ICTCYS608 Perform Cyber Security Risk Assessments
Table of Contents
Assessment task 4 – Project. 3
Assessment task 4 – Project
Activity 1
Discussion of Business Operation
Meeting
Network Engineer – Hello, Good Morning
Manager – Very Good Morning
Network Engineer – How are You ?
Manager – I’m fine. Thank you.
Network Engineer – As we know that we will be deliberating about business procedures that need cyber security and evaluating the work.
Manager – Yes, I know. Future IT company providing IT services such as Application development, technical issues resolution, etc.
Network Engineer – Exactly they are scheduling to implement cybersecurity then giving facilities as protection from cyber-attacks and data breaches.
Manager – So I will provide the information about business and security implemented on the operations.
Network Engineer – Okay! Let’s discussed virtual cyber security
Manager – A virtual space that permits scholars to generate their determined virtual machines, involves a cybernetic laboratory using actual creation agendas.
Network Engineer – It also recognized Many tools to be used Admission controller, Message Safety, Antivirus package, and Cybernetic private network.
Manager – So they required several data as Web telemetry data, Synthetic testing, Controlling data, Application recognition data, and so on. Because it protects all groups of data from injury
Network Engineer – Yes Alright. That’s how they highlight the business operations.
Manager – Cyber security assembles devices, skills, and helps to protect discretion, truthfulness, and computer system availability.
Network engineer – It is also software and monitoring that protects their Email, Network, operating system, and device printing from data theft.
Manager – As they make ICT strategy, applications, Support, and enterprise architecture for a project of the organization.
Network Engineer – Analyzing the association protects hardware and software companies. Problem resolving and announcement skills must be essential.
Manager – yes correct. Thank you.
Meeting Minute Template
Minutes of Meeting: 7 to 10minutes
Meeting Objectives: Providing information and Importance of Cyber security.
Attendees: Network Engineer and Manager
Venue: Room no. 20 (Conference Hall)
Date: 10 March 2022
No
|
Points discussed | Action Suggested | Target date |
1.
|
Virtual Cybersecurity of business operation. | Providing Information on business operation and planned to implement cyber security. | After 2 months. |
2.
|
Necessities for virtual Cyber security | Understand security controls for networks, servers, and applications and how to develop compliant policies. | After 4 months |
3.
|
Business Operation highlights | Controlling the data and application recognize data, for increase the value of the enterprise and earn of profit.
|
After 5 months |
4.
|
Analysing the business operations which need cyber security | Making ICT strategy, problem-solving and communication skills must be compulsory for the organization.
|
After 8 months |
Preparation of design infrastructure
Report
Need of cyber security – ICTCYS608 Perform Cyber Security Risk Assessments : They need to instrument the cyber security organization for different cyber-attacks as separately outbreak uses changed designs to avoid the outbreaks, as they want to have different types of cyber security infrastructure. A cyber security risk assessment requires an organization to determine its key business objectives and identify the information technology. Cyber security is significant because it keeps all types of data information from robbery and harm, with facts, personally recognizable material, endangered strength data, knowledgeable property, legislative or trade data, information organizations (de Bruijn, et al., 2017).
|
Data types to use in Cyber security infrastructure – ICTCYS608 Perform Cyber Security Risk Assessments: Cyber security infrastructure uses various types of data as Serious Substructure security, Submission security, Network Telemetry data, Artificial testing and cybernetic software representative data, regulatory and cloud security data, and application appreciation data also used in cyber security infrastructure. A cyber security risk assessment requires an organization to determine its key business objectives and identify the information technology.
|
Security levels in cyber security infrastructure – A future IT company has some safety or security levels to keep the data from the cyber-attacks as Access Evaluating, Authentication, and Authorization. Risk organization must be recognized, skilled, accomplished, and definite. It contains arranging and evaluating the facts and system. Data safety and safety programs will be essential distinct or similarly established procedures and controls that provision data material. Safety scanning is an involuntary method that examines fundamentals web elements, submission, or devices to check for refuge mistakes.
|
Requirements of the network server in cyber security – ICTCYS608 Perform Cyber Security Risk Assessments: It has various types of Network Server which are required, such as Email security that is Significant Influence to reflect when Executing Interacting safety tools, Firewalls are joint basics of a system safety model, Web Security package helps a limited resolve, and Web Subdivision helps to Appropriate possibly negotiated strategies or interferences. Event organization and security evidence is an organization that combines immediate system circulation monitoring with ancient statistics record folder scanning. Mobile device safety is measured planned to keep complex material deposited on and conducted by laptops, smart phones, tablets, and other devices. |
Network boundaries to secure – A network boundary is monitoring and regulator of infrastructures at the exterior limit of an evidence system to avoid and perceive hateful and additional unlawful transportation. A line of connection between two areas, or atmospheres that have changed security desires or wants. Operative design, connection, formation, and preservation of web boundary safety instruments thoughtful responsibilities providing in active network security.
|
Tools required for implementing cyber security – An operative tool that arranges of any extent can use correct nowadays to revenue act to diminish cyber risk. A Force point is a personalized safety tool mostly considered for cloud users. It is used to describe web security, confine operators from editing specific satisfied, and wedge several invasion efforts. Keypass is an effective encoding device used for individuality organization. Life Lock helps to monitor for recognizing stealing and pressures as well as to perceive, be aware of, and block cybercrimes. VPN tool is strongly related to two webs organized crosswise and entrusted systems. Antivirus software is a planned tool to explore and eradicate package viruses. Metasploit is the best safety package that comprises several tools for implementing dispersion difficult facilities.
|
Network access to users – A network that links to contributors to a specific facility and wage-earner, over the transporter network. Future IT companies related the network access to the providers such as VMware professional services, Switch fast technologies, and McAfee security services. A security structure that delivers an operator with protected admission to the system (Nagarajan, et al.,2012)
|
Cyber-attacks occurred in the organization – A cyber-attack befalls in the organization when cybercriminals attempt to advantage of banned admission to automated information deposited on a system or a computer. It might cause economic damage, from stealing money, and evidence interruption to the corporate. The middle man in the attack, SQL injection, and phishing, so on. It occurs over ordinary mistakes similarly an operator selecting an easy-to-guess keyword or not altering the defaulting PIN on roughly corresponding an occupation.
|
Activity 3
Designing and planning the infrastructure
Implementation plan and timeframe for implementation
|
||||||||||||||||||||||||||||
Security monitoring strategies
For monitoring the security some of the strategies will be developed. The different applications can be used for example Splunk, Wireshark, Solar Winds, etc. these are some of the software which is freeware. This software will help monitor the security within the future IT network and this software even notifies whenever there is any kind of breach of security. A cyber security risk assessment requires an organization to determine its key business objectives and identify the information technology. One of the main strategies is that one of the employees will be available always for monitoring the security status of the future IT and then they will be taking immediate actions (Nestler, et al., 2018). |
Activity 4
Meeting with the manager
Meeting
Date: 11th March 2022 Location: meeting room Time: 3:00 pm Attendees- manager and network engineer Network Engineer – Hello, Good Morning Manager – Very Good Morning Network Engineer – How are You? Manager – I’m fine. Thank you. Network Engineer- so today we are gathered here to discuss the structure which is developed by me. I have developed the implementation plan for protection from cyber-attacks for the future IT company. Manager- okay Network Engineer- there are some of the changes in the infrastructure which are required to be made so that development can take place. Manager- can I know what is infrastructure design. Network Engineer- yes sure, the security infrastructure design of the organization is the IT network which controls the communications and the systems of the security information. When the security infrastructure is designed it makes sure of the security of the business operations. It helps to document the security procedures and then it also carries out them. A cyber security risk assessment requires an organization to determine its key business objectives and identify the information technology. Manager- okay Network Engineer- so the first thing which will be done is to analyze the current situation for the security infrastructure. As we already had to face the various cyber-attacks. Manager- yes sure. Network Engineer- we will design different infrastructures for the attacks. Manager- what kind of protection we can use. Network engineer- we will use various types of cyber security infrastructure which we can use for the protection of cyberattacks. Cybersecurity infrastructure uses various types of data as Serious Substructure security, Submission security, Network Telemetry data, Artificial testing and cybernetic software representative data, regulatory and cloud security data, and application appreciation data also used in cybersecurity infrastructure. We can install the VPN capable firewall, security keys, and office 365 secure score. A cyber security risk assessment requires an organization to determine its key business objectives and identify the information technology. Manager- okay Network engineer- we also need to conduct the meeting with the employees and stakeholders for the consultation. They will also know about the various infrastructures for the cyber-attacks. They will also have trained for using this software. Manager- okay Network engineer- you tell me one thing that how we can improve our security culture. Manager- for improving the security culture we can get a secure developmentlifecycle. It is foundational to the sustainable security culture. we can also provide rewards and recognition for those employees who are doing the things for security. Network engineer- yes, very good. We can also build the security community within the future IT. Manager- yes that is also a good idea. What kind of security levels we will be used in the cyber security infrastructure of future IT? Network engineer- our company’s future IT company has some safety or security levels to keep the data from the cyber-attacks as Access Evaluating, Authentication, and Authorization. Risk organization must be recognized, skilled, accomplished, and definite. It contains arranging and evaluating the facts and system. Data safety and safety programs will be essential distinct or similarly established procedures and controls that provision data material. Safety scanning is an involuntary method that examines fundamentals web elements, submission, or devices to check for refuge mistakes. A cyber security risk assessment requires an organization to determine its key business objectives and identify the information technology. Manager- okay we will check all the levels of security. We will also check the entry-level, mid-level and advanced level security. Network engineer- yes that will be great. Manger- which network serves will be required to be analyzed and selected? Network engineer- there are various types of Network Server which are required, such as Email security that is Significant Influence to reflect when Executing Interacting safety tools, Firewalls are joint basics of a system safety model, Web Security package helps a limited resolve, and Web Subdivision helps to Appropriate possibly negotiated strategies or interferences. Manger- okay Network engineer- now in some of the areas I need your feedback. we need to set the network boundaries for protection. Which tools will be beneficial for the organization to use for implementing cyber security Manager- we can use different applications can be used for example Splunk, Wireshark, Solar Winds, etc. these are some of the software is freeware. This software will help monitor the security within the future IT network and this software even notifies whenever there is any kind of breach of security. Network engineer- okay sure. The network will be used for the user’s future use. Manger- okay. Network engineer- what about the budget according to you how much budget can be allocated Manager- we can be allotted a budget of $ 50000. Is this being okay for the security? Network engineer- yes it will be okay. I have also emailed you the implementation plan please review it. Manager- okay Network engineer- okay thank you everyone for your valuable feedback. |
Minutes of Meeting
Meeting Objective: To discuss the structure which was developed earlier Attendees: manager and network engineer Venue: meeting room Date: 11th March 2022 |
|||
No | Points Discussed | Actions Suggested | Target Date |
1 | The current situation was discussed.
|
Analyze the current organization situation that there is a need to develop the cyber security infrastructure | 25th march 2022 |
2 | Different infrastructure was designed for the attacks which were identified above
|
Application security
Firewalls Access control |
25th march 2022 |
3 |
Security measures and the devices were being determined.
|
Strong passwords will be set
Security software will be used |
25th march 2022 |
4 | how dynamic culture of security can be built | Regular meeting and training sessions | 25th march 2022 |
5 | Data types that will be used in Cyber security infrastructure | Substructure security, Submission security, Network Telemetry data
Artificial testing Cybernetic software |
25th march 2022 |
6 | Security levels will be checked in the cyber security infrastructure | Entry-level
Mid-level Advance level |
25th march 2022 |
7 | Which network serves which will be required will be analyzed and selected for the future IT | Email security Interacting safety tools, Firewalls
Web Security Web Subdivision |
25th march 2022 |
8 | A tool which will be required for implementing in the cyber security of the future IT company will be gathered (Mouheb, et al., 2019). | Splunk
Wireshark Solar Winds |
25th march 2022 |
9 | The budget for the cybersecurity | $ 50,000 budget was allotted. | 16th march 2022 |
Activity 5
Implementation of infrastructure
Network boundaries were created. To create the network boundaries, boundary groups were created.
Network technologies were implemented. It involves the use of data systems to manage and deliver digital resources over the network of computers.
Server technologies were implemented. Email security that is Significant Influence to reflect when Executing Interacting safety tools, Firewalls are joint basics of a system safety model, Web Security package helps a limited resolve, and Web Subdivision helps to Appropriate possibly negotiated strategies or interferences (Jin, et al., 2018).
User’s security was implemented for the users. To the servers, the client needs to prove its identity. Strong passwords will be set to be safe from cyber-attacks.
Various security levels were established. Levels 1, 2, and 3 levels were set.
Some of the strategies were developed to monitor network security. The different applications can be used for example Splunk, Wireshark, Solar Winds, etc. these are some of the software which is freeware. This software will help monitor the security within the future IT network and this software even notifies whenever there is any kind of breach of security.
One of the main strategies is that one of the employees will be available always for monitoring the security status of the future IT and then they will be taking immediate actions (Luedtke, et al., 2019).
Activity 6
Test the infrastructure
There is a need to test the infrastructure. All types of cyber security tests involve the internal teams performing the various activities and the assessments which validate the future IT company security postures.
After testing the security infrastructure report will be created and feedback will be taken based on the findings and feedback so that future IT can mitigate the risk and the issues which are identified can be fixed (Zheng, et al., 2019). A cyber security risk assessment requires an organization to determine its key business objectives and identify the information technology.
References
Coulson, T., Mason, M., & Nestler, V. (2018). Cyber capability planning and the need for an expanded cybersecurity workforce. Communications of the IIMA, 16(2), 2.
de Bruijn, H., & Janssen, M. (2017). Building cybersecurity awareness: The need for evidence-based framing strategies. Government Information Quarterly, 34(1), 1-7.
Furfaro, A., Argento, L., Parise, A., & Piccolo, A. (2017). Using virtual environments for the assessment of cybersecurity issues in IoT scenarios. Simulation Modelling Practice and Theory, 73, 43-54.
Furnell, S. (2021). The cybersecurity workforce and skills. Computers & Security, 100, 102080.https://reader.elsevier.com/reader/sd/pii/S0167404820303539?token=F9F91C1ED2B65C785CBC31DCC63AF98DF2E10ED82C338DA4DF91873A4FE7CB7FFDFA96E69E8C1A99508706D5D4D7E413&originRegion=eu-west-1&originCreation=20220311063533
Jin, G., Tu, M., Kim, T. H., Heffron, J., & White, J. (2018). Evaluation of game-based learning in cybersecurity education for high school students. Journal of Education and Learning (EduLearn), 12(1), 150-158.https://www.researchgate.net/profile/Ge-Jin-2/publication/324228918_Evaluation_of_Game-Based_Learning_in_Cybersecurity_Education_for_High_School_Students/links/5b7c5a594585151fd124f87a/Evaluation-of-Game-Based-Learning-in-Cybersecurity-Education-for-High-School-Students.pdf
Mouheb, D., Abbas, S., &Mearabti, M. (2019). Cybersecurity curriculum design: A survey. In Transactions on Edutainment XV (pp. 93-107). Springer, Berlin, Heidelberg.https://sci-hub.hkvisa.net/10.1007/978-3-662-59351-6_9
Nagarajan, A., Allbeck, J. M., Sood, A., & Janssen, T. L. (2012, May). Exploring game design for cybersecurity training. In 2012 IEEE International Conference on Cyber Technology in Automation, Control, and Intelligent Systems (CYBER) (pp. 256-262). IEEE.
Rahman, N., Sairi, I., Zizi, N., & Khalid, F. (2020). The importance of cybersecurity education in school. International Journal of Information and Education Technology, 10(5), 378-382.http://www.ijiet.org/vol10/1393-JR419.pdf
Rebahi, Y., Hohberg, S., Shi, L., Parreira, B. M., Kourtis, A., Comi, P., & Ramos, A. (2015, December). Virtual security appliances: the next generation security. In 2015 International Conference on Communications, Management and Telecommunications (ComManTel) (pp. 103-110). IEEE.
Zheng, K., Albert, L. A., Luedtke, J. R., & Towle, E. (2019). A budgeted maximum multiple coverage model for cybersecurity planning and management. IISE Transactions, 51(12), 1303-1317.