100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
UNIT 7.2 System Security and Encryption (P5,P6,P7,P8,M3,M4,D2,D3) £19.99
Add to cart

Essay

UNIT 7.2 System Security and Encryption (P5,P6,P7,P8,M3,M4,D2,D3)

 210 views  1 purchase

Distinction level assignment for UNIT 7 System Security and Encryption, 6,300 words. Guarantee Distinction on your Grade.

Preview 3 out of 20  pages

  • June 24, 2023
  • 20
  • 2022/2023
  • Essay
  • Unknown
  • A+
  • unit 7
  • assignment unit 7
All documents for this subject (38)
avatar-seller
ComputingWithX
Unit 7 It System Security and Encryption
P5 Explain how protection techniques can help defend an
organisation from security threats.


Security threats can be defended by various techniques which organisations can utilise to protect
the IT systems around the company. They should be cautious about the threats and already set up
some techniques to protect the systems. The IT security of an organisation can be very crucial. This is
because data of an organisation is confidential, and it may be dangerous for the company if the data
has been breached and is spread out. The IT security systems can be costly for organisations as it is
difficult to secure data and keep them all protected. Security breaches can affect the organisation is
a devastating way. It can cause damage to the company's reputation, the data that the organisation
has gathered can be stolen and do something malicious with it, they can have a financial lost and
may get fines as they can fail to follow some of the data protection legislations. The organisations
can use these techniques to protect the IT systems:

- Physical Security
o Building design
o Computer network room security
o Backup for data
o IT disaster recovery plans
- Policies and procedures
o Organisations policies
o Procedures
o Security audits
o Security baselines
- Software-based protection
o Anti-virus software
o Firewalls
o Intrusion detection systems (IDSs)
o Domain management
o User authentication
o Access controls



Physical security
The physical security of the IT systems includes building security, backups for data and disaster
recovery plans for the IT systems. This security technique must be included in the organisation.

Building design and computer network room security
The computer systems need to be protected physically in the case that someone's interaction can
damage the systems. The equipment's such as the monitor, hard drives, the wires the connects to
the computer systems, it can be easily destroyed if not protected which can put the systems in risks.
They should put the equipment’s in a secure location in where nothing can harm it. In this way it

,puts less risk for the organisation. Some equipment’s needs to be kept safe away so no one can
touch. Once those important equipment’s have been played with or moved around unintentionally
then it can cost major damage to the organisations computer systems. The organisation must keep
the building secure such as purchasing and installing locks, biometrics and others to keep the
computer systems safe and secure from external or internal damages. The organisation must keep in
mind how the building will be structured to prepare for disasters for example, an earthquake.

Backup for data
For physical security, backing up data is important and very necessary for the organisation. The
organisations building design and computer network room security may not work or secure the
computer systems all the time. This still leaves the data vulnerable, and the organisation may lose it.
However, a way to keep the data safe is to save the data in a safe place or save the data in multiple
places. This makes the data to be safer and more secured. This is because if the building desing or
the computer room security has been breached or destroyed, the data may have been lost but if the
organisation has backed up their data, then the data can be found somewhere else, and the
companies progress would not have to start at zero.

The organisation must think how often they are supposed to back up the data. A good way to think
of how often the organisation must back up the data is by using a recovery point objective. This is
when the amount of time that the company can afford to lose the data in the computer systems is
defined and clarified. Another way is by simply backing up the data in the span of 24 hours. They
should also think whether they want to back up the data in other storages or backup the data online
or use both ways. The organisations must think of where they can back up the data as well.

The selection of data that they would back up must be thought off. The organisations must back up
data that are important and crucial, but they may think of whether they would back up data that is
not very important, but they may back it up as well. There are also different types of back up which
is incremental backup and differential backup. Incremental backup is when the required data is
backed up first and then back up data that has only been changed for the rest of the week. The
backup would be quicker as the data that has to be backed up would be less. A disadvantage of using
incremental backup is that you must restore all the data that has been made for the whole week
even if there was a backup failure in one day. The other type of data, differential backup, is when a
full backup is made from the beginning and then back up data when there has been changes made.
This is basically saying to do a full back up on the weekends and then for the rest of the week, back
up data every day. A disadvantage of this is it would need more time and more storage space as it
would need to back up any changes made since the beginning of the week’s full backup.

IT disaster recovery plans
Organisations would need to use IT systems to for running their businesses. They would need to
think of what to do and create a plan in the case that a disaster strikes in the organisation. The data
backup may not be of us if the IT systems is gone. The organisation must create a plan even before
the disaster happens and there are various of way for a disaster recovery.

Hot site is where the organisation preserves a duplicate of all the server systems at a different site to
the main computer operations. The computers, networking devices and internet connections would
be needed for the systems to run. This site is frequently placed in a company location where there
are non-critical computing operations are performed and it has that capacity to take over the main
site at a short notice in big businesses with a very short RTO. However, this site is expensive as the

, cost would have to double because they would need more IT systems and makes it more difficult to
maintain.

Cold site is a basic structure with enough power and connectivity. The organisation must get servers
and other equipment and set up the systems by making use of the backups of the system
configuration and application data in the case of a disaster at the main site. However, a cold sites
RTO is significantly longer compares to the hot site’s RTO. Most likely weeks unless the systems are
simple. But the site is still affordable, and the business can rent a cold site from the supplier of the
service. An amount of organisations may share cold sites between each other.

Most of the times, hot sites would be too high priced for the organisation, and a cold site would be
taking too much of the organisation's time. With having the hardware's installed but not fully set up
and operational, the warm site would offer a compromise. Similarly, to cold sites, there are
organisations that specialises in providing warm sites that are ready to use. For this to work out any
bugs before the disasters strikes, the organisations that utilises this service can perform a “test run”
by submitting their back up tapes and setting up the system. The organisations would probably
conduct test runs at the warm site to make it certain that everything is still working as the
configurations and software may change.

Policies and procedures
Policies and procedures that are from an organisation would not automatically protect the
organisation from security threats. They would require educating the staff members on th dangers
and outline the types of unsafe behaviours that they should not do.

Organisational Policies
Organisations must use these policies for the acceptable use in IT:

- Internet usage: These guidelines should include how to avoid the risky websites that may
contain malware and what to download securely.
- Email usage: This policy must give out instructions on how to deal with email that comes
from unknown sources cautiously, for example, not opening any attachments or clicking on
links that are sent from an unknown email.
- Staff responsibilities: These responsibilities may involve things such as locking desk drawers,
logging off unattended computers, confronting strangers and many more. Organisations are
likely to have further BYOD policies which specifies what staffs are able and not able to do
with their own devices while they are in the organisations property as well as how they are
allowed to connect to devices in the company’s systems.
- Staff monitoring policies: The organisations IT usage policy should be clear for the staff that
wilful violations will result in a consequence which may be detailed in the disciplinary
procedures document for staffs.
- Backup and Disaster Recovery plans: These guidelines are what is used whenever an event of
a security breach in the organisations IT system happens.

Procedures
- Security and password procedures: These procedures give out the standards and best
practises to preserve the privacy, accuracy and accessibility of sensitive data of the
organisation and its employees.

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller ComputingWithX. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for £19.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

53022 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy revision notes and other study material for 14 years now

Start selling
£19.99  1x  sold
  • (0)
Add to cart
Added