ICTCYS610 qqqqqqqqq Enkhsaikhan

docx

School

Greenwich English College *

*We aren’t endorsed by this school

Course

409

Subject

Information Systems

Date

Nov 24, 2024

Type

docx

Pages

33

Uploaded by MasterSardinePerson1013

Report
ICTCYS610 Protect critical infrastructure for organisation Assessment Cover Sheet Course Name / Code: ICT50220 Term/Year: 1/2024 Assessment Task: ASSESSMENT 1 & 2 Re-assessment/ Re- attempt: No Yes Time Allowed (in Weeks): 6 WEEKS Issue Date: 23/01/2024 Due Date: 03/03/2024 Unit of competency Name/Code: ICTSYS610 Protect Critical Infrastructure for Organisation Training Package ICT PACKAGE Student to Complete Student Details Student Name: Student ID: Student Declaration: I declare that the work submitted is my own and has not been copied or plagiarised from any person or source. Signature & Date: __________________ Assessor to Complete Assessment Decision To be assessed as Satisfactory in this assessment task, the student must address ALL assessment items/questions satisfactorily. The Student’s performance is: Satisfactory Not Yet Satisfactory All individual Assessment Tasks of this unit must be completed satisfactorily for a student to achieve an overall grade of competent for this unit. Feedback to Student: Assessor’s Details Assessor’s Name: RAJIB KUMAR SAHA Signature: Saha Date: 03/03/24 Instructions to Students. Please read the following instructions carefully. This assessment is to be completed according to the instructions given by your Assessor. This is commenced in class and can be taken home to be completed by the student. Your assessor will be looking for satisfactory response for each Item/Question /Project/Portfolio in plain English. To be assessed as Satisfactory in this Assessment Task, you must address ALL assessment Items/Questions satisfactorily. All individual Assessment Tasks of this unit must be completed satisfactorily for you to achieve an overall grade of competent for this unit. If you are not sure about any aspect of this Assessment Task, please ask for clarification from your Assessor. The Assessor will assess the needs of the student and where applicable negotiate reasonable adjustment for assessing people with disabilities without compromising the integrity of the Assessment Task. The Assessor will indicate on the feedback if you are required to do Re-submit. You will be given another opportunity to demonstrate your knowledge and skills to reach the satisfactory level. If any abbreviation/acronym is used, you must write full words in brackets. Page 1 of 33
ICTCYS610 Protect critical infrastructure for organisation Final Results Record Student name: Assessor name: RAJIB KUMAR SAHA Date Final assessment results Task Type Result Satisfactory Unsatisfactory Did not submit Assessment Task 1 Knowledge questions S U DNS Assessment Task 2 Project Portfolio S U DNS Overall unit results C NYC Feedback My performance in this unit has been discussed and explained to me. I would like to appeal this assessment decision. Student signature: Date: I hereby certify that this student has been assessed by me and that the assessment has been carried out according to the required assessment procedures. Assessor signature: Saha Date: 03/03/24 CONTENTS Page 2 of 33
ICTCYS610 Protect critical infrastructure for organisation Introduction 3 Assessment Task 1: Knowledge Questions 4 Assessment Task 1: Checklist 6 Assessment Task 2: Project Portfolio 7 Assessment Task 2: Checklist 11 Page 3 of 33
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
ICTCYS610 Protect critical infrastructure for organisation Introduction The assessment tasks for ICTCYS610 Protect critical infrastructure for organisations are outlined in the assessment plan below. These tasks have been designed to help you demonstrate the skills and knowledge that you have learnt during your course. Please ensure that you read the instructions provided with these tasks carefully. You should also follow the advice provided in the IT Works Student User Guide . The Student User Guide provides important information for you relating to completing assessment successfully. Assessment for this unit ICTCYS610 Protect critical infrastructure for organisations describes the skills and knowledge required to analyse an organisation’s critical cyber operations and develop and implement a critical protections strategy that addresses the needs of the organisation. For you to be assessed as competent, you must successfully complete two assessment tasks: Assessment Task 1: Knowledge questions – You must answer all questions correctly. Assessment Task 2: Project – You must work through a range of activities and complete a project portfolio. Page 4 of 33
ICTCYS610 Protect critical infrastructure for organisation Assessment Task 1: Knowledge Questions Information for students Knowledge questions are designed to help you demonstrate the knowledge which you have acquired during the learning phase of this unit. Ensure that you: review the advice to students regarding answering knowledge questions in the IT Works Student User Guide comply with the due date for assessment which your assessor will provide answer all questions completely and correctly submit work which is original and, where necessary, properly referenced submit a completed cover sheet with your work avoid sharing your answers with other students. Assessment information Information about how you should complete this assessment can be found in Appendix A of the IT Works Student User Guide . Refer to the appendix for information on: where this task should be completed the maximum time allowed for completing this assessment task whether or not this task is open-book. Note : You must complete and submit an assessment cover sheet with your work. A template is provided in Appendix C of the Student User Guide. Page 5 of 33 i
ICTCYS610 Protect critical infrastructure for organisation Questions Provide answers to all of the questions below: 1. List three types of assets that could be considered to be critical infrastructure. 2. Explain each aspect of the best practice framework for protecting critical infrastructure. Identify Protect Detect Respond Recover 3. Complete the following table regarding legislative requirements applicable to researching, analysing and developing critical infrastructure protection policies. Legislative requirement How it is applicable to researching and/or analysing and/or developing critical infrastructure protection policies Privacy Act 1988 The Criminal Code Act 1995 Page 6 of 33
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
ICTCYS610 Protect critical infrastructure for organisation Assessment Task 1: Checklist Student’s name: Did the student provide a sufficient and clear answer that addresses the suggested answer for the following? Completed successfully? Comments Yes No Question 1 Question 2 Question 3 Task outcome: Satisfactory Not satisfactory Assessor signature: Assessor name: Date: Page 7 of 33
ICTCYS610 Protect critical infrastructure for organisation Assessment Task 2: Project Portfolio Information for students In this task, you are required to demonstrate your skills and knowledge by working through a number of activities and completing and submitting a project portfolio. You will need access to: a suitable place to complete activities that replicates an IT environment including devices connected to the Internet and relevant software your learning resources and other information for reference Project Portfolio template Simulation Pack (if you need a case study) or access to a business operating environment, network and systems, as well as a style guide Critical Infrastructure Protection Plan Template. Ensure that you: review the advice to students regarding responding to written tasks in the IT Works Student User Guide comply with the due date for assessment which your assessor will provide answer all questions completely and correctly submit work which is original and, where necessary, properly referenced submit a completed cover sheet with your work avoid sharing your answers with other students. Assessment information Information about how you should complete this assessment can be found in Appendix A of the IT Works Student User Guide . Refer to the appendix for information on: where this task should be completed how your assessment should be submitted. Note : You must complete and submit an assessment cover sheet with your work. A template is provided in Appendix B of the Student User Guide. Page 8 of 33 i
ICTCYS610 Protect critical infrastructure for organisation Activities Complete the following activities: 1. Carefully read the following: This project requires you to analyse an organisation’s critical assets and develop and implement a critical infrastructure protection plan that addresses the organisation’s needs. You can complete this project based on the case study organisation in the ICTCYS610 Simulation Pack or you can base it on an organisation that you are familiar with or working for. If you choose to complete the project based on a business of your choice, it is important that you can access the organisation’s operating environment, networks and systems, as well as devices connected to the Internet and relevant software. You will also be able to access the organisation’s style guide to follow for written documentation as per the assessment activities indicated. Speak to your assessor to get approval if you want to base this on an organisation of your choice. You will be collecting evidence for this unit in a Project Portfolio . The steps you need to take are outlined below. 2. Preparation Make sure you are familiar with the organisation you are basing this assessment on and have read through the necessary background information. For the case study organisation, this is all of the documents included in the ICTCYS610 Simulation Pack. If it’s your own organisation, it’s important that you have this approved by your assessor. Complete Page 4 of your Project Portfolio for this unit. Read through the requirements of Section 1 and 2 of your Project Portfolio which include detailed guidance relevant to all the assessment activities. Remember that you need to follow style guidelines in presenting your work. If you are completing this for the case study business this will be the style guidelines in the Simulation Pack. If you are completing this for your own business, please also follow the style guidelines in the Simulation Pack. 3. Review ICT system and threats and risks You are now to complete Section 1 of your Project Portfolio by researching the organisation’s critical infrastructure needs and developing a critical protection strategy. This involves: Researching and reporting on critical infrastructure protection needs. Page 9 of 33
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
ICTCYS610 Protect critical infrastructure for organisation Analysing and reporting on any existing critical infrastructure protection plan and assessing its effectiveness, as well as its alignment to the organisation’s requirements. Identifying and reporting on the organisation’s system, critical assets and how networks are currently segmented. Identifying and reporting on legislation that applies to the organisation, specifically in terms of critical protection. Determining and reporting on the required level of protection for critical infrastructure, as well as vulnerabilities and risks, as well as risk mitigation strategies. Consolidating your research findings and providing a mapping of business critical processes. Developing and documenting a critical infrastructure protection plan using the template provided. Complete Section 1 of your Project Portfolio and submit this to your assessor. Your assessor will also provide you with feedback on your plan which you must review and implement in the following activity. Detailed instructions are provided in your Portfolio. 4. Implement and test the critical infrastructure protection plan Next complete Section 2 of your Project Portfolio by implementing and testing your critical infrastructure protection plan. This involves: Backing up data as per the instructions in your Portfolio . Securing at least two devices of your choice. Applying software patches. Implementing additional protection plan requirements. Testing the measures you have implemented. Documenting results. Identifying and documenting additional protection plan requirements based on testing. Complete Section 2 of your Project Portfolio and submit this to your assessor. Your assessor will also provide you with feedback which you must review and respond to. Detailed instructions are provided in your Portfolio. Page 10 of 33
ICTCYS610 Protect critical infrastructure for organisation 5. Submit your completed Project Portfolio . Make sure you have completed all sections of your Project Portfolio , answered all questions, provided enough detail as indicated and proofread for spelling and grammar as necessary. Submit to your assessor for marking. Page 11 of 33
ICTCYS610 Protect critical infrastructure for organisation Assessment Task 2: Checklist Student’s name: Did the student: Completed successfully? Comments Yes No Research and report on the organisation’s need for critical infrastructure protection and document findings following style guide requirements? Analyse and report on the organisation’s existing critical infrastructure protection plan? Determine and report on how effective the existing critical infrastructure protection plan is in terms of the organisation’s requirements, as well as how well it aligns to the organisation’s requirements? Identify and report on the organisation’s operational systems, critical assets and existing segmentation? Identify and report on legislative requirements that the organisation needs to take into account with regards to critical protection of infrastructure? Determine and report on the level of protection required, as well as vulnerabilities, risks and risk mitigation strategies? Consolidate all research findings and map critical processes as relevant to critical protection? Develop and document critical infrastructure protection plan using the critical protection plan template? Page 12 of 33
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
ICTCYS610 Protect critical infrastructure for organisation Submit protection plan and seek feedback? Respond to feedback on the critical protection plan? Backup data following required procedures? Secure devices as per the protection plan and to meet technical requirements for securing devices? Implement network segmentation as per protection plan and to meet technical requirements for network segmentation? Apply software patches as per technical requirements for applying software patches? Implement additional protection plan requirements and asset management processes? Test the deployment of protection plan as per the required procedures? Obtain and analyse results from the deployment of protection plan as per the required procedures? Determine and document additional protection methods for critical infrastructure protection? Submit all documentation and seek feedback? Respond to feedback provided? Prepare complex workplace documentation following the style guidelines provided? Page 13 of 33
ICTCYS610 Protect critical infrastructure for organisation Task outcome: Satisfactory Not satisfactory Assessor signature: Assessor name: Date: Page 14 of 33
ICTCYS610 Protect critical infrastructure for organisation Case Study – Grow Management Consultants Grow Management Consultants is a management consultancy company specialising in providing services to companies to assist them to improve the leadership performance of their staff. The company also offers a range of other services including professional development workshops, as well as an extensive library of e-books which are sold through an online shop. The e-books are very popular and focus on a wide range of leadership themes. Grow Management Consultants staff work in an office in the CBD. The network is a simple WLAN whereby all computers and a printer connect to a router in the office. Staff include the CEO, Paul Burns supported by three Principal Consultants who provide consulting services and write the e- books. A Customer Service Officer answers all customer enquiries and processes orders for consulting services and workshops. eBooks are stored on the company’s internal system, OneDrive and link directly to the online shop so that if changes are made, this automatically updates on the shop. The e-books are the company’s main source of income so any disruption to the online shop would have an immediate impact on the company’s functions. eBooks and general services are also marketed through an email marketing system, Active Campaign. This stores all customers email addresses. Further any disruption to the existing software, Microsoft Office for Business hosted through OneDrive will have a significant impact as consultants will not be able to carry on with their critical consulting work which drives clients to the online shop. For the purposes of this assessment, you are to assume you are an ICT professional contracted to develop and implement a critical protection strategy. It is noted that the business does not have any specific statutory or commercial requirements to abide by other than the usual legislative requirements for businesses. It is also notes that the business uses Xero for its accounting system and stores staff and customer information as Microsoft Word documents. These systems are all critical. The company is in a strong financial position and is prepared to put forward at least $20,000 per year to assist in any critical protection measures. There is not critical infrastructure protection plan currently in place. The company has a contract with an IT company who will respond to any technical issues. Staff knowledge of cyber security threats is currently limited. There is no specific policy on anti- virus software or firewalls. Page 15 of 33
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
ICTCYS610 Protect critical infrastructure for organisation Style Guide Assume that Grow Management Consultant follows the Australian Government Style Guide. In completing all of the evidence in your Portfolio you are to specifically follow the guidelines as below i.e. using plain language to express complex ideas, using clear sentences and writing in a suitable voice and tone: https://www.stylemanual.gov.au/writing-and-designing-content/clear-language-and-writing-style Page 16 of 33
ICTCYS610 Protect critical infrastructure for organisation Page 17 of 33
ICTCYS610 Protect critical infrastructure for organisation Critical Infrastructure Protection Plan Template This critical infrastructure protection plan set out the measures to protect the organisation’s critical assets where critical assets may include: personal, financial or sensitive documents or information about customers, suppliers and contractors and others devices used in regular activities (for example, desktops, laptops and tablets) servers or back-up storage devices physical equipment systems. Critical asset type Risks Protection measure/s Page 18 of 33
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
ICTCYS610 Protect critical infrastructure for organisation Page 19 of 33 PROJECT PORTFOLIO ICTCYS610 Protect critical infrastructure for organisation produce and serve food for buffets SITHCCC038
ICTCYS610 Protect critical infrastructure for organisation CONTENTS Section 1: Critical infrastructure needs and strategy 20 Section 2: Protection strategy implementation and testing 24 Page 20 of 33
ICTCYS610 Protect critical infrastructure for organisation Student name: Assessor: Date: Business this assessment is based on: Grow Management Consultants Page 21 of 33
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
ICTCYS610 Protect critical infrastructure for organisation Section 1: Critical infrastructure needs and strategy Critical infrastructure needs Conduct research on the organisation’s need for critical infrastructure protection by reviewing sources of information regarding critical protection on the Internet. Reference at least two sources and summarise what they tell you about why it is beneficial for your organisation to have critical infrastructure protection. The critical infrastructure refers to the resources as well as assets that will help Grow management consultants in economic functioning. There is no critical infrastructure plan in the company currently. Therefore as a ICT professional I am enforced with the responsibility of developing the production plan on behalf of the organisation. There are some statutory vulnerability and short comings in their functional domain. These include the limitations of different accounting software along with Marketing and data storage software without implementation of necessary anti-virus and firework. There is also the absence of other security features making the system vulnerable to various cyber attacks. The sources that might be suggested for protection of critical infrastructure of Grow Management Consultants are: 1. Application security It is a process which includes securing hardware as well as software which are used in a network process by adding different login frameworks, setting up the telnet as well as other SSH features, such that the points can be secured from prominent threats of attack. 2. Firewall This is a feature which you will secure network gateways in a safe way through continuous monitoring as well as management of their network traffic. It will mostly manage the traffic from any other unsecure external network source like the general internet through which the clients can constantly connect and communicate with the service providers of the organisation. Critical infrastructure Review information as relevant to the organisation’s critical infrastructure protection needs and outline your findings including: Critical assets and operational systems Existing segmentation as relevant to critical assets Existing critical infrastructure protection plan in place Effectiveness The critical infrastructure protection requirements of the Grow management consultants includes protection of their website and application hosting their ebooks, along with the needs to develop a trust were the and transparently secured information system for customer related information connected with the Active Campaign which is the email marketing infrastructure of the organisation storing all necessary email addresses of potential customers. It is important to implement various security standards for protection of the network from external environmental threats. The detailed study of the current state of the organisation has revealed some essential findings in concord with the critical standards of the organisation as discussed below: - the organisation have different critical assets which are invincible for its proper functioning and ensuring that continuous revenues stream of the organisation is intact. It can be ensured by ensuring the continuity of the services provided. The main asset is the ebook store which is the primary income source for the organisation. Other than that there are Page 22 of 33
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
ICTCYS610 Protect critical infrastructure for organisation of/alignment to existing critical infrastructure protection plan in terms of organisation’s requirements If you are completing this based on the case study organisation, review the information in the Simulation Pack. If you are completing this for a business of your choice, you will need to identify and access appropriate sources of information. various professional development workshop services for other organisations as well. - segmentation of critical assets of the organisation has to be done under the primary heads of e-commerce category and professional services category since ebook and the workshops are the main source of income and hence the main critical assets of the company. - There is absence of any effective infrastructure protection plan currently in the organisation. However the company is using Xero and its inbuilt firewall and other safety infrastructure for protection of their accounting system. The company has links with another IT company to fix any technical issues on their behalf as well whenever those arise. - in absence of any professional plan for critical infrastructure production it is important for our organisation to oversee the effectiveness of the current plan in the current state without any effective protection. The server security has to be checked considering all service requirements of organisation and the data base and data flow management has to be checked as well, including the heaviest mode of data flow being considered as the model of operations. Finally the service security plan has to be designed for the organisation by installation of appropriate anti-virus a software which covers the kind of virus that can happen in case of the typical type of operations organisation and setting up inbuilt and customised firewalls. Legislation Outline legislation relevant to the organisation and critical infrastructure protection. Provide at least two examples and explain their relevance. Since the organization is operating in the management consultancy genre, providing professional work services and operating as a Ecommerce store for ebooks it has to handle customers and their related information regarding use of service. The organisation also uses email marketing services which includes exchange of customer data like their email addresses and also uses Xero for their accounting system and all exchanging customer information to Microsoft word documents, it is critical that the company follows the postulates of the following legislation: - privacy act of 1988 This act has been developed for protection of the privacy of people providing their organisation with information for exercising respective services. This act is responsible for protecting the privacy as well as monitoring the way in which the company is able to handle private information of customers. - fair work act of 2009 This act has been developed for ensuring the employment of mature and quality employees to an organisation which might bring a positive influence to the organisation by satisfying it's needs. The act also produces employee rights by guiding an organisation on how to manage employees insuring their fair treatment in the desired work environment. Page 23 of 33
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
ICTCYS610 Protect critical infrastructure for organisation Critical protection requirements Outline the level of protection that you believe is needed for critical assets, noting that this may vary depending on the assets. Document risk and vulnerabilities, as well as risk mitigation strategies that can be incorporated into your plan. The protection level for the critical assets vary from one another as some assets are more vulnerable to some typical security threats in comparison to the others which might not be exposed to such serious threats. The assets and the level of production needed for them are: - the ebooks Store requiring protection level 3 This protection level needs the highest level of protection of assets, and it is important for the ebook store of the organisation as well as it is the primary source of income of the organisation which needs to be implemented with the most feasible safety standards keeping in mind the customer privacy requirements which needs to be protected also. - professional work services needing protection level 2 The production level refers to advanced protection criteria for any asset with moderate protection needs. This is a service involving indulgence with other organisations and their respective employees. It is absolutely important for Grow Management Consultants to protect their individual organisational data and information as provided by employees of the other companies by implementation of proper firewall as well as VPNs in their existing network. The impacting risk and other vulnerabilities facing Grow Management Consultants are: very less physical security of the system evident weakness of their firewall in the network lack of ability to identify the security breaches outdated devices and impractical software in use without firewall and safety protocols The risk mitigation strategies and tactics which can be included in the protection plan are highlighted below: - assume as well as accept the critical risks properly At first it is important to identify the essential risks that can be faced by the company because of its limitations and hence it is important to plan a solution - controlling the risk It is important to implement a control strategy to identify the risks in the first place to ensure safety from any harm to different attacks - risk transfer The strategy includes transferring of risk to other parties who have the ability to tackle those risks and particularly have previous experience in solving asset management risk related challenges. Page 24 of 33
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
ICTCYS610 Protect critical infrastructure for organisation Critical infrastructure protection plan processes Map at least two critical processes of the business here based on your review and research findings. The two most critical processes of Grow Management Consultants based on the review done in this report and the research findings about the organisation are: - customer strategy as well as relationship management process As the organisations have different acids based upon the functions which are customer related, it is important that the process is essential since marketing is a excellent medium to develop relationship with clients full stop this is the reason why it is important to take up the task of creating a professional relationship management strategy with them as well as other potential clients. - managing the process of responsibility management In order developed an appropriate infrastructure of business process management is critical that all service aspects and other physical and non physical assets are properly managed. It involves the management of the accounting system and the network system by experienced professionals, rather than contracting third party remote services for maintenance and management. Critical infrastructure protection plan Using the template included in your Student Resource, develop your critical infrastructure protection plan. Include the title here and attach your plan to your Portfolio. The Grow Management consultant's critical infrastructure protection plan is in a separate document. Email Document an email to your assessor requesting feedback. To: the assessor CC: BCC: Subject: requesting feedback from the assessor Dear sir, I would like to use this opportunity to state that I have developed my report based on my analysis and the findings about the company in the case study. I have developed some strategies for critical infrastructure protection. I am here by submitting my portfolio for you to inspector and provide feedback. I am eagerly looking up to your feedback on the same document. Regards Attach: Critical infrastructure protection plan Page 25 of 33
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
ICTCYS610 Protect critical infrastructure for organisation Complete this section after you have received feedback on your plan. Feedback Feedback provided and additional protection measure you will implement in Section 2. Need to develop network security testing process followed by network segregation for added security and clarification of internal network processing. It is also important to issue software patch to avoid infiltration of external traffic and bugs into the internal network. However it is important to ensure that there is a safe passage provided to the internal data and information flow and no network traffic is blocked. The data flow management has been done with access control list software. The preferred method of developing a security firewall is the AWS firewall system. Page 26 of 33
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
ICTCYS610 Protect critical infrastructure for organisation Section 2: Protection strategy implementation and testing You are required to provide evidence that you can implement a number of infrastructure protection strategies. Backup data Using your own computer or a computer at your place of work or RTO, complete a backup. Complete the backup as per the manufacturer’s instructions for your computer. Describe how you completed the backup and attach screenshots of your work as evidence. For the process of backup of data, the software and processes that have been used are one drive cloud solution for data storage and sharing utility data. This service facilitates as a backup plan rather than being an implemented server for risk mitigation. The essential data and all relevant information are stored up in a storage tool at frequency of intervals. It performs as a medium of storage for the server which can be infiltrated by hacking professionals with unholy interests which can lead to loss of data directly from the server. In this case the process of data backup has to be rebooted and started all over again. The backup was completed using the computer configuring backup solution of the individual computer: The following pictures suggest the backup of the files on the desktop and the pictures which also need protection: After pressing "ok", at the previous interface it is important to select a folder needed for the backup and then we will press start. This is how we can easily backup data and information at any point of time. Secure devices Secure two devices of your choice using suitable Selection of methods for security in the concerned device are as follows: - AWS firewall has been used for providing network traffic monitoring and preventing unwanted network traffic from entering the internal network of Page 27 of 33
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
ICTCYS610 Protect critical infrastructure for organisation methods and following manufacturer’s instructions. Indicate the devices you secured and the method/s you used. Attach screenshots of your work as evidence. the organisation from any external source like internet. In this case we are using the AWS firewall method for securing devices like using the AWS components as well as equipment and other documents or devices related with the AWS - installing anti-virus software is another method for security devices against various kinds of malware and also identifying any suspicious activities. Windows security can help in protecting device against any kind of threat or virus. The method helps in securing the entire computer device and workstation as well as other associated information present on the internal systems of the company. Network segmentation You are to carry out network segmentation. How you demonstrate this will depend on where you are completing this task and the technology you can access. Segmentation actions could include, for example, implementing a VLAN or including a firewall or introducing guest access for the The network segmentation has been performed through separation of a demilitarised zone from the network. It is a zone adding additional production to the internal network. This zone is between the private network of the current system as well as the juncture of the private and the public network systems like the internet. It helps in increasing segmentation of the network and distinctly ensures better networking and easier functionality. For evidence we can consider the network as it is shown below: Page 28 of 33
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
ICTCYS610 Protect critical infrastructure for organisation Internet. Attach screenshots of your work as evidence. It suggests that we will use a firewall device and hence separate the network as we require. We will configure a VLAN network for individual departments. For example we will create a network for guest login and another network for the IT Department which will be used by the internal host. We will be basically using VLAN technology for separation of the network of the different users. Software patches You are to apply software patches. This means installing an update for a device and software of your choice e.g., a router or a switch and software such as Microsoft Office, Zoom and so on. Follow supplier instructions to complete this task. Attach screenshots of your work as evidence. The software patch has been accommodated with the system which will help me overcome problems like bugs of network and add extra security hence nullifying any other security related to challenges of software and additional software patches offered by operating systems in case of problems or bugs being present in the system. Page 29 of 33
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
ICTCYS610 Protect critical infrastructure for organisation Additional measures Implement the additional protection plan requirements that your assessor advised you of as part of asset management processes. - it is also important to provide redundancy links to individual switch networks so that as one link fails The other links should automatically be activated to give a passage to the network traffic: Testing Perform tests of all the measures you have implemented i.e.: Test the backup to ensure all data is backed up. Check the devices to ensure the security measure is working. Test the segmentation performed using a suitable test and to check it is working. Test your software The testing was done on the network security, software patch, backup as well as additional security prospects. Data backup testing The objective of conducting this testing was to see The functioning ability of the server in ensuring onedrive backup and check the speed of its execution along with the time taken for backup by the internal system. Page 30 of 33
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
ICTCYS610 Protect critical infrastructure for organisation patches application using suitable tests. Provide an analysis of all the testing you completed plus screenshots of the tests you completed. The network security testing This testing ensured the safety of the network from any irrelevant external network traffic. The testing also highlighted if the network had appropriate defence capability to protect any data and information flowing through the server. The monitoring tools that were used in this regard are the ManageEngine OpManager: Network segmentation This test has been done for checking if sub networks created within the main network are only accessible to the only authorised network or even the access is granted to the external networks as well. Issuing the software patch: Page 31 of 33
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
ICTCYS610 Protect critical infrastructure for organisation Email Document an email to your assessor requesting feedback. To: the assessor CC: BCC: Subject: requesting feedback from the assessor Dear sir, I would like to use this opportunity to state that you ask me to develop a projection strategy with particular specifications. I would request you to go through the developments and review if each of the discussed elements are evident in the solutions developed or not. The screenshots have been attached for validating the processes as discussed with you in the previous meeting. I am forwarding the document portfolio for you to inspect as well. I am eager to get your feedback about the process as well. Regards Attach: Screenshots Complete this section after you have received feedback. Page 32 of 33
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
ICTCYS610 Protect critical infrastructure for organisation Feedback Final feedback provided and your response to it. Need to develop network security testing process followed by network segregation for added security and clarification of internal network processing. It is also important to issue software patch to avoid infiltration of external traffic and bugs into the internal network. However it is important to ensure that there is a safe passage provided to the internal data and information flow and no network traffic is blocked. The data flow management has been done with access control list software. The preferred method of developing a security firewall is the AWS firewall system. Page 33 of 33
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Tuhasr fil.docx
Thomas, J. Assignment 4-3.docx
fINANCIAL_ACCOUNTING_MILESTONE_4.pdf-1.pdf
Screenshot 2023-12-21 102321.png
Week 4 Discussion.docx
How to Use Django Programming for Computer Forensics.docx
Test of Hypothesis.docx
1-2 Submission_Final Project Milestone One.docx
Receptionist.pptx
Week 3X Policy Mandates US vs European Approaches to Privacy Laws.docx
Topic 2 q 2.docx
CISM4000_10 slides.pptx