Btec international level 3 it specification
C3 A cyber security plan for a system
Yüklə 2,75 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- C4 Internal policies
|
C3 A cyber security plan for a system
The purpose and development of a cyber security plan for an organisation in different scenarios. A plan for a networked system, including: • cyber security protection measures to be taken (actions) for the most severe (medium, high and extreme) risks with the largest impact level/loss value and that are most likely to occur, to include: o hardware protection measures, including firewalls, routers, wireless access points o software protection measures, including anti-malware, firewall, port scanning, access rights and information availability o physical protection measures, including locks, CCTV, alarms, data storage and backups o alternative risk management measures, including risk transfer to a third party (commissioning a service provider), risk avoidance by stopping an activity and risk acceptance • a justification about how each planned protection measure would protect the system from attack • an overview of any technical and financial constraints • an overview of legal responsibilities • an overview of usability of the system, including the degree to which security restrictions impact on the efficiency of the system in terms of the ease of completing tasks and the user experience • outline cost–benefit analysis of implementing the protection measures • test plan to check that the protection measures work as intended, including the test description, expected outcome, and possible further action following the test. C4 Internal policies Understand the internal policies that affect different organisations. • The purpose and content of general security-related IT policies and their effectiveness, including: o understanding the requirements to prepare a cyber security policy using the Plan-Do-Check-Act loop derived from part of the International Organisation for Standardisation (ISO) 27001:2013 o organisation policies and their application, including policies on internet and email use, security and password procedures, staff responsibilities, staff IT security training o security audits and their application to check compliance against policies o backup policy – selection of data, methods (full and incremental), frequency and storage o data protection policy – to ensure organisational compliance with the relevant legislation. U NIT 11: C YBER S ECURITY AND I NCIDENT M ANAGEMENT Pearson BTEC International Level 3 Qualifications in Information Technology – Specification – Issue 3 – September 2022 © Pearson Education Limited 2022 161 • The purpose and content of an incident response policy and associated procedures: o assembling the Computer Security Incident Response Team (CSIRT), roles in the team, including team leader, incident lead, associate members o incident reporting procedures, including what constitutes a security incident, and how to report it and to whom o initial assessment of the incident, including identifying if this is a real incident, the type of attack and its severity o communicating the incident to the CSIRT and other relevant individuals o containing the damage and minimising the risk o protect people’s safety o protect sensitive data and other data, protecting the most valuable first o protect hardware and software o minimise disruption to computing resources o identifying the type and severity of the compromise, including the nature of the attack, its intent, its origin and the systems and files that have been compromised o protecting evidence and creating backups for evidence and data recovery, including the removal and storage of original hard disks o notifying external agencies, if appropriate, and discussing options with legal representatives, contact external agencies such as law enforcement, external security and virus experts o recovery of systems and identification of the point in time when the compromise occurred and restore backups from before that point in time o compile and organise incident documentation, including documentation created by the CSIRT identifying the details of the breach and actions taken o know the importance of preserving and collating documentation that may be needed to prosecute offenders o review outcomes to update policies and improve training. • Topics typically covered in a disaster recovery plan and their purpose: o identification of critical systems, definitions of recovery time objective (RTO) and recovery point objective (RPO) o prevention, response and recovery strategies for critical systems, including – people responsible – facilities and equipment required – data backup location and format – network connectivity and bandwidth – suppliers of equipment and people o definition of recovery procedures for each critical system o disaster recovery plan structure following ISO 27031/24762 or other relevant international equivalents, including – introduction – roles and responsibilities – incident response procedures – activating the disaster recovery plan – procedures to be followed. U NIT 11: C YBER S ECURITY AND I NCIDENT M ANAGEMENT Pearson BTEC International Level 3 Qualifications in Information Technology – Specification – Issue 3 – September 2022 © Pearson Education Limited 2022 162 Yüklə 2,75 Mb. Dostları ilə paylaş:
|