Unit 5: Security

Assignment 1 Brief
Programme Title Pearson BTEC Level 5 Higher National Diploma in Computing
Student Name/ID Number

Unit Number and Title Unit 5: Security

Academic Year
Unit Tutor

Assignment Title Security – Assignment 1

Issue Date
Submission Date

Submission Format

● The submission is in the form of an individual written report. This should be written in a
concise, formal business style using single spacing and font size 12. You are required to
make use of headings, paragraphs and subsections as appropriate, and all work must be
supported with research and referenced using the Harvard referencing system. Please also
provide a bibliography using the Harvard referencing system.
● The individual Assignment must be your own work, and not copied by or from another
student.
● If you use ideas, quotes or data (such as diagrams) from books, journals or other sources,
you must reference your sources, using the Harvard style.
● Make sure that you understand and follow the guidelines to avoid plagiarism. Failure to
comply with this requirement will result in a failed assignment.

Unit Learning Outcomes

LO1 Assess risks to IT security.

LO2 Describe IT security solutions.

Transferable skills and competencies developed:

Computing-related cognitive skills:

● Demonstrate knowledge and understanding of essential concepts, principles, and theories

related to IT security risks, IT security solutions, and mechanisms to control organizational
IT security.

● Identify and analyze criteria and specifications appropriate to specific problems, and
strategically plan solutions in organizational security and IT security solution evaluation.

● Critical review and audit: Risks of unauthorized use of a system, legal restrictions on

BTEC HN Assignment Brief Template

Issue Date: Jan 2024 Owner: HN QD
DCL1 Public (Unclassified) Version 2.0
 access to data, systems to be secured (e.g., data, network, systems—hardware and
software), WANs, intranets, wireless access systems, security culture, and approaches to
security in the workplace, Operating Systems (OS) and their security functions, network
security infrastructure, network performance, security vulnerabilities, and mechanisms to
control organizational IT security, including organizational security policies.
● Methods and tools: Deploy appropriate theories, practices, and tools to design, deploy, and
evaluate security measures, as well as assess the suitability of the tools used in
organizational policy.
Computing-related practical skills:

● The ability to specify, design and construct reliable, secure and usable computer-based
systems

● The ability to evaluate systems in terms of quality attributes and possible trade-offs
presented within the given problem

● The ability to deploy effectively the tools used for the construction and documentation of
computer applications, with particular emphasis on understanding the whole process
involved in the effective deployment of computers to solve practical problems

● The ability to critically evaluate and analyse complex problems, including those with
incomplete information, and devise appropriate solutions, within the constraints of a
budget
Generic skills for employability

● Intellectual skills: critical thinking; making a case; numeracy and literacy

● Self-management: self-awareness and reflection; goal setting and action planning

● Independence and adaptability; acting on initiative; innovation and creativity

● Contextual awareness, e.g. the ability to understand and meet the needs of individuals,
business and the community, and to understand how workplaces and organisations are
governed.
Vocational scenario
Assignment scenario
You work as a trainee IT Security Specialist for a leading Security consultancy in Vietnam called
FPT Information security FIS.
FIS works with medium sized companies in Vietnam, advising and implementing technical
solutions to potential IT security risks. Most customers have outsourced their security concerns due
to lacking the technical expertise in house. As part of your role, your manager Jonson has asked
you to create an engaging presentation to help train junior staff members on the tools and
techniques associated with identifying and assessing IT security risks together with the
organizational policies to protect business critical data and equipment.

Tasks
In addition to your presentation, you should also provide a detailed report containing a technical
review of the topics covered in the presentation.
Your presentation should:
BTEC HN Assignment Brief Template
Issue Date: Jan 2024 Owner: HN QD
DCL1 Public (Unclassified) Version 2.0
 ● Discuss types of security risks FIS secure may face if they have a security breach. Give an
example of a recently publicized security breach and discuss its consequences
● Assess a variety of organizational procedures an organization can set up to reduce the
effects to the business of a security breach.
● Analyse three benefits to FIS of implementing network monitoring system giving
supporting reasons.
● Propose a method that FIS can use to assess and treat IT security risks.

● Discuss the potential impact to IT security of incorrect configuration of firewall policies

and third-party VPNs in FIS.
● Discuss, using an example for each, how implementing a DMZ, static IP and NAT in a
network can improve network security in FIS.
● Evaluate a range of physical and virtual security measures that can be employed by FIS to
ensure the integrity of organisational IT security.
Your detailed report should include a summary of your presentation as well as additional, evaluated
or critically reviewed technical notes on all the expected topics.
Assignment activity and guidance
General introduction: Main purposes and structure of the work
Task 1 - Discuss types of security risks to organisations
To complete this section, follow the steps below:
• Define IT risks.
• Discuss types of risks to organizations.
• Discuss recent security breaches: List examples and dates
• Discuss the consequences of this breach.
• Suggest solutions to organizations.
(Word limit: 500 – 750 words)
Task 2 - Assess organisational security procedures
To complete this section, evaluate at least 03 security procedures that an organization implements to enhance
or maintain its security.
Ex: Data protection procedure, assets management procedure, change management procedure, security audit
procedure, vulnerability procedure, security hardening procedure,...
(Word limit: 500 – 750 words)
Task 2.1 - Analyse the benefits of implementing network monitoring systems with supporting reasons
To complete this section, follow the steps below:
• List some of the networking monitoring devices and discuss each of them.
• Explain the importance of monitoring networks.
• Describe the benefits of network monitoring.
(Word limit: 250 – 500 words)
Task 3 - Discuss the potential impact to IT security of incorrect configuration of firewall policies and
third-party VPNs

BTEC HN Assignment Brief Template

Issue Date: Jan 2024 Owner: HN QD
DCL1 Public (Unclassified) Version 2.0
 To complete this section, follow the steps below:
• Discuss briefly firewalls and policies, their usage and advantages in a network.
• Explain how a firewall provides security to a network.
• Show with diagrams how a firewall operates.
• Define a VPN, its usage, and provide examples with diagrams.
• Discuss the potential impacts (threats and risks) of a firewall and a VPN if they are incorrectly
configured in a network.
(Word limit: 500 – 750 words)
Task 4 - Discuss, using an example for each, how implementing a DMZ, static IP and NAT in a
network can improve network security
To complete this section, follow the steps below:
• Define and discuss with the aid of diagram DMZ. Focus on its usage and security function as
advantage.
• Define and discuss with the aid of diagram static IP. Focus on its usage and security function as
advantage.
• Define and discuss with the aid of diagram NAT. Focus on its usage and security function as
advantage.
(Word limit: 500 – 750 words)
Task 4.1 - Propose a method to assess and treat IT security risks
To complete this section, follow the steps below:
• Discuss methods required to assess security threats. E.g., Monitoring tools.
• Identify the current weaknesses or threats within an organization.
• Propose the tools that can be used to address IT security risks.
(Word limit: 250 – 500 words)
Task 4.2 - Evaluate a range of physical and virtual security measures that can be employed to ensure
the integrity of organisational IT security
To complete this section, follow the steps below:
• Define and explain physical and virtual security measures.
• Provide brief details with examples of how these measures are used.
• Describe how physical and virtual security measures can serve as effective solutions in IT
security.
(Word limit: 250 – 500 words)
Learning Outcomes and Assessment Criteria

Pass Merit Distinction

LO1 Assess risks to IT security.

P1 Discuss types of M1 Analyse the benefits of D1 Evaluate a range of physical

security risks to implementing network and virtual
organisations. monitoring systems with security measures that can be

BTEC HN Assignment Brief Template

Issue Date: Jan 2024 Owner: HN QD
DCL1 Public (Unclassified) Version 2.0
 P2 Assess organisational supporting reasons. employed to ensure the integrity of
security procedures. organisational IT security.

LO2 Describe IT security solutions.

P3 Discuss the potential M2 Propose a method to

impact to IT security of assess and treat IT security
incorrect configuration of risks.
firewall policies and third-
party VPNs.

P4 Discuss, using an
example for each, how
implementing a DMZ, static
IP and NAT in a network can
improve network security.

BTEC HN Assignment Brief Template

Issue Date: Jan 2024 Owner: HN QD
DCL1 Public (Unclassified) Version 2.0