NETWORK AND

INFORMATION SECURITY
INDIVIDUAL COURSEWORK

Done and presented by

Sentamu Alex Lucky
VU-BIT-2201-0030-DAY
Carry out a security audit in the
selected organization of choice and
systematically give your findings for
each of the above scope given.

My organisation of choice is Fortebet Uganda. And since

this organisation operates in centres I was able to contact
Kalerwe centre and Mukasa Fred (0781224705) as
centre manager.
My security audit scope covers the following areas;
a) Hardware
b) Software / business information systems & applications
c) Networks
d) Organizational policies, procedures & guidelines
e) Organization businesses Processes
f) Data
And this a findings;
Hardware: I was able find out that there’s updated
hardware especially the laptops and desktops are supported
by security updates, have physical security measures for
hardware, or unauthorized devices cannot connected to the
network.
Software / Business Information Systems &
Applications: I was able find out in this area that there’s
strengthened software, with encryption for sensitive data, or
adequate access controls within business applications.
Networks: I was able find out in this area that there’s
unsecured wired networks, lack of intrusion detection
systems, or unencrypted data transmission.
Organizational Policies, Procedures & Guidelines: I was
able find out in this area that there’s an updated security
policy, a lot of employee training on security best practices,
or consistent enforcement of security guidelines.
Organization Business Processes: Security audit findings
related to this area included lack of segregation of duties,
insufficient backup and disaster recovery plans, or inadequate
incident response procedures.
undertaken and industry best standards and practices, use examples
to recommend the best approach that your organization of choice
must undertake to address each of the following;
a) Risks identified
b) Threats identified
c) Vulnerabilities observed

 Risks identified:
Risk of unauthorized physical access to hardware due lacking of
proper security controls.
The best approach: Implement physical security measures such as
access control systems, surveillance cameras, and secure locking
mechanisms to mitigate the risk of unauthorized access to hardware.
 Threats identified:

Threat of malware infections through unpatched software systems.

The best approach: Regularly update and patch software systems
to address known vulnerabilities and deploy antivirus software to
detect and prevent malware infections.
 Vulnerabilities observed:

Vulnerability in network infrastructure leading to potential data

breaches.
The best approach: Conduct regular network vulnerability
assessments, implement firewalls, intrusion detection systems, and
encryption protocols to secure network communications and prevent
Develop an information security policy of the organization of your choice.

Introduction
 Purpose of the policy

To improve on security of data and all organisation

software of Fortebe Uganda
 Scope of the policy

Information Security Objectives

Roles and Responsibilities
Information Classification
Access Control
Data Protection
Incident Response
Training and Awareness
Compliance and Monitoring
Information Security Objectives
To find out the information security risks and threat.
To get solutions to the find out information security risks
Roles and Responsibilities
To improve the network and information security at Kalwere main Fortebet branch.
Information Classification
Hardware
Software / business information systems & applications
Networks
Organizational policies, procedures & guidelines
Organization businesses Processes
Data
Access Control
There is a secured access control via all operators need usernames and password to
access an account in the Fortebet system.
Data Protection
All clients are provided by usernames and passwords to access their online Fortebet
accounts and all receive a SMS to confirm a transaction.
Incident Response
Due to theft of laptop which a meant to be used at the client, the laptop were sealed or
mounted by metal protection.
Since the network is a wired and not monitored properly, they are looking forward to a
wireless network which is well encrypted and monitored.
Training and Awareness
The operators are well trained on how to use the Fortebet system and how to safe keep
client data and information.
Compliance and Monitoring
The system administrator and supervisor who work 24 to 7 always updating and
monitoring data security within the system.
Choose an organization of your choice; briefly explain
any five I.T/I.S Security frameworks while explaining
why you chose them.
1. ISO/IEC 27001: This framework provides a systematic approach to managing
sensitive company information. It is widely recognized and helps organizations
establish, implement, maintain, and continually improve an information security
Management system.
2. NIST Cybersecurity Framework: Developed by the National Institute of
Standards and Technology, this framework provides a risk-based approach to
managing cybersecurity risks. It helps organizations identify, protect, detect, respond,
and recover from cyber threats
3. COBIT (Control Objectives for Information and Related Technologies):
COBIT is a framework for governing and managing enterprise IT. It helps
organizations align IT goals with business objectives, ensuring effective IT
governance and control.
4. CIS Controls (Center for Internet Security Controls): This framework
provides a set of best practices for cybersecurity defense. It offers prioritized
guidance to help organizations improve their cybersecurity posture and protect
against common cyber threats.
5. PCI DSS (Payment Card Industry Data Security Standard): This framework is
designed to secure payment card transactions and protect cardholder data. It is
essential for organizations that handle credit card information to comply with PCI DSS
requirements to prevent data breaches.
Common reason: I chose these frameworks because they are widely recognized in
the industry, provide comprehensive guidance on information security best practices,
and can help organizations establish robust security measures to protect their data
and systems effectively. Each framework offers a unique perspective on managing
IT/IS security risks and can be tailored to suit the specific needs of the organization.
Explain what access control means in
information security and its two forms
 Access control in information security refers to the
practice of regulating who can access certain resources or
information within a system. It is a crucial aspect of
maintaining the confidentiality, integrity, and availability of
data.
 There are two main forms of access control:
 1. Discretionary Access Control (DAC): In DAC, the
owner of the resource has the ability to determine who can
access it and what level of access they have. This form of
access control is more flexible, as it allows users to grant or
revoke access permissions based on their discretion
 2. Mandatory Access Control (MAC): In MAC, access
control is determined by a central authority or system
administrator. Users do not have the ability to change
access permissions on their own. This form of access
control is more rigid and is commonly used in
environments where strict security policies need to be
enforced.
Discuss the following in regards to
Authorization
• Access control matrix/ACLs/Capabilities
• MLS/Multilateral security
• BLP/Biba
• Covert channel
• Inference control
• CAPTCHA
• Firewalls
• IDS
Access control matrix is a table that defines the permissions or access rights that each user or
system process has to a particular object. Access Control Lists (ACLs) are a set of rules that specify
which users or system processes are granted access to objects, as well as what operations they
are allowed to perform. Capabilities are tokens that represent the authority to perform a specific
action on a specific object.

Multilevel Security (MLS) is a security model that enforces access controls based on multiple
levels of sensitivity or classification. It ensures that users can only access information at their
clearance level or below. Multilateral security extends this concept to multiple security domains.

Bell-LaPadula (BLP) and Biba are two different models for enforcing access control policies. BLP
focuses on confidentiality, ensuring that information is not disclosed to unauthorized users. Biba,
on the other hand, focuses on integrity, preventing users from modifying data inappropriately

A covert channel is a communication channel that is not intended for normal communication but
can be exploited to transfer information in a way that violates security policies.

Inference control is a method used to prevent unauthorized users from inferring sensitive
information by observing the system's behavior.

CAPTCHA is a security measure used to determine whether a user is human or a bot. It typically
involves presenting a challenge that is easy for humans to solve but difficult for automated
programs.

Firewalls are security devices or software that monitor and control incoming and outgoing
network traffic based on predetermined security rules. They help protect a network from
unauthorized access and cyber threats.

Intrusion Detection System (IDS) is a security tool that monitors network or system activities
for malicious activities or policy violations. It alerts administrators when it detects suspicious
behavior, helping to prevent security breaches.
How can you authenticate a human to a
machine?
To authenticate a human to a machine, various methods can be used
to verify the identity of the user. Here are some common
authentication methods:
Password-based authentication: This is the most common form of
authentication where the user enters a password or passphrase that
only they should know.
Biometric authentication: This involves using unique physical
characteristics of the user, such as fingerprints, facial recognition, iris
scans, or voice recognition, to verify their identity.
Two-factor authentication (2FA): This method requires the user to
provide two different forms of identification, such as a password and
a one-time code sent to their mobile device.
Multi-factor authentication (MFA): Similar to 2FA, MFA requires
the user to provide multiple forms of identification, which can include
something they know (password), something they have
(smartphone), and something they are (biometric data).
Token-based authentication: This involves using a physical device,
such as a smart card or security token, to authenticate the user.
Certificate-based authentication: This method uses digital
certificates to verify the identity of the user.
Behavioral biometrics: This involves analyzing the unique patterns
a machine?
To authenticate a machine to another machine, various methods can be used to
establish trust and verify the identity of the communicating devices. Here are
some common techniques for machine-to-machine authentication:
Mutual TLS (Transport Layer Security): Mutual TLS, also known as mutual
authentication or two-way SSL, involves both machines presenting digital
certificates to each other to verify their identities. This ensures a secure and
encrypted communication channel.
API Keys: Machines can authenticate each other using API keys, which are
unique identifiers or tokens that are exchanged between the devices to validate
their identities and authorize access to specific resources or services.
Shared Secrets: Machines can use shared secrets, such as pre-shared keys or
passwords, to authenticate each other. These secrets are known only to the
communicating devices and are used to verify the authenticity of the
communication.
Digital Signatures: Machines can use digital signatures to sign messages or
data exchanged between them. The receiving machine can verify the signature
using the sender's public key to ensure the message has not been tampered
with and originated from the expected source.
Open Authorization ( OAuth) is a protocol that allows machines to
authenticate and authorize each other to access resources on behalf of a user. It
is commonly used in web services and APIs to enable secure machine-to-
machine communication.
IP Whitelisting: Machines can be authenticated based on their IP addresses by
configuring a whitelist of trusted IP addresses that are allowed to communicate
with each other. This method restricts access to only authorized machines.
 What are the different kinds of
1. Complex Passwords: These passwords are typically long and include a mix
of uppercase and lowercase letters, numbers, and special characters. For
‘good’ passwords people use today?
example, "P@ssw0rd!2022".
2. Passphrases: Passphrases are longer than traditional passwords and
consist of multiple words or a sentence. They are easier to remember and
harder to crack. For example ,"PurpleElephant$JumpingHigh".
3. Random Passwords: Randomly generated passwords using password
managers or online tools can be highly secure as they are not easily guessable.
They often consist of a string of random characters like "9#jL$2&8@p".
4. Diceware Passwords: Diceware is a method of creating strong passwords
by rolling dice to select random words from a list. This results in a passphrase
that is both secure and memorable, such as "correct-horse-battery-staple".
5. Biometric Passwords: Biometric authentication methods, such as
fingerprints, facial recognition, or iris scans, can be used as passwords to
provide a high level of security based on unique physical characteristics.
6. Two-Factor Authentication (2FA) Codes: In addition to a password, 2FA
codes generated by authenticator apps or sent via SMS provide an extra layer
of security by requiring a second form of verification.
7. Pattern-based Passwords: Some users create passwords based on
patterns on the keyboard or a specific sequence of characters that are
meaningful to them but not easily guessable.
How do you compare use of passwords to
something you have” and “something you are”?
Passwords are something you know, like a secret
code or phrase, that you use to prove your identity.
They are commonly used for online accounts and
systems. On the other hand, "something you have"
refers to physical items like a key card, token, or
mobile device that can be used to authenticate your
identity. This method adds an extra layer of security
as it requires the physical possession of the item.
"Something you are" refers to biometric
authentication methods such as fingerprint or facial
recognition. These methods rely on unique physical
characteristics to verify identity, providing a high
level of security.
What are the common ways passwords are
cracked and how can these be mitigated?
1. Brute force aAttacks: Hackers use automated
tools to try every possible combination of
characters until the correct password is found.
2. Dictionary attacks: Hackers use a list of
commonly used passwords or words from a
dictionary to guess the password.
3. Phishing: Hackers trick users into revealing
their passwords through fake emails or websites.
4. Social engineering: Hackers manipulate
individuals into revealing their passwords through
psychological manipulation.
To mitigate these risks, consider the following
measures:
1. Use strong and unique passwords: Create complex
passwords with a mix of letters, numbers, and special
characters. Avoid using easily guessable information like
birthdays or common words.
2. Enable multi-factor authentication: Add an extra layer of
security by requiring a second form of verification, such as a
code sent to your phone.
3. Regularly update passwords: Change your passwords
periodically to reduce the risk of unauthorized access.
4. Be cautious of phishing attempts: Avoid clicking on
suspicious links or providing personal information in
response to unsolicited emails.
5. Educate yourself and others: Stay informed about
cybersecurity best practices and educate others in your
organization or community to prevent password-related
attacks.
1. Conduct
How can regular
an adminsecurity
make useassessments:
of the available Perform
vulnerability
passwordassessments and
cracking tools penetration
to protect testing
his/her to
systems?
identify weaknesses in your systems and address them
proactively.
2. Implement strong password policies: Enforce
password complexity requirements, regular password
changes, and multi-factor authentication to strengthen the
security of user accounts.
3. Monitor and analyze system logs: Keep track of user
activities, login attempts, and security events to detect any
suspicious behavior or unauthorized access.
4. Update software and patches: Ensure that all
systems and software are up to date with the latest
security patches to protect against known vulnerabilities.
5. Educate users: Train employees on cybersecurity best
practices, such as creating strong passwords, recognizing
phishing attempts, and reporting suspicious activities.
 What are the common “what you are”
authentications in use today?
1. Biometric authentication: This includes fingerprint
recognition, facial recognition, iris scanning, voice recognition,
and palm vein recognition. Biometric authentication uses
unique physical characteristics to verify a person's identity.
2. Retina scanning: This biometric authentication method
involves scanning the unique patterns of blood vessels in the
retina to verify a person's identity.
3. Hand geometry recognition: This method measures the
size and shape of a person's hand to authenticate their
identity.
4. DNA matching: DNA authentication involves comparing a
person's genetic information to verify their identity.
5. Behavioral biometrics: This authentication method
analyzes patterns of behavior, such as typing speed, mouse
movements, and voice intonation, to verify a person's identity.
What are the advantages &
disadvantages of biometrics
over passwords?

Advantages of biometrics over passwords:

1. Enhanced security: Biometrics provides a
higher level of security as they are unique to
each individual and difficult to replicate.
2. Convenience: Biometrics eliminates the need
to remember passwords, making authentication
quicker and more convenient.
3. Reduced risk of password theft: Biometric
data is harder to steal compared to passwords,
reducing the risk of unauthorized access.
Disadvantages of biometrics over passwords:
1. Privacy concerns: Biometric data, such as
fingerprints or facial recognition, raises privacy
concerns as it is personal and cannot be changed if
compromised.
2. Cost: Implementing biometric systems can be
expensive compared to using passwords.
3. Accuracy and reliability: Biometric systems may
have limitations in accuracy and reliability, leading
to potential authentication errors.
What are the characteristics of ideal
biometric authentications?

Ideal biometric authentications should possess several

key characteristics to ensure security and accuracy.
These include uniqueness, which ensures that each
individual's biometric data is distinct, permanence,
meaning that the biometric trait remains consistent
over time, universality, allowing for widespread use
across different populations, collectability, making it
easy to obtain the biometric data, and resistance to
spoofing or tampering. By incorporating these
characteristics, biometric authentications can provide
a reliable and secure method of verifying an
individual's identity
Discuss the Business recovery planning/disaster recovery planning
process

1. Risk Assessment: Identify potential risks and threats that could disrupt
business operations, such as natural disasters, cyber attacks, or equipment
failures.
2. Business Impact Analysis: Evaluate the potential impact of these risks on
critical business functions, processes, and systems to prioritize recovery efforts.
3. Plan Development: Develop a comprehensive recovery plan that outlines
procedures, responsibilities, and resources needed to respond to and recover
from disruptions.
4. Testing and Training: Regularly test the recovery plan through simulations
and exercises to ensure its effectiveness. Provide training to employees on their
roles and responsibilities during a disaster.
5. Communication: Establish communication protocols to keep employees,
stakeholders, and customers informed during a crisis and ensure timely updates
on recovery efforts.
6. Recovery and Restoration: Activate the recovery plan when a disaster
occurs, implement recovery strategies to restore critical functions, and monitor
progress towards full restoration.
7. Review and Update: Conduct post-incident reviews to identify areas for
improvement and update the recovery plan based on lessons learned from the
recovery process.
 Discuss Business Continuity and
Recovery Measures in an IT/IS setting
1. Data Backup and Recovery: Regularly backing up critical data and systems is
essential to ensure that information can be restored in the event of data loss or
system failure. Implementing automated backup processes and storing backups in
secure off-site locations can help mitigate risks.
2. Disaster Recovery Planning: Developing a comprehensive disaster recovery
plan that outlines procedures for responding to and recovering from IT disruptions
is essential. This plan should include steps for restoring systems, applications, and
data, as well as identifying key personnel and resources needed for recovery
efforts.
3. Redundancy and Failover Systems: Implementing redundancy and failover
systems can help minimize downtime and ensure continuous operation of critical
IT systems. This may involve deploying backup servers, network connections, or
cloud-based services to maintain business operations during disruptions.
4. Cybersecurity Measures: Strengthening cybersecurity measures, such as
implementing firewalls, antivirus software, and intrusion detection systems, can
help protect IT systems from cyber threats and data breaches. Regular security
audits and employee training on cybersecurity best practices are also important.
5. Regular Testing and Training: Conducting regular testing of IT disaster
recovery plans through simulations and exercises can help identify weaknesses
and ensure that recovery procedures are effective. Providing training to IT staff on
their roles and responsibilities during a crisis can also enhance preparedness.
Briefly explain key security professionals in an
organization while highlighting the required
qualifications.
1. Chief Information Security Officer (CISO): The CISO is responsible for
overseeing the organization's overall security strategy and ensuring that
security measures align with business objectives. Qualifications typically
include a bachelor's degree in a related field (such as cybersecurity or
information technology) and relevant certifications like CISSP (Certified
Information Systems Security Professional) or CISM (Certified Information
Security Manager).
2. Security Analyst: Security analysts are responsible for monitoring and
analyzing security threats, implementing security measures, and responding
to incidents. Qualifications often include a bachelor's degree in cybersecurity,
information technology, or a related field, along with certifications like
CompTIA Security+ or CEH (Certified Ethical Hacker).
3. Network Security Engineer: Network security engineers design and
implement security measures to protect an organization's network
infrastructure. Qualifications typically include a bachelor's degree in computer
science or a related field, along with certifications like CCNA (Cisco Certified
Network Associate) or CISSP.
4. Security Architect: Security architects design and build secure systems
and networks, ensuring that security requirements are integrated into the
organization's infrastructure. Qualifications often include a bachelor's degree
in computer science or a related field, along with certifications like CISSP or
CISM.
 Discuss the Risk Management Process.
1. Risk Identification: This involves identifying potential risks that could
affect a project, organization, or process. This step often involves
brainstorming, using historical data, and consulting with stakeholders.
2. Risk Assessment: Once risks are identified, they are assessed in terms
of their likelihood of occurring and their potential impact. This helps
prioritize which risks need to be addressed first.
3. Risk Mitigation: After prioritizing risks, strategies are developed to
mitigate or manage them. This could involve avoiding the risk, transferring
it to another party (such as through insurance), reducing the likelihood or
impact of the risk, or accepting the risk.
4. Risk Monitoring and Review: Risk management is an ongoing process
that requires monitoring and reviewing risks regularly. This ensures that new
risks are identified and that existing risk mitigation strategies are effective.
Discuss the process of determining the Risk Likelihood
Level.

By analyzing these factors, a risk likelihood level can be

assigned, ranging from low to high. This helps
organizations prioritize and plan for potential risks
accordingly.
 Discuss any other useful information relevant
to risk management in information systems.
1. Risk Assessment: Conducting a thorough risk assessment is essential to
identify and analyze potential risks that could impact the organization's information
systems. This involves evaluating vulnerabilities, threats, and the potential impact
of risks on the confidentiality, integrity, and availability of data.
2. Risk Mitigation Strategies: Developing and implementing risk mitigation
strategies is crucial to reduce the likelihood and impact of identified risks. This may
involve implementing security controls, conducting regular security audits, and
establishing incident response plans to address security breaches effectively.
3. Compliance and Regulations: Ensuring compliance with relevant laws,
regulations, and industry standards is essential in managing risks in information
systems. Organizations must stay up-to-date with legal requirements and industry
best practices to protect sensitive data and maintain the trust of stakeholders.
4. Employee Training and Awareness: Educating employees about
cybersecurity best practices and the importance of information security is vital in
mitigating risks. Human error is a common cause of security breaches, so providing
training and raising awareness can help prevent incidents.
5. Continuous Monitoring and Improvement: Risk management in information
systems is an ongoing process that requires continuous monitoring and
improvement. Regularly reviewing and updating risk assessments, security
measures, and incident response plans ensures that the organization remains
resilient to evolving threats
Develop a risk management plan for an organization of your
choice.
My choice of organisation is Fortebet and especially Kalerwe Main
branch.
1. Risk Identification:
Risks:
Unsecured and unmonitored wired network connection.
Risk category:
Both hardware and software risk.
2. Risk Assessment:
Risk Evaluation:
This risk has led to unauthorised use of company internet connection.
3. Risk Mitigation Strategies:
Sealing or pinning the network cables.
Implementing use of a well encrypted wireless network connection.
4. Risk Monitoring and Reporting:
Monitor and report those who unauthorised user of the network cables.
Provide a wireless network connection for example a WIFI with a firewalls
and asses control passwords.
5. Risk Communication and Training:
Commune and train operators to the use of the wireless network
connection.
 system failure of the enterprise system used by all
departments. It is found out that the system administrator
could not access the system using their Admin username
and password to have the concern rectified. It is later
reported that an insider gained access to the system and
changed the password. You have been hired as a security
analyst;
i) Develop
1. Incident anProvide
Overview: incident report
a brief detailing
summary what could
of the incident, have
including the date and
time itbeen
occurred, the impact
included on the
in such a business
report. operations, and the systems affected.
2. Incident Details: Describe how the system failure was discovered, including any
error messages or unusual system behavior observed. Explain the inability of the
system administrator to access the system and the discovery that an insider had
changed the password.
3. Root Cause Analysis: Investigate and identify the root cause of the incident,
focusing on how the insider gained unauthorized access to the system and changed
the password. Evaluate any vulnerabilities in the system that may have been
exploited.
4. Impact Assessment: Assess the impact of the incident on Company A, including
the extent of the business shutdown, financial losses incurred, and potential
reputational damage.
5. Response and Recovery: Outline the immediate actions taken to mitigate the
incident, such as restoring system access, resetting passwords, and implementing
additional security measures. Detail the steps taken to recover from the incident and
prevent similar incidents in the future.
6. Recommendations: Provide recommendations for improving the security posture
of Company A, such as implementing multi-factor authentication, conducting regular
security audits, and enhancing employee training on cybersecurity best practices.
 ii) What are some of the measures that
you could advise Company A to
undertake to avoid such future
1. Implement Multi-Factor Authentication (MFA): Require users, including
systemoccurrences?
administrators, to go through an additional layer of authentication
beyond just a username and password. This can help prevent unauthorized
access even if credentials are compromised.
2. Regularly Review and Update Access Controls: Conduct regular audits of
user access permissions and ensure that only authorized personnel have
access to critical systems. Remove access for employees who no longer
require it.
3. Enhance Monitoring and Logging: Implement robust monitoring and logging
mechanisms to track user activities, system changes, and potential security
incidents. This can help detect unauthorized access and changes in real-time.
4. Conduct Security Awareness Training: Educate employees, including system
administrators, on cybersecurity best practices, such as recognizing phishing
attempts, safeguarding credentials, and reporting suspicious activities.
Awareness training can help prevent insider threats.
5. Implement Least Privilege Principle: Follow the principle of least privilege by
granting users the minimum level of access required to perform their job
functions. This can limit the impact of insider threats and unauthorized access.
6. Regularly Update and Patch Systems: Ensure that all systems, including the
enterprise system used by all departments, are regularly updated with the
latest security patches and software updates to address known vulnerabilities.
7. Establish an Incident Response Plan: Develop a comprehensive incident