Scribd
Upload
34 views5 pages

EMC Security Assignment

Uploaded by

sp21-bscs-008
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
34 views5 pages

EMC Security Assignment

Uploaded by

sp21-bscs-008
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Assignment 1

Subject Title: Information Security

Assignment Number: 1

Instructor Name: Muhammad Arslan Tariq

Submission Date: Before MID (Date will be Informed)


Activity 1

1.1 Types of Security Risks and Their Impacts

1. Data Breaches:
- Risk: Unauthorized access to sensitive data, including client information or business-
critical data.
- Impact: Breaches can lead to financial penalties, loss of customer trust, and legal
consequences due to non-compliance with data protection regulations.

2. Malware Attacks:
- Risk: Malware, such as ransomware, can encrypt files or disrupt operations.
- Impact: Downtime, data loss, and high costs for recovery or ransom payments.

3. Insider Threats:
- Risk: Employees or contractors might intentionally or unintentionally expose or damage
data.
- Impact: Loss of intellectual property, data leaks, or operational disruptions.

4. Physical Security Risks:


- Risk: Unrestricted access to the data center may result in hardware theft or sabotage.
- Impact: Damage to infrastructure, data loss, and extended downtime.

5. DDoS Attacks:
- Risk: Attackers flood the system with traffic, rendering services inaccessible.
- Impact: Service outages lead to loss of revenue and customer dissatisfaction.

6. Misconfigured Systems:
- Risk: Improper firewall rules or VPN setups expose the network to attackers.
- Impact: Unauthorized access to systems, making them vulnerable to exploitation.

1.2 Security Procedures

1. Access Control Policies:


- Implement Role-Based Access Control (RBAC): Restrict user access based on their roles.
- Use Multi-Factor Authentication (MFA): Add an extra layer of security for sensitive
systems.

2. Network Security Enhancements:


- Regularly update firewall configurations and review access logs.
- Deploy Intrusion Detection and Prevention Systems (IDS/IPS) to monitor and block
suspicious activities.

3. Data Protection Measures:


- Encrypt data both at rest (using AES-256) and in transit (using SSL/TLS protocols).
- Establish offsite backup routines to protect against data loss.

4. Physical Security Upgrades:


- Install surveillance cameras and biometric access systems for the data center.
- Use physical barriers, such as locked server rooms, for additional safety.

5. Employee Awareness and Training:


- Conduct regular training programs on phishing, social engineering, and security best
practices.
- Establish a security incident reporting procedure.

6. Incident Response Framework:


- Create and test a detailed incident response plan.
- Include steps for detection, containment, eradication, recovery, and post-incident
analysis.

Activity 2

2.1 Impact of Incorrect Configurations

1. Firewalls:
- Issue: Allowing open ports or unfiltered traffic exposes the network to external attacks.
- Impact: Unauthorized access, data breaches, or infiltration of malware.

2. VPNs:
- Issue: Poorly configured VPNs may use weak encryption protocols or expose IP
addresses.
- Impact: Eavesdropping on communications, unauthorized access, and compromised
client data.

2.2 Benefits of Technologies

1. DMZ (Demilitarized Zone):


- Description: A DMZ is a network segment that isolates public-facing services (e.g., web
and email servers) from the internal network.
- Benefits:
- Prevents attackers from directly accessing internal systems.
- Contains breaches within the DMZ, minimizing damage.
- Illustration:
[Internet] --> [Firewall] --> [DMZ with public servers] --> [Internal Network]

2. Static IP Addresses:
- Description: A fixed IP address assigned to servers.
- Benefits:
- Simplifies firewall rule configuration and ensures consistent server identification.
- Enhances traceability in logging and auditing processes.

3. NAT (Network Address Translation):


- Description: A process that translates private IP addresses to a public IP and vice versa.
- Benefits:
- Hides internal network details from external entities.
- Reduces the risk of direct attacks on internal systems.

2.3 Network Monitoring Systems

- Real-time alerts for suspicious activities or traffic anomalies.


- Ensures compliance with regulatory requirements through detailed logs.
- Facilitates proactive threat detection, enabling faster mitigation of potential breaches.
- Improves network performance by identifying bottlenecks and resource misuse.

Activity 3

3.1 Risk Assessment Procedure

1. Risk Identification:
- Identify assets (e.g., servers, client data) and potential threats (e.g., cyberattacks, natural
disasters).

2. Risk Analysis:
- Evaluate risks based on their likelihood and impact (e.g., High, Medium, Low).

3. Risk Prioritization:
- Focus on high-priority risks, like data breaches, to allocate resources effectively.

4. Risk Mitigation:
- Implement safeguards (e.g., firewalls, encryption) to reduce vulnerabilities.

5. Monitoring and Review:


- Continuously assess the effectiveness of implemented measures.
- Update risk assessments to account for emerging threats.

3.2 Data Protection Laws and Procedures

1. Mandatory Laws:
- GDPR: Requires secure handling of EU-based clients’ data.
- Sri Lankan Laws: Comply with the Computer Crimes Act and privacy regulations.

2. Data Protection Procedures:


- Perform regular data encryption.
- Ensure data retention policies align with legal requirements.
- Provide transparency to clients about how their data is stored and used.

3.3 Risk Management Methodology

1. Framework: Adopt a standard like ISO/IEC 27005 for structured risk management.
2. Steps:
- Identify risks, analyze their impact, implement controls, and monitor continuously.

3.4 IT Security and Organizational Policy

- Alignment with Business Goals:


- Ensure security policies do not hinder business processes but enhance reliability and
trust.

- Components of a Security Policy:


- Password management, acceptable use, incident response, and compliance requirements.

- Policy Review:
- Conduct regular audits and updates to align with evolving technologies and threats.

You might also like