INTERNATIONAL SCHOOL OF

MANAGEMENT AND TECHNOLOGY

KATHMANDU, NEPAL

Qualification Unit Number & Title

BTEC HND IN COMPUTING K/615/1623 - Unit 10: Security
Student Name Assessor Name
Roshan Kandel
Assignment Launch Date Due Date Completion Date
03/10/2021 04/30/2021
Session/Year 01/2019 Assignment Number 1/1
Assignment Title Managing Security

Assignment submission format

Each student has to submit their assignment as guided in the assignment brief. The students
are guided what sort of information is to produce to meet the criteria targeted. You are
required to make use of headings, paragraphs and subsections as appropriate, and all work
must be supported with research and referenced using the APA referencing system.

Learning outcomes covered

 LO1 Assess risks to IT security.

 LO2 Describe IT security solutions.
 LO3 Review mechanisms to control organisational IT security.
 LO4 Manage organisational security
Scenario

“Civil Bank", established in 2002, is a leading commercial bank in Nepal founded by reputed
entrepreneurs understanding the needs of a growing economy and is managed by a team of
professionals and experienced bankers. The main mission of the bank is to be leading Nepali
bank, delivering world class service through the blending of state of the art technology and
visionary management in partnership with competent and committed staff, to achieve a sound
financial strength with sustainable value addition to all the stakeholders. The bank is committed
to do this mission while ensuring the highest levels of ethical standards, professional integrity,
corporate governance and regulatory compliance.

The bank is committed in providing quality service and planning to utilize all the technological
facilities that enhance quality service with high degree of compliance and risk management. The
bank has an IT department which is responsible to manage and implement all required IT
infrastructure. IT department has defined a policy that all of the branch office must connect to
head office through secure VPN. All other clients must be member of the centralized domain.
User access of the system has been managed via proper access control mechanism and the access
control list, and the service access has been managed via ports and services.

The bank has security policies for managing the security of all its assets, functions and the
services. VPN access has been managed for limited person of all branch office employees and IT
administration team of head office. Defense in depth approach is to be implemented in order to
confirm the IT security at various level of network infrastructure. IT infrastructure security
design including address translation, DMZ, VPN, firewall, antivirus and intrusion detection
system are to be implemented for internal and external security policy.

You have been working as an IT Officer for the bank. Your key role will be to manage, support
and implement a secure network infrastructure for banks LAN/WAN environment. In order to
assess the possibility, you have been assigned the following in which you have to demonstrate
that you are able to assess risks to IT security, describe different possible IT solutions, review
mechanism to control organizational IT Security and manage organizational security.

Assignment Task – Part 1

Before you start the implementation of the IT security measure for the organization, you need to
assess the IT security risks in the organization. You need to consider various aspects of risks
such as unauthorized access of the system and data, naturally occurring risks, host, application
and network risks etc. You are required to consider organizational security procedure such as
business continuance, backup/restoration, audits etc. and then produce a report for the CEO of
Civil Bank containing:
 Identified security risk types to the organization along with description of organizational
security procedure.
 Develop a proposal of a method to assess and treat IT security risks.

You would prefer to produce a more detailed document, so you will produce a
comprehensive report for fully functional secure system which will include
identified risks and method to mitigate those risks. Your manager would like a
separate report on your assessment of the effectiveness of the design in
relation to user and system requirements.

Once the assessment of the risks and proposal for its remedy has been made you need to describe
IT security solution for the organization such as VPNs, firewall, DMZ with a suitable
implementation example. You need to:
1. Identify the potential impact to IT security using firewall and VPNs and make aware of
the repercussion of incorrect configuration of firewall policies and third party VPNs.
2. Show through an example in simulated environment, how implementing a DMZ, Static
IP ad NAT in a network can improve Network Security.
3. Discuss how network monitoring systems can benefit the security of IT of the
organization. You need present at least three advantages.
4. Finally evaluate a minimum of three of physical and virtual security measures that
can be employed to ensure the integrity of organisational IT security.

Assignment Task – Part 2

Once you have identified IT risks and viable security solutions, you need to review the
mechanisms to control organizational security. Consider various aspects of network change
management, audit controls, disaster recovery plans, Data Protection Acts, Computer Misuse
Act, ISO 3001 standards, etc. You need to:
1. Discuss risk assessment procedures and explain data protection processes and
regulations as applicable to the organization.
2. Summarize the ISO 31000 risk management methodology and its application in IT
security and then discuss possible impacts to organizational security resulting from an
IT security audit.
3. Explain considering how IT security can be aligned with organizational policy, detailing
the security impact of any misalignment .
Assignment Task – Part 3

Lastly you will produce technical and user documentation which will be given to the company
for the management of organizational security. You have to design and implement a security
policy for the bank which will
 List out the main components of an organizational disaster recovery plan, justifying
the reasons for inclusion.
 Discuss the roles of stakeholders in the organization to implement security audit
recommendations.
 And an evaluation of the suitability of the tools used in an organizational policy.

Pass Merit Distinction

LO1 Assess risks to IT security
P1 Identify types of security M1 Propose a method to assess
risks to organizations. and treat IT security risks.

P2 Describe organizational LO1 and LO2

security procedures.
LO2 Describe IT security solutions D1 Evaluate a minimum
P3 Identify the potential impact of three of physical and
to IT security of incorrect virtual security measures
configuration of firewall M2 Discuss three benefits to that can be employed to
policies and third- party VPNs. implement network monitoring ensure the integrity of
systems with supporting reasons. organisational IT security.
P4 Show, using an example for
each, how implementing a
DMZ, static IP and NAT in a
network can improve Network
Security.

LO3 Review mechanisms to control organisational IT security

P5 Discuss risk assessment M3 Summarise the ISO 31000 LO3
procedures. risk management methodology D2 Consider how IT
and its application in IT security. security can be aligned
P6 Explain data protection with organisational policy,
processes and regulations as M4 Discuss possible impacts to detailing the security
applicable to an organisation. organisational security resulting impact of any
from an IT security audit. misalignment.

LO4 Manage organisational security

P7 Design and implement a M5 Discuss the roles of LO4
security policy for an stakeholders in the organisation D3 Evaluate the suitability
organisation. to implement security audit of the tools used in an
recommendations. organisational policy.
P8 List the main components of
an organisational disaster
recovery plan, justifying the
reasons for inclusion.

Grades Achieved

Note: Refer the unit details provided in your handbook when responding all the tasks above.
Make sure that you have understood and developed your response that matches the highlighted
key words in each task.

Plagiarism Notice

You are reminded that there exists Academic Misconduct Policy and Regulation concerning
Cheating and Plagiarism.

Extracts from the Policy:

Section 3.4.1: Allowing others to do assignments / Copying others assignment is an offence

Section 3.4.2: Plagiarism, using the views, opinion or insights / paraphrasing of another person’s
original phraseology without acknowledgement
Requirements

 It should be the student’s own work – Plagiarism is unacceptable.

 Clarity of expression and structure are important features.
 Your work should be submitted as a well presented, word-processed document with
headers and footers, and headings and subheadings, both in hard and soft copies.
 You are expected to undertake research on this subject using books from the Library, and
resources available on the Internet.
 Any sources of information should be listed as references at the end of your document
and these sources should be referenced within the text of your document using APA
Referencing style
 Your report should be illustrated with screen-prints, images, tables, charts and/or
graphics.
 All assignments must be typed in Times New Roman, font size 12, 11/2 spacing.
The center policy is that you must submit your work within due date to achieve “Merit”
and “Distinction”. Late submission automatically eliminates your chance of achieving
“Merit and Distinction”. Also, 80% attendance is required to validate this assignment.

I declare that all the work submitted for this assignment is my own work and I understand that if
any part of the work submitted for this assignment is found to be plagiarised, none of the work
submitted will be allowed to count towards the assessment of the assignment.

Assignment Prepared By Signature Date

Roshan Kandel Mar 02, 2021

Brief Checked By Signature Date

Dhruba Babu Joshi Mar 04, 2021