Assignment 1

Subject Title: Information Security

Assignment Number: 1

Instructor Name: Muhammad Arslan Tariq

Submission Date: Before MID (Date will be Informed)

Activity 1

1.1 Types of Security Risks and Their Impacts

1. Data Breaches:
- Risk: Unauthorized access to sensitive data, including client information or business-
critical data.
- Impact: Breaches can lead to financial penalties, loss of customer trust, and legal
consequences due to non-compliance with data protection regulations.

2. Malware Attacks:
- Risk: Malware, such as ransomware, can encrypt files or disrupt operations.
- Impact: Downtime, data loss, and high costs for recovery or ransom payments.

3. Insider Threats:
- Risk: Employees or contractors might intentionally or unintentionally expose or damage
data.
- Impact: Loss of intellectual property, data leaks, or operational disruptions.

4. Physical Security Risks:

- Risk: Unrestricted access to the data center may result in hardware theft or sabotage.
- Impact: Damage to infrastructure, data loss, and extended downtime.

5. DDoS Attacks:
- Risk: Attackers flood the system with traffic, rendering services inaccessible.
- Impact: Service outages lead to loss of revenue and customer dissatisfaction.

6. Misconfigured Systems:
- Risk: Improper firewall rules or VPN setups expose the network to attackers.
- Impact: Unauthorized access to systems, making them vulnerable to exploitation.

1.2 Security Procedures

1. Access Control Policies:

- Implement Role-Based Access Control (RBAC): Restrict user access based on their roles.
- Use Multi-Factor Authentication (MFA): Add an extra layer of security for sensitive
systems.

2. Network Security Enhancements:

- Regularly update firewall configurations and review access logs.
- Deploy Intrusion Detection and Prevention Systems (IDS/IPS) to monitor and block
suspicious activities.

3. Data Protection Measures:

- Encrypt data both at rest (using AES-256) and in transit (using SSL/TLS protocols).
- Establish offsite backup routines to protect against data loss.

4. Physical Security Upgrades:

- Install surveillance cameras and biometric access systems for the data center.
- Use physical barriers, such as locked server rooms, for additional safety.

5. Employee Awareness and Training:

- Conduct regular training programs on phishing, social engineering, and security best
practices.
- Establish a security incident reporting procedure.

6. Incident Response Framework:

- Create and test a detailed incident response plan.
- Include steps for detection, containment, eradication, recovery, and post-incident
analysis.

Activity 2

2.1 Impact of Incorrect Configurations

1. Firewalls:
- Issue: Allowing open ports or unfiltered traffic exposes the network to external attacks.
- Impact: Unauthorized access, data breaches, or infiltration of malware.

2. VPNs:
- Issue: Poorly configured VPNs may use weak encryption protocols or expose IP
addresses.
- Impact: Eavesdropping on communications, unauthorized access, and compromised
client data.

2.2 Benefits of Technologies

1. DMZ (Demilitarized Zone):

- Description: A DMZ is a network segment that isolates public-facing services (e.g., web
and email servers) from the internal network.
- Benefits:
- Prevents attackers from directly accessing internal systems.
 - Contains breaches within the DMZ, minimizing damage.
- Illustration:
[Internet] --> [Firewall] --> [DMZ with public servers] --> [Internal Network]

2. Static IP Addresses:
- Description: A fixed IP address assigned to servers.
- Benefits:
- Simplifies firewall rule configuration and ensures consistent server identification.
- Enhances traceability in logging and auditing processes.

3. NAT (Network Address Translation):

- Description: A process that translates private IP addresses to a public IP and vice versa.
- Benefits:
- Hides internal network details from external entities.
- Reduces the risk of direct attacks on internal systems.

2.3 Network Monitoring Systems

- Real-time alerts for suspicious activities or traffic anomalies.

- Ensures compliance with regulatory requirements through detailed logs.
- Facilitates proactive threat detection, enabling faster mitigation of potential breaches.
- Improves network performance by identifying bottlenecks and resource misuse.

Activity 3

3.1 Risk Assessment Procedure

1. Risk Identification:
- Identify assets (e.g., servers, client data) and potential threats (e.g., cyberattacks, natural
disasters).

2. Risk Analysis:
- Evaluate risks based on their likelihood and impact (e.g., High, Medium, Low).

3. Risk Prioritization:
- Focus on high-priority risks, like data breaches, to allocate resources effectively.

4. Risk Mitigation:
- Implement safeguards (e.g., firewalls, encryption) to reduce vulnerabilities.

5. Monitoring and Review:

 - Continuously assess the effectiveness of implemented measures.
- Update risk assessments to account for emerging threats.

3.2 Data Protection Laws and Procedures

1. Mandatory Laws:
- GDPR: Requires secure handling of EU-based clients’ data.
- Sri Lankan Laws: Comply with the Computer Crimes Act and privacy regulations.

2. Data Protection Procedures:

- Perform regular data encryption.
- Ensure data retention policies align with legal requirements.
- Provide transparency to clients about how their data is stored and used.

3.3 Risk Management Methodology

1. Framework: Adopt a standard like ISO/IEC 27005 for structured risk management.
2. Steps:
- Identify risks, analyze their impact, implement controls, and monitor continuously.

3.4 IT Security and Organizational Policy

- Alignment with Business Goals:

- Ensure security policies do not hinder business processes but enhance reliability and
trust.

- Components of a Security Policy:

- Password management, acceptable use, incident response, and compliance requirements.

- Policy Review:
- Conduct regular audits and updates to align with evolving technologies and threats.