final assesment3 (1)
docx
keyboard_arrow_up
School
Top Education Institute *
*We aren’t endorsed by this school
Course
BMA217
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
17
Uploaded by sujanbhari002
PORTFOLIO
Student
Version
ICTCYS612
Design and implement virtualised
cyber security infrastructure for
organisations
© Sydney City College of Management Pty Ltd
RTO:
45203
CRICOS:
03620C
Date
Revision date
Version
File Name: ICTCYS612 Student Resources
October 2022
October 2023
CONTENTS
Section
1:
Virtualised
cyber
security
infrastructure
4
Section
2:
Implementation
and
testing
10
Student name:
Assessor:
Date:
Organisations this
assessment is based on:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Section 1: Virtualised cyber security infrastructure
Complete this section for each
organisation. Organisation 1
Organisation operations
Provide an analysis of your
chosen organisation’s operations.
Describe the cyber security needs
the organisation has based on
their operations.
A small company called Jonathan's Graphic Design handles financial data
in Xero, customer databases, and graphic design files in addition to
offering design services. Creating a secure virtual machine to run
Windows and Mac OS X is one of their main cybersecurity needs. Other
priorities include safeguarding financial records, enforcing network
security to protect the input and output of their digital estate, securing
customer data with encryption and access controls, and securing
operating systems.
Based on its operations, Jonathan's Graphic Design, a small graphic
design company, has certain cybersecurity demands. These needs
include putting strong cybersecurity measures in place to secure financial
data in Xero, guaranteeing the security of the virtual machine used to run
Mac and Windows systems, enforcing network security to regulate and
safeguard data flow into and out of the digital estate, and safeguarding
customer databases from unauthorised access through encryption and
access controls. To protect sensitive data and preserve the integrity of
their digital operations, these precautions are essential.
Network security options and
technologies
Based on the organisation’s cyber
security needs, identify and
describe network security options,
as well as suitable security
technologies. Remember that
these must relate to virtualised
cyber security infrastructures.
Include at least two options for
network security and two
security technologies.
Taking into account the virtualized cyber security infrastructure required
for Jonathan's Graphic Design, the following two network security options
and two appropriate security technologies are suggested:
Network Security Options:
Firewalls: The implementation of firewalls is recommended both at the
network perimeter and within the virtualized environment. Application-
layer firewalls provide a comprehensive level of scrutiny to network traffic.
The utilisation of virtualized firewalls facilitates the implementation of
micro-segmentation, hence enabling the attainment of precise and
detailed control over network traffic.
Virtual Private Network (VPN): The utilisation of Virtual Private Networks
(VPNs) is recommended for ensuring secure remote access and
safeguarding data transmission when operating over public networks.
Virtual Private Networks (VPNs) are utilised to establish secure and
encrypted connections for remote workers, as well as to facilitate the
secure transfer of data to external service providers such as Xero and
OneDrive.
Security Technologies:
Intrusion Detection and Prevention Systems (IDPS): The implementation
of Intrusion Detection and Prevention Systems (IDPS) is recommended
for the purpose of real-time monitoring within virtualized environments.
Signature-based and behavior-based Intrusion Detection and Prevention
Systems (IDPS) are utilised to detect and mitigate potential security risks
by identifying established attack patterns and aberrant activities.
Virtual Private Cloud (VPC): The implementation of Virtual Private Clouds
(VPCs) in cloud-based virtualized systems is a crucial aspect of modern
computing infrastructure. Virtual Private Clouds (VPCs) offer segregated
network segments, network Access Control Lists (ACLs), route tables,
and precise access controls, hence augmenting the segmentation and
security measures inside the virtualized infrastructure.
Requirements
Describe the data types to be
protected, security levels required
and secure boundary
requirements.
Further, describe the mission-
critical network servers that are
part of the infrastructure.
Sensitive data types need to be protected at Jonathan's Graphic Design,
such as client databases, Xero financial records, and graphic design files.
Strong user access controls and data encryption are required since the
security settings are tailored for a single business owner. Requirements
for a secure border centre on managing input and output via access
controls and firewalls and other network security tools.
The company depends on mission-critical network servers that are
hosted by Xero and OneDrive, two outside service providers. OneDrive
meets criteria for sharing and storing data, while Xero is necessary for
financial management. It is critical to guarantee the security and
availability of these servers for the day-to-day operations and data
management of the organisation.
Infrastructure design
Provide your design for the
virtualised cyber security
infrastructure. You can include
this as a screenshot and attach it
to your Portfolio.
The design of the cyber security infrastructure for Jonathan's Graphic
Design incorporates various measures to ensure the security of customer
data, financial records, and graphic design files. These measures include
the utilisation of a secure virtualization platform, application-layer
firewalls, encryption, multi-factor authentication, an Intrusion Detection
and Prevention System (IDPS), Virtual Private Networks (VPNs), data
backup and recovery mechanisms, as well as network security measures.
Additionally, it guarantees the protection and accessibility of servers that
are vital for the accomplishment of objectives and are managed by third-
party service providers.
Implementation plan
Provide your implementation plan
for your design. Make sure you
plan includes:
Actions for implementation
including network boundaries
and technologies that will be
used.
responsibilities and timelines.
The implementation plan for Jonathan's Graphic Design's virtualized
cyber security infrastructure encompasses several crucial actions. These
actions involve the establishment of network boundaries, configuration of
virtual firewalls, activation of data encryption, enforcement of multi-factor
authentication, implementation of an Intrusion Detection and Prevention
System (IDPS), deployment of Virtual Private Networks (VPNs),
establishment of data backup and recovery procedures, and deployment
of network security measures. The responsibility for these actions and
precise dates will be assigned to the IT Security Team. The
implementation of network boundaries will be completed within a one-
week timeframe, while the establishment of virtual firewalls will be
accomplished within a two-week timeframe. Additionally, continuous
monitoring and user access controls will be put in place. The IT Support
Team will offer continuous assistance in managing user access controls
and virtual private networks (VPNs). External service providers such as
Xero and OneDrive play a crucial role in conducting audits and ensuring
the security of servers that are essential for carrying out important
organisational tasks. Consistent maintenance and monitoring play a vital
role in ensuring continuous security and functionality.
Network security monitoring
strategy
Describe the strategy that will
be used for monitoring the
network security.
Jonathan's Graphic Design implements a network security monitoring
strategy that entails the ongoing and real-time monitoring of its network.
This is achieved through the utilisation of Intrusion Detection and
Prevention Systems (IDPS) to identify and address potential threats.
Additionally, the company conducts regular analysis of system logs,
promptly alerts and notifies relevant parties in the event of a security
incident, maintains a well-defined incident response plan, conducts
periodic security audits, provides cybersecurity training to employees,
ensures comprehensive patch management, maintains detailed
documentation and reporting, and engages in third-party security
assessments. Through the integration of these components, the
organisation endeavours to take a proactive approach in identifying and
resolving security issues, safeguarding sensitive data, and upholding the
resilience and functionality of its virtualized cyber security infrastructure.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Tools
Outline the tools that you will use
to implement the infrastructure.
Explain how you will obtain
access to the network and data
you need.
In order to establish the virtualized cyber security architecture for
Jonathan's Graphic Design, a collection of tools and access ways will be
utilised. To ensure the security of the system, it is important to employ
several measures such as the utilisation of a virtualization platform,
firewall software, encryption tools, multi-factor authentication (MFA),
intrusion detection and prevention systems (IDPS), virtual private network
(VPN) software, and backup and recovery solutions. The local network
access will be provided to the internal IT workers, whereas authorised
users will be offered secure remote access using a Virtual Private
Network (VPN) with Multi-Factor Authentication (MFA). External service
providers such as Xero and OneDrive will be accessed via secure API
connections, and their security practises will undergo regular audits to
ensure the safeguarding of data. The use of this complete method will
effectively safeguard the security and optimise the operation of the
virtualized infrastructure.
Presentation
Include the title of your
presentation here and attach it to
your Portfolio.
Presentation Title: "Securing the Future: Virtualized Cyber Security
Infrastructure for Jonathan’s Graphic Desig"
In this talk, we'll go over some of the main points to keep in mind as you
plan to create a virtualized cyber security architecture at Jonathan's
Graphic Design. We will look into the fundamentals of the virtualized
environment's security, including its design, implementation plan, network
security monitoring, and access tools and procedures. You will walk away
from this talk with a thorough comprehension of the strategy put into
place to secure confidential information, prevent harm from lurking
dangers, and keep the cyber defences of the business in tip-top shape.
Feedback
Document the feedback you
received from the
presentation regarding your
design.
Describe your response to this
feedback and adjustments you
will make.
In response to comments made on the presentation, I plan to take the
initiative and work with others to find solutions. I will interact with the
crowd to answer their questions, address their concerns, and incorporate
their ideas into the presentation, all while showing my appreciation for
their participation. I will clear up any confusion and explain the design
decisions and their reasoning in great detail. I'm willing to make changes
to the plan if they're justified by the discovery of problems or opportunities
for enhancement. Depending on the nature of the issues raised, this may
include adjusting certain security measures, adjusting the implementation
strategy, or providing more details. All comments will be recorded in order
to make sure that all suggestions are taken into account and that any
changes are made openly and methodically. This method emphasises a
dedication to constant development, sensitivity to security issues, and the
cultivation of a coordinated and well-informed security plan.
Attach:
Screenshots
☐
Presentation
☐
Organisation 2
Organisation operations
Provide an analysis of your
chosen organisation’s operations.
Describe the cyber security needs
the organisation has based on
their operations.
King Edward VII College is predominantly focused on delivering
vocational education and training services. The organization's
operations involve a range of academic, administrative, and operational
activities. These activities include the management of student data,
financial transactions, academic paperwork, and enrolment records.
These procedures entail the management of significant quantities of
personal and scholarly data.
The cyber security requirements of the college are primarily focused on
protecting the enormous amount of data it possesses. The preservation
of data is of utmost importance, with a primary emphasis on
guaranteeing confidentiality, integrity, and accessibility. To safeguard
against data breaches, unauthorised access, and fraudulent activities, it
is imperative to implement robust identity and access management,
secure file handling, financial security measures, and smart access
controls. In addition, it is imperative to implement a multi-tiered security
strategy in order to regulate access to various data categories and
ensure the robustness of digital asset security.
Network security options and
technologies
Based on the organisation’s cyber
security needs, identify and
describe network security options,
as well as suitable security
technologies. Remember that
these must relate to virtualised
cyber security infrastructures.
Include at least two options for
network security and two
security technologies.
The following technologies and network security solutions are appropriate
for King Edward VII College's virtualized infrastructure's cyber security
requirements:
Network Security Options:
Firewalls: A secure network perimeter must be established by putting both
hardware and software firewalls into place. Software firewalls running on
virtual computers can regulate traffic flow between various network
segments, while hardware firewalls can be placed at the network's edge
to filter both inbound and outgoing data. In order to prevent unwanted
access, firewalls must be set up to either accept or reject particular kinds
of traffic in accordance with predefined rules.
Virtual Private Network (VPN): To guarantee safe remote access to the
college's network, a VPN is required. IT personnel and authorised users
frequently need remote access to a virtualized environment. VPNs offer
data transmission through encrypted tunnels, protecting communication
over open networks. This is crucial for securely administering and
accessing the network from a distance or off-site.
Security Technologies:
Intrusion Detection and Prevention System (IDPS):
For the purpose of
continuously monitoring the network and spotting possible security risks,
an IDPS is essential. It has the ability to recognise and react to unusual
network activity, including unauthorised access and dubious access
attempts. In order to help prevent security breaches, the system has the
ability to automatically stop or notify administrators of such activity.
Multi-Factor Authentication (MFA): To prevent unwanted access to the
network, multi-factor authentication (MFA) is a vital security feature. The
implementation of several types of verification, such as requiring the user
to know their password, possess their smartphone, and provide biometric
data, improves user authentication. Even if credentials are stolen, MFA
makes sure that only those with permission can access the network.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Requirements
Describe the data types to be
protected, security levels required
and secure boundary
requirements.
Further, describe the mission-
critical network servers that are
part of the infrastructure.
King Edward VII College has a comprehensive cyber security plan in
place to protect its students' personal information, as well as their
finances, academic records, and enrolment details. Students' personal
information is considered very sensitive, so it is protected at a high level,
while financial and academic records are protected at a medium level.
The college uses encryption, multi-factor authentication, and a secure
perimeter to guard against unauthorised access and keep sensitive
information secure. Strict perimeter security, accurate access control, and
encrypted data are all necessary for secure border needs.
King Edward VII University's key infrastructure includes the use of network
servers. Information about students, as well as financial and academic
information, are stored on special servers. Since these servers are in charge of
handling and protecting the most vital types of data, keeping them safe is a top
priority. It is critical for the college's operations and data security that these
servers remain available, intact, and confidential at all times. These mission-
critical servers require robust protections from potential threats and unauthorised
access.
Infrastructure design
Provide your design for the
virtualised cyber security
infrastructure. You can include
this as a screenshot and attach it
to your Portfolio.
The cyber security infrastructure implemented at King Edward VII College
is comprised of a virtualized network architecture that incorporates
segmented components, robust firewalls, intrusion detection and
prevention systems, multi-factor authentication, encryption, role-based
access controls, secure remote access via VPN, and a proactive software
patching regimen. This design incorporates measures to guarantee the
preservation of confidentiality, integrity, and availability of sensitive data,
while simultaneously mitigating the risks associated with unauthorised
access and potential security threats.
Implementation plan
Provide your implementation plan
for your design. Make sure you
plan includes:
Actions for implementation
including network boundaries
and technologies that will be
used.
responsibilities and timelines.
The proposed deployment strategy for King Edward VII College's
virtualized cyber security infrastructure is a systematic and incremental
approach aimed at improving the overall security of the network. The
measures encompassed in this approach entail network segmentation via
Virtual Local Area Networks (VLANs), deployment of firewalls at the
network perimeter, establishment of intrusion detection and prevention
systems (IDS/IPS), integration of multi-factor authentication (MFA),
implementation of data encryption, enforcement of access control, and
secure remote access facilitated by Virtual Private Networks (VPNs). The
allocation of responsibilities to specific teams and the establishment of a
well-defined timeframe for each action are undertaken to facilitate the
efficient performance of tasks. Furthermore, a consistent and ongoing
software patching protocol will be implemented to ensure the long-term
security and integrity of the infrastructure.
Network security monitoring
strategy
Describe the strategy that will
be used for monitoring the
network security.
The network security monitoring technique employed by King Edward VII
College encompasses a holistic approach that integrates real-time
monitoring, log analysis, and alerting mechanisms in order to swiftly
identify and address any security risks. The comprehensive approach
encompasses the implementation of a clearly delineated incident
response protocol and periodic security audits to guarantee a prompt and
efficient reaction to security breaches. The incorporation of threat
information feeds and user and entity behaviour analytics augments the
institution's capacity to proactively anticipate and address new threats.
The plan places a strong emphasis on the importance of documentation
and reporting in order to uphold transparency and facilitate well-informed
decision-making. Additionally, it incorporates continuous training and
awareness initiatives aimed at equipping personnel with the most
effective security practises. The comprehensive approach guarantees the
durability and flexibility of the college's virtualized cyber security
infrastructure in the face of ever-changing cyber threats.
Tools
Outline the tools that you will use
to implement the infrastructure.
Explain how you will obtain
access to the network and data
you need.
In order to establish the virtualized cyber security infrastructure at King
Edward VII College, a collection of indispensable tools will be utilised.
These tools encompass firewalls for safeguarding the network, intrusion
detection and prevention systems for monitoring and addressing potential
threats, multi-factor authentication to bolster user access control,
encryption software for ensuring data security, and access control
solutions for managing user permissions. Virtual Private Network (VPN)
solutions will facilitate the establishment of secure remote access, while
Security Information and Event Management (SIEM) technologies will
centralise log management and create alerts. User and Entity Behaviour
Analytics (UEBA) is designed to actively monitor and detect potentially
suspicious patterns of behaviour. Additionally, patch management
technologies are employed to guarantee that security measures are
regularly updated to maintain the highest level of protection. Strict control
will be implemented to regulate access to the network and data.
Authorised staff will be granted access based on role-based permissions,
which will be enforced through strong authentication techniques.
Additionally, the team will be kept informed about developing dangers
using threat intelligence feeds.
Presentation
Include the title of your
presentation here and attach it to
your Portfolio.
Presentation Title: "Fortifying Academic Security: A Blueprint for
Cybersecurity at King Edward VII College"
This presentation aims to offer a complete examination of the
cybersecurity strategy employed by King Edward VII College,
encompassing the conceptualisation and execution of a virtualized cyber
security infrastructure. In this discussion, we will examine the essential
components of our methodology, with a particular focus on safeguarding
data integrity, implementing access control measures, and detecting
potential threats. The presentation will be appended to your Portfolio for
future consultation.
Feedback
Document the feedback you
received from the
presentation regarding your
design.
Describe your response to this
feedback and adjustments you
will make.
We value the insightful comments made during our presentation and have
already begun implementing changes to our approach to cyber security
as a result. We will be more transparent about our incident response plan,
audit frequency, third-party security assessment knowledge, and training
and awareness initiatives. These changes were made to better
accommodate the changing demands of King Edward VII College and
incorporate the feedback we received from the public.
Attach:
Screenshots
☐
Presentation
☐
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Section 2: Implementation and testing
Complete this section for each
organisation. Organisation 1
Implementation
You are to provide evidence
of the implementation of
your design. This should
include screenshots that
show:
Network
boundaries created
Relevant
technologies
implemented
Security levels set
User access set
Testing
Run tests on your network
which will also demonstrate
how you monitor the
network.
Describe the tests you
undertook and the results.
Provide screenshots of
the test results including
logs.
A number of extensive network tests were undertaken in order to monitor and
evaluate the security of the infrastructure. The aforementioned activities
encompassed vulnerability scanning with the purpose of identifying potential
holes, testing of intrusion detection systems to simulate and detect unauthorised
access, and evaluation of firewall rules to verify the effectiveness of access
control mechanisms. Additionally, log analysis was conducted in order to identify
any atypical actions, and system logs were thoroughly examined for any
irregularities. Furthermore, a phishing simulation was conducted to evaluate
users' level of awareness, while a backup and recovery test was performed to
validate the effectiveness of data security mechanisms. The utilisation of network
traffic analysis facilitated the acquisition and examination of network traffic.
Visual records in the form of screenshots, log entries, and summaries were
meticulously recorded to enhance comprehension of the network's security
status, hence facilitating an enhanced understanding of the outcomes of these
tests.
User feedback
Document the user
feedback from your
assessor.
The examiner delivered feedback regarding our presentation, acknowledging its
lucidity and organisation, while underscoring the necessity for a more robust
emphasis on safeguarding data. It was suggested that the incident response
plan be enhanced by including additional details, as well as integrating
interactive components and visual aids to enhance user involvement. The input
provided will be duly considered in order to better our presentation. Our primary
objectives are to strengthen the emphasis on data protection and to boost the
overall engagement and informativeness of the content.
Adjustments
Based on the tests you
ran, monitoring and user
feedback describe the
adjustments you need to
make.
The examiner delivered feedback regarding our presentation, acknowledging its lucidity
and organisation, while underscoring the necessity for a more robust emphasis on
safeguarding data. The suggestion was made to enhance the incident response plan by
include additional facts, as well as integrating interactive components and visual aids to
enhance user involvement. The feedback provided will be duly considered in order to
enhance the quality of our presentation. Our primary objectives are to strengthen the
emphasis on data protection and to boost the overall engagement and informativeness of
the content.
Attach:
Screenshots
☐
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Organisation 2
Implementation
You are to provide evidence
of the implementation of
your design. This should
include screenshots that
show:
Network
boundaries created
Relevant
technologies
implemented
Security levels set
User access set
Testing
Run tests on your network
which will also demonstrate
how you monitor the
network.
Describe the tests you
undertook and the results.
Provide screenshots of
the test results including
logs.
A number of tests were done to assess and monitor the security of the virtualized
cyber infrastructure at King Edward VII College. The conducted tests
encompassed vulnerability evaluations aimed at identifying and mitigating
potential flaws within the system. In addition, we conducted penetration testing
exercises to simulate authentic cyber-attacks and evaluate the efficacy of the
network's security measures. The evaluation of intrusion detection system (IDS)
testing facilitated the assessment of the efficacy of the intrusion monitoring
system, while also enabling the verification of the operational functionality of
firewall rules in regulating network access. The process of log analysis and
monitoring was conducted in order to identify and detect any potentially
suspicious or unauthorised actions. The results of all tests were deemed
satisfactory, as vulnerabilities were swiftly corrected and the security system
demonstrated robustness. In order to ensure future reference and improvement,
we systematically documented the testing by compiling logs and capturing
screenshots.
User feedback
Document the user
feedback from your
assessor.
The assessor delivered favourable remarks regarding the evaluation of King
Edward VII College's cyber security infrastructure. The effectiveness of our tests,
namely vulnerability assessments and intrusion detection system (IDS), was
acknowledged by them. The input received indicated the need for additional
enhancements in both the incident response plan and user awareness training.
These improvements are intended to bolster security measures and will be
implemented accordingly.
Adjustments
Based on the tests you
ran, monitoring and user
feedback describe the
adjustments you need to
make.
Based on the results of the conducted tests, ongoing monitoring, and comments received
from users, our intention is to implement a number of significant modifications for King
Edward VII College. The proposed measures encompass enhancing incident management
through the refinement of our incident response plan, augmenting cybersecurity awareness
through intensified user awareness training, proactively addressing vulnerabilities by
implementing regular security audits, detecting threats in real-time through investment in
advanced log monitoring and analysis tools, and integrating ongoing user input into our
security improvement processes through the establishment of a formal feedback
mechanism. The aforementioned modifications are intended to enhance the
comprehensive security stance of our institution's digital infrastructure and cultivate a
climate of heightened awareness and attention towards cybersecurity.
Attach:
Screenshots
☐