Introduction Security is one of the most important challenges modern organisations face. Security is about protecting organisational assets, including personnel, data, equipment and networks from attack through the use of prevention techniques in the form of vulnerability testing/security policies and detection techniques, exposing breaches in security and implementing effective responses. The aim of this unit is to provide students with knowledge of security, associated risks and how security breaches impact on business continuity. Students will examine security measures involving access authorisation, regulation of use, implementing contingency plans and devising security policies and procedures. This unit introduces students to the detection of threats and vulnerabilities in physical and IT security, and how to manage risks relating to organisational security. Among the topics included in this unit are Network Security design and operational topics, including address translation, DMZ, VPN, firewalls, AV and intrusion detection systems. Remote access will be covered, as will the need for frequent vulnerability testing as part of organisational and security audit compliance. Students will develop skills such as communication literacy, critical thinking, analysis, reasoning and interpretation, which are crucial for gaining employment and developing academic competence.Learning Outcomes By the end of this unit students will be able to: LO1 Assess risks to IT security. LO2 Describe IT security solutions. LO3 Review mechanisms to control organisational IT security. LO4 Manage organisational security.
Pearson BTEC Levels 4 and 5 Higher Nationals in Computing Specification – Issue 3 – March 2017 © Pearson Education Limited 2017114Essential ContentLO1 Assess risks to IT securityIT security risks: Risks: unauthorised use of a system; unauthorised removal or copying of data or code from a system; damage to or destruction of physical system assets and environment; damage to or destruction of data or code inside or outside the system; naturally occurring risks. Organisational security: business continuance; backup/restoration of data; audits; testing procedures e.g. data, network, systems, operational impact of security breaches, WANs, intranets, wireless access systems.LO2 Describe IT security solutionsIT security solution evaluation: Network Security infrastructure: evaluation of NAT, DMZ, FWs. Network performance: RAID, Main/Standby, Dual LAN, web server balancing. Data security: explain asset management, image differential/incremental backups, SAN servers. Data centre: replica data centres, virtualisation, secure transport protocol, secure MPLS routing and remote access methods/procedures for third-party access. Security vulnerability: logs, traces, honeypots, data mining algorithms, vulnerability testing.LO3 Review mechanisms to control organisational IT securityMechanisms to control organisational IT security: Risk assessment and integrated enterprise risk management: network change management, audit control, business continuance/disaster recovery plans, potential loss of data/business, intellectual property, hardware and software; probability of occurrence e.g. disaster, theft; staff responsibilities; Data Protection Act; Computer Misuse Act; ISO 3001 standards. Company regulations: site or system access criteria for personnel; physical security types e.g. biometrics, swipe cards, theft prevention.LO4 Manage organisational securityManage organisational security: Organisational security: policies e.g. system access, access to internet email, access to internet browser, development/use of software, physical access and protection, 3rd party access, business continuity, responsibility matrix.
Pearson BTEC Levels 4 and 5 Higher Nationals in Computing Specification – Issue 3 – March 2017 © Pearson Education Limited 2017115Controlling security risk assessments and compliance with security procedures and standards e.g. ISO/IEC 17799:2005 Information Technology (Security Techniques – code of practice for information security management); informing colleagues of their security responsibilities and confirming their understanding at suitable intervals; using enterprise risk management for ident