Higher Nationals

Internal verification of assessment decisions – BTEC (RQF)

INTERNAL VERIFICATION – ASSESSMENT DECISIONS
Programme title BTEC Higher National Diploma in Computing

Assessor Internal
Verifier
Unit 05: Security
Unit(s)
EMC Cloud Solutions
Assignment title

Student’s name
List which assessment Pass Merit Distinction
criteria the Assessor has
awarded.
INTERNAL VERIFIER CHECKLIST

Do the assessment criteria awarded

match those shown in the assignment Y/N
brief?
Is the Pass/Merit/Distinction grade
awarded justified by the assessor’s Y/N
comments on the student work?
Has the work been assessed
Y/N
accurately?
Is the feedback to the student:
Give details:
• Constructive? Y/N
• Linked to relevant assessment Y/N
criteria? Y/N
• Identifying opportunities for
improved performance? Y/N
• Agreeing actions?
Does the assessment decision need
Y/N
amending?

Assessor signature Date

Internal Verifier signature Date

Programme Leader signature (if
required) Date

Confirm action completed

Remedial action taken
Give details:

Assessor signature Date

Internal
Verifier Date
signature
1|Page
Programme Leader
signature (if Date
required)
2|Page
Higher Nationals - Summative Assignment Feedback Form
Student Name/ID

Unit Title Unit 05: Security

Assignment Number 1 Assessor

Date
Submission Date Received 1st
submission
Date Received 2nd
Re-submission Date submission

Assessor Feedback:
LO1 Assess risks to IT security.
Pass, Merit & P1 P2 M1 D1
Distinction Descripts

LO2 Describe IT security solutions.

Pass, Merit & P3 P4 M2 D1
Distinction Descripts

LO3 Review mechanisms to control organisational IT security.

Pass, Merit & P5 P6 M3 M4 D2
Distinction Descripts

LO4 Manage organisational security.

Pass, Merit & P7 P8 M5 D3
Distinction Descripts

Grade: Assessor Signature: Date:

Resubmission Feedback:

Grade: Assessor Signature: Date:

Internal Verifier’s Comments:

Signature & Date:

* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and grades
decisions have been agreed at the assessment board.

3|Page
Pearson
Higher Nationals in
Computing.
Unit 5: Security

4|Page
General Guidelines

1. A Cover page or title page – You should always attach a title page to your assignment. Use
previous page as your cover sheet and make sure all the details are accurately filled.
2. Attach this brief as the first section of your assignment.
3. All the assignments should be prepared using a word processing software.
4. All the assignments should be printed on A4 sized papers. Use single side printing.
5. Allow 1” for top, bottom , right margins and 1.25” for the left margin of each page.

Word Processing Rules

1. The font size should be 12 point, and should be in the style of Time New Roman.
2. Use 1.5 line spacing. Left justify all paragraphs.
3. Ensure that all the headings are consistent in terms of the font size and font style.
4. Use footer function in the word processor to insert Your Name, Subject, Assignment No,
and Page Number on each page. This is useful if individual sheets become detached for any
reason.
5. Use word processing application spell check and grammar check function to help editing your
assignment.

5|Page
Important Points:

1. It is strictly prohibited to use textboxes to add texts in the assignments, except for the compulsory
information. eg: Figures, tables of comparison etc. Adding text boxes in the body except for the
before mentioned compulsory information will result in rejection of your work.
2. Carefully check the hand in date and the instructions given in the assignment. Late submissions
will not be accepted.
3. Ensure that you give yourself enough time to complete the assignment by the due date.
4. Excuses of any nature will not be accepted for failure to hand in the work on time.
5. You must take responsibility for managing your own time effectively.
6. If you are unable to hand in your assignment on time and have valid reasons such as illness, you
may apply (in writing) for an extension.
7. Failure to achieve at least PASS criteria will result in a REFERRAL grade.
8. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will
then be asked to complete an alternative assignment.
9. If you use other people’s work or ideas in your assignment, reference them properly using
HARVARD referencing system to avoid plagiarism. You have to provide both in-text citation
and a reference list.
10. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be
reduced to A REFERRAL or at worst you could be expelled from the course

6|Page
 Student Declaration

I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as
my own without attributing the sources in the correct way. I further understand what it means to copy
another’s work.

1. I know that plagiarism is a punishable offence because it constitutes theft.

2. I understand the plagiarism and copying policy of the Edexcel UK.
3. I know what the consequences will be if I plagiarize or copy another’s work in any of the
4. assignments for this programme..
5. I declare therefore that all work presented by me for every aspects of my programme, will be of
6. my own, and where I have made use of another’s work, I will attribute the source in the correct
7. way.
8. I acknowledge that the attachment of this document, signed or not, constitutes a binding
9. agreement between myself and Pearson UK.
10. I understand that my assignment will not be considered as submitted if this document is not
11. attached to the main submission.

Student’s Signature: Date:

(Provide E-mail ID) (Provide Submission Date)

7|Page
Higher National Diploma in Computing
Assignment Brief
Student Name /ID Number
Unit Number and Title Unit 5- Security
Academic Year 2020/21
Unit Tutor
Assignment Title EMC Cloud Solutions
Issue Date
Submission Date
IV Name & Date

Submission format

The submission should be in the form of an individual written report written in a concise, formal business style
using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as
appropriate, and all work must be supported with research and referenced using Harvard referencing system.
Please provide intext citation and an end list of references using Harvard referencing system. Section 4.2 of the
assignment required to do a 15 minutes presentation to illustrate the answers.

Unit Learning Outcomes:

LO1 Assess risks to IT security.

LO2 Describe IT security solutions.

LO3 Review mechanisms to control organisational IT security.

LO4 Manage organisational security.

Assignment Brief and Guidance:

Scenario :
EMC Cloud Solutions is reputed as the nation’s most reliable Cloud solution provider in Sri
Lanka. A number of high-profile businesses in Sri Lanka including ESoft Metro Campus
network, SME Bank Sri Lanka and WEEFM are facilitated by EMC Cloud Solutions. EMC
Cloud provides nearly 500 of its customers with SaaS, PaaS & IaaS solutions with high
capacity compute and storage options. Also, EMC is a preferred contractor for Sri Lanka,
The Ministry of Defense for hosting government and defense systems.

EMC’s central data center facility is located at Colombo Sri Lanka along with its corporate

8|Page
head-office in Bambalapitiya. Their premises at Bambalapitiya is a six-story building with
the 1st floor dedicated to sales and customer services equipped with public Wi-Fi facilities.
Second-floor hosts HR, Finance and Training & Development departments and the third-
floor hosts a boardroom and offices for senior executives along with the IT and Data center
department. Floor 4,5,6 hosts computer servers which make up the data center.

With the rapid growth of information technology in Kandy area in recent years, EMC seeks
an opportunity to extend its services to Kandy, Sri Lanka. As of yet, the organization is
considering the nature of such an extension with what to implement, where it is to be a
suitable location and other essential options such as security are actually, being discussed.

You are hired by the management of EMC Solutions as a Security Analyst to evaluate the
security-related specifics of its present system and provide recommendations on security and
reliability related improvements. Furthermore, you have to plan the establishment of the
extension on a solid security foundation.

Activity 01
Assuming the role of External Security Analyst, you need to compile a report focusing on
following elements to the
board of EMC Cloud Solutions;

1.1 Identify types of security risks EMC Cloud is subject to its present setup and the impact
that they would make on the business itself. Evaluate at least three physical and virtual
security risks identified and suggest the security measures that can implemented in order
to improve the organization’s security.

1.2 Develop and describe security procedures for EMC Cloud to minimize the impact of
issues discussed in section

(1.1) by assessing and rectifying the risks.

Activity 02

.1 Identify how EMC Cloud and its clients will be impacted by improper/ incorrect
configurations that are applicable to firewalls and VPN solutions. It security can
include a network monitoring system. Discuss how EMCcloud can benefit by
implementing a network monitoring system.

2.2 Explain how the following technologies would benefit EMC Cloud and its

9|Page
 Clients by facilitating a ‘trusted network’. (Support your answer with
suitable examples).

i) DMZ
ii) Static IP
iii)NAT

Activity 03

3.1 Discuss suitable risk assessment procedures for EMC Cloud solutions and
impact an IT security audit will have on safeguarding organization and its
clients Your discussion furthermore should include how IT security can
be
aligned with an organizational IT policy and how misalignment of such a
policy can impact on organization’s security.

3.2 Explain the mandatory data protection laws and procedures which will
be applied to data storage solutions provided by EMC Cloud. You should
also summarize ISO 31000 risk management methodology.

Activity 04

4.1 Design a security policy for EMC Cloud to minimize exploitations and
misuses while evaluating the suitability of the tools used in an
organizational policy.

4.2 Develop and present a disaster recovery plan for EMC Cloud for all
venues to ensure maximum uptime for its customers. Discuss how
critical the roles of the stakeholders in the organization to successfully
implement the security policy and the disaster recovery plan you
recommended as a part of the security audit.

(Students should produce a 15 minutes PowerPoint presentation which illustrates the

answer for this section including justifications and reason for decisions and options
used).

10 | P a g e
11 | P a g e
12 | P a g e
13 | P a g e
14 | P a g e
15 | P a g e
16 | P a g e
17 | P a g e
Grading Rubric

Grading Criteria Achieved Feedback

LO1: Assess risks to IT security.

P1
Identify types of security risks to organizations.
P2
Describe organizational security procedures.
M1
Propose a method to assess and treat IT security risks.
LO2 Describe IT security solutions

P3
Identify the potential impact to IT security of incorrect
configuration of firewall policies and third-party VPNs.
P4
Show, using an example for each, how implementing a DMZ,
static IP and NAT in a network can improve Network Security.
M2
Discuss three benefits to implement network monitoring
systems with supporting reasons.
D1
Investigate how a ‘trusted network’ may be part of an IT

18 | P a g e
security solution.
LO3: Review mechanisms to control organizational IT
security
P5
Discuss risk assessment procedures.
P6
Explain data protection processes and regulations as applicable
to an organization.
M3
Summarize the ISO 31000 risk management methodology and
its application in IT security.
M4
Discuss possible impacts to organizational security resulting
from an IT security audit.
D2
Consider how IT security can be aligned with organizational
policy, detailing the security impact of any misalignment.
LO4: Manage organizational security

P7
Design and implement a security policy for an organization.
P8
List the main components of an organizational disaster

19 | P a g e
recovery plan, justifying the reasons for inclusion.
M5
Discuss the roles of stakeholders in the organization to
implement security audit recommendations.
D3
Evaluate the suitability of the tools used in an organizational
policy.

20 | P a g e