Assignment brief – BTEC (NQF)

Assignment title / A3 Implement security measures to protect a technology system
Assessor / Tom Worgan
Date issued / 17/05/15
Hand in deadline / 29/05/15
Duration (approx) / 2 weeks
Qualification covered / BTEC L2 First Diploma in Information and Creative Technology
Units covered / 22 Computer Security in Practice
Learning aims covered / C: Implement security measures to protect a technology system
Scenario / You work for LockedDown Security, a company that advises business clients on I.T. security. You have been assigned to a client who is a new start-up and needs to protect their technology system. They have provided a detailed brief.
Task 1 / You have already drafted a plan to implement security for your customer (Assignment 2).
You now need to apply security measures to protect the given technology system.
You need to complete the following actions:
1.  Install an appropriate anti-malware application. You will need to access an antivirus application (free version) from the web and install it on the lab machines. Alternatively you may activate any antivirus application which is preinstalled.
2.  Configure the installed antivirus so that it runs automatic malware scans.
3.  Activate the windows firewall
4.  Restrict user access: create two new users, Mr John Doe and Miss Jane Doe such that they have private folders that only they and the administrator can access and also have a shared folder that they can both access.
5.  Configure the operating system, browser and the antivirus to ensure that they update regularly.
6.  Set periodic back-ups and complete the first of these back-ups. Test the back-up by carrying-out a restore.
You should ensure that you have covered all three common protection categories (users, technology, and tools and techniques). As a minimum this will include:
7.  Write an employee policy that outlines access rights and information availability.
8.  Set the password policy to ensure passwords meet a minimum length of 8 characters, are changed every 30 days and contain a mixture of different character sets.
9.  Configure the Windows firewall with the following rules
a.  Allow printer and file-sharing
b.  Set the ICMP protocol to dis-allow (block) incoming echo requests (this will prevent this computer from being pinged to check for connections)
c.  Set a program rule to allow Firefox to connect to the internet
d.  Set a port-based rule to restrict the web server application to TCP connections on ports 80 and 443
10.  Suggest additional measures to prevent external access to local shared storage.
The process of modifying and testing a technology system is an iterative (on-going) process.
Refine the technology system to improve protection against security threats using all the ideas from vulnerability testing, functionality testing, feedback and reflection (task 2). If it is not possible for you to apply your improvements (e.g. due to software or hardware constraints), you should explain what you would do if you had the opportunity, focusing on improving security protection.
Refinements could include setting different times when users can access specific information, automatic deletion of files/folders containing sensitive information and/or encrypting data.
Evidence you must produce for this task / This task will be assessed by witness statement you should also record screen-shots/still photographs or video recording as further evidence.
Criteria covered by this task:
To achieve the criteria you must show that you are able to: / Unit / Criterion reference
Implement security measures for a technology system that includes:
● installing security software including a firewall and antimalware applications
● scheduling an automatic malware scan
● restricting user access
● updating software and changing settings
● completing periodic back-ups. / 22 / 2C.P4
Implement enhanced security measures for a technology system that includes:
● an employee policy
● meeting specific firewall port-based rules
● preventing external access to local shared storage. / 22 / 2C.M3
Refine the modified technology system in order to improve protection against security threats, taking account of feedback from testing / 3 / 2C.D3
If you have not achieved the Level 2 criteria, your work will be assessed to determine if the following Level 1 criteria have been met.
To achieve the criteria you must show that you are able to: / Unit / Criterion reference
Implement security measures for a technology system, with guidance, that includes:
● a software firewall
● back-up of data
● running a malware scan. / 22 / 1C.4
Task 2 / Test the functionality of the technology system in terms of checking that any security threats (if identified) have been removed and any protection measures have been implemented successfully. Test the additional functionality and repair any faults.
You should also test that the technology system meets the original requirements. This could be presented in the form of a table (an example is shown below).

You are likely to experience technical difficulties as you apply protection measures to the technology system. Where this happens, you will be expected to resolve these difficulties, and by doing so will have made the necessary repairs to the technology system. It is important that you make appropriate comments in your test plan about any issues you discover, and how you have resolved them. Where appropriate to do so, photographs of problems and solutions or witness statements and observation records can be used as evidence of this process.
You must adhere to all health and safety guidelines when undertaking practical activities with electronic equipment.
You should also prepare a survey and gather feedback from your ‘client’, as part of testing the technology system and record the feedback. The feedback should be used to help identify areas where security can be improved.
Evidence you must produce for this task / This task will be assessed by witness statement you should also record screen-shots/still photographs or video recording as further evidence. Completed client feedback should also be presented.
Criteria covered by this task:
To achieve the criteria you must show that you are able to: / Unit / Criterion reference
Test the modified technology system for functionality against the original requirements and repair any faults as necessary. / 22 / 2C.P5
Test the additional functionality, repairing any faults, and gather feedback from others. / 22 / 2C.M4
If you have not achieved the Level 2 criteria, your work will be assessed to determine if the following Level 1 criteria have been met.
To achieve the criteria you must show that you are able to: / Unit / Criterion reference
Test the modified technology system for functionality, with guidance. / 22 / 1C.5

3