OSA Summer 2023 Mock - Task 1, Assignment 1

 OSA Summer 2023 Mock – Task 1 

 

 

 

 

Legal requirements 

    • The company must ensure they are compliant with the correct legislation whilst the project is undertaken. 
    • If any person is working at height, the correct safety measures to prevent injury or death must be imposed under The Work at Height Regulations 2005. They must have an appropriate safety harness on and hazardous areas at height should be identified in the risk assessment. 
    • By storing data internally on a local file server, the business is responsible for maintaining the confidentiality, availability and integrity of that data. They must comply with The Data Protection Act 2018 and General Data Protection Regulations. 
    • Display screen equipment regulations (DSE) should be considered when installing workstations. Ergonomic and posture-friendly chairs should be installed and employees given appropriate breaks from working around screens. 

 

Data protection 

    • Maintaining the security of data stored on the local file server is critical for legislative and ethical factors. The Data Protection Act 2018 allows companies to be fined or even imposes prison time on offending bodies. 
    • To secure the data on the server, the company must ensure that data is kept and transferred in an encrypted format to avoid unauthorised access. 
    • They should also ensure any remote access to the server is secure and encrypted using a safe and reliable protocol. This mitigates the risk of a man-in-the-middle attack and sensitive information being leaked or stolen. 

 

Physical security measures 

    • The company could be at risk to natural disasters such as flooding or adverse weather causing power cuts. To mitigate this, backup power supplies (UPS batteries) should be installed to maintain normal operations if the power did cut out. This ensures staff can still work from home and remotely access the server. The server room should also have watertight doors to mitigate water damage to components in a flooding event. The company should create a disaster recovery plan to refer to in the event of a natural disaster. 
    • Fire could pose a risk to the company and its infrastructure. Mitigation techniques such as sprinkler systems or gas suppression should be installed to control and extinguish fires internally. These systems should be tested regularly to verify they’re working properly, and staff should be briefed on what to do in a fire. Fire drills should be conducted at least once every 6 months. 
    • Temperature regulation systems should be installed in the building to ensure the workstations and servers are working efficiently at the optimum temperature. Air conditioning units should be installed for staff comfort and keeping electrical components cool. Heating should also be installed and tested regularly when the temperature is too low. These systems could be controlled by smart thermostats installed around the building to maintain an optimum set temperature. The server room must be kept cool due to the excess of heat generated from the computing components. 
    • Theft is a threat to the company as expensive hardware such as computers, servers and other devices could be stolen. Not only this but important data could be held on the stolen devices, causing a potential data breach if the data was accessed by an attacker. To mitigate this, the company should implement effective physical security measures such as keycard door locks and CCTV cameras. When the building is closed, it must be locked and alarmed to ensure the safety of the valuable devices inside. Devices should be tracked with asset numbers and can be managed remotely using mobile device management (MDM) software to remotely wipe and clear important data if the device was stolen. 

 

Digital security measures 

    • Unauthorised access to the network and its resources is a large issue the company must face. Hackers will try and find exploits and vulnerabilities in systems that the company uses to exploit and gain access to sensitive data and information. Effective security measures should be in place to mitigate this risk such as firewalls, intrusion detection/prevention systems, using encrypted protocols and social engineering training. 
    • Malware is a threat to the company’s digital security as malicious programs can be installed and spread across the network without the correct and proper implementation of cyber security measures. The business should ensure that anti-malware software is installed across all devices on the network and staff receive training on how to spot malware and who to report it to. 
    • Electronic equipment can break from time to time, causing disruption in the everyday operations of the company. Essential components and hardware such as the servers or switches can lead to major downtime and loss of productivity in the business. All essential systems should be monitored and incorrect behaviour recorded. Backup systems should be in place to take over if an equipment failure occurs to mitigate downtime and continue normal business operations. 

 

Changes to the building 

    • To protect valuable electronic equipment from theft, the building should be fitted with 10 CCTV cameras covering all angles and rooms inside and outside. This is a good deterrent strategy for theft and will catch any malicious activity in and around the building. 
    • UPS batteries should be installed in the server room to create an uninterrupted power supply if a power cut would happen. This ensures that regular business operations can still run without the main power supply and downtime is mitigated. 
    • Gas suppression systems should be installed to prevent and reduce the spread of fire in the server room. 
    • Finally, door locks should be installed to protect important rooms from unauthorised access. By installing keycard access locks, access can be controlled digitally and permissions given to the relevant people. A heavy-duty door lock should also be installed at the entrance point to deter potential intruders. 

 

Building plan 

 

CCTV camera 

These cameras should have a fisheye lens and be placed in each room. These cameras will protect valuable equipment from being stolen and catch malicious activity. 

 

External pivoting CCTV camera 

These cameras will be able to pivot on an angle to capture multiple angles. External cameras should also be equipped with night vision capabilities to monitor activity in the dark. 

 

Internal pivoting CCTV camera 

This camera should be placed in the hallway and is able to pivot to capture multiple angles. 

 

Heavy duty lockable door 

These doors should protect rooms only to be accessed by people with the correct keys including the meeting room and the front door. This allows the building to be locked during night and prevent theft. 

 

Keycard door lock 

Employees should be given lanyards with RFID chip cards to unlock these doors. A hierarchical access control system should be in place to prevent unauthorised access to such rooms. This includes the server room which should be the most secure room in the building. 

 

Gas suppression system 

Gas suppression systems release CO2 gas in the event of a fire to suppress and control the flames. This mitigates fire damage to the building and is placed in the server room which is the most likely outbreak of a fire in the building. 

 

Battery backup system 

The battery backups are to provide the building with an uninterrupted power supply (UPS) if a power failure was to occur. This allows the business to resume normal operations as soon as possible on the backup power supply, mitigating downtime and increasing productivity. 

 

 

Comments

Post a Comment

Popular posts from this blog

OSA Assignment 1 - Task 1 GUIDE

  OSA Assignment 1 – Task 1 Guide     Exam parameters   Time length – 3 hours   Marks available – 20     Task 1: Planning   In this task you are required to submit :   A project plan   Gantt chart showing th e critical path   Explanation of legal requirements   Physical and digital threat countermeasures   Annotated floor plan     Gantt Chart   The Gantt Chart is the first document you should create. This details each phase of the project alongside the timescale to complete it.   Ensure you make a note of the deadline for the project along with any pre-requisites such as cabling. This should all be implemented into your Gantt Chart.   You can follow a layout like this:   Project:   Pre considerations (Gathering project timescale, risk assessments, ...)   Planning (Devising project plan, identifying budget, ...)   Design (Research hardware, identify topology, ...)   Pre ...
Read more

Useful Core A Acronyms

  Useful core A acronyms     NGO – Non governmental organisation   KPI – Key performance indicator   USP – Unique selling point   CRM – Customer relationship management   Saas – Software as a service   CAB – Change advisory board   SMARTER – Specific, measurable, accurate , realistic, time-bound, evaluate, re-evaluate   IPO – Intellectual property office   RCD – Registered community designs   UCD – Unregistered community designs   TNA – Training needs analysis   PRR – Post project reviews   COBC – Code of business conduct   BCS – British computing society   ML – Machine learning   CVS – Computer vision syndrome   RSI – Repetitive strain injury   DSE – Display screen equipment   HSE – Health and safety executive   ODD – Optical disk drive   RPM – Revolutions per minute   CPU – Central processing unit   RAM – Random access memory   EMI – Electromagnetic inter...
Read more