Assessment Task 4

Case Study Project

Course code and 22334VIC Certificate IV in Cyber Security
name
Unit code and name ICTNWK511 Manage Network Security
Due date 28 / 06 / 2020 (Students have class time to complete this task)
Resources required  Learner resource ICTNWK511 on Moodle
 https://www.netacad.com
 https://www.linkedin.com/learning
Decision making rules Demonstration of competency will be made by your assessor against
the observable criteria included in this book. All Questions must be
answered correctly to be deemed satisfactory.
Instructions to be Common Instructions
provided to learners  This assessment is a group (of 3 or 4 students) open book task, but
must be submitted individually for grading.
 It is to be completed in the learner’s own time.
 All questions must be answered.
 Sufficient time is provided in the class for learners to read and
review the assessment task and seek clarification on key points
prior to undertaking the assessment task.
 At this time any learner who require reasonable adjustments can
discuss it with the assessor. It is important to ensure the integrity of
the assessment is maintained and the intent is not compromised
(e.g. extension of time, oral questions and answers etc.).
 Ensure have recorded the due date.
 Please include your student Full Name, Student ID, as well as all
other team member details in the footer of the answer document.
 Submit the saved file in the Assessment Task folder Melbourne
Polytechnic LMS.
 The Learner must agree (via an ‘I confirm’ radio button) with the
assessment submission terms and condition in Melbourne
Polytechnic LMS prior to the submission.
Assessor’s instructions Common Instructions
 This assessment will be conducted using written question method.
 It is to be completed in the learner’s own time.
 All questions must be answered.
 Sufficient time is provided in the class for learners to read and
review the assessment task and seek clarification on key points
prior to undertaking the assessment task.
 At this time any learner who require reasonable adjustments can
discuss it with the assessor. It is important to ensure the integrity of
the assessment is maintained and the intent is not compromised
 (e.g. extension of time, oral questions and answers etc.).
 The learner must complete the answers electronically and save it as
Student ID_Student Name_Assessment Task #_Assessment
Title.docx.
 Lerner should include student Full Name, Student ID and Group
Name (if applicable) in the footer of the answer document.
 Lerner should submit the saved file in the Assessment Task folder
in Melbourne Polytechnic LMS.
 You are required to complete marking of the assessments, provide
feedback and record the learner’s results within two weeks of the
Melbourne Polytechnic VET assessment Policy and procedure.
 Feedback and leaner’s results will be posted within Melbourne
Polytechnic LMS.

ICTNWK511 Manage Network Security

Case Study Project

Scenario:
TeraTax Australia Pty. Ltd. is a privately owned tax agency that has 4 offices spread out around
Victoria. Their central office is located in the Melbourne CBD and they have 3 branches located in
Geelong (West), Dandenong (East) and Echuca (North).

2
The company uses legacy tax software that has been used by the company for the past 12 years. The
software has reached end-of-life and there are no available support and upgrade options. Their
branches are currently using a cumbersome file sharing system that is linked with the central office
via a third-party cloud-based file services provider.

The owner of the company has decided to consolidate and interconnect all the offices, and upgrade
security to maintain compliance under Australian law and legislation. They are looking to purchase a
complete customer relationship management and tax accounting solution that will be used by the
branches and central office, as well as updating current network infrastructure and security policies.

TeraTax has hired your organization to work in creating a complete ICT network security solution.
Your manager (ie. your Melbourne Polytechnic class instructor) has asked you to lead your ICT team
to investigate, research and propose a solution to the Board of Directors of TeraTax Australia.

Company Information of TeraTax:

• They currently have 30 employees in the central office and 5 employees in each branch.

• It has 500 corporate and over 1000 individual clients.

• The company is expected to double the number of clients by the end of the year.

• It has an annual revenue of approximately $15 million.

Organization Culture:

TeraTax is a very family-oriented company. Their founder, Mr William Jobs, despite the success of the
company, he is still working as head of the Board of Directors. His CEO Mr Steven Gates and the
Management Team maintain the company culture and involvement in employee’s development.
Their management style is based on traditions they have inherited from their founder – a rather
conservative style with some reluctance to deviate from what has held them in good stead up till
now.

The business goals of TeraTax are:

1. To be a market leader nationwide in the tax accounting services.

2. To ensure that the clients are given a very high quality of service.

3. To be the market leader in using web-based tax solutions technology.

TeraTax forecast that the demand of their client base will increase in the months to come. One of
their ideas is to have a web-system for their tax software that can match their client growth and can

3
be an essential tool which can then support information technology needs of their staff and clients
into the future.

Organisational Chart:

Company Network and Computer Systems:

TeraTax’s network and computer systems are all out-dated. All the offices use first generation Intel
Celeron computers that are not capable of running a currently supported operating system and
cannot accommodate new tax software.

Legacy proprietary software is still used to manage the client database and tax records. The current
computer systems will need to be upgraded and the existing data will need to be migrated into the
new computer and network system.

The head office located in the CBD contains server hardware and network infrastructure that is all
out-dated. The servers are running unsupported operating systems and are using 10Mpbs and
100Mbps hubs on their network infrastructure. Workstations are running on first generation Intel
Celeron processors and Windows 7 operating systems. The current systems are not capable of
upgrades and not compatible with installing a central solution of data storage and management.

The CBD office hosts the data exchange of the entire company through third party cloud services, as
well as storage of client data, tax records, and billing information. These are all the primary concern
to the board members due to the lack of security and privacy implementations required under
current Australian laws. As well as all that, if the Internet goes down, the running of the organisation
is also ground to a halt. This actually does happen for at least a couple of days every year.

4
The head office and three branches are all connected through consumer level DSL connections. If a
large data transfer is being performed the connection slows almost to a stop for others on the
network. The employees and clients are becoming more and more impatient due to the slow
connectivity and high latency of the network.

Requirements:

Based on above scenario, your task is to write a report for TeraTax. You are to address following items
in your report on the provided templates below.
(NOTE: Your report writing should be within the provided template in this Assessment, which can
be found after the Requirement section.)

1. Define a process for designing security.

1.1 Define planning phase for a network security design.
1.2 Define building phase of a network security design.
1.3 Define managing phase of a network security design.

2. Identify threats to network security.

2.1 Determine why attacks occur.
2.2 Determine who the attack may come from.
2.3 Analyse common types of network vulnerabilities.
2.4 Determine how attacks occur.
2.5 Design a threat model to categorise threats.

3. Analyse security risks.

3.1 Determine elements of risk management.
3.2 Determine assets that require protection.
Categorise assets and calculate their value to the organisation. [NOTE: Provide answer in
tabulated format.]
3.3 Create a risk management plan. [NOTE: Template has been provided to you.]

4. Create a security design.

4.1 Determine attacker scenarios and threats.

4.2 Design security measures for network components. [NOTE: You should provide your
proposed network topology with proper security measures on it. This topology should
portrait all the branches and head office. You should include all types security measures
e.g. Physical, Logical, OS, Malware, Hacking, Fire, Natural disaster and so on. ]
4.3 Obtain feedback and adjust if required. [NOTE: You can send email to your assessor
regarding your security design and corresponding feedback.]
4.4 Develop security policies.

5
5. Design and implement responses to security incidents.

5.1 Design auditing and incident response procedure.

5.2 Document security incidents.
5.3 Implement configurations aligned with incident response procedure design. [NOTE: You
should provide Router/Switch/ASA Firewall configuration details to protect and combat the
incidents.]
5.4 Test and sign off.

PROVIDE YOUR ANSWER WITHIN THE PROVIDED TEMPLATE BELOW:

NOTE:

As TeraTax equipments are imaginary only, you do not have access to them. Hence when you
answer for the case study, you may use various approaches such as creating your own VMs or
various types of websites / web servers to relate your answer with TeraTax.

1. Define a process for designing security.

1 1.1 Define planning phase for a network security design.
1.2 Define building phase of a network security design.
1.3 Define managing phase of a network security design.

ANSWER
1.1 Define planning phase for a network security design. S NS
· TeraTax needs a complete ICT and network security solution.
· Legacy tax software is 12 years old and no longer supported
· There are 4 offices, 30 employees in Melbourne CBD, 5 in
Geelong, 5 in Dandenong and 5 in Echuca
· All offices need to be interconnected and security needs to be 1. ☐ 2. ☐
upgraded to comply with legislation.
· Current network infrastructure needs upgrading, including all
PCs, cabling and a whole network security solution for the 4 offices.

1.2 Define building phase of a network security design. S NS

TeraTax faced with mandatory requirements to secure their industrial 3. ☐ 4. ☐
assets, communications network operators must be confident they
have taken every precaution to protect their networks.
The following is a general framework to implement and break down
the task into clear steps.
Step 1: Assess - Document the network security requirements.
 Recognize which cybersecurity regulations and standards are
applicable,
 Identify all hardware, software and network components as
well as all their interconnections that can provide access,
 Locate all points of access: (Central office at Melbourne CBD
and there have 3 branches located in Geelong West,
Dandenong East and Echuca North.
 Determine all the legitimate users and applications and the

6
 access privileges they require.
Step 2: Plan – In Planning phase we prioritize which options to include
and outline strategies that end user typically use to mitigate the
vulnerabilities of the network.
 Equipment replacement plan, by removing all out-dated
components that cannot be secured
 Replacement plan for firmware, software, and OS upgrades or
reconfigurations.
 Network segmentation plan (internal firewalls, secure
architecture such as Virtual Local Area Networks and Virtual
Routing and Forwarding to segment the network).
 Workplace system security procedures (Computer password,
use layered security, email filter, web browsing
 Encryption of transmissions
 Monitoring remote accesses
 Authentication plan for end user, including multi-factor
authentication, strict access control
 Response and recovery plan which describes responses to
specific threats and how to recover from them include staff
training
 Test and Auditing Plan (Penetration testing)
 Physical security plan for securing equipment and premises.
 Create a Code of Ethics standards and guidelines of
organisation.
Step 3: Deploy - Securing a network system certainly involves
disrupting its 24/7 operations.
 All levels of internal management must buy into the
deployment project and compromise on policies and
penalties that will cause any disruption. It is a matter of cost
versus risk.
 Ensure that you have included trials of all your security
procedures and your training plan before going live.
 Must be compliance with security standards and certification.
Step 4: Monitor and Log
 Collect, store and regularly report data on all unexpected
traffic or unusual accesses across the network.
 Keep histories so you can spot trends in security breaches and
careful examination of the audit logs can be useful to
establish what happened.
Cyber security policy
Cyber Security Policy Outlines:
 Assets need to protect
 What are the threats to those assets
 Rules and controls protecting the business

Cyber Security Policy Guidelines for organizations:

 Types of information that can be shared
 Suitable use of devices and online materials

7
  Handling and storage of sensitive materials - The Privacy Act
1988 (Privacy Act) regulates how personal information is
handled, including how it is collected, used, secured and
disclosed.

1.3 Define managing phase of a network security design. S NS

Providing assistance/support for day to day operation starting from
deployment to maintaining a secure system.
• Regularly checks designs, detects risks and vulnerabilities, and
perform the required updates.
• The operational support starts when the network and system have
been configured or layed out which include daily IT assistance and
maintenance of the environment.
• Ensuring the network, computer systems, applications, and the
environment are running smoothly and secured.
• Resolve common issues, minimise hardware failures and reduce 5. ☐ 6. ☐
hardware disruption.
• Conduct system performance monitoring.
• Perform staff training and carry out rotational duties.
• Being prepared for system failure, create a process for recovery and
perform data backup constantly.
• Establish a process for configuration and change control
management.

2. Identify threats to network security . (NOTE: During this phase, you will be
2 focusing on following five areas. )
2.1 Determine why attacks occur.
2.2 Determine who the attack may come from.
2.3 Analyse common types of network vulnerabilities.
2.4 Determine how attacks occur.
2.5 Design a threat model to categorise treats.

ANSWER
2.1 Determine why attacks occur S NS
A Cyber Attack on Teratax Australia may occur in order to obtain sensitive and
personal data from customers and from the employees of the company.
This Data breach could enable the attackers to have access to financial
instruments such as credit card information, tax file numbers and pay details 7. 8.
like bank account numbers. ☐ ☐
This Data can be used for the purpose of stealing money, identity theft and
extortion to individuals or to the company.

8
2.2 Determine who the attack may come from S NS
A Cyber Attack on TeraTax Australia may come from:
1) Internal source such as an employee or ex-employee-
An employee may seek financial gain by exploiting known vulnerabilities due
to him/her having knowledge of the security implemented.
An ex-employee may wish to do the same as noted above or they may be
wishing for payback for some issue that made them unhappy in the workplace.
2) Unknown attackers – these attackers may be after financial gain via
access to sensitive data or extortion.
3) Terrorists – these actors would be after maximum damage to the
☐ ☐
company, denial of service, possibly extortion to finance other terrorist
activities, access to a particular customer’s data.
4) Hacktivists – these actors would seek to damage or infiltrate the
company’s cyber security infrastructure in order to make a political point.
5) Foreign Government Agency- these are sophisticated and well resourced
actors with motives that are political and financial in order to gain influence,
demonstrate capabilities and cause disruption.

2.3 Analyse common types of network vulnerabilities S NS

☐ ☐
< You may use one of the free verion application program on your VM
machine/any related sites and may relate your answer to analyse one of the
network vulnerabilities with corresponding screnshots and explanation. >

Basic usage of wireshark network analyser tool

Download and install wireshark from its official website. Upon successful
installation, launch the program and the window option will be shown below.
To start capturing the data packets, select or double click the available network
interface under Capture.

9
A flow of real-time exchange of network data/packets will be displayed and
information such as source and destination IP address, port numbers, telnet,
ftp and some other essential packets or information can be gathered and
examined. The advanced option menu and other features are also available for
configuration according to setting preferences or protocols to capture.

Another wireshark feature that can be useful in filtering packets is the color-
coding.

The meaning of the default wireshark colours is as follows:

10
· Black—packets with errors
· Light blue—UDP traffic
· Light purple—TCP traffic
· Gray—TCP handshake packets
Some common usage of wireshark are capturing real-time network data,
importing data packets from text files, examining data packets and their
protocol details, displaying, filtering, and searching data packets, colorizing
data packets, troubleshooting network problems, generating statistics.
Source: https://www.cybrary.it/blog/0p3n/how-to-use-the-wireshark-cyber-
security-tool/

Free version network analysers

1. GFI LanGuard
2. Microsoft Message Analyzer
3. Nagios
4. OpenNMS
5. Advanced IP Scanner
6. Capsa Free
7. Telerik Fiddler
8. NetworkMiner
9. Pandora FMS
10. Zenoss Core
11. PRTG Network Monitor Freeware
12. MiTeC Network Scanner
13. Splunk
14. Angry IP Scanner
15. Icinga 2
16. Observium Community
17. NetXMS
18. WirelessNetView
19. Riverbed Xirrus Wi-Fi Inspector
20. Wireshark
21. Solarwinds (Limited Free edition)

2.4 Determine how attacks occur S NS

< Describe how an attack may occur, you may use example using the link ☐ ☐
https://www.ssllabs.com/ssltest/ to and relate your answer accordingly.
- A cyber-attack occurs when cybercriminals or hackers try to gain illegal
access on a computer or a network. This may involve finding faults in
the code of a website that allows them to insert their own code and
then bypass security or authentication processes. It could also mean
they install ‘malware’, software which is specifically designed to
damage a system. Regardless of the size of the business, there is
always a possibility of being a target of a cyber-attack. TeraTax has key
assets which criminals may seek to exploit. The intent might be to

11
 inflict reputational damage or harm to a business or person, or theft of
valuable data. It may be personal information of staff and customers,
or even the business' infrastructure. The attackers can use packet
sniffing tools such as wireshark to monitor traffic to the TeraTax
servers, gain access to valuable data and cover their tracks.
Example is if a certain website is using old cryptographic protocols SSL
(Secure Sockets Layers) and TLS (Transport Layer Security) that provide
authentication and data encryption between servers, machines and
applications operating over a network. There is a weakness in the
network or network server. Updated protocols like TLS 1.2 and TLS 1.3
are more secured protocols for server support.
Steps how attacks occur:
 Reconnaissance - Before launching an attack, hackers first identify a
vulnerable target and explore the best ways to exploit it. The attackers
simply need a single point of entrance to start. Targeted phishing
emails are common in this step as an effective method of distributing
malware.
 Scanning and Enumeration – When target is identified, then attacker
will identify weak points to gain access. This step of the process
normally goes slowly, they gather more detailed information and
search for vulnerabilities
 Gaining Access – After weakness of target network are identified,
attackers gain access and then move through the network undetected.
 Escalation of Privilege - Escalating privileges to admin, and then get
into any system on the network that’s accessible via the administrator
account. Privileged access is needed because it allows the attackers to
move freely within the environment.
 Maintaining Access – The attackers maintain access to the network by
staying in place quietly. The hackers may secretly install malicious
programs. With the elevated privileges acquired earlier, need to a
single access point is no longer necessary. The attackers can come and
go as they please.
 Covering Tracks and Placing Backdoors - Attackers want to hide their
tracks and removed all evidence of activities. Sometimes they confuse,
disorientate and divert the forensic examination process.

2.5 Design a threat model to categorise threats S NS

<Provide your answer with Overview, Threat model diagram and explain in ☐ ☐
detail using bullet points for categorising the threats.>
Overview:
Threat modelling also called Architectural Risk Analysis, is a security control for
identifying and evaluating application threats and vulnerabilities. It helps
identify security design problems early in the application design process. This
approach allows to create a basic threat model for application scenario. Then
you can use this threat model to help refine your application's design early and
for communication among team members.
The Stride Threat Model approach presented here focuses on identifying,
addressing vulnerabilities and helps place threats into categories. The security
objectives, threats, and attacks that identified in the early steps of the activity
are the scoping mechanisms designed to help find vulnerabilities in the

12
 application. We can use the identified vulnerabilities to help shape the design.
It will direct and scope your security testing.

Threat model diagram

Further discussion about the threats / categorisation:

Elevation of privilege – An attack when limited access user account

converted to full or greater privileges and thus has sufficient access to
compromise or destroy the entire system. Elevation of privilege
threats include those situations in which an attacker has effectively
penetrated all system defenses and become part of the trusted system
itself, a dangerous situation indeed.

13
 Information disclosure – An attack to expose or distribute confidential
information. The threats involve the exposure of information to individuals
who are not supposed to have access to it. It has the ability of users to
read a file that they were not granted access to, or the ability of an
intruder to read data in transit between two computers.

Repudiation – An attack associated with users who deny performing

an action without other parties having any way to prove otherwise. An
example where a user performs an illegal operation in a system that
lacks the ability to trace the prohibited operations.

3. Analyse security risks (NOTE: During this phase, you will be focusing on following
3 four areas. )

3.1 Determine elements of risk management.

3.2 Determine assets that require protection.
3.3 Categorise assets and calculate their value to the organisation.
3.4 Create a risk management plan.

ANSWER
3.1 Determine elements of risk management. (NOTE: you can list the elements in S NS

14
 tabulated format in an order from High Risk to the Low Risk elements .)
☐ ☐
< NOTE: The elements of an effective risk management steps should be discussed here >

The elements of effective risk management for the TeraTax network environment are as
follows:
· Identify the risks
Risks can include fire, natural disasters, building maintenance issues, internals threats,
external threats, cyber attacks.
· Calculate/Potential Damage
Assessment of the consequences of each of the risks above and quantify into loss in
terms of time, cost and business damage.
· Develop a strategy for risk mitigation
Assign tasks to specific teams, allocate resources and time and develop and actionable
plan
· Implement the risk mitigation strategies
Begin to put the plan into action, assign responsibility and follow up
· Assess the effectiveness of the mitigation strategies
Review the mitigation strategy implementation plan, make adjustments as required,
increase/reduce/re-direct resources as needed
· Monitor phase
Periodic review and testing of the risk mitigation strategy and
adjustments/recommendations due to added or reduced factors.

< NOTE: After discussing the risk management steps above, then following template
should be used according to the risk category >
Risk Category Description Elements
High Fire Overheating or bad wiring
can cause a fire, sprinkler
Water Damage systems can cause water
damage.
Natural Disaster Natural disasters such as
earthquakes can total loss.
Cyber attacks and be very
Cyber Attack
serious and halt business
operations
Medium Internals Threat actors Internals threat actors
such as employees can
cause damage to the
business operations.
System Failure System failure can halt
operations and make the
business unable to
function until repair.
Low Property Theft Property theft such as

15
 laptops or PCs can slow
the ability of the business
to function and can also
lead to sensitive data
being compromised.

3.2 Determine assets that require protection. (NOTE: provide your answer in
S NS
tabulated format.)

<Answers may vary>

Name of items Location Comments
Servers Data Center server room Risk are server failure,
disruption of operations,
vulnerable in cyber-attacks
monetary loss.
Routers, Switches, ICT room of 3 Tera Tax Risk are vulnerable in
Firewalls branches cyber-attacks, disruption
of operations and services,
monetary loss
Computer, laptops, 3 Tera Tax branches Risk are vulnerable in
printers cyber-attacks, disruption
of operations and services,
monetary loss
Data Base software Data Center Server Loss data, disruption of
operations and services,
monetary loss
Tax/Accounting software Servers, computer Loss data, disruption of
operations and services, ☐ ☐
privacy issue, loss of
credibility, monetary loss
Virus protection All ICT devices Loss data, disruption of
operations and services,
privacy issue, loss of
credibility, vulnerable in
cyber-attacks, monetary
loss
Databases and data files Data base server, Loss data, disruption of
computers and laptops operations and services,
privacy issue, loss of
credibility, monetary loss
IT staff, HR staff, Finance 3 Tera Tax Branches Required cyber security
staff, Customer Relation training, knowledgeable in
staff company’s policy in
security, customer privacy
policy.

3.3 Categorise assets and calculate their value to the organisation. (NOTE: provide S NS

16
 your answer in tabulated format.)

<Provide your answer here>

Hint:
Asset names Monetary value of the Workflow value of asset
assets to the business and how it impacts the
branches
IT Maintenance High Monetary Value High Impact
Technical Support 24/7 High Monetary Value High Impact
Router High Monetary Value High Impact
Firewall High Monetary Value High Impact
Switches High Monetary Value High Impact
Servers High Monetary Value High Impact
WIFI access points Medium Monetary Value Medium Impact
PC/Laptops High Monetary Value Medium Impact
Printers Medium Monetary Value Medium Impact ☐ ☐
Secured data center, Medium Monetary Value High Impact
Server room and racks
Anti-Virus software Medium Monetary Value High Impact
Database software Medium Monetary Value High Impact
Tax/Accounting software Medium Monetary Value High Impact
Documentation of security Medium Monetary Value Low Impact
policies
Documentation of router Low Monetary Value Low Impact
configuration, firewall and
switches
Employee training in Low Monetary Value Low Impact
technical and security
policy

3.4 Create a risk management plan. [NOTE: Template has been provided to you.] S NS

17
<Discuss your Risk management plan here and then use the template below> ☐ ☐

Guideline for occurring the events and Risk calculation. (NOTE: This will help to find out RISK)
Probability of occurring the event

High Medium Low

Note:
Provide your answer in the template below and calculate the Risk accordingly.
Threat Vulnerability Assets and RISK Solution
consequences
Probability of Probability of
<Example> <Example> <Example>
occurring the occurring the
event event All Services
HIGH HIGH (Website, email, Buy a new Air
Conditioner and
<Example> <Example> etc.) will be
also add a spare
Overheating in System failure unavailable until
Air Conditioner
Server Room desired HIGH so that it can be
(Air conditioning temperature is used in the
system is 10 years maintained in the event of High
old ) Server Room. Temperature.
Probability of Probability of
occurring the occurring the
event event
HIGH HIGH Disruption of Strict schedule of
operations and maintenance and
HIGH
services until the 24/7 Technical
Network system Network become network run and support
down vulnerable to maintained
attack, unreliable properly.
and system failure
Probability of Probability of
occurring the occurring the Vulnerable in
event event cyber-attacks,
HIGH HIGH disruption of
HIGH Replace faulty
operations and
router
services. Required
Network Faulty Router
to replace faulty
interruption Risk in network no Router
redundancy
Probability of Probability of
occurring the occurring the Vulnerable to
event event
cyber attack,
HIGH HIGH
disruption of
Replace or
operations,
HIGH reconfigure
Network Faulty firewall or network security
firewall
interruption misconfiguration issue. Required to
unauthorised Risk in network replace or
access reconfigure
security
firewall.

Probability of Probability of
occurring the occurring the Disruption of
event event operations and
Replace faulty
HIGH HIGH services. Required HIGH
switch
Network to replace Switch
interruption Faulty switch
Probability of Probability of Disruption of HIGH Update software
occurring the occurring the operations and

18
 event event
HIGH HIGH
Loss of data, network security
issue
network Outdated software
interruption issue
Probability of Probability of Disruption of
occurring the occurring the operations and
event event services. Required
HIGH HIGH HIGH Replace server
to install backup
Network system System downtime, server
down no redundancy
Probability of Probability of Disruption of
occurring the occurring the operations and
event event services. Network
HIGH HIGH security issue. HIGH Update Anti virus
Loss of data, virus Required to
on system Outdated Antivirus update antivirus

Probability of Probability of Disruption of

occurring the occurring the operations and
event event Continuous
services. Network
HIGH HIGH system and
security issue.
Service disruption, Unreliable network HIGH network
Required system
system downtime vulnerable to cyber monitoring by
and network
system admin
attack monitoring

Probability of Probability of Disruption of

occurring the occurring the operations and
event event Install data
services. Required
HIGH HIGH storage and
to have data HIGH
Data loss System downtime schedule data
storage for data
backup job
back up

Probability of Probability of Implement strong

occurring the occurring the password
event event authentication or
HIGH HIGH Security breach,
multi factor
End user device Identity theft, HIGH
authentication.
compromise Vulnerable to cyber End user training
security access attack for security
policy.
Probability of Probability of Laptop/PC
occurring the occurring the replacement.
event event Enduser’s tasks Loan laptop
MEDIUM MEDIUM using their provision.
End user’s data Faulty Laptop/PC MEDIUM
laptop/PC will be Training endusers
and application interrupted. to save files to a
loss network drive or
cloud.
Probability of Probability of
occurring the occurring the Regular checks of
event event Wifi connection wireless AP and
MEDIUM MEDIUM will be down until replace if
MEDIUM
No Wifi connection Faulty wireless wifi device is fixed required.
or replaced. Alternatively, use
access point
a LAN connection.

Probability of Probability of Incoming and

occurring the occurring the Reconfigure Line
outgoing call not
event event Hunt for voice
working until IP LOW
LOW LOW service. Replace
phone
faulty IP phone
Incoming and reconfigure or

19
 outgoing call not IP phone faulty replace.
working Otherwise use
other line for
voice service or
calls diverted to
company mobile
phone
Probability of Probability of
occurring the occurring the
event event
Ensuring
LOW LOW
Outdated IT documentation is
Obsolete details or Documentation of LOW
documentation updated for every
information IT Security policy is policy changes..
not up to date

NOTE: You may add more rows according to your RISK Management within the case
study. Create at least of 10 of the Risks.

4. Create a security design (NOTE: During this phase, you will be focusing on
4 following four areas. )

4.1 Determine attacker scenarios and threats.

4.2 Design security measures for network components.
4.3 Obtain feedback and adjust if required.
4.4 Develop security policies.
ANSWER
4.1 Determine attacker scenarios and threats. N
S
S
1. Attack scenarios: ☐ ☐
The attacker tries to prevent the normal operation for communication facilities of the
system. It slows down internet services, makes it unavailable, and sometime destroy
the systems. Most of the services affected are online applications and procedures,
system and network performance, emails and other system resources.
Threat: Distributed Denial of Service (DDoS)
2. Attack scenarios:
The attacker will try to read or view the data from any resource transmitted in the
network. But, if the system has a capability to encrypt and decrypt data. As a result, all
the important data is transmitted across the network encrypted and therefore it is
difficult for the attacker to view or steal. However, the attacker might try to hack the
encryption key or physically accessing a computer or network to steal the local files, or
by bypassing network security remotely.
Threat: Data Breach
3. Attack scenarios:
The attacker send looks like a legit email and attempt to trick the user to click on a link
to a malicious website by claiming their password will expire otherwise.
Threat: Phishing
4. Attack scenarios:
The attacker sends the user a phishing email. No attachment. No links. Text only. After
gaining users trust, in a second moment, he can send you a malicious attachment, that

20
is, malware disguised as a legitimate file.
Threat: Malware attack
5. Attack scenarios:
The attacker takes a position on a network and trying to hack the communication
between the sender and receiver. In this spot, the attacker relays all communication,
can listen to it, and even modify it.
Threat: Man-in-the Middle

4.2 Design security measures for network components. [NOTE: You should provide
your proposed network topology with proper security measures on it. This
topology should portrait all the branches and head office. You should include all
N
types security measures on it. After showing the necessary security measures in S
S
the topology, you have to explain other security measures such as Physical,
Logical, OS, Malware, Hacking, Fire, Natural disaster and so on. ]

☐ ☐

21
Security Measures

1. Always stay updated of latest version of software installed on OS and programs of all
devices that the TERA TAX use. This procedure usually corrects all vulnerabilities and
properly patched and updated. Recent updates allow your Data to be more secured.
2. Schedule backups weekly or can-do incremental backups for every few days, to
external hard drives or in the cloud in order to keep the data stored safely.
3. Antivirus and anti-malware are essential, they are indispensable to protecting the
Data. They are designed to prevent, search for, detect and remove viruses but also
adware, worms, trojans, and others.
4. Secured connectivity must be established for protection of information transmission.
The information transmitted must be in encrypted form. Digital signatures can be used
to encrypt the information. Using VPN can establish private secure communication
across public network such as internet. Other example to secure connection is Secure
Sockets Layer (SSL) protocol for secure transactions.
5. Security monitoring is also essential. Continuous monitoring of network for safeguard
against attacks test security infrastructure. The logfiles of the users accessing the host
containing information about their IP addresses, duration and time stamp must be
recorded. The weak areas must be identified through intrusion detection systems and
the network security holes must be fixed before hackers find them.
6. Securing company system access by establishing strong and unique password. Must
put together a combination of capitals, lower-case letters, numbers, and symbols, the
more unique and characters the better.
7. Risks of a potential physical security breach must be anticipated. A complete identity
of the person accessing the system is essential. FDD locks or electronics lock on all ICT
or server room, set up surveillance camera, identity cards and bio traits must be
implemented. Advance fire protection system must be set up to protect life and
property.
8. Creating a strong security policy must be implemented to all employee, clients and
visitors.
9. Disaster recovery plan, proper incident handling and training must be taught to
Network engineer and technician and other employees. In case of any network attacks,
natural disaster and fire.
10. Training must provide to educate employee about company security policy.
Prevention is the best way to keep TeraTax network, data safe.
4.3 Obtain feedback and adjust if required. [NOTE: You can send email to your assessor N
S
regarding your security design and corresponding feedback.] S
Security design (Topology) reviewed, and feedback done by Frank Trcka Instructor at
Melbourne Polytechnic. Adjustment made upon advice by Frank Trcka.
☐ ☐

4.4 Develop security policies. (NOTE: Template has been provided below.) N
S
S
☐ ☐
This Network Security Policy for TeraTax Australia PTY LTD is the “go to” document and
the benchmark of the key stakeholder’s expectation for IT Security and all that it entails.
It outlines the rules, guidelines, enforcements and actionable security methodology
afforded to TeraTax Australia PTY LTD.

Policy Area TeraTax Australia PTY LTD Network Security Policy

22
 Approved 23/10/2020
Date

Approved By John Casino

Effective 23/10/2020
Date

Current Version 1.0

Version

I. Overview
TeraTax Australia PTY LTD Network Security Policy compiled and implemented as
of 23/10/2020 for the purpose of protecting all data and network traffic and
infrastructure for TeraTax Australia PTY LTD

II. Purpose
The Purpose of this policy is to allow for the implementation of an actionable plan with
instructions, technical guidelines, and procedural requirements for the protection of
TeraTax Australia PTY LTD network systems.

This policy will also allow for the identification, investigation and prosecution of
unwarranted and unsolicited network usage.

III. Scope

This policy applies to all staff, visitors, guests and contractors who access the Teratax
Australia computer networks.

This Policy also applies to all network associated hardware owned and used by TeraTax
Australia PTY LTD

IV. Policy
GENERAL
All data exchanged, stored and accessed over TeraTax Australia PTY LTD computer
networks in the central office and regional sites that is not clearly marked as owned by
other parties will be treated as the property of TeraTax Australia PTY LTD.
This policy reflects the fact that it is the policy of TeraTax PTY LTD to prohibit the
unauthorized access, sharing of, copying, altering or the theft of this data. The same
policy applies to data belonging to third parties who have assigned TeraTax PTY LTD access
to their data in business transactions.
GUIDELINES

The following is a list of various agencies and organizations whose guidelines were

23
incorporated into the completing of this document.
 AS/NZS ISO/IEC 27000 series – Information Security Management, which
includes:
o ISO/ IEC 27000:2018 – Information technology – Security techniques –
Information security management systems – Overview and vocabulary
o ISO/IEC 27001:2015 – Information technology – Security techniques –
Information security management systems – Requirements
o ISO/IEC 27002:2015 – Information technology – Security techniques –
Code of practice for information security controls
o ISO/IEC 27003:2017 – Information technology – Security techniques –
Information security management system – Guidance
o AS ISO/IEC 27004:2018 – Information technology – Security techniques –
information security management – Monitoring, measurement, analysis
and evaluation
o ISO/IEC 27005:2018 – Information technology – Security techniques –
Information security risk management
 AS ISO 55001:2014 – Asset management – Management systems – Requirements

PASSWORD PROTECTION STANDARDS

User Passwords:

An effective and robust password setting procedure is key to data protection.

All passwords used to access data mainained by TeraTax PTY LTD must be at least 8
characters long, contain 1 upper case letter and a special character.

Passwords must not be written down and left in a place where others can access.

Passwords must not be shared to anyone.

Any password that is stored electronically must not be stored in format that is readable
and in a location where it can be seen by others.

Passwords must be changed annually and when updated, the change must be of at least
3 characters.

Hardware associated passwords:

All new computers installed and added to the TerTax network must have default password
settings updated.

All computers that are permanently or temporarily connected to the TeraTax local area
networks must have password access controls.

Routers must have secured administrative access; restricted device accessibility and
authentication access, passwords of 10 characters with a mixture of lower and upper case
letters and characters.

V. Enforcement

24
TeraTax Australia PTY LTD acknowledges that in certain circumstances there may be a
requirement for certain users to undertake actions that are not in line with this policy. In
this case, all instances must have pre-approval in writing from the Information Security
officer. Failure to do so will constitute a breach.

TeraTax Australia PTY LTD users who deliberately violate the terms and conditions
outlined in this policy will be found to be in breach of company policy and will be subject to
disciplinary action which may include termination of employment and legal action.

VI. Distribution

This policy document is to be distributed to all staff and stored in a Share point folder
which can be accessed. All amendments to this document are to be disseminated to all
staff at the time of completion.

Policy History
Version Date Description Approved By

1.0 23/10/2020 Initial policy release Information Security Officer,

TeraTax PTY LTD

25
 5. Design and implement responses to security incidents (NOTE: During this phase, you will be focusi
5 following four areas. )

5.1 Design auditing and incident response procedure.

5.2 Document security incidents.
5.3 Implement configurations aligned with incident response procedure design.
5.4 Test and sign off.

ANSWER
5.1 Design auditing and incident response procedure. S
☐
< SysLog Server collection gives reports about incidents in detail. This type of SysLog report can be used for auditing and
incident response e.g. Syslog products like Solarwinds, Kiwi Syslog, PRTG etc. can generate detailed information
about indicents.>

26
Incident Response Procedures is a set of instructions designed to help companies prepare for, detect, respond to, and
recover from network security incidents. An incident response plan is the best chance at defending Tera Tax
organization from suffering the effects of any incident. The plan encompasses areas of organization such as IT, HR,
finance, customer service, employee communications, legal, insurance, public relations, regulators, suppliers, partners,
local authorities and other outside entities.

Incident Response Procedure

Preparation is the first phase of incident response planning and the most crucial in protecting
your business and assets. During the preparation stage the document, outline, and explain your
Incidents Response team’s roles and responsibilities, including establishing the underlying security
policy which will guide the development of your IR plan.
 Determine the exact location, sensitivity and relative value of all information in your
organization that needs to be protected.
 Gain approval from the top of the organization.
 Assign roles and responsibilities for all relevant stakeholders, including IT, HR, internal
communications, customer support, legal, PR and advisors.
 Establish a chain of command that includes both IT and corporate leaders. Who is the
incident commander? Who launches the incident response plan? Who has “stop work”
authority, such as the emergency shut down of company websites?
 Gather and update 24/7/365 contact information (email, text, VOIP, etc.) for all incident
response team members, their backups, and managers. Establish alternative channels of
communication if regular channels are compromised or unavailable.
 Identify cybersecurity regulatory requirements for the organization across all functions
and develop guidance on how to interact with law enforcement and other governmental
authorities in the event of an incident.
 Develop and maintain a list of preferred technology vendors for forensics, hardware
replacement, and related services that might be needed before, during or after an
incident.
 Establish procedures for IT teams to receive clear, actionable alerts of all detected
malware. Specific explanations can help team members avoid dismissing the alert as a
false positive.
 Store privileged credentials, including passwords and SSH keys, in a secure, centralized
vault.
 Automatically rotate privileged credentials, isolate privileged account sessions for
temporary employees, and regularly scan for orphan accounts of former employees that
might still provide unauthorized access.
 Request employees to report suspicious emails and activities that might compromise
network security.
 Ensure that you have a clean system ready to restore, perhaps involving a complete
reimage of a system or a full restore from a clean backup.
 Establish a comprehensive and integrated communications plan to inform both internal
and external audiences on incidents in a rapid, accurate and consistent fashion.
Detection & Analysis this phase of security incident response and IR planning involves
monitoring, detecting, alerting, and reporting on security events. This includes identifying known,
unknown, and suspect threats.
 Develop a proactive detection strategy based on tools that can automatically scan your
physical and virtual hosts, systems, and servers for any vulnerable applications, identities,
or accounts.
 Consider traditional solutions such as antivirus software, or tools to detect malware.
 Consider deep analysis and forensics-based capabilities that can assess the health of an

27
 endpoint by validating what is running in memory at a given point in time.
 Conduct compromise assessments to verify whether a network has been breached and
quickly identify the presence of known or zero day malware and persistent threats active
or dormant and that have evaded your existing cybersecurity defenses.
Response incident response actions may include triaging alerts from your endpoint security
tools to determine which threats are real or the priority in which to address security incidents.
Incident response activities can also include containing and neutralizing the threat(s), isolating,
shutting down, or otherwise disconnecting infected systems from your network to prevent the
spread of the cyber attack. Additionally, incident response operations include eliminating the
threat (malicious files, hidden backdoors, and artifacts) which led to the security incident.
 Immediately contain systems, networks, data stores and devices to minimize the breadth
of the incident and isolate it from causing wide-spread damage.
 Determine if any sensitive data has been stolen or corrupted and, if so, what the potential
risk might be to your business.
 Eradicate infected files and, if necessary, replace hardware.
 Keep a comprehensive log of the incident and response, including the time, data, location
and extent of damage from the attack.
 Preserve all the artifacts and details of the breach for further analysis of origin, impact,
and intentions.
 Prepare and release public statements as soon as possible, describe as accurately as
possible the nature of the breach, root causes, the extent of the attack, steps toward
remediation, and an outline of future updates.
 Update any firewalls and network security to capture evidence that can be used later for
forensics.
 Engage the legal team and examine compliance and risks to see if the incident impacts any
regulations.
 Contact law enforcement if applicable since the incident may also impact other
organizations. Additional intelligence on the incident may help eradicate, identify the
scope, or assist with attribution.
Recovery include eradication of the security risk, reviewing and reporting on what happened.
Certifying then re-certifying your environment for a clear of the threat(s) via a post-incident
cybersecurity compromise assessment or security and IT risk assessment.
 Eradicate the security risk to ensure the attacker cannot regain access. This includes
patching systems, closing network access and resetting passwords of compromised
accounts.
 Create a root cause identification to help determine the attack path used so that security
controls can be improved to prevent similar attacks in the future.
 Perform an organization wide vulnerability analysis to determine whether any other
vulnerabilities may exist.
 Restore the systems to pre-incident state. Check for data loss and verify that systems
integrity, availability and confidentiality has been regained and that the business is back to
normal operations.
 Continue to gather logs, memory dumps, audits, network traffic statistics and disk images.
Without proper evidence gathering, digital forensics is limited so a follow-up investigation
will not occur.
Follow-up activities including updating your threat intelligence with new information about
what’s good and what’s bad, updating your IR plan with lessons learned from the security incident.
 Complete an incident response report and include all areas of the business that were
affected by the incident.
 Determine whether management was satisfied with the response and whether the
organization needs to invest further in people, training or technology to help improve its

28
 security posture.
 Share lessons learned. What went well, what didn’t and how can procedures be improved
in the future?
 Review, test and update the cybersecurity incident response plan on a regular basis,
perhaps annually if possible.
 Conduct a compromise assessment or other security scans on a regular basis to ensure
the health of systems, networks and devices.
 Update incident response plans after a department restructure or other major transition.
 Keep all stakeholders informed about the latest trends and new types of data breaches
that are happening. Promote the message that “security is everyone’s job.”
5.2 Document security incidents. S
We begin by developing a formal security incident logging plan. ☐
All log records are to be stored in a single location and are organised by date and source.

Network devices are configured in order to enable event logging, generate the type of event with attributes such as:
IP address time and date
Protocol used
Port accessed
Method of connection
Traffic allowed on firewall
Traffic blocked on firewall
Administrator access
User account changes
Bytes transferred

These settings should cover the network perimeter, endpoints and core internal devices.
Event logging should be enabled at all times, and protected from unauthorised access.
They should be analysed on a regular basis to identify abnormalities.
The responsibility for reviewing the logs for the network is assigned to more than one staff in the IT team and
scheduled to be carried out regularly.

Once events are recorded for a particular time period of interest, a report is created from a pre determined template
capturing the data mentioned above including time and date, type of incident etc. This report should describe how the
incident has affected or could have affected the network system.
What are the steps that need to be or have already been implemented to avoid recurrence.

The process of reviewing the logs consists of comparing new logs with the pre-documented baseline logs. In this
process the aim is to determine if a new event is normal or abnormal and can be done against the logging accounts of
specific users in order to try to establish the context of the event. This is then compared to other users to see of their
logs have generated the same even and if this has also occurred on another system at the same time or a different time
and date.
During this analysis, it may be required to discuss with other users to see if there are anything information that can be
useful to the investigation of this event.

29
Use of a spreadsheet assists with creating the event analysis:

5.3 Implement configurations aligned with incident response procedure design [NOTE: You should provide
S
Router/Switch/ASA Firewall configuration details to protect and combat the incidents.]
☐

Show running configuration of R1 Show running configuration of Show running configuration of R3

ASA

R1#show run CCNAS-ASA#show run R3#show run

Building configuration... : Saved Building configuration...

30
 :

Current configuration : 1026 ASA Version 8.4(2) Current configuration : 950

bytes bytes
!
! !
hostname CCNAS-ASA
version 15.1 version 15.1
domain-name ccnasecurity.
no service timestamps log com no service timestamps log
datetime msec datetime msec
enable password
no service timestamps debug 57n/mTd4HwB/bqHS no service timestamps debug
datetime msec encrypted datetime msec

no service password-encryption names no service password-

encryption
! !
!
hostname R1 interface Ethernet0/0
hostname R3
! switchport access vlan 2
!
enable secret 5 !
$1$mERr$TfFTxE.mmb5O5BVC5 no ip cef
6ndL0 interface Ethernet0/1
no ipv6 cef
! !
!
no ip cef interface Ethernet0/2
username SSHadmin privilege
no ipv6 cef switchport access vlan 3 15 secret 5
$1$mERr$OBJ1/J.XbT5.JhwNHV
! ! c7p/

username SSHadmin privilege 15 interface Ethernet0/3 !

secret 5
$1$mERr$OBJ1/J.XbT5.JhwNHVc7 ! license udi pid CISCO1941/K9
p/ sn FTX15242KYA
interface Ethernet0/4
! !
!
license udi pid CISCO1941/K9 sn ip domain-
FTX15242RV6 name ccnasecurity.com
interface Ethernet0/5
! !
!
ip domain- !
name ccnasecurity.com interface Ethernet0/6
spanning-tree mode pvst
! !
!
! interface Ethernet0/7

31
spanning-tree mode pvst ! interface GigabitEthernet0/0

! interface Vlan1 no ip address

interface GigabitEthernet0/0 nameif inside duplex auto

ip address 209.165.200.225 security-level 100 speed auto

255.255.255.248
ip address 192.168.1.1 shutdown
duplex auto 255.255.255.0
!
speed auto !
interface GigabitEthernet0/1
! interface Vlan2
ip address 172.16.3.1
interface GigabitEthernet0/1 nameif outside 255.255.255.0

no ip address security-level 0 duplex auto

duplex auto ip address speed auto

209.165.200.226
speed auto 255.255.255.248 !

shutdown ! interface Serial0/0/0

! interface Vlan3 no ip address

interface Serial0/0/0 no forward interface Vlan1 clock rate 2000000

ip address 10.1.1.1 nameif dmz shutdown

255.255.255.252
security-level 70 !
clock rate 2000000
ip address 192.168.2.1 interface Serial0/0/1
! 255.255.255.0
ip address 10.2.2.1
interface Serial0/0/1 ! 255.255.255.252

no ip address object network dmz-server !

clock rate 2000000 host 192.168.2.3 interface Vlan1

shutdown object network inside-net no ip address

! subnet 192.168.1.0 shutdown

255.255.255.0
interface Vlan1 !
!
no ip address ip classless
route outside 0.0.0.0
shutdown 0.0.0.0 209.165.200.225 1 ip route 0.0.0.0 0.0.0.0
Serial0/0/1

32
! ! !

ip classless access-list OUTSIDE-DMZ ip flow-export version 9

extended permit icmp any
ip route 0.0.0.0 0.0.0.0 host 192.168.2.3 !
Serial0/0/0
access-list OUTSIDE-DMZ line con 0
! extended permit tcp any
host 192.168.2.3 eq www password ciscoconpa55
ip flow-export version 9
! login
!
! !
line con 0
access-group OUTSIDE- line aux 0
password ciscoconpa55 DMZ in interface outside
!
login object network dmz-server
line vty 0 4
! nat (dmz,outside) static
209.165.200.227
login local
line aux 0
object network inside-net
transport input ssh
!
nat (inside,outside)
dynamic interface !
line vty 0 4
! !
login local
aaa authentication ssh !
transport input ssh console LOCAL
end
! !

! !

! username admin
password
end .vMR4ts6hGyvBErZ
encrypted

class-map
inspection_default

match default-inspection-
traffic

policy-map global_policy

33
class inspection_default

inspect icmp

service-policy global_policy
global

telnet timeout 5

ssh 192.168.1.0
255.255.255.0 inside

ssh 172.16.3.3
255.255.255.255 outside

ssh timeout 10

dhcpd address
192.168.1.5-192.168.1.36
inside

34
5.4 Test and sign off. (NOTE: Template has been provided below.) S

Work accomplishment sign-off form

Name of CEO Frank Trcka

(client)
Signature of CEO Frank Trcka Date 13 Nov 2020
(client)
☐
Name of John Casino
contractor (you)
Signature of JohnCasino Date 13 Nov 2020
contractor (you)

SUBMISSION GUIDELINES

35
 Save your assessment file as: “Student ID_Student Name_Assessment 4_Case Study

Example: “s123456_Jack Jackson_ Assessment 4_Case Study”

Student Declaration
PLEASE READ, TICK AND SIGN BELOW
☐ I declare that the attached assessment I have submitted is my own original work and any
contributions from and references to other authors are clearly acknowledged and noted.

☐ This document has been created for the purpose of this assessment only and has not been
submitted as another form of assessment at Melbourne Polytechnic or any other tertiary
institute.

☐ I have retained a copy of this work for my reference in the event that, this application is lost
or damaged.

☐ I give permission for Melbourne Polytechnic to keep, make copies of and communicate my
work for the purpose of investigating plagiarism and/or review by internal and external
assessors.

☐ I understand that plagiarism is the act of using another person’s idea or work and presenting
it as my own. This is a serious offence and I will accept that penalties will be imposed on me
should I breach Melbourne Polytechnic’s plagiarism policy.

STUDENT DATE 13 November 2020

SIGNATURE
John Casino
PLEASE NOTE THAT YOUR ASSIGNMENT WILL NOT BE ACCEPTED UNLESS YOU HAVE:
 COMPLETED ALL SECTIONS OF THE ASSIGNMENT
 ACKNOWLEDGED ALL SOURCES OF OTHER PEOPLE’S CONTRIBUTIONS INCLUDING REFERENCES AND
STUDENTS’ NAMES FOR GROUP WORK ASSESSMENTS
 COMPLETED ALL AREAS OF THIS STUDENT ASSIGNMENT COVER SHEET.

Marking Guide
TRAINER/ASSESSOR TO COMPLETE THE FOLLOWING:

TASK Yes No
1.1 The learner has correctly defined planning phase for network security
☐ ☐
design.
1.2 The learner has correctly defined building phase for network security
☐ ☐
design.
1.3 The learner has correctly defined managing phase for network
☐ ☐
security design.

36
 2.1
The learner has correctly determined why attacks do occur. ☐ ☐
2.2 The learner has correctly determined who the attack may come
☐ ☐
from.
2.3 The learner has correctly analysed common types of network
☐ ☐
vulnerabilities.
2.4 The learner has correctly determined how attacks do occur.
☐ ☐
2.5 The learner has correctly designed a threat model to categorise
☐ ☐
treats.
3.1 The learner has correctly determined elements of risk management.
☐ ☐
3.2 The learner has correctly determined assets that require protection.
☐ ☐
3.3 The learner has correctly categorised assets and calculate their value
☐ ☐
to the organisation.
3.4 The learner has correctly created a risk management plan.
☐ ☐
4.1 The learner has correctly determined attacker scenarios and threats.
☐ ☐
4.2 The learner has correctly designed security measures for network
☐ ☐
components.
4.3 The learner has correctly obtained feedback and adjust if required.
☐ ☐
4.4 The learner has correctly developed security policies.
☐ ☐
5.1 The learner has correctly designed auditing and incident response
☐ ☐
procedure.
5.2 The learner has correctly documented security incidents.
☐ ☐
5.3 The learner has correctly Implemented configurations aligned with
☐ ☐
incident response procedure design.
5.4 The learner has correctly presented test and sign off form.
☐ ☐
COMMENTS AND FEEDBACK

RESULT
☐ Satisfactory
☐ Not Satisfactory (resubmission required) – Due date: ____________________________

37
DATE ASSESSMENT RETURNED

TRAINER/ASSESSOR NAME

TRAINER/ASSESSOR SIGNATURE

38