server room would bar people's unauthorized entry and possible
interference or theft. Additionally, logs of visitors will be produced, hence a culture of
accountability is established.

Justifications for Virtual Security Elements

1. Operating System Updates:

The older operating systems do not have as much support and security measures as
updated versions coming through; it is easy to go on exploiting these so that a loophole
is found and can be used as a point of invasion. Updating to new operating systems
makes a device more secure.

2. Modern Security Architecture:

Zero Trust, as modern security architecture, reduces the threats Capital College is likely
to be from its insiders who will be accessing its IT resources. Moreover, Zero Trust
operates on the principle of its name and is implemented over constant verification,
strictly access controls, and network segmentation.

3. Network Monitoring Tools:

SIEM and TIP are monitoring tools for watching over suspicious events or threats on the
network. The use of these will assure Capital College the power to identify and prevent
an IT security attack just before it completely materializes.

Evaluation of Security Tools for Capital College

Each security tool that I have suggested in the proposal comes with a set of advantages and
disadvantages, which will now be explored.
IT Security Audits
IT security audits, as specified within the policy, are in a perfect position to help Capital College
in building up a safe academic setting and setting high stakeholder confidence. Regular checks
on the setup will time and again help in unraveling vulnerabilities and risks. The policy gives
clear steps on planning, executing, and reporting audits as a way to give a deep look into the
security of the college.

Advantages Disadvantages

Regular assessments will spot flaws in IT Significant time is required for planning them
security, leading to timely fixes

Ensure that the college is following the Extra resources might be required for carrying
relevant regulations them out

Increased accountability in IT security Could potentially be disruptive to daily college

practices activities

In the same vein, IT security audits are a common practice in institutions like banks which are
going to be directly handling highly sensitive information, requiring to be able to identify security
weaknesses. Being used in an educational environment like Capital College will be serving the
same purpose.

Access Control
Using biometric authentication instead of swipe cards strengthens access control at Capital
College, fitting with its aim of student supervision and protecting it from financial loss from
resource theft. This step takes physical security to a higher level, making sure only approved
staff can enter the lab and take accompanying students with them.

Advantages Disadvantages

Boosts physical security and IT security May be costly to implement

Scalable May be costly to maintain

Time-Saving

Aligns with regulations for data protection

“UAE Pass”, a form of digital ID in the UAE, uses biometrics for identity verification. Taking the
governmental system as an example, Capital College can use a similar approach.

Incident Response Plan (IRP) and Disaster Recovery Plan (DRP):

IRP and DRP are one of the essential security tools for Capital College, which will guide it in the
cases of incidences and disasters. The IRP guides the college through real-time incident
management, while the DRP lays out steps for getting IT services back up after a crisis.
They also fit with its need of remaining operational with the least amount of downtime as
possible, as a business in the educational sector. These tools may also minimize financial
losses.

Advantages Disadvantages

Step-by-step approach for managing IT Require ongoing training and testing

security incidents and disasters, reducing
confusion and delayed action

Minimize downtime Recovery efforts may be delayed if the plans

aren’t regularly updated

Minimize financial losses May not cover all possible incidents or

disasters

Improve preparedness and resilience of the

college

If an incident response plan (IRP) was present at Capital College before, the recent
ransomware attack may have been dealt with more swiftly. Quick action to counter it would have
been taken before it encrypted all critical data. In the aftermath, data recovery would also have
been made smoother and faster.

Network Monitoring Tools

Using network monitoring tools like SIEM (Security Information and Event Management) and
Threat Intelligence Platforms (TIPs) will help Capital College meet its business need of data
security. When it is able to identify threats and resolve them proactively, data loss will be
reduced. The tools also give real-time information on how the network is being used, which will
help the college make smart decisions about improving their IT systems and make sure
everything runs smoothly.

Advantages Disadvantages

Early detection of IT security threats May need upskilling in order to respond to

alerts effectively

Increases data security Alerts might be misinterpreted

Provides proof of regulatory compliance May generate false positives

Large companies like Meta rely on network monitoring tools like Millisampler which are
designed for them specifically. However, smaller companies like Capital College can use
generic SIEM tools like Log360 and threat intelligence platforms like Microsoft Sentinel.

References
Student Declaration