Unit 5: Security

Unit code K/615/1623

Unit type Core

Unit level 4

Credit value 15

Introduction
Security is one of the most important challenges modern organisations face. Security
is about protecting organisational assets, including personnel, data, equipment and
networks from attack through the use of prevention techniques in the form of
vulnerability testing/security policies and detection techniques, exposing breaches in
security and implementing effective responses.
The aim of this unit is to provide students with knowledge of security, associated risks
and how security breaches impact on business continuity. Students will examine
security measures involving access authorisation, regulation of use, implementing
contingency plans and devising security policies and procedures.
This unit introduces students to the detection of threats and vulnerabilities in physical
and IT security, and how to manage risks relating to organisational security.
Among the topics included in this unit are Network Security design and operational
topics, including address translation, DMZ, VPN, firewalls, AV and intrusion detection
systems. Remote access will be covered, as will the need for frequent vulnerability
testing as part of organisational and security audit compliance.
Students will develop skills such as communication literacy, critical thinking, analysis,
reasoning and interpretation, which are crucial for gaining employment and
developing academic competence.

Pearson BTEC Levels 4 and 5 Higher Nationals in Computing

Specification – Issue 4 – August 2019 © Pearson Education Limited 2019 121
Learning Outcomes
By the end of this unit students will be able to:
LO1 Assess risks to IT security.
LO2 Describe IT security solutions.
LO3 Review mechanisms to control organisational IT security.
LO4 Manage organisational security.

Pearson BTEC Levels 4 and 5 Higher Nationals in Computing

122 Specification – Issue 4 – August 2019 © Pearson Education Limited 2019
Essential Content

LO1 Assess risks to IT security

IT security risks:
Risks: unauthorised use of a system; unauthorised removal or copying of data or
code from a system; damage to or destruction of physical system assets and
environment; damage to or destruction of data or code inside or outside the
system; naturally occurring risks.
Organisational security: business continuance; backup/restoration of data;
audits; testing procedures e.g. data, network, systems, operational impact of
security breaches, WANs, intranets, wireless access systems.

LO2 Describe IT security solutions

IT security solution evaluation:

Network Security infrastructure: evaluation of NAT, DMZ, FWs.
Network performance: RAID, Main/Standby, Dual LAN, web server balancing.
Data security: explain asset management, image differential/incremental
backups, SAN servers.
Data centre: replica data centres, virtualisation, secure transport protocol, secure
MPLS routing and remote access methods/procedures for third-party access.
Security vulnerability: logs, traces, honeypots, data mining algorithms,
vulnerability testing.

LO3 Review mechanisms to control organisational IT security

Mechanisms to control organisational IT security:

Risk assessment and integrated enterprise risk management: network change
management, audit control, business continuance/disaster recovery plans,
potential loss of data/business, intellectual property, hardware and software;
probability of occurrence e.g. disaster, theft; staff responsibilities; Data
Protection Act; Computer Misuse Act; ISO 31000 standards.
Company regulations: site or system access criteria for personnel; physical
security types e.g. biometrics, swipe cards, theft prevention.

Pearson BTEC Levels 4 and 5 Higher Nationals in Computing

Specification – Issue 4 – August 2019 © Pearson Education Limited 2019 123
LO4 Manage organisational security

Manage organisational security:

Organisational security: policies e.g. system access, access to internet email,
access to internet browser, development/use of software, physical access and
protection, 3rd party access, business continuity, responsibility matrix.
Controlling security risk assessments and compliance with security procedures
and standards e.g. ISO/IEC 17799:2005 Information Technology (Security
Techniques – code of practice for information security management); informing
colleagues of their security responsibilities and confirming their understanding
at suitable intervals; using enterprise risk management for identifying,
evaluating, implementing and follow up of security risks according to ISO 31000
standards.
Security: tools e.g. user log-on profiles to limit user access to resources; online
software to train and update staff; auditing tools to monitor resource access;
security audits; penetration testing; ethical hacking; gathering and recording
information on security; initiating suitable actions for remediation.

Pearson BTEC Levels 4 and 5 Higher Nationals in Computing

124 Specification – Issue 4 – August 2019 © Pearson Education Limited 2019
Learning Outcomes and Assessment Criteria

Pass Merit Distinction

LO1 Assess risks to IT security
P1 Identify types of security M1 Propose a method to LO1 & 2
risks to organisations. assess and treat IT security D1 Evaluate a minimum of
risks. three of physical and
P2 Describe organisational
virtual security measures
security procedures.
that can be employed to
LO2 Describe IT security solutions ensure the integrity of
organisational IT security.
P3 Identify the potential M2 Discuss three benefits to
impact to IT security of implement network
incorrect configuration of monitoring systems with
firewall policies and third- supporting reasons.
party VPNs.
P4 Show, using an example
for each, how
implementing a DMZ, static
IP and NAT in a network
can improve Network
Security.
LO3 Review mechanisms to control organisational IT
security
P5 Discuss risk assessment M3 Summarise the ISO D2 Consider how IT
procedures. 31000 risk management security can be aligned
methodology and its with organisational policy,
P6 Explain data protection
application in IT security. detailing the security
processes and regulations
impact of any
as applicable to an M4 Discuss possible impacts
misalignment.
organisation. to organisational security
resulting from an IT security
audit.
LO4 Manage organisational security
P7 Design and implement a M5 Discuss the roles of D3 Evaluate the suitability
security policy for an stakeholders in the of the tools used in an
organisation. organisation to implement organisational policy.
security audit
P8 List the main
recommendations.
components of an
organisational disaster
recovery plan, justifying the
reasons for inclusion.

Pearson BTEC Levels 4 and 5 Higher Nationals in Computing

Specification – Issue 4 – August 2019 © Pearson Education Limited 2019 125
Recommended Resources

Textbooks
Alexander, D. et al. (2008) Information Security Management Principles. BSC.
Steinberg, R. (2011) Governance, Risk Management, and Compliance: It Can't Happen to
Us – Avoiding Corporate Disaster While Driving Success. Wiley.
Tipton, H. (2010) Information Security Management Handbook. 4th Ed. Auerbach Pubs.

Websites
www.bcs.org British Computer Society (General Reference)
www.bsa.org.uk Business Software Alliance (General Reference)
www.fast.org.uk Federation Against Software Theft (General Reference)
www.ico.gov.uk Information Commissioners Office (General Reference)

Links
This unit links to the following related units:
Unit 17: Network Security
Unit 23: Cryptography
Unit 24: Forensics
Unit 25: Information Security Management

Pearson BTEC Levels 4 and 5 Higher Nationals in Computing

126 Specification – Issue 4 – August 2019 © Pearson Education Limited 2019