Table of Content

2. Understand cyber security protection methods

2.1 Describe network security protection methods.
2.2 Evaluate the impact of penetration and vulnerability testing has to an organisation
2.3 Describe end user device protection methods
2.4 Describe the importance of implementing and reviewing access controls in an organization
2.5 Explain how end users can be educated and aware of cyber security
3. Understand how to manage a cyber security attack
3.1 Evaluate the impact a cyber-attack has to the organisation.
3.2 Describe the content of an organisational incident management plan.
3.3 Explain the importance of internal and exteral communication when managing a cyber-
attack.
3.4 Describe the roles and responsibilities for incident management.
3.5 Analyse the actions to take when responding to an incident.
3.6 Explain the importance of post cyber-attack reviews.

1
2.1 Describe network security protection methods.

2.1 Describe network security protection methods.

Methods for protecting computer networks from illegal access, hacking, and cyberattacks
comprise the field of network security protection. The following are some popular network
security defense techniques:
1. Firewall: Based on pre-established security rules, a firewall is a network security system that
monitors and regulates both incoming and outgoing network traffic. It serves as a barrier
between the reputable, secure internal network and the shady internet outside.
2. Virtual Private Network (VPN): A VPN is an encrypted, secure connection that enables two or
more devices to communicate with each other across an unprotected network, like the internet.
Users can connect to faraway offices and staff members or securely access company
resources.
3. Intrusion Detection and Prevention Systems (IDPS): An IDPS is a security system that keeps
an eye on network traffic for indications of malicious activity or infringements of rules. They are
able to recognize and stop threats like phishing, hacking, and malware.
4. Access Control: Limiting access to network resources based on user identification, role, or
other factors is the process of access control. Setting up authentication, authorisation, and
permission methods is required to guarantee that only authorized users can access sensitive
data or systems.
5. Network Segmentation: To lower the attack surface and prevent the spread of cyber threats,
a network is divided into smaller subnetworks, or segments. It can aid in the isolation of
important systems and data and hinder attacker lateral movement.
6. Encryption: To prevent unauthorized access, encryption encrypts data into a code or cipher. It
can be used to encrypt data at rest, like with disk encryption, or data in transit, such with VPNs.
7. Patch management: Applying software patches to address known vulnerabilities and thwart
attacks is known as patch management.

2.2 Evaluate the impact of penetration and vulnerability testing has to an organisation

Any organization that wishes to preserve the security of its information systems must engage in
penetration testing and vulnerability testing. In order to find potential weaknesses that an
attacker could exploit, penetration testing entails simulating a real-world attack. On the other
hand, vulnerability testing entails the use of technologies to find known weaknesses in a
system.
The following are some effects that these actions may have on a company:

1.Improved security:Organizations can lessen their vulnerability to cyberattacks and data

breaches by recognizing and fixing them.
2.Cost savings: Organizations can avoid the significant costs of data breaches, such as legal
fees, fines, and reputational harm, by discovering vulnerabilities and correcting them before they
are exploited.
3. Compliance: To adhere to rules and standards relevant to a given industry, many regulatory
agencies and commercial sectors demand that businesses perform frequent penetration tests

2
2.1 Describe network security protection methods.

and vulnerability assessments. Organizations can avoid penalties for non-compliance by

engaging in these activities.
4. Better decision making:Testing for vulnerabilities and penetration offers important insights
into the information systems' security posture. Making educated choices about cybersecurity
investments and setting priorities for security activities are possible with the help of this
information.
5. Customer trust: By demonstrating a dedication to protecting sensitive information, a strong
security program that includes penetration testing and vulnerability testing can help develop
customer trust.

2.3 Describe end user device protection methods

The numerous steps a company can take to safeguard the devices used by their employees or
end users, such as laptops, desktops, tablets, and smartphones, are referred to as "end user
device protection methods." These gadgets are susceptible to a number of security risks,
including viruses, phishing scams, data breaches, and theft. The following are some popular
end user device protection strategies:

1.Antivirus software: Malware and other dangerous software can be found and stopped from
infecting end user devices by installing antivirus software.
2.Firewall: A firewall can monitor incoming and outgoing network traffic to prevent unwanted
access to an end user device.
3.Encryption: Data saved on end user devices can be protected by encryption by being changed
into a format that cannot be read without a decryption key.
4.Password protection: Strong password requirements that are updated frequently help stop
illegal access to end user devices.
5.Two factor authentication(2FA): By requiring a second authentication method in addition to a
password, such as a fingerprint scan or a one-time code given to a mobile device, 2FA can add
an additional layer of security.
6.Mobile device management (MDA): By implementing regulations like encryption, password
protection, and remote wiping, MDM systems can assist enterprises in managing and securing
mobile devices used by their employees.
7.Software updates: Updating end user devices with the most recent security patches and
software updates can stop known
8.User training: Phishing attacks and other security concerns can be avoided by educating end
users about security best practices, such as not clicking on dubious links or emails.

2.4 Describe the importance of implementing and reviewing access controls in an

organization

Access controls are essential for protecting sensitive information from illegal access,
modification, or disclosure and for securing an organization's information systems. Security
mechanisms known as access controls are put in place to govern who has access to

3
2.1 Describe network security protection methods.

information resources such computers, networks, applications, and data. Here are some of the
explanations for why an organization must install and evaluate access controls:

1. Protect sensitive information: Only authorized individuals are given access to sensitive
information thanks to access controls. An company can lower the risk of data breaches, identity
theft, and other cybercrimes by limiting access to sensitive data.
2. Meet compliance requirements: Access controls must be implemented by businesses in order
to adhere to industry-specific rules and standards, according to several industries and
regulatory authorities. Legal and financial repercussions may follow failure to adhere to these
regulations.
3. Prevent unauthorized modifications: Access restrictions can stop unauthorized changes to
crucial systems and data, like the addition or deletion of files or alterations to system settings.
This can lessen the chance of data loss, downtime, and system failures.
4. Manage privileged access: Organizations can manage privileged access to important
systems and data with the aid of access controls. Organizations can manage access to
privileged accounts, such as administrator accounts, and watch for misuse and abuse by
deploying privileged access management (PAM).
5. Limit exposure to insider threats: Access controls can reduce the risk of insider threats, such
as workers, contractors, or business partners, getting access to sensitive information.
Employing access controls enables firms to limit employee access to information in accordance
with the least privilege principle, ensuring that they only have the access necessary to carry out
their duties.
6. Improve accountability: Through the creation of a user activity audit trail, access controls can
enhance accountability. Organizations can identify and react to suspicious conduct, such as
illegal access attempts, data exfiltration, or system abuse, by watching user activity.

2.5 Explain how end users can be educated and aware of cyber security

The cybersecurity posture of an organization's end users is frequently its weakest link. They
may unintentionally expose the company to online dangers including malware, phishing scams,
and social engineering. Therefore, it is essential to maintain a safe environment that end users
are educated and made aware of cybersecurity best practices. Here are some strategies for
educating and increasing end users' understanding of cybersecurity:

1. Training sessions: End users can learn the value of cybersecurity and the dangers posed by
online threats by participating in regular cybersecurity training sessions. Password
management, phishing, social engineering, and safe browsing practices should all be covered in
the training.
2. Security policies and procedures: Clear cybersecurity policies and procedures that explain
recommended practices for end users should be established by organizations. These guidelines
ought to address issues like acceptable usage, password security, and reporting security
incidents.

4
2.1 Describe network security protection methods.

3. Phishing simulations: End users can identify questionable emails and report them with the
use of phishing simulations. These simulations can also be used to identify end users who might
need more instruction.
4. Communication: Regularly communicating cybersecurity updates, such as new threats,
vulnerabilities, and best practices, can help end users stay informed and vigilant.
5.Best practices: Giving end users cybersecurity basic practices like creating secure passwords,
staying away from dubious links, and updating software can help lower the likelihood of security
issues.
6.Rewards and recognition: It might be beneficial to reward and recognize end users who report
security problems or exhibit sound cybersecurity practices in order to promote a culture of
cybersecurity responsibility.
7.Demonstration and examples: End customers can better comprehend the value of
cybersecurity and the dangers posed by cyber threats by seeing examples of real-world cyber
attacks and their effects.

3.1 Evaluate the impact a cyber-attack has to the organisation.

An enterprise may suffer serious financial and operational consequences as a result of a

cyberattack. System and data breach repairs can be expensive, and there might also be legal
and regulatory repercussions. Sensitive data loss or theft can harm a company's brand,
resulting in lost clientele and prospective earnings. As a result of the attack, there may be
downtime, lost productivity, and a decline in income. A cyber-attack can also lower staff morale
and their trust in the company's ability to protect their data, which can result in a high turnover
rate. The effects of a cyberattack can be severe and pervasive overall.

3.2 Describe the content of an organisational incident management plan.

A thorough set of processes and standards outlining how to react to various occurrences, such
as cyberattacks, natural disasters, or other emergencies, are often included in an organizational
incident management plan. The incident response team's roles and responsibilities are often
laid out in the plan, including who is in charge of organizing the response effort, getting in touch
with key players, and recording the incident. Additionally, it describes the precise actions that
must be performed to stop, lessen, and recover from the catastrophe. The plan may also
include information on how to handle any legal or regulatory responsibilities as well as
instructions on how to report the incident to the appropriate authorities.

3.3 Explain the importance of internal and exteral communication when managing a
cyber-attack.

Communication between internal and external parties is essential when managing a cyber-
attack. Internally, it helps to make sure that everyone who needs to know about the problem can
react appropriately. It enables the incident response team to plan their activities, exchange
knowledge, and reach important conclusions. Furthermore, effective communication with staff

5
2.1 Describe network security protection methods.

members and other stakeholders can assist to clear up confusion, keep personnel motivated,
and minimize any potential reputational harm.

To ensure that clients, partners, and other stakeholders are aware of the situation and any
potential effects on their data or activities, communication with the outside world is crucial. In
order to uphold the organization's reputation, it can also aid in building trust and openness. To
manage expectations, stop rumors, and ensure compliance with any regulations, effective
external communication can also be helpful.

3.4 Describe the roles and responsibilities for incident management.

The following are common roles and duties for incident management:

The incident response effort is coordinated and led by the incident response team (IRT), which
is in charge of locating the occurrence, evaluating its effects, and creating a plan of action.
IT Support Staff: Charged with providing technical support and assistance during the incident
response process, which includes confining and minimizing the issue, restoring systems, and
completing forensic analysis.
The department of communications and public relations is in charge of overseeing both internal
and external communication during the crisis response process, including alerting relevant
parties, providing frequent updates, and managing the organization's reputation.Legal and
Compliance: in charge of making sure the incident response effort complies with any applicable
legal and regulatory requirements, including notifying the appropriate authorities of the
occurrence.
Management and executives are in charge of giving the incident response effort strategic
direction, making crucial choices, and allocating resources.

3.5 Analyse the actions to take when responding to an incident.

The following steps should be taken while responding to an incident:

Describe the occurrence: Identify the systems and data affected, as well as the incident's type
and scope.
Limit the occurrence: Disconnect the impacted systems from the network as soon as possible to
stop further harm or data loss.
Determine the effect: Identify the extent of the harm and any potential effects on the reputation
and operations of the organization.
Create a response strategy: Create a thorough plan that addresses resource allocation, role
clarification, and communication strategy in order to reduce the impact of the incident.Implement
the plan: Put the response strategy into action, including forensic investigation and system and
data restoration.
Observe the circumstance: Continue to keep an eye on the situation to make sure the response
is working and there aren't any new dangers or weaknesses.

6
2.1 Describe network security protection methods.

Keep a record of the event: For future reference and improvement, make sure to note every
component of the incident, such as the reaction strategy, impact evaluation, and lessons
learned.

3.6 Explain the importance of post cyber-attack reviews

In order to evaluate the success of the incident response effort, spot any gaps or weaknesses,
and make adjustments for upcoming occurrences, post-cyber-attack reviews are crucial. The
evaluation aids in finding any mistakes or inefficiencies in the procedure for responding, which
may then be fixed to ensure better incident management in the future. Additionally, it offers a
chance to assess the effectiveness of the response team and offer suggestions for future
instruction and development. The review procedure can also assist in identifying any potential
long-term effects of the incident, including as hazards to reputation or legal or regulatory issues.
In general, post-attack analyses are essential for enhancing the organization's incident
response skills and lowering the likelihood of subsequent occurrences.