Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
A Customer and A Employee will have one account. A product belongs to a category. Therefore, the relationship between category and customer and employee is a One-to-One relationship.
What you will learn
Typology: Summaries
1 / 22
This page cannot be seen from the preview
Don't miss anything!
UNIT TITLE: Unit 05: Security ASSIGNMENT NUMBER: 2 ASSIGNMENT NAME: EMC CLOUD SOLUTIONS SUBMISSION DATE: ………………………………………. DATE RECEIVED: ……………………………………………. TUTORIAL LECTURER: …………………………………… WORD COUNT: …………………………………………….. STUDENT NAME: NGO VAN HUY STUDENT ID: BKC MOBILE NUMBER: 0383930441
Summative Feedback: Internal verification: Contents
When EMC talks about cloud computing, it isn't necessarily referring to the same kind of cloud the rest of IT is talking about. EMC's cloud is focused on the company's products that reside in your data centers, or in its cloud partner data centers like Peer 1 or Terremark, and integrated with VMware. That's EMC's cloud. If you're an EMC customer (and you're likely a VMware customer), then your organization experiences some potential benefits of using a cloud storage provider that used BKACADVN for its infrastructure. Storage admins are a conservative bunch, and rather than adding a cloud storage gateway like Panzura or TwinStrata to their existing storage strategy, it might seem safer to stick with EMC's storage in the cloud provider's network. EMC certainly seems to be making an integrated storage system attractive. The BKACADVN announcement is pretty thin on details--the enhancements won't be delivered until sometime in the second half of 2020. But EMC said the changes include 50% faster read-and-write performance, a new event manager for improved system visibility and monitoring, new upgrade technology to reduce or eliminate downtime due to upgrades, as well as the ability to handle 100 petabytes of data across a distributed storage system. "There will be hundreds of thousands of private clouds, and thousands of public clouds. The future of cloud is an and, not an or," declared Joe Tucci, EMC CEO, during his keynote. Tucci wants that cloud to be EMC-powered. B. CONTENT LO1. Assess risks to IT security. I. Types of security risks EMC Cloud is subject to, in its present setup, and the impact, such issues would create on the business itself. Cloud services are typically classified into Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) such as raw computing power or cloud storage. A good cloud security provider will offer a scalable solution that detects threats before they reach the data center, helping to allay the following security concerns: Loss of data By its very nature, cloud computing involves some ceding of control from the customer to the service provider. While this leaves users more time and financial resources to focus on other facets of the business, there is always the risk that sensitive data is in somebody else’s hands. If the security of a cloud service is breached, hackers could potentially gain access to intellectual property or other personal files.
Malware infections Due to the high volume of data stored on the cloud, which requires an internet connection to store this data, anybody using cloud services is potentially at risk of cyberattacks. An increasingly common threat is Distributed Denial of Service (DDoS) attacks, whereby hackers send unprecedented volumes of traffic to a web-based application, thereby crashing the servers. Legal/compliance issues With increasing legislation on data protection, from GDPR in Europe to HIPAA for healthcare, staying compliant is becoming more difficult. Companies must have steadfast rules governing who can access what data and what they can do with it. With cloud computing’s easy access to data on a large scale, it can be difficult to keep track of who can access this information. II. Describe organisational security procedures. Organizations can have as many policies as they like, covering anything that’s relevant to their business processes. But to help you get started, here are five policies that every organization must have. 2.1. Remote access The days of 9-to-5 office work were over even before COVID-19 – and many organizations will continue to allow employees to work remotely when life as normal resumes.
2.4. Portable media Cybercriminals can easily infect an organization’s systems by planting malware on a removable device and then plugging it into a company computer. Many organizations counteract this threat by banning removable devices and relying on email or the Cloud to transfer information. This might not be viable for you, but there should always be safeguards in place. For example, you might set limits on who can use removable devices or create a rule instructing employees to scan devices before use. 2.5. Acceptable use Organizations should never expect employees to spend 100% of their time at work doing work-related activities because everyone needs a break now and then. But just because you give employees this leeway, it doesn’t mean you can’t keep a careful eye on what they do during those breaks. If an employee wants to spend a few minutes checking their personal email or how many likes their latest Instagram post got, there’s not much to complain about. LO2. Describe IT security solutions I. Potential impact to the organization when there is an improper firewall system and VPNs.
1. The firewall system. What Firewalls Do? Basically, firewalls need to be able to perform the following tasks: o Defend resources o Validate access o Manage and control network traffic o Record and report on events o Act as an intermediary What is Personal Firewall
It is important to understand why we need a firewall and how it helps us in the world of secure computing. We need to understand the goals of information security because it helps us to understand how a firewall may address those needs. Why you need Personal Firewall In the age of high-speed Internet Access, you electronically connect your computer to a broad network over which, unless you have installed a personal firewall, you have limited control and from which you have limited protection. Until recently, unless you worked for an organization that provided high-speed internet access. Like anything, the high-speed connection has its own drawbacks. Ironically, the very feature that makes a high-speed connection attractive is also the reason that makes it vulnerable. In a way, connecting to the internet via high- speed connection is like leaving the front door of your house open and unlocked. This is because high-speed Internet connections have the following features: o A constant IP - Make it easy for an intruder who has discovered your computer on the internet to find you again and again. o High-Speed Access - Means that the intruder can work much faster when trying to break into your computer. o Always active connection - means that your computer is vulnerable every time when it is connected to the internet. Defending yourself with a Personal Firewall So now you have an idea of how you are vulnerable every time when you are online on a high-speed Internet connection, compared to an ordinary 56Kbps connection. What you now need to know is how you can defend yourself against the threat posed by this type of connection A Personal firewall is important when o You surf the internet at home using an 'always on' broadband connection o You connect to the internet via a public Wifi network in a park, cafe or airport o You run a home network which needs to be kept isolated from the internet o You wish to be kept informed when any program on your computer attempts to connect to the internet o Most Personal Firewalls are highly configurable so you can easily create security policies to suit your individual needs
The other reason was the existence of improper VPNs it’s the other problem that arises when doing online transactions because when we doing online transactions without using proper VPNs sometimes there might have web traffic, snooping and interference by these web traffics transactions can’t do properly it may buffer. From the improper VPNs the reputation of the EMC company might get damaged because of that we have to install proper VPNs. II. Explain how following technologies would benefit EMC Cloud and its Clients by facilitating a ‘trusted network’.
1. DMZ (Demilitarized Zone) A DMZ, short for demilitarized zone, is a network (physical or logical) used to connect hosts that provide an interface to an untrusted external network
Advantages of Static IPs o It’s good for creating Computer servers o It makes it easier for geolocation o It’s also better for dedicated services o Disadvantages of static IPs Disadvantages of Static IPs o The static IP address could be a security risk o Static IPs are preferred for hosting servers o The process to set a static IP is complex
3. NAT (Network Address Translation) To access the Internet, one public IP address is needed, but we can use a private IP address in our private network. The idea of NAT is to allow multiple devices to access the Internet through a single public address. To achieve this, the translation of a private IP address to a public IP address is required. Network Address Translation (NAT) is a process in which one or more local IP address is translated into one or more Global IP address and vice versa in order to provide Internet access to the local hosts. Also, it does the translation of port numbers i.e. masks the port number of the host with another port number, in the packet that will be routed to the destination. It then makes the corresponding entries of IP address and port number in the NAT table. NAT generally operates on a router or firewall.
3. Port Address Translation (PAT) – This is also known as NAT overload. In this, many local (private) IP addresses can be translated to a single registered IP address. Port numbers are used to distinguish the traffic i.e., which traffic belongs to which IP address. This is most frequently used as it is cost-effective as thousands of users can be connected to the Internet by using only one real global (public) IP address. Advantages of NAT – o NAT conserves legally registered IP addresses. o It provides privacy as the device IP address, sending and receiving the traffic, will be hidden. o Eliminates address renumbering when a network evolves. The disadvantage of NAT – o Translation results in switching path delays. o Certain applications will not function while NAT is enabled. o Complicates tunneling protocols such as IPsec. o Also, the router being a network layer device, should not tamper with port numbers (transport layer) but it has to do so because of NAT. 4. Trusted Network system A trusted network is a network of devices that are connected to each other, open only to authorized users, and allows for only secure data to be transmitted. Components of the trusted network system Authentication: the network should require users to login so that only authenticated users are allowed to use the network Encryption: the data should be encrypted so that secure data cannot be intercepted and transmitted to unauthorized users Firewall: the computers and servers on the trusted network should include hardware like a firewall, which is a software program or piece of hardware that helps screen for security Private Network: the computers and servers on the trusted network should be equipped with software like virtual private network (VPN), which allows for remote work with secure data transmission 5. Network Monitoring System With our comprehensive cloud network monitoring tool, a brainchild of ManageEngine Op Manager, you can easily drill down to the root cause of network issues with our in-depth network analysis. This Simple Network
Management Protocol (SNMP) based network monitoring system lets you detect anomalies instantly. Ensure uptime and fault management of all your SNMP devices with a secure, firewall-friendly architecture. Monitor network traffic: Monitor the in and out traffic, packets, errors, and discards, and analyze the network performance based on actionable insights. LO3. Review mechanisms to control organizational IT security. I. Discuss risk assessment procedures In short, a risk assessment is an examination of a given task that you undertake at work, that could potentially cause harm to people. The goal is to understand any potential hazards, before then outlining and undertaking reasonable steps to prevent harm. Therefore, a risk assessment can help you to understand and take precautions for such eventualities. Finally, remember that some regulations will likely require certain control measures to be put in place, see step 3 for more information on this.
If the EMC company is affected by the risks the EMC company can have consequences in terms of economic performance and professional reputation as well as the environment safely and social outcomes. If the threats or risks get affected to the economic performance of the EMC company it a huge loss for the company because customers will reject the company and the banks who give loans to the company may be rejected and finally, the employees who are dependent on the EMC company get affected. After the economic performances, it gets affected to the professional reputation. If the EMC company is dealing or doing transactions with foreign countries the professional reputation is highly important. If it gets damaged due to the threats or risks attacks those countries also starting to reject the company. Because of these reasons managing risks effectively helps the EMC company to perform well in an environment full of uncertainty
1. What is Audit? In Every huge scale company, there is an Audit firm to examine the current situation of the company. If the employees did any frauds, illegal business they get caught in this situation. That is the benefit of an audit firm. If there no department called an audit firm the company must get bank rapt because no one is there to find out the frauds and other wrong things that are happening in the company. In some companies, there are security audits, which means this audit is there to check whether the security system is working in a proper manner. If there is no audit system to examine the security system also might get corrupted by the above things and points, we can tell that there is a huge impact to the organization security from the IT security audits. 1.1. What is IT Security Audit? An IT security Audit involves an IT specialist examining an organization's existing IT infrastructure to identify the strength of its current arrangements and any potential vulnerabilities. IT security is very important to the EMC company because handling or maintain IT security audits ensures the cyber defenses are up to date as they can be effectively detecting or giving responses to any kind of threats possess by hackers and other criminals who manipulate IT systems for their own ends. When the EMC company is dealing with external countries cyber defenses are very important, if it fails, very dangerous hackers attacked the servers and take all the important information but if the cyber defenses are up to date there is no risk. 1.2. What an IT security Audit does for the company. When all the IT services connected with the IT security audit the organization can have a more formidable IT system in place. There are many departments in the company when the IT security audit connects to each department the function of the IT security audit may range from database management to resource planning as a chain network. For a company, data is one of the key assets that requires top security control. If the data get released or hacked by the competitors or other firm it is the main reason the company gets bank raptor the company gets a bad reputation, because of these reasons we have to protect our data. IT security auditors determine the type of information we
have. How it flows in and out of an organization and who has access to the information. 1.3. IT security Audits can identify the Vulnerable points and problem areas in the company. The special feature of the IT security audit system has, it can identify the vulnerable points and problem areas easily. The IT system is a vast one with several components including hardware, software, data, and procedures but the IT security system can find out the vulnerable areas easily. From the IT security system, we can check whether our hardware or software tools are configured properly and working properly. And security audits are retracing the security incidents or the dangerous situation that company faced in the past from the previous that might have exposed our security weak points. The other main thing that is done by the audit was the focus on carrying out tests in terms of network weaknesses, operating system, access control, and security applications.
2. How IT security aligned with organization policy. Security purposes aligned with the company’s goals and documented in company policies and procedures. company policies and procedures are not just paperwork—they are the basis of a strong security plan. Once the company policies and procedures have been advanced or updated with the company staff's help, your organization’s security basis will be more current, sound, and in compliance. Companies cybersecurity experts: o Cooperate with your organization to grow the strategies for successfully communicating policies, standards, and procedures for measuring good security practices and agreements o Provide current management of the company policies, procedures, and standards to safeguard those documents are kept current and relevant 2.1. Aligning Security with company objectives Aligning security with the organization’s greater business needs is becoming gradually important, but how do you really do it? What it comes down to is being talented to map security to business purposes. Done right, security can be the main business driver. Today, everyone from finance to Develops to sales and engineering has security top of mind, at least if they know what’s good for them. In this post, we’ll offer numerous ways to tie the gap between security and the rest of the company, allowing you to successfully bring it into the organization in order to meet any number of business purposes.
II. What is DRP? A disaster recovery plan (DRP) is a documented, structured method with commands for replying to accidental incidents. This step-by-step plan consists of the defenses to minimize the effects of a disaster so the organization can continue to operate or quickly restart mission-critical functions. Classically, disaster recovery planning includes an analysis of business processes and continuity needs. Before making a detailed plan, an organization often performs a business influence examination and risk analysis, and it establishes the recovery time objective and recovery point objective. In other words, a disaster recovery plan mean Disaster recovery planning is just part of business steadiness planning and applied to aspects of an organization that trust IT infrastructure to function. Creating a disaster recovery plan. An organization can start its DRP plan with an instant of vital action steps and a list of important contacts, so the most vital information is quickly and easily available. The plan should describe the roles and tasks of disaster recovery team members and outline the criteria to launch the plan into action. The plan then specifies, in detail, the incident response and recovery activities. III. Role of the stakeholders related to the security of the company.
1. Who is a stakeholder? Definition of the term "stakeholder": "A person, group or organization that has attention or concern in an organization. Stakeholders can affect or be affected by the organization's actions, objectives and policies. Some examples of key stakeholders are creditors, directors, employees, government (and its agencies), owners (shareholders), suppliers, unions, and the community from which the company’s attractions its resources. Not all stakeholders are equivalent. A company's customers are permitted to fair trading practices but they are not allowed to the same consideration as the company's employees. The stakeholders in a corporation are the individuals and constituencies that contribute, either willingly or unwillingly, to its wealth-creating volume and activities, and that are therefore its potential receivers and or risk bearers. Types of the Stake Holders o Primary Stakeholders – Usually interior stakeholders, are those involved in financial dealings with the business (for example stockholders, customers, suppliers, creditors, and employees). o Secondary stakeholders – Usually outside stakeholders are those who although they do not engage in direct financial conversation with the business – are affected by or can affect its activities (for example the general public, communities, activist groups, business support groups, and the media). o Excluded stakeholders – Those such as children or the unbiassed public, initially as they had no financial impact on the company. Now as the concept takes an anthropocentric viewpoint, while some groups like the general public may be documented as stakeholders’ others remain excluded. Such a viewpoint does not give plants, animals, or even geology a voice as stakeholders, but only an active value in relation to human groups or individuals. 2. Role of a security stakeholder related to the company. We can view Security’s customers from two viewpoints: the roles and tasks that they have, and the security assistance they obtain. The roles and tasks aspect are vital because it controls how we should interconnect to our various security customers, based on allowing and swaying them to perform their roles in security, even if that role is a humble one, such as using an access card to gain admission to the facility. It is also vital because fulfilling their roles and tasks as employees, managers, contractors or partners is the way that security’s customers “pay for” the security that they obtain. If they do not see or understand the value of a security or are not joyful about how much they have to pay for it (i.e. how much trouble they have to go through for security), they may select to bypass security, such as by following to enter the ability.
