Unit 4 – Network Threats and Vulnerabilities Coursework Piece Yellow

Investigate and document the ethical responsibilities of a cyber security professional: Ethics http://www.bcs.org/upload/pdf/conduct.pdf - British Computer Society Code of Ethics http://www.ieee.org/about/corporate/governance/p7-8.html - Institute of Electical and Electronics Engineers Code of Ethics http://www.iconsulting.org.uk/~/media/Files/PDF/IC/Code-of-Conduct-and-Practice- Leaflet.pdf - Chartered Management Institute Code of Conduct https://www.sans.org/security-resources/ethics - SANS Institute (Cyber Security Training) IT Code of Conduct https://huit.harvard.edu/it-professional-code-conduct-protect-electronic-information - Harvard University IT Professional Code of Conduct

Investigate and document the ethical responsibilities of a cyber security professional: Ethics Consider the similarities with the codes of conduct provided: What types of thing do they all contain? How are most of them presented? Is this the best way? Are infographics useful? What topics must be covered in an ethical code of conduct? What is an ethical responsibility? How can a code of conduct be enforced?

Investigate and document the ethical responsibilities of a cyber security professional: Employee Handbooks http://www.valvesoftware.com/company /Valve_Handbook_LowRes.pdf https://www.dropbox.com/s/u6suqbbk2 w1vbwz/Disqus%20Culture%20Book.pd f https://www.slideshare.net/reed2001/c ulture-2009 http://www.businessinsider.com/nordstro ms-employee-handbook-2014-10?IR=T What is an employee handbook? What is the purpose of it? What similarities do these handbooks have? Are there any huge differences?

Task: Create a form of guidance suitable for an employee handbook that documents the ethical responsibilities of a cyber security professional Controlled Assessment Piece 1, Task 1: Investigate and document the ethical responsibilities of a cyber security professional Remember this doesn’t have to be a word document. You could create a: Leaflet Poster Strapline (Nordstrom) Infographic (CMI) Make sure you include the key themes discussed in class: Data Security Privacy Access to information Crime Causing Harm To others To Companies

Controlled Assessment Piece 1, Task 1: Task: Create a form of guidance suitable for an employee handbook that documents the ethical responsibilities of a cyber security professional Controlled Assessment Piece 1, Task 1: Investigate and document the ethical responsibilities of a cyber security professional Document your: Research References Create your: Form of Guidance

Describe five different types of configuration that can affect network security Apply security settings to network technologies Switch configuration Implementing virtual local area networks (VLANs). Protection from loops, ie using Spanning Tree Protocol (STP). Antivirus Configuration Frequency of virus signature updates. ‘On demand’ scanning settings for downloads and email attachments. Scanning frequency. Integration with operating systems and email systems. Domain Configuration Authentication of users. Authorisation of users. User permissions and default behaviours. Creation, maintenance and application of group security policies. Bandwidth throttling. Roaming user profiles and desktops. Remote Desktop Services (RDS). Remote Desktop Protocol (RDP)

Describe five different types of configuration that can affect network security Web technology security and configuration Awareness of WAMP, LAMP, MAMP stacks. Web server configuration: suppressing web server footprint (eg name, version etc) aliases and virtual hosts ports for HTTP/HTTPS traffic (eg 80, 443, 8080 etc) automatic HTTP to HTTPS directs • session timeout constraints allowed/blocked IP ranges suppressing directory views directory/folder permissions file permissions file type execution (eg ASP .Net, .ASP, .PHP etc) suppressing web application code errors limit maximum concurrent connections. File Transfer Protocol (FTP) (client) access: use of FTPS (also known as FTP-ES, FTP-SSL and FTP Secure). Secure Shell (SSH) remote access. Relational database remote access and authorisation: non-standard ports user permissions, especially for DDL and DML SQL statements limit maximum concurrent connections securing web-based front-ends, eg PHPmyadmin. Web application configuration and deployment. Web browser client security (eg security settings, plug-ins etc).

different types of configuration that can affect network security - Research Choose 1 device technology: Switches VLAN STP Choose 1 service: Active Directory FTP HTTP/HTTPS SSH Remote Desktop Services / Remote Desktop Protocol Choose 1 technology: VPN Web Servers Relational Databases (Remote Access and Authorisation) In a presentation: Find out what it is Find out what it does Explain how it can improve security Explain how it can pose security threats

Describe five different types of configuration that can affect network security. Make sure you: Explain what the technology is Explain what it is used for Explain how it helps a user / system Explain how it can improve security Explain how it can pose security threats