ASSIGNMENT 1 FRONT SHEET
Qualification

BTEC Level 5 HND Diploma in Computing

Unit number and title

Unit 5: Security

Submission date

Date Received 1st submission

Re-submission Date

Date Received 2nd submission

Student Name

Bui Quang Minh

Student ID

GCD210325

Class

GCD1104

Assessor name

Tran Thanh Truc

Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.
Student’s signature
Grading grid

P1

P2

P3

P4

M1

M2

D1


 Summative Feedback:

Grade:
Lecturer Signature:

 Resubmission Feedback:


Assessor Signature:

Date:


Contents
Task 1. Indetifying types of security threat to organisations. Give an example of a recently publicized security
breach and discuss its consequences (P1) .................................................................................................................... 4
I. Threats definition ................................................................................................................................................... 4
II. Threat agents to organizations .............................................................................................................................. 4
III. List type of threats that organizations will face ................................................................................................... 5
IV. Recent security breaches ..................................................................................................................................... 6
V. Consequences of these breaches .......................................................................................................................... 6
VI. Solutions to organizations .................................................................................................................................... 7
Task 2. Describing at least 3 organisational security procedures (P2) .......................................................................... 9
I. Data Classification .................................................................................................................................................. 9
II. Strict Access Controls ............................................................................................................................................ 9
III. Physical Security Monitoring .............................................................................................................................. 10
Task 2.1. Proposing a method to assess and treat IT security risks (M1).................................................................... 11
I. Methods required to access security threats ....................................................................................................... 11
II. Current weakness or threats of an organization ................................................................................................. 13
III. Proposing tools to treat IT security risks ............................................................................................................ 14
Task 3 - Identifying the potential impact to IT security of incorrect configuration of firewall policies and IDS (P3) . 16
I. Firewalls and policies............................................................................................................................................ 16
II. How firewall provide security to a network ........................................................................................................ 17
III. Diagrams of how firewall works ......................................................................................................................... 18
IV. IDS definition, its usage and diagram ................................................................................................................. 18
4.1 Definition ....................................................................................................................................................... 18
4.2 Usage ............................................................................................................................................................. 19
4.3 Diagrams examples........................................................................................................................................ 19

V. Potential impact of a firewall and IDS if they are incorrectly configured ........................................................... 20
Task 4 - Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve
Network Security (P4).................................................................................................................................................. 21
I. DMZ ...................................................................................................................................................................... 21
II. Static IP ................................................................................................................................................................ 22


III. NAT ..................................................................................................................................................................... 23
Task 4.1 - Discuss three benefits to implement network monitoring systems with supporting reasons (M2) .......... 25
I. Networking monitoring devices ........................................................................................................................... 25
II. Why needs monitor networks ............................................................................................................................. 27
III. Benefits of monitoring a network ...................................................................................................................... 28
Task 4.1.1 - Investigate how a ‘trusted network’ may be part of an IT security solution (D1) ................................... 30
I. Trusted network ................................................................................................................................................... 30
II. How it can be a solution in IT security................................................................................................................. 31
Reference list ............................................................................................................................................................... 32


Task 1. Indetifying types of security threat to organisations. Give an example
of a recently publicized security breach and discuss its consequences (P1)
I. Threats definition
Threats to Information Systems
A threat is any action that could harm an asset. Natural and human-induced threats are the two things
that information systems have to face.
The threats of a flood, earthquake, or severe storms require companies to create schemes to make
sure that business operations continue and that the organization can recover. A Business Continuity
Plan (BCP) gives priorities to the functions a company needs to keep going.
On the other hand, a Disaster Recovery Plan (DRP) defines how a business regains after a massive
disaster such as a fire or hurricane.
Human-Caused Threats to Computer Systems

Human-caused threats to a computer system include viruses, malicious code, and unauthorized access.
• A virus is a piece of software designed with the intent to harm a system, an application, or data.
• Malicious code, or malware, is a computer program written to cause a specific action to happen,
such as deleting a hard drive.
These threats can harm individuals, businesses, or organizations.

II. Threat agents to organizations
A thread agent is an individual or group that acts or has the power to, exploit a vulnerability or conduct
other damaging activities. Various types of such threat agents are introduced as follows:
• Natural Disasters: Natural disasters such as storms, floods, earth quakes can cause the risk to the
infrastructure of the organization’s information system. These threat agents are considered the
natural threat agents.
• Workforces: Organizations have to engage their workforces to perform their respective jobs
following the policies of the organization. When an employee makes a critical mistake in data entry,
releases proprietary data, or deceives the organization, he or she becomes a major threat to the
concerned organization.


• Malicious Hackers: Information systems if interlinked with other systems or even the Internet are
exposed to thousands of potential hackers through social engineering, modem connections, or
physical attacks. They do not care about the interface, be it public or private.
• Industrial Spies: Industrial espionage is a dangerous threat to most organizations. It can result in
loss of profits, competitive advantage, or even the business itself.
• Foreign Government Spies: Foreign spies can be involved in espionage with a view to enhancing
the capabilities of their own government, reducing the native government’s abilities. Their
activities can even include foreign-sponsored industrial espionage.

III. List type of threats that organizations will face
Attacks on Availability:
This category aligns with threats such as Denial of Service (DoS) and Distributed Denial of Service

(DDoS) attacks that impact access or uptime to critical systems, applications, or data.
Attacks on People:
This category can relate to threats such as social engineering attacks, where attackers use coercion or
deception to manipulate individuals into divulging sensitive information or performing certain actions,
like clicking on malicious URLs or opening suspicious email attachments.
Attacks on IT Assets:
This category aligns with various threats such as penetration testing (in the context of unauthorized
and malicious penetration testing), unauthorized access, privileged escalation, stolen passwords, data
deletion, and data breaches.

Figure 1. threats from cyber crime illustration


IV. Recent security breaches
A security breach refers to an incident where unauthorized individuals or entities gain access to
sensitive or confidential information, computer systems, networks, or digital resources without proper
authorization. Such breaches may result in data theft, data exposure, system compromise, or other
harmful consequences to the affected individuals or organizations. The examples have been described
below.
1) On July 11th 2023, it was revealed that Chinese hackers infiltrated U.S. government agencies using a
vulnerability in Microsoft's cloud services. The attack was
discovered by an unnamed government agency in June, and
both Microsoft and the Department of Homeland Security
were notified about the incident. The group responsible for
the attack, known as "Storm-0558" by Microsoft, is believed
to have ties to the Chinese government. Their targets were
State and Commerce department emails, particularly around
the time of U.S. Secretary of State Antony Blinken's visit to China in June. Fortunately, U.S. officials
have stated that sensitive data was not compromised in this specific email breach.
2) On July 2nd 2023, the hacktivist group Anonymous Sudan claimed to have hacked Microsoft and

pilfered data pertaining to over 30 million Microsoft accounts. The group provided a sample of the
data, but so far it has not been determined where exactly the data came from. A Microsoft
spokesperson said that these claims of a data breach were not legitimate, and stated that Microsoft
had seen “no evidence that our customer data has been accessed or compromised.”
3) On July 8th 2023, an anonymous hacker posted on an online forum
that they had stolen source codes and other data from Razer, a consumer
electronics company. The hacker offered to sell this data for $100,000
worth of cryptocurrency. On July 10, Razer acknowledged that they were
investigating this incident.

V. Consequences of these breaches
Chinese hackers infiltrated U.S. government agencies via Microsoft's cloud services, raising concerns
about intelligence loss and diplomatic tensions.
Hacktivist group Anonymous Sudan claimed to have pilfered data from 30 million Microsoft accounts,
leading to data privacy concerns and trust issues for Microsoft.


An anonymous hacker stole source codes and data from Razer, risking intellectual property, brand
reputation, and potential financial loss for the company.
Consquences of breaches in general:
•
•
•
•
•
•

Data Exposure and Loss: Breaches often lead to unauthorized access and exposure of sensitive or
confidential data, resulting in potential data theft or loss.
Financial Loss: Organizations may incur significant financial losses due to the cost of investigating

the breach, implementing security improvements, and potential legal fees and fines.
Reputation Damage: A breach can tarnish an organization's reputation, leading to a loss of trust
from customers, partners, and stakeholders.
Disruption of Operations: Breaches can cause disruptions to normal business operations, leading
to downtime, loss of productivity, and revenue impact.
Intellectual Property Theft: Cybercriminals may target intellectual property, trade secrets, or
proprietary information, leading to potential competitive disadvantages.
Loss of Customer Trust: Customers may lose confidence in an organization's ability to protect
their data, leading to decreased customer loyalty and potential customer churn.

VI. Solutions to organizations
1. Limit access to your most valuable data.
When you limit who is permitted to see particular documents, you limit the group of employees who
could accidentally click on a harmful link. As organizations move into the future, expect to see all
records partitioned off so that only those who need access will have it. This is one of those commonsense solutions that companies probably should have been doing all along.
2. Third-party vendors must comply.
Enterprises that are permitted to see your valuable data, demand transparency. Make sure they are
complying with privacy rules; don’t just assume. Ask for background checks for third-party vendors
who must enter your company on a regular basis. CEOs need to get tougher on security if they really
want to enhance change.
3. Conduct employee security awareness training.
According to recent surveys, employees are the weakest link in the data security chain. Instead of
training, employees open suspicious emails every day that have the potential to download viruses. One
mistake that employers make is thinking that one training class about cybersecurity is enough. If you’re


serious about safeguarding your important data, schedule regular classes each quarter or even
monthly.
4. Update software regularly.
Experts recommend keeping all application software and operating systems updated often. Install

patches whenever available. Your network is vulnerable when programs aren’t patched and updated
regularly. Microsoft now has a product called Baseline Security Analyzer that can regularly check to
make sure all programs are patched and upgraded. This is a fairly easy and cost-effective way to
strengthen your network and stop attacks before they occur.

Figure 2. Detecting arrors illustration


Task 2. Describing at least 3 organisational security procedures (P2)
I. Data Classification
Data classification is the process of categorizing data based on its sensitivity, value, and criticality to the
organization. By understanding the type and importance of data they possess, organizations can apply
appropriate security measures and controls to protect it effectively.
Procedure:
•
•
•

Data Inventory: Organizations conduct an inventory of all data they store and process to
understand the types and locations of sensitive information.
Data Categorization: Data is categorized into different levels (e.g., public, internal, confidential,
highly confidential) based on predefined criteria.
Data Handling Guidelines: Policies are established to define how each data category should be
handled, stored, transmitted, and accessed.

Benefits:
•

•
•


Focused Security Measures: Data classification allows organizations to allocate security
resources based on the sensitivity and importance of the data, making security efforts more
effective and efficient.
Compliance: Properly classified data helps organizations meet regulatory requirements related
to data protection and privacy.
Risk Management: Identifying and prioritizing sensitive data enables organizations to focus on
protecting their most critical assets from potential threats.

II. Strict Access Controls
Access controls are security measures that limit access to information systems, resources, and data to
authorized users only. Implementing strict access controls is crucial in preventing unauthorized access
and protecting sensitive information.
Procedure:
•

•

Role-Based Access Control (RBAC): Employees are assigned specific roles, and access
permissions are associated with those roles. Users receive access to resources based on their
roles.
Multi-Factor Authentication (MFA): MFA requires users to provide multiple forms of
identification (e.g., password and one-time code) to access sensitive systems or data.


•

Access Review and Revocation: Regular reviews are conducted to assess the appropriateness of
access rights, and access is promptly revoked when no longer needed.


Benefits:
•
•

•

Reduced Insider Threat: Strict access controls minimize the risk of internal breaches by limiting
access to sensitive information.
Prevention of Unauthorized Access: The principle of least privilege ensures that users can only
access resources necessary for their job, reducing the likelihood of accidental or intentional
data breaches.
Auditability and Accountability: Access controls enable tracking and monitoring of user
activities, aiding in investigations and ensuring accountability for actions taken.

III. Physical Security Monitoring
Physical security monitoring involves using various surveillance and detection techniques to protect the
organization's physical assets, premises, and personnel from unauthorized access or threats.
Procedure:
•
•
•
•

Security Cameras: CCTV cameras are strategically placed to monitor entry points, critical areas,
and perimeters.
Intrusion Detection Systems (IDS): IDS sensors detect and alert on unauthorized access
attempts or suspicious activities.
Access Logs and Controls: Logging access attempts and using access control systems to restrict
entry to authorized personnel.
Security Personnel: Employing security personnel to perform patrols, monitor surveillance

feeds, and respond to security incidents.

Benefits:
•
•
•

Deterrence: Visible physical security measures act as a deterrent, discouraging potential
attackers or unauthorized individuals.
Rapid Response: Monitoring allows for timely detection of security incidents, enabling quick
response and containment.
Forensics and Investigations: Surveillance footage and access logs can aid in post-incident
investigations and evidence gathering


Task 2.1. Proposing a method to assess and treat IT security risks (M1)
I. Methods required to access security threats
A security risk assessment identifies security risks in a computing system, evaluates and prioritizes
those risks, and suggests security controls that can mitigate the risks. Another aspect of security risk
assessments is vulnerability assessment—the process of identifying and remediating vulnerabilities
across the organization.
Performing a risk assessment can provide organizations with a complete view of the exploitability of
their infrastructure and application portfolio. It helps administrators make informed decisions about
resource allocation, tools, and implementation of security controls. Therefore, conducting an
assessment is an essential part of an organization's risk management process.
Common methods required to access security threats include
•

•


•

•
•

Vulnerability Assessment: Conducting vulnerability assessments involves systematically
scanning networks, systems, and applications to identify potential weaknesses. Vulnerability
scanning tools are used to find security flaws like outdated software, misconfigurations, or
unpatched systems.
Penetration Testing: Penetration testing, also known as ethical hacking, involves simulating
real-world cyber-attacks to assess the security of systems, networks, and applications. Skilled
professionals attempt to exploit vulnerabilities to understand potential risks and the impact of a
successful attack.
Threat Intelligence: Gathering threat intelligence involves monitoring and analyzing data from
various sources, including security feeds, dark web forums, and hacker chatter. This helps in
understanding emerging threats and attack trends.
Log Analysis: Analyzing system logs, network traffic, and event data can help detect suspicious
activities and potential security breaches.
Malware Analysis: Studying malware samples to understand their behavior and capabilities can
help in developing effective countermeasures.

5-Step Risk Assessment Process
Determine the Scope:
•
•

Define the boundaries of the risk assessment, like specific business units or processes.
Involve relevant stakeholders to identify risks and assess their impacts.



•
•

Review frameworks like NIST SP 800-37 and ISO/IEC 27001 for guidance on effective security
controls.
GRC (Governance, Risk, and Compliance) Software: Helps organizations manage and assess
risks, compliance, and policies across different business units and processes.

Identify Threats and Vulnerabilities:
•
•
•

Threats are events that can harm an organization's assets or processes.
Vulnerabilities are weaknesses that expose the organization to potential threats.
Use automated scanning, auditing, and testing techniques to find vulnerabilities, both technical
and physical.

Analyze Risks and Impact:
•
•

Assess how risks can affect the organization based on factors like discoverability, ease of
exploitability, and historical incidents.
Risk Analysis Tools: Tools like FAIR (Factor Analysis of Information Risk) provide a quantitative
framework to assess and prioritize risks based on factors like impact and likelihood.

Prioritize Risks:
•
•

•

Use a risk matrix to classify risks based on severity and likelihood.
Define a risk tolerance level and determine actions for each risk scenario: avoid, transfer, or
mitigate.
Risk Matrix Template: While not a tool in itself, using a risk matrix template in spreadsheet
software (e.g., Excel) can help classify risks based on their severity and likelihood.

Document and Monitor:
•
•
•

Thoroughly document all identified risk scenarios, existing controls, and mitigation plans.
Regularly update risk documentation to maintain visibility of the current risk portfolio.
Security Information and Event Management (SIEM) Software: SIEM tools like Splunk, ArcSight,
or LogRhythm help centralize and analyze security event data, providing real-time visibility into
security incidents and ongoing risk management.


II. Current weakness or threats of an organization
weaknesses in an organization can hinder its ability to perform at an optimum level and remain
competitive. Here are some current common weaknesses that organizations may face:
Weak Brand: A weak brand image or reputation can result in reduced customer trust and loyalty,
making it difficult to attract and retain customers compared to competitors with stronger brand
recognition.
High Employee Turnover: High turnover rates can lead to increased recruitment and training costs, as
well as a loss of knowledge and expertise. It may also impact employee morale and productivity.
High Levels of Debt: Excessive debt can lead to financial strain, increased interest payments, and
limited financial flexibility. It may impede investment in growth opportunities or necessary upgrades.

Inadequate Supply Chain: An inefficient or unreliable supply chain can result in delays, increased costs,
and customer dissatisfaction due to product or service disruptions.
Lack of Capital: Insufficient financial resources can restrict the organization's ability to invest in
expansion, research and development, or new technologies.
Outdated Technology and Systems: Using outdated technology and systems can hinder productivity
and innovation, limiting the organization's ability to keep up with competitors.
Ineffective Marketing Strategies: Poorly executed marketing strategies may lead to low customer
acquisition rates, reducing the organization's market share.
Limited Product or Service Offerings: A narrow range of products or services may limit the
organization's ability to meet diverse customer needs and preferences.
Lack of Innovation: Failing to innovate and adapt to market changes can result in the organization
falling behind competitors and losing its competitive edge.
Inadequate Cybersecurity Measures: Insufficient cybersecurity measures can expose the organization
to data breaches, leading to reputational damage and financial losses.


III. Proposing tools to treat IT security risks
Firewalls:
•

•
•
•

Firewalls are a network security solution that serve as a protective barrier between an
organization's internal network (trusted zone) and the outside world, including the internet and
other untrusted networks.
They operate by examining and filtering incoming and outgoing network traffic based on
predetermined rules and policies.
By allowing or blocking specific data packets, firewalls prevent unauthorized access to sensitive

information, cyberattacks, and other security threats.
Firewalls can be hardware, software, or cloud-based, and they play a crucial role in protecting
an organization's network and resources from external threats.

Security Information and Event Management (SIEM):
•
•
•
•

SIEM tools are designed to collect, aggregate, and analyze log and security event data from
various sources within an organization's IT infrastructure.
These sources can include firewalls, servers, network devices, antivirus systems, intrusion
detection systems, and more.
SIEM solutions provide real-time monitoring and correlation of events, enabling security
analysts to detect and respond to security incidents promptly.
By centralizing security information, SIEM tools help identify patterns and anomalies, aiding in
threat detection, incident response, and forensic analysis.

Network Access Control (NAC):
•
•
•
•

NAC tools are used to regulate and control access to an organization's network resources based
on predefined security policies.
Before granting access, NAC solutions verify the identity and security posture of devices
attempting to connect to the network.
NAC can enforce measures such as requiring devices to have up-to-date security patches,

updated antivirus software, and complying with specific security standards.
By enforcing proper access controls, NAC helps prevent unauthorized devices from accessing
sensitive resources, mitigating the risk of potential security breaches.

Together, firewalls, SIEM, and NAC contribute to a comprehensive cybersecurity strategy by fortifying
an organization's network perimeter, providing real-time threat detection and analysis, and enforcing
stringent access controls. These tools, when properly implemented and integrated into an


organization's security infrastructure, enhance the overall security posture, protect against cyber
threats, and help organizations respond effectively to security incidents.

Figure 3. Risk assessment criteria illustration


Task 3 - Identifying the potential impact to IT security of incorrect configuration of
firewall policies and IDS (P3)
I. Firewalls and policies
Firewalls is a device used for network security. It monitors network traffic – both incoming and
outgoing – to either allow or block data packets based on its security rules. Its purpose is to create a
barrier between your internal network and traffic that flows in from external sources – like the rest of
the internet. This blocks hackers, viruses and other malicious traffic.
7 Uses of Firewall
•

•
•
•
•
•

•

Firewall prevents unwanted and malicious content from entering the system, safeguarding
against potential threats. Users should check for a firewall and install a third-party one if
necessary.
A strong firewall blocks unauthorized remote access by unethical hackers, protecting sensitive
data and transactions. This is crucial for organizations and security agencies.
Firewalls are essential for keeping indecent content away from computer systems, safeguarding
young users from harmful material.
Hardware firewalls examine traffic based on protocols and IP addresses, enhancing system
security. Network Address Translation (NAT) protects systems from external threats.
Firewalls ensure seamless operations in enterprises by providing security for decentralized
systems and data accessibility.
Firewalls protect confidential information exchanged during conversations and coordination
activities with internal and external stakeholders.
Firewalls are vital in preventing malware attacks from destructive content found in online
videos and games, ensuring safe internet exploration. Users should consult specialists and
configure firewall settings appropriately.

Firewall Benefits
•
•
•
•
•

Monitors network traffic to protect systems with preestablished rules and filters.
Stops virus attacks and prevents potential damage to digital operations.
Prevents hacking by blocking unauthorized access to data and systems.
Stops spyware and malware from infiltrating and controlling systems.

Promotes privacy and builds trust with clients by keeping their data safe.


II. How firewall provide security to a network
A firewall is a vital cybersecurity solution that safeguards your computer or network by preventing
unwanted traffic from entering or leaving. It acts as a protective barrier, inspecting and authenticating
data packets before allowing them into a secure environment.
Protection from Internal and External Threats
By securing the border between your network and the internet, or between different segments of your
network, firewalls provide essential protection against both internal and external threats. Filtering data
in network traffic, they defend your network from a wide range of malicious attacks and malware.
Vulnerable Without Firewalls
Without firewalls to block cyber threats and unauthorized access, your network's computers and
devices become susceptible to attack. Firewalls serve as your first line of defense, monitoring and
filtering all network traffic to ensure only safe content enters your secure environment.
Preventing Incoming Threats
Firewalls use pre-programmed rules to block incoming threats and unauthorized access. They can also
control which users can access specific network areas, adding an extra layer of protection.
Comprehensive Traffic Monitoring
Acting as vigilant gatekeepers, firewalls monitor and filter all types of network traffic, including
outgoing traffic, application-layer data, online transactions, communications, connectivity, and
dynamic workflows.
With firewalls as your cybersecurity shield, you can rest assured that your network is safeguarded from
potential threats, enabling safe and secure operations.

Figure 4. Protection from firewall illustration


III. Diagrams of how firewall works
No one can deny the fact that the dynamic rise of the Internet has brought the world closer. But at the

same time, it has left us with different kinds of security threats. To ensure the confidentiality and
integrity of valuable information of a corporate network from outside attacks, we must have some
robust mechanism.
The firewall acts as a guard. It guards a corporate network acting as a shield between the inside
network and the outside world. All the traffic in either direction must pass through the firewall. It then
decides whether the traffic is allowed to flow or not. The firewall can be implemented as hardware and
software, or a combination of both.

Figure 5. The working way of firewall illustration

IV. IDS definition, its usage and diagram
4.1 Definition
An intrusion detection system definition includes installing a monitoring system that helps detect
suspicious activities and issue alerts about them. Depending upon these alerts, a SOC (security
operations center) analyst or the incident responder investigates the issue and takes the required steps
to eradicate the threat.
While these systems are quite effective for detecting malicious activity, they sometimes generate false
alarms. So, organizations need to fine-tune them at the time of installation. This means you need to
properly set up the intrusion detection system to identify what normal traffic on the network looks
like.


Additionally, the intrusion prevention system also keeps a check on the network packets to detect
malicious activity.

4.2 Usage
Intrusion detection systems offer organizations several benefits, starting with the ability to identify
security incidents. An IDS can be used to help analyze the quantity and types of attacks. Organizations
can use this information to change their security systems or implement more effective controls. An
intrusion detection system can also help companies identify bugs or problems with their network

device configurations. These metrics can then be used to assess future risks.
Intrusion detection systems can also help enterprises attain regulatory compliance. An IDS gives
companies greater visibility across their networks, making it easier to meet security regulations.
Additionally, businesses can use their IDS logs as part of the documentation to show they are meeting
certain compliance requirements.
Intrusion detection systems can also improve security responses. Since IDS sensors can detect network
hosts and devices, they can also be used to inspect data within the network packets, as well as identify
the OSes of services being used. Using an IDS to collect this information can be much more efficient
than manual censuses of connected systems.

4.3 Diagrams examples
An IDS only needs to detect potential threats. It is placed out of band on the network infrastructure.
Consequently, it is not in the real-time communication path between the sender and receiver of
information.
Network intrusion detection systems are used to detect suspicious activity to catch hackers before
damage is done to the network. There are network-based and host-based intrusion detection systems.
Host-based IDSes are installed on client computers; network-based IDSes are on the network itself.
An IDS can be implemented as a network security device or a software application. To protect data and
systems in cloud environments, cloud-based IDSes are also available.