ICTCYS608 Perform Cyber Security Risk Assessments

ICTCYS608 Perform Cyber Security Risk Assessments

 

 

 

 

 

 

 

ICTCYS608 Perform Cyber Security Risk Assessments

 

ICTCYS612

Design and implement virtualized cyber security infrastructure for organizations

 

 

 

 

Table of Contents

Assessment task 4 – Project. 3

Activity 1. 3

Activity 2. 5

Activity 3. 8

Activity 4. 10

Activity 5. 16

Activity 6. 16

Reference. 18

Assessment task 4 – Project

Activity 1

Discussion of Business Operation

Meeting

Network Engineer – Hello, Good Morning

Manager – Very Good Morning

Network Engineer – How are You ?

Manager – I’m fine. Thank you.

Network Engineer – As we know that we will be deliberating about business procedures that need cyber security and evaluating the work.

Manager – Yes, I know. Future IT company providing IT services such as Application development, technical issues resolution, etc.

Network Engineer – Exactly they are scheduling to implement cybersecurity then giving facilities as protection from cyber-attacks and data breaches.

Manager – So I will provide the information about business and security implemented on the operations.

Network Engineer – Okay! Let’s discussed virtual cyber security

Manager – A virtual space that permits scholars to generate their determined virtual machines, involves a cybernetic laboratory using actual creation agendas.

Network Engineer – It also recognized Many tools to be used Admission controller, Message Safety, Antivirus package, and Cybernetic private network.

Manager – So they required several data as Web telemetry data, Synthetic testing, Controlling data, Application recognition data, and so on. Because it protects all groups of data from injury

Network Engineer – Yes Alright. That’s how they highlight the business operations.

Manager – Cyber security assembles devices, skills, and helps to protect discretion, truthfulness, and computer system availability.

Network engineer – It is also software and monitoring that protects their Email, Network, operating system, and device printing from data theft.

Manager – As they make ICT strategy, applications, Support, and enterprise architecture for a project of the organization.

Network Engineer – Analyzing the association protects hardware and software companies. Problem resolving and announcement skills must be essential.

Manager – yes correct. Thank you.

Meeting Minute Template

Minutes of Meeting: 7 to 10minutes

Meeting Objectives: Providing information and Importance of Cyber security.

Attendees: Network Engineer and Manager

Venue: Room no. 20 (Conference Hall)

Date: 10 March 2022

 No

 

Points discussed Action Suggested Target date
1.

 

Virtual Cybersecurity of business operation.Providing Information on business operation and planned to implement cyber security.After 2 months.
2.

 

Necessities for virtual Cyber securityUnderstand security controls for networks, servers, and applications and how to develop compliant policies.After 4 months
3.

 

Business Operation highlightsControlling the data and application recognize data, for increase the value of the enterprise and earn of profit.

 

 

After 5 months
4.

 

Analysing the business operations which need cyber securityMaking ICT strategy, problem-solving and communication skills must be compulsory for the organization.

 

 

After 8 months

Activity 2

Preparation of design infrastructure

Report

 

Need of cyber security –  ICTCYS608 Perform Cyber Security Risk Assessments : They need to instrument the cyber security organization for different cyber-attacks as separately outbreak uses changed designs to avoid the outbreaks, as they want to have different types of cyber security infrastructure. A cyber security risk assessment requires an organization to determine its key business objectives and identify the information technology. Cyber security is significant because it keeps all types of data information from robbery and harm, with facts, personally recognizable material, endangered strength data, knowledgeable property, legislative or trade data, information organizations (de Bruijn, et al., 2017).

 

 

Data types to use in Cyber security infrastructure – ICTCYS608 Perform Cyber Security Risk Assessments: Cyber security infrastructure uses various types of data as Serious Substructure security, Submission security, Network Telemetry data, Artificial testing and cybernetic software representative data, regulatory and cloud security data, and application appreciation data also used in cyber security infrastructure. A cyber security risk assessment requires an organization to determine its key business objectives and identify the information technology.

 

 

Security levels in cyber security infrastructure – A future IT company has some safety or security levels to keep the data from the cyber-attacks as Access Evaluating, Authentication, and Authorization. Risk organization must be recognized, skilled, accomplished, and definite. It contains arranging and evaluating the facts and system. Data safety and safety programs will be essential distinct or similarly established procedures and controls that provision data material. Safety scanning is an involuntary method that examines fundamentals web elements, submission, or devices to check for refuge mistakes.

 

 

Requirements of the network server in cyber security –  ICTCYS608 Perform Cyber Security Risk Assessments: It has various types of Network Server which are required, such as Email security that is Significant Influence to reflect when Executing Interacting safety tools, Firewalls are joint basics of a system safety model, Web Security package helps a limited resolve, and Web Subdivision helps to Appropriate possibly negotiated strategies or interferences.

Event organization and security evidence is an organization that combines immediate system circulation monitoring with ancient statistics record folder scanning. Mobile device safety is measured planned to keep complex material deposited on and conducted by laptops, smart phones, tablets, and other devices.

 

Network boundaries to secure – A network boundary is monitoring and regulator of infrastructures at the exterior limit of an evidence system to avoid and perceive hateful and additional unlawful transportation. A line of connection between two areas, or atmospheres that have changed security desires or wants. Operative design, connection, formation, and preservation of web boundary safety instruments thoughtful responsibilities providing in active network security.

 

 

Tools required for implementing cyber security – An operative tool that arranges of any extent can use correct nowadays to revenue act to diminish cyber risk. A Force point is a personalized safety tool mostly considered for cloud users. It is used to describe web security, confine operators from editing specific satisfied, and wedge several invasion efforts. Keypass is an effective encoding device used for individuality organization. Life Lock helps to monitor for recognizing stealing and pressures as well as to perceive, be aware of, and block cybercrimes. VPN tool is strongly related to two webs organized crosswise and entrusted systems. Antivirus software is a planned tool to explore and eradicate package viruses. Metasploit is the best safety package that comprises several tools for implementing dispersion difficult facilities.

 

 

Network access to users – A network that links to contributors to a specific facility and wage-earner, over the transporter network. Future IT companies related the network access to the providers such as VMware professional services, Switch fast technologies, and McAfee security services. A security structure that delivers an operator with protected admission to the system (Nagarajan, et al.,2012)

 

 

Cyber-attacks occurred in the organization – A cyber-attack befalls in the organization when cybercriminals attempt to advantage of banned admission to automated information deposited on a system or a computer. It might cause economic damage, from stealing money, and evidence interruption to the corporate. The middle man in the attack, SQL injection, and phishing, so on. It occurs over ordinary mistakes similarly an operator selecting an easy-to-guess keyword or not altering the defaulting PIN on roughly corresponding an occupation.

 

Activity 3

Designing and planning the infrastructure

Implementation plan and timeframe for implementation

Implementation plan for protection from cyber attacks
Task

 

Months to implement the task

(Timeframe)

The current situation will be analyzed for the security infrastructure 15 days
Different infrastructure will be designed for the attacks which were identified above15 days
The collaboration will be done with the stakeholders and the team members15 days
Security measures and the devices will be determined.15 days
A dynamic culture of security will be built in the future IT15 days
Data types that will be used in Cybersecurity infrastructure will be analysed and gathered (Furnell, 2021).15 days
Security levels will be checked in the cyber security infrastructure of the future IT company15 days
The network serves which will be required will be analyzed and selected for the future IT15 days
Network boundaries will be set to secure the future IT company.15 days
A tool that will be required for implementing in the cyber security of the future IT company will be gathered (Coulson, et al., 2018).15 days
The network will be accessed for the users of the future15 days
The budget will be reviewed and finalized10 days
Security monitoring strategies

For monitoring the security some of the strategies will be developed. The different applications can be used for example Splunk, Wireshark, Solar Winds, etc. these are some of the software which is freeware. This software will help monitor the security within the future IT network and this software even notifies whenever there is any kind of breach of security. A cyber security risk assessment requires an organization to determine its key business objectives and identify the information technology.

One of the main strategies is that one of the employees will be available always for monitoring the security status of the future IT and then they will be taking immediate actions (Nestler, et al., 2018).

Activity 4

Meeting with the manager

Meeting

Date: 11th March 2022

Location: meeting room

Time: 3:00 pm

Attendees- manager and network engineer

Network Engineer – Hello, Good Morning

Manager – Very Good Morning

Network Engineer – How are You?

Manager – I’m fine. Thank you.

Network Engineer- so today we are gathered here to discuss the structure which is developed by me. I have developed the implementation plan for protection from cyber-attacks for the future IT company.

Manager- okay

Network Engineer- there are some of the changes in the infrastructure which are required to be made so that development can take place.

Manager- can I know what is infrastructure design.

Network Engineer- yes sure, the security infrastructure design of the organization is the IT network which controls the communications and the systems of the security information. When the security infrastructure is designed it makes sure of the security of the business operations. It helps to document the security procedures and then it also carries out them. A cyber security risk assessment requires an organization to determine its key business objectives and identify the information technology.

Manager- okay

Network Engineer- so the first thing which will be done is to analyze the current situation for the security infrastructure. As we already had to face the various cyber-attacks.

Manager- yes sure.

Network Engineer- we will design different infrastructures for the attacks.

Manager- what kind of protection we can use.

Network engineer- we will use various types of cyber security infrastructure which we can use for the protection of cyberattacks. Cybersecurity infrastructure uses various types of data as Serious Substructure security, Submission security, Network Telemetry data, Artificial testing and cybernetic software representative data, regulatory and cloud security data, and application appreciation data also used in cybersecurity infrastructure.  We can install the VPN capable firewall, security keys, and office 365 secure score. A cyber security risk assessment requires an organization to determine its key business objectives and identify the information technology.

Manager- okay

Network engineer- we also need to conduct the meeting with the employees and stakeholders for the consultation. They will also know about the various infrastructures for the cyber-attacks. They will also have trained for using this software.

Manager- okay

Network engineer- you tell me one thing that how we can improve our security culture.

Manager- for improving the security culture we can get a secure developmentlifecycle. It is foundational to the sustainable security culture. we can also provide rewards and recognition for those employees who are doing the things for security.

Network engineer- yes, very good. We can also build the security community within the future IT.

Manager- yes that is also a good idea. What kind of security levels we will be used in the cyber security infrastructure of future IT?

Network engineer- our company’s future IT company has some safety or security levels to keep the data from the cyber-attacks as Access Evaluating, Authentication, and Authorization. Risk organization must be recognized, skilled, accomplished, and definite. It contains arranging and evaluating the facts and system. Data safety and safety programs will be essential distinct or similarly established procedures and controls that provision data material. Safety scanning is an involuntary method that examines fundamentals web elements, submission, or devices to check for refuge mistakes. A cyber security risk assessment requires an organization to determine its key business objectives and identify the information technology.

Manager- okay we will check all the levels of security. We will also check the entry-level, mid-level and advanced level security.

Network engineer- yes that will be great.

Manger- which network serves will be required to be analyzed and selected?

Network engineer- there are various types of Network Server which are required, such as Email security that is Significant Influence to reflect when Executing Interacting safety tools, Firewalls are joint basics of a system safety model, Web Security package helps a limited resolve, and Web Subdivision helps to Appropriate possibly negotiated strategies or interferences.

Manger- okay

Network engineer- now in some of the areas I need your feedback. we need to set the network boundaries for protection. Which tools will be beneficial for the organization to use for implementing cyber security

Manager- we can use different applications can be used for example Splunk, Wireshark, Solar Winds, etc. these are some of the software is freeware. This software will help monitor the security within the future IT network and this software even notifies whenever there is any kind of breach of security.

Network engineer- okay sure. The network will be used for the user’s future use.

Manger- okay.

Network engineer- what about the budget according to you how much budget can be allocated

Manager- we can be allotted a budget of $ 50000. Is this being okay for the security?

Network engineer- yes it will be okay. I have also emailed you the implementation plan please review it.

Manager- okay

Network engineer- okay thank you everyone for your valuable feedback.

 

Minutes of Meeting

Meeting Objective: To discuss the structure which was developed earlier

Attendees: manager and network engineer

Venue: meeting room

Date: 11th March 2022

NoPoints DiscussedActions SuggestedTarget Date
1The current situation was discussed.

 

Analyze the current organization situation that there is a need to develop the cyber security infrastructure25th march 2022
2Different infrastructure was designed for the attacks which were identified above

 

Application security

Firewalls

Access control

25th march 2022
3 

Security measures and the devices were being determined.

 

Strong passwords will be set

Security software will be used

25th march 2022
4how dynamic culture of security can be builtRegular meeting and training sessions25th march 2022
5Data types that will be used in Cyber security infrastructureSubstructure security, Submission security, Network Telemetry data

Artificial testing Cybernetic software

25th march 2022
6Security levels will be checked in the cyber security infrastructureEntry-level

Mid-level

Advance level

25th march 2022
7Which network serves which will be required will be analyzed and selected for the future ITEmail security Interacting safety tools, Firewalls

Web Security

Web Subdivision

25th march 2022
8A tool which will be required for implementing in the cyber security of the future IT company will be gathered (Mouheb, et al., 2019).Splunk

Wireshark

Solar Winds

25th march 2022
9The budget for the cybersecurity$ 50,000 budget was allotted.16th march 2022

Activity 5

Implementation of infrastructure

Network boundaries were created. To create the network boundaries, boundary groups were created.

Network technologies were implemented. It involves the use of data systems to manage and deliver digital resources over the network of computers.

Server technologies were implemented. Email security that is Significant Influence to reflect when Executing Interacting safety tools, Firewalls are joint basics of a system safety model, Web Security package helps a limited resolve, and Web Subdivision helps to Appropriate possibly negotiated strategies or interferences (Jin, et al., 2018).

User’s security was implemented for the users. To the servers, the client needs to prove its identity. Strong passwords will be set to be safe from cyber-attacks.

Various security levels were established. Levels 1, 2, and 3 levels were set.

Some of the strategies were developed to monitor network security. The different applications can be used for example Splunk, Wireshark, Solar Winds, etc. these are some of the software which is freeware. This software will help monitor the security within the future IT network and this software even notifies whenever there is any kind of breach of security.

One of the main strategies is that one of the employees will be available always for monitoring the security status of the future IT and then they will be taking immediate actions (Luedtke, et al., 2019).

Activity 6

Test the infrastructure

There is a need to test the infrastructure. All types of cyber security tests involve the internal teams performing the various activities and the assessments which validate the future IT company security postures.

After testing the security infrastructure report will be created and feedback will be taken based on the findings and feedback so that future IT can mitigate the risk and the issues which are identified can be fixed (Zheng, et al., 2019). A cyber security risk assessment requires an organization to determine its key business objectives and identify the information technology.

 

 

References

Coulson, T., Mason, M., & Nestler, V. (2018). Cyber capability planning and the need for an expanded cybersecurity workforce. Communications of the IIMA16(2), 2.

de Bruijn, H., & Janssen, M. (2017). Building cybersecurity awareness: The need for evidence-based framing strategies. Government Information Quarterly34(1), 1-7.

Furfaro, A., Argento, L., Parise, A., & Piccolo, A. (2017). Using virtual environments for the assessment of cybersecurity issues in IoT scenarios. Simulation Modelling Practice and Theory73, 43-54.

Furnell, S. (2021). The cybersecurity workforce and skills. Computers & Security100, 102080.https://reader.elsevier.com/reader/sd/pii/S0167404820303539?token=F9F91C1ED2B65C785CBC31DCC63AF98DF2E10ED82C338DA4DF91873A4FE7CB7FFDFA96E69E8C1A99508706D5D4D7E413&originRegion=eu-west-1&originCreation=20220311063533

Jin, G., Tu, M., Kim, T. H., Heffron, J., & White, J. (2018). Evaluation of game-based learning in cybersecurity education for high school students. Journal of Education and Learning (EduLearn)12(1), 150-158.https://www.researchgate.net/profile/Ge-Jin-2/publication/324228918_Evaluation_of_Game-Based_Learning_in_Cybersecurity_Education_for_High_School_Students/links/5b7c5a594585151fd124f87a/Evaluation-of-Game-Based-Learning-in-Cybersecurity-Education-for-High-School-Students.pdf

Mouheb, D., Abbas, S., &Mearabti, M. (2019). Cybersecurity curriculum design: A survey. In Transactions on Edutainment XV (pp. 93-107). Springer, Berlin, Heidelberg.https://sci-hub.hkvisa.net/10.1007/978-3-662-59351-6_9

Nagarajan, A., Allbeck, J. M., Sood, A., & Janssen, T. L. (2012, May). Exploring game design for cybersecurity training. In 2012 IEEE International Conference on Cyber Technology in Automation, Control, and Intelligent Systems (CYBER) (pp. 256-262). IEEE.

Rahman, N., Sairi, I., Zizi, N., & Khalid, F. (2020). The importance of cybersecurity education in school. International Journal of Information and Education Technology10(5), 378-382.http://www.ijiet.org/vol10/1393-JR419.pdf

Rebahi, Y., Hohberg, S., Shi, L., Parreira, B. M., Kourtis, A., Comi, P., & Ramos, A. (2015, December). Virtual security appliances: the next generation security. In 2015 International Conference on Communications, Management and Telecommunications (ComManTel) (pp. 103-110). IEEE.

Zheng, K., Albert, L. A., Luedtke, J. R., & Towle, E. (2019). A budgeted maximum multiple coverage model for cybersecurity planning and management. IISE Transactions51(12), 1303-1317.