INTERNATIONAL SCHOOL OF MANAGEMENT AND TECHNOLOGY

GAIRIGAUN, TINKUNE, KATHMANDU

NEPAL

BTEC HND in Computing

Unit 5: Security Unit Code: K/615/1623

Session/Year: Jan 2018 Assessment No: 01

Assignment Launch Date: 06 Mar 2019 Due Date: 20 Apr 2019

Assignment Title: Managing Security for HDLC Bank

Teacher Name: Suman Koirala Iv’s Name & Date :

Student Name: Pearson Reg No: Final Grade:

Assignment submission format

Each student has to submit their assignment as guided in the assignment brief. The students are guided
what sort of information is to produce to meet the criteria targeted. Some tasks might require group
work, but the student has to produce individual assignment.

Scenario I

“HDLC Bank", established in 2009, is a leading commercial bank in Nepal founded by reputed
entrepreneurs understanding the needs of a growing economy and is managed by a team of professionals
and experienced bankers. The main mission of the bank is to be leading Nepali bank, delivering world
class service through the blending of state of the art technology and visionary management in
partnership with competent and committed staff, to achieve a sound financial strength with sustainable
value addition to all the stakeholders. The bank is committed to do this mission while ensuring the
highest levels of ethical standards, professional integrity, corporate governance and regulatory
compliance.

1|Page
The bank is committed in providing quality service and planning to utilize all the technological facilities
that enhance quality service with high degree of compliance and risk management. The bank has an IT
department which is responsible to manage and implement all required IT infrastructure. IT department
has defined a policy that all of the branch office must connect to head office through secure VPN. All
other clients must be member of the centralized domain. User access of the system has been managed via
proper access control mechanism and the access control list, and the service access has been managed
via ports and services.

The bank has security policies for managing the security of all its assets, functions and the services. VPN
access has been managed for limited person of all branch office employees and IT administration team
of head office. Defense in depth approach is to be implemented in order to confirm the IT security at
various level of network infrastructure. IT infrastructure security design including address translation,
DMZ, VPN, firewall, antivirus and intrusion detection system are to be implemented for internal and
external security policy.

You have been working as an IT Officer for the bank. Your key role will be to manage, support and
implement a secure network infrastructure for banks LAN/WAN environment. In order to assess the
possibility, you have been assigned the following in which you have to demonstrate that you are able to
assess risks to IT security, describe different possible IT solutions, review mechanism to control
organizational IT Security and manage organizational security.

Part: 1

Before you start the implementation of the IT security measure for the organization, you need to assess
the IT security risks in the organization. You need to consider various aspects of risks such as
unauthorized access of the system and data, naturally occurring risks, host, application and network risks
etc. You are required to consider organizational security procedure such as business continuance,
backup/restoration, audits etc. and then produce a report for the CEO of Sunrise Bank containing:
1. Identified security risk types to the organization along with description of organizational security
procedure.
2. Develop a proposal of a method to assess and treat IT security risks.

You would prefer to produce a more detailed document, so you will produce a comprehensive report for
fully functional secure system which will include identified risks and method to mitigate those risks.
Your manager would like a separate report on your assessment of the effectiveness of the design in
relation to user and system requirements.

2|Page
Part: 2

Once the assessment of the risks and proposal for its remedy has been made you need to describe IT
security solution for the organization such as VPNs, firewall, DMZ with a suitable implementation
example. You need to:
1. Identify the potential impact to IT security using firewall and VPNs and make aware of the
repercussion of incorrect configuration of firewall policies and third party VPNs.
2. Show through an example in simulated environment, how implementing a DMZ, Static IP ad
NAT in a network can improve Network Security.
3. Discuss how network monitoring systems can benefit the security of IT of the organization. You
need present at least three advantages.
4. Finally investigate how a 'trusted network' may be the part of an IT security solution.

Part: 3

Once you have identified IT risks and viable security solutions, you need to review the mechanisms to
control organizational security. Consider various aspects of network change management, audit controls,
disaster recovery plans, Data Protection Acts, Computer Misuse Act, ISO 3001 standards, etc. You need
to:
1. Discuss risk assessment procedures and explain data protection processes and regulations as
applicable to the organization.
2. Summarize the ISO 31000 risk management methodology and its application in IT security and
then discuss possible impacts to organizational security resulting from an IT security audit.
3. Explain considering how IT security can be aligned with organizational policy, detailing the
security impact of any misalignment.

Part: 4
Lastly you will produce technical and user documentation which will be given to the company for the
management of organizational security. You have to design and implement a security policy for the
bank which will
1. List out the main components of an organizational disaster recovery plan, justifying the reasons
for inclusion.
2. Discuss the roles of stakeholders in the organization to implement security audit
recommendations.
3. And an evaluation of the suitability of the tools used in an organizational policy.

3|Page
Pass Merit Distinction
LO1 Assess risks to IT security
P1 Identify types of security M1 Propose a method to assess
risks to organizations. and treat IT security risks.

P2 Describe organizational
security procedures.
LO2 Describe IT security solutions LO1 & 2 D1 Investigate how
P3 Identify the potential impact a„trusted network‟ may be part of
to IT security of incorrect an IT security solution.
configuration of firewall policies M2 Discuss three benefits to
and third- party VPNs. implement network monitoring
systems with supporting reasons.
P4 Show, using an example for
each, how implementing a DMZ,
static IP and NAT in a network
can improve Network Security.
LO3:Review mechanisms to control organisational IT security
P5 Discuss risk assessment M3 Summarise the ISO 31000
procedures. risk management methodology
and its application in IT security. D2 Consider how IT security can
P6 Explain data protection be aligned with organisational
processes and regulations as M4 Discuss possible impacts to policy, detailing the security
applicable to an organisation. organisational security resulting impact of any misalignment.
from an IT security audit.
LO4: Manage organisational security
P7 Design and implement a M5 Discuss the roles of D3 Evaluate the suitability of the
security policy for an stakeholders in the organisation tools used in an organisational
organisation. to implement security audit policy.
recommendations.
P8 List the main components of
an organisational disaster
recovery plan, justifying the
reasons for inclusion.

4|Page
To be used by the assessor.

General feedback on the assignment :

In order to pass the unit the learner has to meet all the pass criteria. Tick the each criteria awarded.
P1 P2 P3 P4 P5 P6 P7 P8 Pass Achieved / Not

In order to be awarded a Merit the learner has to meet all the pass criteria and all the merit criteria. Tick
the criteria awarded.
M1 M2 M3 M4 M5 Merit achieved / Not

In order to be awarded a Distinction the learner has to meet all the pass merit criteria and all the
Distinction criteria. Tick the criteria awarded.
D1 D2 D3 Distinction Achieved / Not

Note: Please access HN Global for additional resources support and reading for this unit. For further
guidance and support on report writing please refer to the Study Skills Unit on HN Global. Link to
www.highernationals.com

5|Page
Note: Refer the unit details provided in your handbook when responding all the tasks above. Make sure
that you have understood and developed your response that matches the highlighted key words in each
task.

Other Requirements:

 It should be the student‟s own work – plagiarism is unacceptable.

 Clarity of expression and structure are important features.
 Your work should be submitted as a well presented, word-processed document with headers and
footers, and headings and subheadings, both in hard and soft copies.
 You are expected to undertake research on this subject using books from the Library, and
resources available on the Internet.
 Any sources of information should be listed as references at the end of your document and these
sources should be referenced within the text of your document using Harvard referencing style
 Your report should be illustrated with screen-prints, images, tables, charts and/or graphics.
 All assignments must be typed in Times New Roman, size 12, 1½ spacing.

The center policy is that you must submit your work within due date to achieve “Merit” and
“Distinction”. Late submission automatically eliminates your chance of achieving “Merit and
Distinction”. Also, 80% attendance is required to validate this assignment.

I declare that all the work submitted for this assignment is my own work and I understand that if any part
of the work submitted for this assignment is found to be plagiarised, none of the work submitted will be
allowed to count towards the assessment of the assignment.

Assignment Prepared By: Signature: Date: 12th Jun 2019

Suman Koirala

Brief Checked By: Signature: Date: 12th Jun 2019

Dhruba Babu Joshi

6|Page