Complete Assignment of Unit 7.2 Achieved in 2022 with Distinction Grade
DISCLAIMER! I do not recommend copying and pasting this document for your assignment as I have been a student myself and I have uploaded this assignment to TurnItIn. If you copy paste then this might flag up in the system, t...
Unit 7 – IT Systems Security & Encryption
7.2 - IT Security Mitigation and Practicals
Learning Aim C: - To Examine the techniques used to protect an IT system from
security threats
As there are so many different security threats to IT systems there needs to be a large range of
precautions put in place to defend these systems. In this section I will examine the techniques used
to protect IT systems from security threats to the best of my ability.
P5: Explain how protection techniques can help defend an organisation from security
threats.
Protection techniques would include physical security, policies and procedures, software-based
protection and regular audit of security.
C1 Physical Security
In this section I will look at the physical security of computer systems and the examine the provisions
that are in place, such as the building security, backing up data and IT disaster recovery plans.
♦ Building and Computer/Network room security: -
Every organization pays close attention to overall physical security of their computer systems. This is
the most commonly used way of a security breach in almost all type of organization and is usually
the deadliest too. In the scenario of an IT company, computer systems, especially servers and server
rooms need to be protected from theft as valuable equipment like hard drives are a serious security
risk.
Servers, routers and switches - (network equipment) should always be kept in secure locations with
controlled access. Some examples of controlled entry provisions can be the use of proximity key-
card entry. Doors which have this technology installed, have such door locks which only open if
someone has the right kind of key-card approaches the door. Additionally, these doors can have
some form of electric system attached to them which can record access of who entered the
computer network room and when. This can help in the investigation in case of a security breach
occurrence, however bear in mind that that someone might falsely get accused of stealing if their
card was stolen by someone else. These door would only be beneficial if the only access to such
rooms are through these doors itself, or through other secured rooms.
Adding onto the security of the physical access aspect of the network rooms, the use of closed circuit
television (CCTV) and use of biometrics such as facial recognition, fingerprint, voice control and Iris
scans would not only add another wall of rigid security but would also make sure to not let an abuser
go unscathed. The use of CCTV is very common nowadays in all businesses, and is rightfully a popular
technology to be used as it can provide visual captures of anything that goes wrong. However, more
often than not, companies fail to locate CCTVs at the right place and employees who want to
sabotage can notice this. The use of biometrics confirms the identity of a person, and this inculcates
fear even in the hearts of internal employees of a company who otherwise might have been
planning to abuse their power.
,Ideally, the location of a server room should be well thought about. It should not be on the ground
floor and neither should it have any external windows attached to it which makes it prone to
security breaches. If there is still need for any external windows, then it should be made sure to have
security screens attached to the windows to further block any trespassing.
♦ Backing up of Data
Although the security of systems and enterprises is becoming more civilized than ever, it is still not
possible to guarantee that the security of a system can always be maintained, this is why it is vital
that regular backups are made. In a situation where a malware infection has deleted or damaged
data in an IT system, it would be necessary to recover data prior to the infection. Since some time
would pass between the security breach (when the system is compromised) and its discovery, it
would be necessary to keep previous backups for several weeks.
When deciding upon a backup regime for an organisation’s computer systems there are a number of
factors that need to considered.
Deciding how often the backup should be performed
This is not an easy step for an organisation to decide upon, and in particular shouldn’t be rushed. It is
a common norm to use the concept of a recovery point objective (RPO) to define the maximum
amount of time a business can afford to lose data from an IT system. For instance, many
organisations or small businesses with non-critical systems use a daily backup (to backup every 24
hours). However, others might require a shorter time than this, and for this a good option can be to
use online backup methods by which data is quite frequently backed up to a remote website via the
internet.
Media types for backups
There are a variety of options to decide which type of media should be used to backup. Traditionally,
magnetic tape has been used for backup and it still provides a low-cost solution and can backup very
quickly too. Alternatives can be hard disc, optical media such as DVD-ROMs. The choice is not only
dependent on the cost, but also to the amount of data that needs to be backed up. For example,
optical media are limited to very small size, like the Blu-ray disc which is only about 128GB.
Selection of the type of Backup to use
There are a number of different options for selecting the data to be backed up. In many cases, it is
not practical (due to the large amounts of data involved) or necessary to complete a full system or
incremental backup regularly. It might not also be necessary as much of the data can be static; as in
it does not change often.
There are two types of backups I would like to explain, one is Incremental backup and the other one
is the differential backup. Incremental backup is a method of backing up whereby a full backup of all
the required data is done first (for example a backup of all the data from a full week) and then a
daily or custom backup after every 2-3 days, which will only backup the data that has been changed.
This means that each backup contains less data and can be backed up more quickly.
♦ IT Disaster Recovery Plans
As almost all businesses in the world rely on IT systems to run their businesses, so they need to
consider how they would continue to operate if the systems were destroyed or rendered by
unusable by any type of disaster such as fire, flood or getting hacked. In these situations, data
,backups do prove to be useful however they alone are not sufficient because, if there is no IT system
to run the applications on then the data backups are of little use (even if the IT systems are not
available for a couple of hours, as these hours can prove detrimental for the company). Therefore,
planning and policies are sorted out prior to eventualities, such as data corruption, cyber attacks,
lack of connectivity, destruction of hardware.
This involves identifying critical business assets and defining activities that are needed to ensure
their continuity in a disaster. The policy and planning can cover any assets essential for business
operations – equipment, software, physical facilities, and even employees – and determine what
steps the business will take to recover them.
One type of approach is the understanding and using the concept of RPO and RTO. RPO is mentioned
above which is the amount of data a business can afford to lose. However, I haven’t mentioned RTO
(Recovery Time Objective) before and this concept is also very essential when considering disaster
recovery. RTO is the target time in which a business wants to recover its systems following a disaster
such as fire or flood. For example, if a company that sells its products online through a website might
generate £3,000 in revenue every hour, and in case of an outage of 10 hours would cost the
company £30,000! Thus investing significant sums of money in preparing for a disaster would be
wise, as without pre planning, the recreation of the IT systems following a disaster could take weeks
or even months. The shorter the RTO, the more investment an organisation needs to make to
prepare for a potential disaster.
Types of Sites which are used in the case of disaster recovery.
Hot Site
A hot site is where the company maintains a complete working duplicate of all its server systems at a
geographically separate site to its main computer operations. This includes everything the company
has active, such as all the computing and networking equipment and the internet connections
required to run the systems. For example, for large organizations such as a bank which require very
short RTO, the hot site is often an alternative location in which some non-critical computing
functions are carried out but also has the capability to take over from the main location in case of
disasters.
This is of course very costly to set up and maintain as it more or less doubles the cost of running the
IT systems.
Cold Site
A cold site is just a building with suitable power and connectivity. In the event of a disaster at the
main site, the company would need to purchase computer systems and other equipment and set up
the systems using their backups. In these backups most recently used system configurations should
also be in place as without them these can be the moments that employees with malicious intents
could take advantage of.
A cold site has the longest RTO – probably weeks unless the systems are very straightforward. It is
relatively cheap (as there are no constant maintenance costs) and there are many companies who
make business out of this and let organisations rent these cold sites, sometimes these cold sites are
also shared between many different organisations concurrently.
Warm Site
, A warm site is the middle of both cold sites and warm sites. A hot site is too expensive to run and
cold sites take too long to set up for some companies. This is where warm site steps in and provides
a compromise, by having hardware in place but not fully configured and running. As with cold sites,
there are companies who offer this service of providing ready to use warm sites.
Organisations that are pre-planning to use a certain warm site can come and do a ‘test-run’ by
bringing their backups and trying out a set-up of the system so they can be ready when any disaster
strikes. This also means that since configurations and software are likely to change, the company
that has their eyes set upon this warm site would need to do occasional test runs at the warm site to
check that everything that still works.
IT Disaster Recovery Policies
A disaster recovery policy differs from Disaster Recovery Plan as this is more about how the
organisation would behave when a disaster occurs to ensure that the business is able to return to it’s
normal state within a short amount of time. This of course cannot alone guarantee business
continuity without a practical policy that is practiced by all employees and stakeholders and is well
understood.
The Importance of Disaster Recovery Policy
In today’s world organisations have become highly reliant on high availability as the world is highly
digitized. Downtime is rarely tolerated, and when it comes to mission-critical systems such as
healthcare systems, downtime is not tolerated at all (as lives may be in mortal danger). Therefore
organizations that are not prepared might suffer significant damage.
A disaster recovery policy outlines all of the procedures and tools that must be put into place in case
of a disaster. This can minimize the repercussions of data loss or a successful data breach to a great
extent. For example, a disaster recovery policy can minimize the damages a financial institution
might face from loss of customer trust or lessen the fines which might be imposed by regulatory
entities.
The 3 most important parts of a successful disaster recovery policy
The Scope of your Policy
Different types of calamities may befall an organization, and in each scenario, the company should
be ready to act upon protecting its most critical assets for each scenario. This concept is called the
scope of policy, and the exact measure of it is determined by the disaster recovery plan that is to be
used for the type of scenario. The policy should closely follow the disaster recovery plan and lay out
specific rules and procedures for each asset that must be safeguarded.
Organisational Roles and Responsibilities
In the case of a disaster having a team that is unfamiliar with the organization’s documented
recovery process is the worst possible case of scenario you can think of, as such a team would only
take things downhill and not towards recovery. To recover from a disaster, a specialized disaster
recovery team is needed that is knowledgeable with the organization’s defined recovery process.
Everyone on this team should have specific duties for steps to do when a crisis occurs and when the
emergency is over.
It should be very clear who is responsible for what, and workers with certain responsibilities should
have the relevant skills and enough training to actually perform them. It is also important to provide
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller omarmahmood. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $31.65. You're not tied to anything after your purchase.