Unit 05 - LO2 - Work To Do Home page
Download
Report
Transcript Unit 05 - LO2 - Work To Do Home page
ORGANISATIONAL SYSTEMS SECURITY
T/601/7312
LEVEL 3 UNIT 5
LO2 - Know how organisations can
keep systems and data secure
Organisations collect, create and manipulate a wide range of data and
information; the cost of these activities is often much higher than the
organisation realises until they are lost or stolen. Everyone who works with an
information system should understand their responsibility to protect the
system against theft or loss and all IT professionals need to understand how
to support the organisation in protecting its digital assets and hardware. This
unit will enable the learner to recognise the importance of protecting systems
against any security issues or failures when working with the hardware and
software and providing guidance to customers on the security of their
systems. Additionally, it will also ensure that learners keep the importance of
security at the forefront of their activities in order to identify threats and
protect the organisation and its assets as they work with the information
system while working towards the qualification as well as in the work place.
The aim of this unit is to provide the learner with an understanding of the
importance of securing organisational IT systems, the impact of the law on the
application of security policies and the range of security threats which must
be protected against with an organisation and the tools which are used to
provide protection. The learner will be able to apply this knowledge to any
organisation through reviewing and making recommendations for
improvements.
Scenario
Criteria
1
2
3
4
5
6
7
8
9
10
11
12
Assessment
Learning Outcome (LO)
The learner will:
Pass
The assessment criteria are
the pass requirements for
this unit.
The learner can:
Merit
For merit the evidence must show
that, in addition to the pass
criteria, the learner is able to:
1
Understand the
impact of potential
threats to IT systems
P1
Explain the impact of
different types of threat
on an organisation
M1
Compare and contrast the
impact of different types
of threat to different
organisation types
2
Know how
organisations can
keep systems and
data secure
P2
Describe how physical
security measures can
aid in keeping systems
secure
M2
Discuss the effectiveness
of physical security
measures used in an
identified organisation
Describe how software
and network security
can keep systems and
data secure
M3
Discuss the effectiveness
of software security
measures used in an
identified organisation
P3
3
Understand the
organisational issues
affecting the security
of IT systems
P4
Explain the policies and
guidelines for
managing
organisational IT
security issues
P5
Explain how
employment contracts
can affect security
P6
Scenario
Criteria
1
2
Assess the laws related
to security and privacy
of data
3
4
5
6
7
8
9
10
11
12
Distinction
For distinction the evidence
must show that, in addition
to the pass & merit criteria,
the learner is able to:
D1
Recommend
modifications to
policies and
guidelines for
managing
organisational IT
security issues
D2
Review contracts of
employment in an
organisation and
their impact on
security
Assessment
P2 and P3: Learners should produce documentation for new colleagues describing
the different types of physical security methods which are available to a selected
organisation and the software and network security methods. This could be in the
form of two leaflets or one larger report. The chosen format must not simply
contain a set of bullet points but must include sufficient text so that a new starter
would understand what the security measure is and when it is relevant. In order to
achieve a pass the learner should discuss at least five different methods of
protection against physical threats and five different methods of software and
network security protection again technological data security threats.
For merit criteria M2 and M3, the learner should ensure that they clearly extend
their leaflets or documentation to discuss the effectiveness of the methods. M2
refers to the physical security and M3 the technological. The learners must also
include information on which of these methods are most relevant to their
organisation and why they believe this to be the case.
In the case of learners who are on work placement, this assessment may use
evidence from the development of new policies, procedures and guidelines carried
out by the learner. A witness testimony should be sought from the manager to
support the evidence produced by the learner, confirming that the work produced
is that of the learner and that it meets the standards required for the organisation.
This may require additional discussions or a brief report by the learner to ensure
that they have completely met the assessment criteria.
Scenario
Criteria
1
2
3
4
5
6
7
8
9
10
11
12
Assessment
This learning outcome is best taught holistically as this would be more
appropriate to the sector and will encourage learners to widen their scope
and considerations.
Learners should use what they have learned in Learning Outcome 1 to
consider in more detail the options for protecting systems. An
opportunity for group work arises here as the learners could be asked to
find specific examples for a range of physical and software security which
would help to protect the computer system from the various risks that
they have already identified.
The learner should use their general findings and again apply them to an
organisation with which they are familiar or have been given within a
scenario by their tutor. The precise number of protection methods cannot
be given as it will depend upon the precise nature of the organisation
which has been identified but for supplied scenarios learners should be
encouraged to consider a wide range and if they have chosen an
organisation they have worked with and opportunities for implementing
security measures is limited, they could identify what has been
implemented already, potential improvements to it and the reasons for
the implementation.
Scenario
Criteria
1
2
3
4
5
6
7
8
9
10
11
12
Assessment
Even companies with the most modern network security standards can remain
vulnerable to some physical -- and decidedly low-tech -- threats that
networking professionals must consider when developing corporate security
standards.
There are many forms of physical protection companies take in order to
protect their equipment, depending on the level of threat and the potential
cost of damage. Think about the security you see in the room around you
now, and measure this against a company like IBM. The risk of loss through
hacking or virus is greater for IBM and less on the potential burglary, whereas
a school is the other way around.
The most common of these is locks (e.g. doors, computer screens, filing
cabinets) Deterrents are, they need to be forced. 50% of the job, if a burglar or
thief finds the door locked, they will usually walk away. Doors can be alarmed,
they take time to get through, they can be seen to be open, similarly for
windows and filing cabinets. This deterrent will push burglars away. Click here
for details. Similarly screens are enough to deter internal crimes, what a thief
cannot see, they are unlikely to take, specifically opportunist thefts like
handbags, wallets, phones and laptops.
Task 1 – P2.1 – Describe to a new member of staff within a report, identifying
the Physical Benefits of room and office security to organisation’s resources and
data.
Scenario
Criteria
1
2
3
4
5
6
7
8
9
10
11
12
Assessment
Placing computers above known flood levels would seem like an obvious
security measure to take in the protection of hardware within a company,
specifically in areas prone to flooding but measure this against the
naivety of people when flooding happens. Click here. As soon as the
recent floods happened, televisions, cookers, fridges, washing machines,
people are surprised when the damage occurs. Looking at the school
now, IT rooms are predominantly on the ground floor, even network
rooms, the potential damage to the computer system when flooding
happens is as much about data and electricity loss or surges as it is
about repairable damage.
Similarly burglaries tend to be on the ground floor of building, thieves
look in the windows and decide which rooms to burgle. It would seem
obvious not to place important machinery on the ground floor but this is
often weighed up against cost, access and efficiency. Placing hardware
on a higher floor also means more doors to go through, more security,
more chance of getting caught.
Task 2 – P2.2 – Describe to a new member of staff within a report,
identifying the Physical Benefits of placing hardware above flood levels to
organisation’s resources and data.
Scenario
Criteria
1
2
3
4
5
6
7
8
9
10
11
12
Assessment
Back up systems in other locations – by law and by good practice schools
backup all the files that get changed in a school day onto a tape drive
after school closes. At the end of the week they back up the files onto a
larger drive somewhere else so there is a safe copy. They also backup all
the files a third time and take this backup off site. Usually this is stored
in a fireproof safe somewhere remote. This might seem over the top but
it costs less than £500 for the setup and £50 a month for the secure
backups.
Why do this – It is right, morally and legally. For other companies they
will do something similar, depending on the nature and importance of
the data. Banks keep their information in several locations, each them
protected by degrees of encryption, biometric and software based. The
obvious benefits of remote backups is easy to understand, these are old
data but if a company goes down, burns, crashes, gets hit by an
earthquake etc. the downtime is massively reduced. New backup systems
like Cloud are taking more precedence, after the Kyoto earthquake most
companies who stored their data in the city were back online in days.
Task 3 – P2.3 – Describe to a new member of staff within a report,
identifying the Physical Benefits of remote backup storage to organisation’s
resources and data.
Scenario
Criteria
1
2
3
4
5
6
7
8
9
10
11
12
Assessment
Keypads and biometrics – these are the highest levels of physical protection
that a company can install ranging from the cheap, fingerprinting and
keypads, to the expensive, biometrics, retina scanning, facial recognition and
voice recognition.
We have all seen the films where they use an eye or a fingerprint to get past
security, but these measures are not as they look, retina scanning only works
with a living eye, the pupil dilates when scanned but does not when the
muscle tissue is removed. Similarly with finger print recognition, all fingers
are different and dead tissue breaks down the print recognition. But
biometrics do work well in most cases.
Similarly keypads, they are designed to keep people out, they also track who
went in, times entered, keeping a log of activity in some cases. Linking this
to camera tracking can be the cure of most technical hacking internally.
Similarly finger print logins on laptops or base machines will allow a user log
to be generated of activity. All these measures are designed to be successful
to a degree, each can be counter measured but the opportunist thief and
hacker will always look elsewhere for the easier method is such security is
installed.
Task 4 – P2.4 – Describe to a new member of staff within a report, identifying
the Physical Benefits of biometrics and Keypads to organisation’s resources
and data.
Scenario
Criteria
1
2
3
4
5
6
7
8
9
10
11
12
Assessment
Security staff - the percentage of deterrents from other
physical security is measurable but nothing beats Security
Staff and Security presence. Even fake burglar alarms stop
thieves from trying, the show of force, the presence of a
guard is enough to stop the most determined. Suddenly
the risk of getting caught is so much higher and the
chance to deny proof is seriously reduced.
Security staff are both internal and external, operate
cameras, watch the video screens, sometimes have dogs
and do patrols. Internally they check every room before
locking so this reduces the risk of someone hiding at the
end of the day. They set the alarms and monitor door
activity, check ID’s of people within the building and
often stand guard around any particular area that is more
at risk.
Scenario
Criteria
1
2
3
4
5
6
7
8
9
10
11
12
Assessment
The big difference other than security is price, guards cost money,
standard salary is £17,000, the cost of all the other security measures
put together, companies have to weigh this against the value and impact
of the damage and the amount security guards prevent loss. Other
measures that are taken into consideration include increase in electricity,
additional equipment costs, training, hiring, monitoring duty rotas etc.
but for most companies like schools this is a necessity rather than a
luxury.
Task 5 – P2.5 – Describe to a new member of staff within a report,
identifying the Physical Benefits of Security Staff to organisation’s
resources and data.
For merit you need to define the physical security measures in place of a
company and state in your opinion the effectiveness of these security
measures. Use news and articles to support your findings.
Task 6 – M2.1 - Discuss the effectiveness of physical security measures
used in an identified organisation
Room and
office security
Scenario
Criteria
Hardware above
flood levels
1
2
3
4
5
Remote backup
storage
6
7
8
9
10
Biometrics and
Keypads
11
12
Assessment
Security Staff
Physical protection works to a good degree but more often the attack
comes form internal of external without the company even having to be in
the same area. Internal attacks are more dangerous because these are
deliberate and from staff who know the system, where files are stored,
what way they are hidden and often know the security protocols in place
to prevent attacks. External attacks means hacking and this is another
level of issue that can be prevented with the right kind of software and
protections.
Access levels – Standard windows is set up on two levels, user and admin,
on a network this can be added to for the individual access levels of staff,
areas can be set as a level, rooms, groups of machines etc. these are
called profiles and can be set by the administrator or any other
administrator with the levels of rights.
Similarly Access Rights can be set on folders and files as easily, allowing
users to read the folders but not write back or delete, to open but not
save. This feature is set as part of the OS and by the Admin users and is
the standard, free, secure way of protecting files and folders and staying
compliant with the DPA. The level of security this sets is medium,
password still can be lost or guessed allowing other users the same rights
if they decide to abuse the system.
Scenario
Criteria
1
2
3
4
5
6
7
8
9
10
11
12
Assessment
Authorisation permissions - User rights control what a user can do on a
network-wide basis. Permissions enable you to fine-tune your network
security by controlling access to specific network resources, such as files
or printers, for individual users or groups. For example, you can set up
permissions to allow users into the accounting department to access files
in the server’s \ACCTG directory. Permissions can also enable some
users to read certain files but not modify or delete them.
Setting permission rights will restrict
non-essential staff from looking at or
using information.
Access Control lists - Access control rights limit the user from
damaging, modifying or accessing a file beyond their access levels. It
restricts the file rights to whatever the network manager sets and can be
done in whole groups like Students or a Class like Languages. Setting
these rights protects files.
Task 7 – P3.1 – Describe to a new member of staff within a report,
identifying the Software Benefits of setting Access Levels on files and
Accounts to organisation’s resources and data.
Scenario
Criteria
1
2
3
4
5
6
7
8
9
10
11
12
Assessment
Software firewalls - A firewall is a security-conscious router that sits between the Internet and
your network with a single purpose: preventing external attacks. The firewall acts as a security
guard between the Internet and your Network. All network traffic into and out of the system must
pass through the firewall, which prevents unauthorised access to the network. Some type of
firewall is a must-have if your network has a connection to the Internet, whether that connection is
broadband, T1, or some other high-speed connection. Without it, sooner or later a hacker will
discover and breach your unprotected network.
You can set up a firewall using two basic ways. The easiest way is to purchase a firewall program,
which is basically a self-contained router with built-in firewall features like one Alarm or Sophos.
Most firewall appliances include a Web-based interface that enables you to connect to the firewall
from any computer on your network using a browser. You can then customise the firewall settings
to suit your needs.
Alternatively, you can set up a server computer to function as a firewall computer (SSL). The server
can run just about any network operating system, but most dedicated firewall systems run Linux.
Whether you use a firewall appliance or a firewall computer, the firewall
must be located between your network and the Internet, firewall
is connected to a network hub, which is, in turn, connected to the
other computers on the network. The other end of the firewall
is connected to the Internet. As a result, all traffic from the LAN
to the Internet and vice versa must travel through the firewall.
Scenario
Criteria
1
2
3
4
5
6
7
8
9
10
11
12
Assessment
SSL (Secure Sockets Layer) is a method of encrypting TCP/IP transmissions—
including Web pages and data entered into Web forms—en route between
the client and server using public key encryption technology. If you trade
stocks or purchase goods on the Web, for example, you are most likely using
SSL to transmit your order information. SSL is popular and used widely. The
most recent versions of Web browsers, such as Firefox and Internet Explorer,
include SSL client support in their software.
If you have used the Web, you have probably noticed that URLs for most Web
pages begin with the HTTP prefix, which indicates that the request is handled
by TCP/IP port 80 using the HTTP protocol. When Web page URLs begin with
the prefix HTTPS (which stands for HTTP over Secure Sockets Layer or HTTP
Secure), they require that their data be transferred from server to client and
vice versa using SSL encryption. HTTPS uses the TCP port number 443, rather
than port 80. After an SSL connection has been established between a Web
server and client, the client’s browser indicates this by showing a padlock in
the lower-right corner of the screen in the browser’s status bar, in the URL
textbox, or elsewhere.
Scenario
Criteria
1
2
3
4
5
6
7
8
9
10
11
12
Assessment
Each time a client and server establish an SSL connection, they
also establish a unique SSL session, or an association between
the client and server that is defined by an agreement on a
specific set of encryption techniques. An SSL session allows the
client and server to continue to exchange data securely as long as
the client is still connected to the server.
An SSL session is created by the SSL handshake protocol, one of
several protocols within SSL, and perhaps the most significant. As
its name implies, the handshake protocol allows the client and
server to authenticate (or introduce) each other and establishes
terms for how they will securely exchange data. For example,
when you are connected to the Web and you decide to open
your bank’s account access URL, your browser initiates an SSL
connection with the hand shake protocol.
Scenario
Criteria
1
2
3
4
5
6
7
8
9
10
11
12
Assessment
Anti-malware software – This is similar to anti-virus software in that it is
designed to block attacks internally and externally. What they do is look
for specific coding within files that allows a program to access the
internet surreptitiously. This is usually spyware, malware and adware.
These usually enter computer systems as cookies, that allows the
program to temporarily turn off the firewall and allow a program to crawl
onto the system. When the file becomes active it will then access the
Internet to pass on information.
An anti-malware program intercepts these external IP calls and blocks
them, then tracks the cause back and will then defend against further
attacks by neutralising the external connection abilities of the program
and then quarantining the program and code.
Examples of such programs are AdAware and Spybot. Because of the
increase in malware that is available, the .dat files of these programs and
others are updated when there are new threats. These programs and
othes are 99% effective, combined with a good virus checker they are
99.9% effective, but it is still that 0.1% that gets through. With SSL
protection combines this is even more secure.
Scenario
Criteria
1
2
3
4
5
6
7
8
9
10
11
12
Assessment
A digital certificate is a password-protected and encrypted file
that holds an individual’s identification information, including a
public key. In the context of digital certificates, the individual’s
public key verifies the sender’s digital signature. An organisation
that issues and maintains digital certificates is known as a CA
(certificate authority). For example, on the Internet, certificate
authorities such as VeriSign will, for a fee, keep your digital
certificate on their server and ensure to all who want to send
encrypted messages to you (for example, an order via your ecommerce site) that the certificate is indeed yours.
The use of certificate authorities to associate public keys with
certain users is known as PKI (public key infrastructure).
Task 8 – P3.2 – Describe to a new member of staff within a
report, identifying the Software Benefits of Software Protection to
organisation’s resources and data.
Software
firewalls
Scenario
Criteria
Secure Sockets Layer
1
2
3
4
5
6
7
Anti-malware
software
8
9
10
11
12
Digital certificate
Assessment
Backup utilities - these do not stop a problem from happening but limit the
damage and downtime of the damage. There are all sorts of backup utilities,
those that backup partially, fully, those that back up regularly, those that are
set on a timer, software backups and hardware backups.
Examples of software backup lowest level include timed backup setting in
Microsoft applications. These can be set by the user. Higher level backups
utilities include server backup programs on Novell and Windows Server clients
that set backup times and data flows at the end of each day to secure
networks. These tend to backup onto an external hard drive, tape drive or
different server.
The benefits of these are the obvious, secures against data loss, but there are
other reasons, because of the DPA, because it is good policy, because of
previous losses and learning the lessons included.
Encryption of files and folders and Encryption of entire discs – Encryption is
the highest form of protection that can be put on information and the most
essential when information is more valuable. Encryption is east as well,
password protecting can be hacked but encryption adds a higher level of
security. Basically it scrambles the information, the higher the bit encryption
(16, 32, 64, 128 etc.) the more times it scrambles the information. This is true
for files, folders and entire hard drives.
Scenario
Criteria
1
2
3
4
5
6
7
8
9
10
11
12
Assessment
Prevents confidential data from being read by
unauthorised hackers. Makes it incomprehensible to
anyone who does not hold the ‘key’ to decode it.
Methods include:
◦ transposition - characters switched around, how many
times depends on the level of encryption
◦ Substitution - characters replaced by other characters, again , depends on the
levels of encryption, the higher the level the more times it is switched.
Cryptography serves 3 purposes:
◦ Helps to identify authentic users by clarifying the ownership or identity of the
user first.
◦ Prevents alteration of the message by locking the information from write or
rewrite access.
◦ Prevents unauthorised users from reading the message but refusing to open,
be opened, be inserted or read through another program.
◦ Encryption Keys
◦ Sent with, sent after, kept on network of user and client. Without the key the
information cannot be seen or the stages of hacking take longer.
Task 9 – P3.3 – Describe to a new member of staff within a report, identifying the
Software Benefits of Encryption and Backups to organisation’s resources and data.
Backups
Scenario
Criteria
1
2
3
Encryption
4
5
6
7
8
9
10
11
12
Assessment
Choosing a secure password is one of the easiest and least expensive ways to
guard against unauthorized access. Unfortunately, too many people prefer to use
an easy-to-remember password.
If your password is obvious to you, however, it may also be easy for a hacker to
figure out. The following guidelines for selecting passwords should be part of
your organisation’s security policy. It is especially important for network
administrators to choose difficult passwords, and also to keep passwords
confidential and to change them frequently.
Tips for making and keeping passwords secure include the following:
◦ Always change system default passwords after installing new programs or
equipment. For example, after installing a router, the default administrator’s
password on the router might be set by the manufacturer to be “1234” or the
router’s model number.
◦ Do not use familiar information, such as your name, nickname, birth date,
anniversary, pet’s name, child’s name, spouse’s name, user ID, phone number,
address, or any other words or numbers that others might associate with you.
◦ Do not use any word that might appear in a dictionary. Hackers can use
programs that try a combination of your user ID and every word in a dictionary
to gain access to the network. This is known as a dictionary attack, and it is
typically the first technique a hacker uses when trying to guess a password
(besides asking the user for her password).
Scenario
Criteria
1
2
3
4
5
6
7
8
9
10
11
12
Assessment
◦ Do not use familiar information, such as your name, nickname, birth date,
anniversary, pet’s name, child’s name, spouse’s name, user ID, phone
number, address, or any other words or numbers that others might associate
with you.
◦ Do not use any word that might appear in a dictionary. Hackers can use
programs that try a combination of your user ID and every word in a
dictionary to gain access to the network. This is known as a dictionary attack,
and it is typically the first technique a hacker uses when trying to guess a
password (besides asking the user for her password).
◦ Make the password longer than eight characters—the longer, the better. Some
operating systems require a minimum password length (often, eight
characters), and some might also restrict the password to a maximum length.
◦ Choose a combination of letters and numbers; add special characters, such as
exclamation marks or hyphens, if allowed. Also, if passwords are case
sensitive, use a combination of uppercase and lowercase letters.
◦ Change your password at least every 60 days, or more frequently, if desired. If
you are a network administrator, establish controls through the NOS to force
users to change their passwords at least every 60 days. If you have access to
sensitive data, change your password even more frequently.
Scenario
Criteria
1
2
3
4
5
6
7
8
9
10
11
12
Assessment
◦ Do not write down your password or share it with others.
◦ Do not reuse passwords after they have expired.
◦ Use different passwords for different applications. For example,
choose separate passwords for your e-mail program, online banking,
remote access connection, dial-up connection, and so on. That way, if
someone learns one of your passwords she won’t necessarily be able to
access all of your secured accounts.
Password guidelines should be clearly communicated to everyone in
your organization through your security policy. Although users might
grumble about choosing a combination of letters and numbers and
changing their passwords frequently, you can assure them that the
company’s financial and personnel data is safer as a result. No matter
how much your colleagues protest, do not back down from your
password requirements. Many companies mistakenly require employees
only to use a password, and don’t help them choose a good one. This
oversight increases the risk of security breaches.
Task 10 – P3.4 - Describe to a new member of staff within a report,
identifying the Software Benefits of Passwords to organisation’s resources
Scenario
Criteria
1
2
3
4
5
6
7
8
9
10
11
12
Assessment
Wireless security - this is one of the more obvious risks companies can
deal with but also one of the more common problems that occur when
hackers try to gain access to company systems. Wireless security is
simple, it means using either WPA, WPA2 or WEP security protocols on a
wireless connection, setting a user secure password and limiting down
the use of that password within the company.
To not have a password is called untethered, this will allow users to
connect like it is a public network and use the network connection to
download, install and do other illegal transactions. At the end of the day
it is the width of the company’s broadband usage and the company’s
legal implications on copyright that are the bigger risk to standard user.
For hackers this allows them to gain a backdoor access onto a company
system and although there can be restrictions, it means they are already
through the first door.
Manufacturers set up all of their new routers with the same default
username and password. The username is often simply the word "admin"
or "administrator." The password is typically empty (blank), the words
"admin," "public," or "password," or some other simple word. Click here
for the dangers.
Scenario
Criteria
1
2
3
4
5
6
7
8
9
10
11
12
Assessment
Companies can increase their network security by adding in electronic controls to combat
illegal access with:
◦ Call-back and Handshaking
E.g. generate random number and require user to perform some action (multiply
first and last numbers together)
◦ Encryption and network Cipher Keys or One time Key registration for users
◦ Text_Captcha boxes for progression to stop hacking websites from randomising
logins and DOS attacks.
◦ More secure transfer protocols on networks such as:
SSH-TRANS, a transport layer protocol;
SSH-AUTH, an authentication protocol;
SSH-CONN, a connection protocol.
Task 11 – P3.5 - Describe to a new member of staff within a report, identifying the
Software Benefits of Wireless protection and Electronic Controls to organisation’s
resources
For merit you need to define the software security measures and controls in place of a
company and state in your opinion the effectiveness of these security measures. Use
news and articles to support your findings.
Task 12 – M3.1 - Discuss the effectiveness of Software, Control and security measures
used in an identified organisation
Access levels
Scenario
Criteria
Anti-Malware and
SSL
Firewalls
1
2
3
4
5
6
7
Backups and
Encryption
8
9
10
11
12
Passwords
Assessment
Wi-Fi
Security
Task 1 – P2.1 – Describe to a new member of staff within a report, identifying the Physical Benefits
of room and office security to organisation’s resources and data.
Task 2 – P2.2 – Describe to a new member of staff within a report, identifying the Physical Benefits
of placing hardware above flood levels to organisation’s resources and data.
Task 3 – P2.3 – Describe to a new member of staff within a report, identifying the Physical Benefits
of remote backup storage to organisation’s resources and data.
Task 4 – P2.4 – Describe to a new member of staff within a report, identifying the Physical Benefits
of biometrics and Keypads to organisation’s resources and data.
Task 5 – P2.5 – Describe to a new member of staff within a report, identifying the Physical Benefits
of Security Staff to organisation’s resources and data.
Task 6 – M2.1 - Discuss the effectiveness of physical security measures used in an identified
organisation
Task 7 – P3.1 – Describe to a new member of staff within a report, identifying the Software
Benefits of setting Access Levels on files and Accounts to organisation’s resources and data.
Task 8 – P3.2 – Describe to a new member of staff within a report, identifying the Software
Benefits of Software Protection to organisation’s resources and data.
Task 9 – P3.3 – Describe to a new member of staff within a report, identifying the Software
Benefits of Encryption and Backups to organisation’s resources and data.
Task 10 – P3.4 - Describe to a new member of staff within a report, identifying the Software
Benefits of Passwords to organisation’s resources
Task 11 – P3.5 - Describe to a new member of staff within a report, identifying the Software
Benefits of Wireless protection and Electronic Controls to organisation’s resources
Task 12 – M3.1 - Discuss the effectiveness of Software, Control and security measures used in an
identified organisation
Scenario
Criteria
1
2
3
4
5
6
7
8
9
10
11
12
Assessment