INtel College

.
BTEC – HND in Computing

MODULE NAME: SECURITY

TERM DATES: 3 MAY 2018 - 3 AUGUST 2018
ASSESSMENT TITLE: IT SECURITY ASSESSMENT
UNIT NO. 5 CREDIT VALUE 15 ASSIGNMENT 1
ISSUE DATE 14 MAY 2018

STUDENT NAME:
LECTURER NAME: GEORGE KARIUKI
DATE DUE PRESENTATION 19 JULY 2018
ALL TASKS 23 JULY 2018
DATE MARKED AND ALL TASKS 10 AUGUST 2018
RETURNED
I CONFIRM THAT THIS IS SIGNATURE
ALL MY WORK.
(Signature & Date) DATE

Pass Grades Awarded P1 P2 P3 P4 P5 P6 P7 P8

Merit Grades Awarded M1 M2 M3 M4 GRADE

Distinction Grades D1 D2 D3
Awarded
Instructor’s additional feedback comments

Name Signature Date

Instructor Mr. George Kariuki
Assignment Moderator Mr. Philip Makhanu
Dean Academic Affairs Mr. Leonard Maina
IV Ms. Anita Aggarwal

INtel College Programme: HND in Computing Unit Name: Security Page 1 of 9

Term Dates: 03 May 18 – 03 Aug 18
Scenario
Sasini Limited is a company involved in growing, processing, warehousing and marketing of
tea and coffee. The company was started in 1952, in what was then known as the Kenya
Colony, eleven years prior to Kenya’s independence from British colonial rule in 1963. At
that time, Sasini was originally incorporated as Doondu Estates Ltd, with one coffee farm in
the beautiful Central highlands of Kenya in the current Kiambu County.
Realizing that growth was the only option, the young coffee growing company went on to
acquire three more coffee farms in the same vicinity of in 1959. The growth of the company
demanded changes in its financial sourcing options and in response to this demand, the
company converted from a private company to a public company in 1960. For many years,
Sasini operated its Business as Sasini Tea and Coffee Limited with emphasis on its two main
flagship products: Tea and Coffee. This however changed in 2007, when Sasini realised that
it was in Agribusiness and had diversified its operations to include dairy, horticulture and
forestry. In recognition of its diversified operations, it changed its registered name to Sasini
Ltd in 2007.
The Company’s vision is “To be the leading Agribusiness in Africa”. This is through a world
class production, processing and marketing of products to Kenya and the world with
emphasis on environmental conservation, social responsibility and application of latest
technology in value creation.
IT security has become of paramount importance to individuals, corporations and
governments. There has been an increase in IT security threats such as email hacking,
eavesdropping, password cracking and denial of service attacks. This has impaired business
operations, network use and computers. As a result, urgent need for better understanding and
innovative solutions to manage those IT security threats has been created.
Brief
Due to so many IT security concerns in Kenya, Sasini Limited is upgrading its IT security
systems. This will involve automating the company’s ICT systems in order to fully monitor
security issues in the company. You have been employed as an Assistant ICT Security
Personnel under the supervision of Mr. Kariuki, who is the Head of ICT Department.
Your major roles will be to assess, control and manage IT Security risks within Sasini Ltd.

INtel College Programme: HND in Computing Unit Name: Security Page 2 of 9

Term Dates: 03 May 18 – 03 Aug 18
Task One: (This provides evidence for learning outcome LO1 - assessment criteria P1,
P2, M1)
Constant IT insecurity is a threat to most people in Kenya, Sasini Ltd wishes to prioritize IT
security in house by assessing risks to the company’s IT security. Your supervisor has tasked
you to identify and create a brief on IT security risks that would help establish a more secure
system. In your brief you should:
1.1) Identify and evaluate types of IT security risks in Sasini Ltd.
1.2) Describe organizational security procedures for Sasini Ltd.
1.3) Propose a method to assess and treat IT security risks in Sasini Ltd.
Date due: 23/07/2018 Date marked and returned: 10/08/2018
Task Two: (This provides evidence for learning outcome LO2 - assessment criteria P3,
P4, M2&D1)
IT security solutions are vital for the protection of the organization against security threats.
For Sasini Ltd to effectively manage all the risks identified, your supervisor has advised you
to document proper IT Security solutions. He has therefore instructed you to create a report
for Sasini Ltd. In your report you should:
2.1) Identify the potential impact to IT security of incorrect configuration of firewall
policies and third-party VPNs in Sasini Ltd
2.2) Show, using an example for each, how implementing a DMZ, static IP and NAT
in a Sasini Ltd ’s network can improve Sasini Ltd ’s Network Security
2.3) Discuss three benefits of implementing network monitoring systems in Sasini
Ltd. Give supporting reasons.
2.4) Show how a ‘trusted network’ may be part of an IT security solution for Sasini
Ltd.
Date due: 23/07/2018 Date marked and returned: 10/08/2018
Task Three: (This provides evidence for learning outcome LO3 – assessment criteria
P5, P6, M3 & D2)
Mr. Kariuki would like you to carry out surveys at Sasini Ltd, including its various branches
in order to perform risk assessment and provide a mechanism for controlling IT security. He
has tasked you to create a risk assessment document. In your risk assessment document you
should:
3.1) Discuss risk assessment procedures that will be used in Sasini Ltd.
3.2) Explain data protection processes and regulations as applicable to Sasini Ltd.
3.3) Summarise the ISO 31000 risk management methodology and its application in
Sasini’s IT security

INtel College Programme: HND in Computing Unit Name: Security Page 3 of 9

Term Dates: 03 May 18 – 03 Aug 18
 3.4) Discuss possible impacts to Sasini Ltd’s security resulting from an IT security
audit.
3.5) Outline how IT security can be aligned with Sasini Ltd’s policy, detailing the
security impact of any misalignment.

Date due: 23/07/2018 Date marked and returned: 10/08/2018

Task Four: (This provides evidence for learning outcome LO4 - assessment criteria P7,
P8, M5 & D3)
For Sasini Ltd to manage its IT security, your supervisor has asked you to create an IT policy
document. In your policy document you should systematically:
4.1) Design and implement a security policy for Sasini Ltd
4.2) List the main components of Sasini Ltd’s disaster recovery plan, justifying the
reasons for inclusion.
4.3) Discuss the roles of stakeholders in Sasini Ltd to implement security audit
recommendations.
4.4) Evaluate the suitability of the tools used in Sasini Ltd’s policy

Presentation date: 19/07/2018

Date due: 23/07/2018 Date marked and returned: 10/08/2018

INtel College Programme: HND in Computing Unit Name: Security Page 4 of 9

Term Dates: 03 May 18 – 03 Aug 18
GRADING CRITERIA
Pass Merit Distinction
LO1 Assess risks to IT security
P1) Identify and evaluate types of IT M1) Propose a method to assess
security risks in Sasini Ltd. and treat IT security risks in
D1) show how a ‘trusted
Sasini Ltd
network’ may be part of
P2) Evaluate organizational security an IT security solution
procedures which affect data, for Sasini Ltd.
network, systems and operational
impact of security breaches at Sasini
Ltd.

LO2 Describe IT security solutions

P3) Identify the potential impact to M2) Discuss three benefits of
IT security of incorrect configuration implementing network monitoring
of firewall policies and third-party systems in Sasini Ltd. Give
VPNs in Sasini Ltd supporting reasons.

P4) Show, using an example for

each, how implementing a DMZ,
static IP and NAT in a Sasini Ltd ’s
network can improve Sasini Ltd ’s
Network Security.
LO3 Review mechanisms to control organisational IT security
P5) Discuss risk assessment
procedures that will be used in
Sasini Ltd.
P6) Explain data protection
processes and regulations as
applicable to Sasini Ltd.
D2) Outline how IT
M3 Install and configure network
security can be aligned
services and applications on INtel
with Sasini Ltd’s policy,
College network system
detailing the security
impact of any
M4) Discuss possible impacts to misalignment.
Sasini Ltd’s security resulting
from an IT security audit.

LO4 Manage organisational security

D3) Evaluate the
P7) Design and implement a security M5) Discuss the roles of
suitability of the tools
policy for Sasini Ltd stakeholders in Sasini Ltd to
used in Sasini Ltd’s
implement security audit
policy
recommendations.

P8) List the main components of

Sasini Ltd’s disaster recovery plan,
justifying the reasons for inclusion.

INtel College Programme: HND in Computing Unit Name: Security Page 5 of 9

Term Dates: 03 May 18 – 03 Aug 18
NOTE:

PASS
In order to achieve a PASS:
 Complete all the tasks specified and meet all the requirements for a PASS.
MERIT
In order to achieve a MERIT grade:
 Meet all the requirements for a PASS and MERIT
DISTINCTION
In order to achieve a DISTINCTION grade:
 Meet all the requirements for a PASS, MERIT and DISTINCTION.

INtel College Programme: HND in Computing Unit Name: Security Page 6 of 9

Term Dates: 03 May 18 – 03 Aug 18
Unit Outcomes
Outcome Evidence for the criteria Feedback Assessor’s
decision
LO1 P1 Identify types of security risks to 1.1
Assess risks to IT organisations.
security P2 Describe organisational security 1.2
procedures.
M1 Propose a method to assess and treat IT 1.3
security risks.
LO2 P3 Identify the potential impact to IT security 2.1
Describe IT of incorrect configuration of firewall policies
security solutions and third-party VPNs.
P4 Show, using an example for each, how 2.2
implementing a DMZ, static IP and NAT in a
network can improve Network Security.
M2 Discuss three benefits to implement 2.3
network monitoring systems with supporting
reasons.
LO1 & LO2 D1 Investigate how a ‘trusted network’ may 2.4
be part of an IT security solution.
LO3 Review P5 Discuss risk assessment procedures. 3.1
mechanisms to
control P6 Explain data protection processes and 3.2
organisational IT regulations as applicable to an organisation.
security
M3 Summarise the ISO 31000 risk 3.3
management methodology and its application
in IT security.
M4 Discuss possible impacts to organisational 3.4
security resulting from an IT security audit.

D2 Consider how IT security can be aligned 3.5

with organisational policy, detailing the
security impact of any misalignment.
LO4 Manage P7 Design and implement a security policy for 4.1
organisational an organisation.
security P8 List the main components of an 4.2
organisational disaster recovery plan,
justifying the reasons for inclusion.
M5 Discuss the roles of stakeholders in the 4.3
organisation to implement security audit
recommendations.
D3 Evaluate the suitability of the tools used in 4.4
an organisational policy.

INtel College Programme: HND in Computing Unit Name: Security Page 7 of 9

Term Dates: 03 May 18 – 03 Aug 18
COMMENTS ON GRADING:
Statement of Originality and Student Declaration

I hereby, declare that I know what plagiarism entails, namely to use another person’s work
and to present it as my own without acknowledging the sources in the correct way. I further
understand what it means to copy another person’s work.
1. I know that plagiarism is a punishable offence because it constitutes theft.
2. I understand the plagiarism and copyright policy of the Edexcel-UK.
3. I know what the consequences will be if I plagiarize or copy another person’s work in
any of the assignments for this program.
4. I declare therefore that all work presented by me for every aspects of my program,
will be my own, and where I have made use of another person’s work, I will
acknowledge the source in the correct way.
5. I acknowledge that the attachment of this document signed or not, constitutes a
binding agreement between myself and Edexcel-UK.
6. I understand that my assignment will not be considered as submitted if this document
is not attached.

Student’s Signature: …………………………… Date:.……………………

INtel College Programme: HND in Computing Unit Name: Security Page 8 of 9

Term Dates: 03 May 18 – 03 Aug 18
Name _______________________________________ Reg. No _______________________

Programme ___________________________________ Unit __________________________

Date Submitted ________________________________ Date Due ______________________

Received Assignment at INtel

Administrator/HOD Name _______________________Signature ___________Date ______________

College Stamp

INtel College Programme: HND in Computing Unit Name: Security Page 9 of 9

Term Dates: 03 May 18 – 03 Aug 18