Great Deal! Get Instant $10 FREE in Account on First Order + 10% Cashback on Every Order Order Now

RTO No: 20829 CRICOS Provider code: 02044E ABN: XXXXXXXXXX STUDENT COPY- CR Assessment Resources Summary Unit Details ICTNWK513 - Manage system security Students are required to complete ALL summative...

1 answer below »
RTO No: 20829
CRICOS Provider code: 02044E
ABN: XXXXXXXXXX

STUDENT COPY- CR
Assessment Resources Summary
Unit Details ICTNWK513 - Manage system security

Students are required to complete ALL summative assessments listed
elow in order to be deemed “Competent” in this unit of competency.
Assessment methods
Written Assessment
Assessment 1
Case Study
Assessment 2
La
Assessment 3
Questions Assessment 4
Issue Date January 2018
Version 1.2
a
Page 2 of 16
Assessment Resources ICTNWK513
Unit Summary
The unit objectives, prerequisites, co-requisites and other pertinent information about this unit
is described at https:
training.gov.au/Training/Details/ICTNWK513
Resources
Students should refer to this unit in Moodle (e-learning.vit.edu.au) to access a list of
esources for this unit (see Learner Resources section for relevant articles, links, videos, etc).

Resources for Lab:
You will require an instance of Windows 2012 Server to complete these labs. You can create
your own instance on your own computer, or use the instance called ICTNWK513 that is
available on the computers in labs 4 and 5 on Level 10 at VIT.
How to edit local security policy on Windows 2012 Server
https:
technet.microsoft.com/en-us/li
ary/dn452420(v=ws.11).aspx
How to view the security log in Windows 2012 Server
https:
serverfault.com/questions/740086/windows-server-2012-r2-how-to-monitor-logons
How to set up local users on Windows 2012 Server
https:
www.youtube.com/watch?v=nXyq2HQNORA
https:
technet.microsoft.com/en-us/li
ary/dn452420(v=ws.11).aspx
https:
serverfault.com/questions/740086/windows-server-2012-r2-how-to-monitor-logons
a
Page 3 of 16
Assessment Resources ICTNWK513
Assessment 1: Written Assessment


Student Name: ______________________________________________________________
Student ID No: ______________________________________________________________
Student Instructions:
• Your answers should be on a separate document using word processing software such
as MS Word & or other software (hand written submissions are only acceptable with prior
approval from your Trainer)
• Your document should be professionally formatted and include
o Your Name
o Your Student ID
o Unit Code
o Assessment Number (i.e. ICTNWK513 Assessment 1)
• Please reference to each question number and retype each question with your answers
• This is an open book assessment, you must answer every question and provide enough
information to demonstrate sufficient understanding of what has been asked to achieve
competency. Please ask your Traine
Assessor if you are unsure what is sufficient detail for an
answer
• Ask your traine
assessor if you do not understand a question. Whist your
traine
assessor cannot tell you the answer, he/she may be able to re-word the question for
you or provide further assistance based on the Institute’s “Reasonable Adjustment Policy”
• Answers should be your own work, in your own words and not plagiarised, nor copied.
However, if an answer is cut & pasted (such as a definition), then the source should be
eferenced














a
Page 4 of 16
Assessment Resources ICTNWK513
Written Assessment Questions
1. What tools and applications are available to help monitor and test for system and network
vulnerabilities?
2. Briefly describe the general features of Nmap. (not more than 100 words)
3. Name three common network attacks used to undermine network security.
4. List the purpose and the main activities that are undertaken in a risk analysis process (not
more than 200 words)
5. List three areas of possible vulnerability in your own network.
6. What are the three main types of networks that must be considered when defining a security
policy?
7. Describe the common security threats of an orgainsation and the security techniques and
technologies you would use to protect the organisation. (not more than 300 words)
8. List five important considerations to address when defining a security policy.
9. Describe why CIA (Confidentiality, Integrity and Availability) are important considerations while
planning systems management and process control in relation to security (300 words max).
10. Explain systems technologies such as cryptography and authentication, including a
oad
summary of their general features and capabilities.
11. Describe two risk analysis techniques that can be used in network security


12. Give an example of how the principle of defence in depth can be applied to network security


a
Page 5 of 16
Assessment Resources ICTNWK513
Assessor Use Only
Assessor Comments
 Satisfactory (S)  Not Satisfactory (NS)



Assessor Signature: _______________________________ Date: _____________
a
Page 6 of 16
Assessment Resources ICTNWK513
Assessment 2: Case Study

Scenario

You are working as a Systems Security Engineer at Peterson Security Solutions. You have been given
a project to design a System security for a new customer called The Great Northern Hotel Pty Ltd.
The Great Northern Hotel Pty Ltd is a 4-star luxury hotel and restaurant in Melbourne. They are running
this business from last 7 years and has seen a rapid client growth in last 7 years. The hotel has an
overall policy goal for the enterprise is to provide the customers with a high quality experience in staying
at the hotel, and protecting the hotel’s good reputation. The CEO is concerned that system security
eaches could undermine those enterprise objectives.
Cu
ently they are having 10 admin computers, 2 reception computers and 4 computers for
management. They also provide Wi-fi access to their customers. Their Wi-Fi is running on Wired
Equivalent privacy (WEP) protocol and they haven’t implemented any strong encryption for Wi-Fi
security.
They have experienced a lot of attacks on their network in last few months and credit card details for
some of their customers has also been hacked. Clients are also complaining about identity theft and
login credentials being hacked. An information systems auditor engaged by the company has said that
threats to the hotel’s system can come from both hackers outside the organization, and disgruntled
employees within the organization, and that both threats need to be defended. The CEO is also
concerned that tech-savvy customers could be spying on other customer connections to the network,
as the hotel has many VIPs using their services.
The main users of the network are customers (WIFI access on a guest network), and employees (both
WIFI and bounded media access to a corporate network). The CEO would like to secure all these
interactions with the network if possible. Based on discussions with the information systems auditor,
the CEO rates the probability of employees violating security as low, the probability of eavesdropping
as medium, and the probability of hackers attempting to steal credit cards as high. The CEO also
elieves that risks are higher when there are more conference goers attending meetings in the hotel,
as they are unfamiliar with the hotel systems.
a
Page 7 of 16
Assessment Resources ICTNWK513
Cu
ently all the financial information and customer records are saved on server machine which is
unning Windows Server 2003. Windows server 2003 has already passed end of life and there is no
support provided by Microsoft for this server operating system.
Management of the hotel is wo
ied as they haven’t implemented any security system to protect their
IT assets and data. Being a reputed hotel in Melbourne they don’t want their client’s personal details
and credit card details to be lost. Management also wants to ensure that the threat identification and
isk management process has ongoing relevance as business conditions change
You as a Systems Security Engineer needs to prepare a detailed report on the cu
ent situation of the
organization including threats & potential risks to the present IT system.
In your security report, you need to identify the potential threats and risks. You are supposed to
document the human interaction with the system. You should identify appropriate controls and
procedures that needs to be implemented to make system more secure and less vulnerable to attacks.
General information
The report should be concise and well-structured e.g. using the provided report template. Excessive
ve
iage should result in the students resubmitting the report
No handwritten assessments will be accepted.
Maximum of three students listed as authors of the report.
1. Evaluate the cu
ent system as per enterprise guidelines and procedures.
2. Conduct a risk analysis on the system and document the results.
3. Identify threats to the system and document your findings.
4. Identify and analyse human interactions with the system.
5. Conduct risk assessment on the cu
ent system to categorize risks.
6. Conduct risk assessment on human operations and interactions with the system.
7. Categorize risks based on risk assessments performed.
8. Match risk plans with risk categories.
9. Use risk categories to identify and plan resources.
10. Identify and describe effective controls to manage and monitor risk.
a
Page 8 of 16
Assessment Resources ICTNWK513
11. Create policies and procedures to manage user access of the system.
12. Identify and document training requirements for effective use of system policies and
procedures. You should also be prepared to conduct training e.g. a five minute oral
presentation to the trainer about one of these policies and procedures, e.g. the need to have
strong passwords for user authentication.
13. Identify high risk categories and times (e.g. is there any time in the business when risks are
greater than normal? ) and create a plan to monitor those identified categories.
14. Design a template to record system and network
eakdown.
15. Create a security plan and procedures for the system security.
16. Design and document security recovery plan.
17. Identify and document controls to minimise risks in human interaction with the system.
18. Identify security benchmarks from vendors, security specialists and organisational reviews.
19. Review risk analysis process based on identified security benchmarks.
20. Create a plan for system re-evaluation to uncover new threats and risks.
21. Describe how you would implement and manage security functions, such as a password policy
and audit log reviews, on a Windows Server 2012 system. You should provide what specific
features of Windows Server 2012 would be needed to implement these security functions.
a
Page 9 of 16
Assessment Resources ICTNWK513

ASSESSMENT 2 – CASE STUDY

ASSESSOR CHECKLIST
This assessor checklist is to be used when assessing the students in the associated task. The checklist below
must be completed for each student. Please refer to
Answered Same Day Jun 10, 2020 ICTNWK513 Training.Gov.Au

Solution

Amit answered on Jun 14 2020
148 Votes
Full Name :
    
    Student ID :
    
    Subject :
    
    Assignment No :
    
    Due Date :
    
    Lecturer’s Name :
    
ICTNWK513 assignment 2
Your Name:
Your Email:
College name, University name, Country name
Table of Contents
1.    Evaluation of cu
ent system for Great Northern Hotel Pty Ltd    3
2.    Conducted risk analysis and documentation    3
3.    Threats to cu
ent system for Great Northern Hotel Pty Ltd    3
4.    Analysis of human interactions to cu
ent system for Great Northern Hotel Pty Ltd    4
5.    Risk assessment based on categorized risks    4
6.    Risk assessment based on human interactions    4
7.    Risk categories on bases of performed risk assessments    4
8.    Matching the risk plan with categories of different risks    5
9.    Planning of required resources on bases of risk categories    5
10.    Risk monitoring and management controls    5
11.    User access policies and procedures    6
12.    Training requirements for using new system    6
13.    Risk categories and plan to monitor them    6
14.    Template to record network and system
eakdowns    7
15.    Procedures and plans to system security    7
16.    Plan for security recovery    8
17.    Controls on missing risks of human interaction    8
18.    Identified benchmarks on security of new system    8
19.    Reviews on process of risk analysis    9
20.    Plan for uncovered risks and threats    9
21.    Implementation of security functions on window server 2012    9
22.    References:    10
1. Evaluation of cu
ent system for Great Northern Hotel Pty Ltd
The cu
ent system of Great Northern Hotel Pty Ltd is making use of 4 computers for management staff, 2 computers for reception staff and 10 computers for administrator staff. The clients staying in hotel makes use of WEP based Wi-Fi. The used window server 2003 is passed and any support is not being provided from the side of Microsoft organization. The Great Northern Hotel Pty Ltd is making use of this server to store the customer’s records and their financial information.
2. Conducted risk analysis and documentation
The Points showing the documentation of conducted risk analysis for Great Northern Hotel Pty Ltd are listed below:
1. The hotel system is having great risks of data
each.
2. The risks of unauthorized access to customer records and financial information are also there. As Window server 2003 is already passed.
3. The implementation of WEP is not so strong and hacker can
eak it.
4. The eavesdropping and hacking attempts is mainly documented risks.
3. Threats to cu
ent system for Great Northern Hotel Pty Ltd
The cu
ent system of Great Northern Hotel Pty Ltd has so many possible threats. The main threats to cu
ent system of Great Northern Hotel Pty Ltd are listed below:
1. The eavesdropping and hacking attempts are main threats to cu
ent system.
2. The unauthorized access to customer records and financial information is also main threat to cu
ent system [Moda
es, 2016].
3. The occu
ence of data
each is important and considerable threat to cu
ent system of Great Northern Hotel Pty Ltd.
4. Analysis of human interactions to cu
ent system for Great Northern Hotel Pty Ltd
The Great Northern Hotel Pty Ltd has lots of human interaction as it is working in hotel industry. As it is luxury hotel of 4 stars so, lots of customers makes it visit on regular bases and use Wi-Fi of this hotel to use internet services. The management computers, reception computers and admin computers are having human interaction for their normal execution.
5. Risk assessment based on...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here