BTEC Level 3 IT - Unit 11 - Cyber Security & Incident Management - Part 02 - READING THE EXAM PAPER

[Music]

this is the 2018 paper as you can see

and this is part A now I do recommend

that you guys read the majority of this

this stuff here I don't need to read

this I've already gone over this quite a

few times but you should read it just to

clarify just to make sure everything is

okay this is instructions to teachers

tutors and or invigilators not really

for you but again read it just to make

sure you understand outcome for

submission

this mainly tells you what folders

you're supposed to create and the names

of the files for example it says here

this person's name is Joshua Smith your

registration number is that there and

this is their Center number this is how

you should ideally name the folder that

you put your stuff in and the same thing

is going to be for Part B these are the

files that need to be inside this part a

folder and it tells you also how to name

the files

down here we have instructions for

Learners so this is the part that I

think that everybody should make sure

that they have written uh well read

properly it's kind of a repeat of the

previous section in terms of the folders

and file names but still please make

sure you read it I'm going to go down

set tasks now this is where it actually

starts to tell you what the scenario is

so let me zoom in some more

uh this one is called the black country

training assessment I'm guessing this is

some company so again always read the

assignment well not the assignment the

exam brief the scenario what I would do

what I've done is once I read it I

either highlight on the exam paper

directly with a highlighter or pen or

pencil or on a piece of blank paper and

make notes so right now or even in a

Word document because you're going to be

working in your word document what you

can do is simply go to your word

document and make some notes so that's

what I've been doing but in this video

all I'm going to do is read through the

entire thing I'm not going to make any

notes as of yet read through the entire

thing give some context where possible

and then in the next video we start

doing Activity one or task one black

country training assessment

um black country training and assessment

bctaa offers a vocational Based training

and Assessment Services for small and

medium-sized businesses let me zoom in

some more some training is routine such

as running food safety or I.T skill

courses it uses a database of freelance

trainers and assessors to meet clients

requirements I would make a note of this

the fact that it uses freelance people

are not in-house hired by the company

people freelance doesn't mean they work

for free freelance actually means

they're contracted so let's just say for

argument's sake I want I'm a company I

want someone to build me 500 PCS in the

next three months to six months what

they would do they would come to someone

like me that knows how to build PCS that

knows how to Source parts that knows how

to install a router and a switch and a

wireless printer or a wired printer

knows how to set up the operating system

they would come to someone like me and

they would get me to do the work I am

not hired by the company directly as in

I work for the company they don't give

me a salary what they might say is okay

for the next six months we'll give you I

don't know three grand every month for

the next six months and this is the

stuff that we want you to do that would

make me a freelancer I am not hired by

the company I am simply contracted

temporarily and this could be a security

issue in some cases so what I would I

would make a note of that so I'm just

I'm just trying to give context um as

and where necessary so please bear with

me if this video is a bit longer if I

read a bit slow I'm trying to give as

much context as I can

bctaa also develops bespoke training

training and assessment for specialized

skills such as the maintenance of

unusual Machinery or working with a

unique production process bespoke

training requires collaboration with the

client and often includes handling uh

highly confidential information such as

Trade Secrets this is very important as

well so they hold or they have

information on trade secrets what that

means a trade secret is something that a

company holds there so then for example

the new iPhone I think it's 15 or 16

coming out soon the new iPhone 15 or

whatever it is that's a trade secret of

apple and if other companies got hold of

that information they might not be able

to make much use of it because it's an

apple specific device but if for example

Samsung has Trade Secrets as well they

are going to release the Samsung Galaxy

s23 I believe very soon or s22 if

another company that makes Android

phones gets hold of their Trade Secrets

what they could do they could copy those

exact specifications in those exact

details create the phone either at the

same time as Samsung or before Samsung

and that could damage Samsung sales that

could damage the numbers of the number

of items that they sell

so trade secrets are those that are

specific to a company they hold it there

it means a lot to them it could be

Hardware as in a phone a laptop a PC a

gaming um a games console it could be

software so it could be Windows 12 it

could be iOS whatever version they're on

now it could be Android 14 whatever

trade secrets are it's supposed to be

specific to that company and if other

people get hold of it it could be

damaging in some way full-time training

managers meet clients and work with them

to create and run a bespoke training and

assessment all right nothing near that

catches my eye so far bcta is moving

from a business park on the outskirts of

Birmingham to a larger City Center

premises the company has taken a lease

on the 19th floor of a 20-story building

and that's the name of the building

there this I would make a note of as

well maybe not the entire sentence but

maybe say moving from or moving to Inner

City or moving to city center 19th floor

for 20-story building this gives the

impression I haven't read the entire

thing but this gives the impression that

they're going to be other companies

inside that building because if they're

only renting the 19th floor of a

20-story building that means that the

other 19 floors they rented one floor

the other 19 floors are going to have

other businesses other companies other

whatever it is

so they're going to be sharing the space

with other companies and sharing the

space could be a security risk later on

so I will probably make a note of this

eh has Mick well here we go has a mixed

commercial and office usage there we go

it tells us straight away the 18th floor

is leased by a recruitment agency this

uh there's a restaurant and cafe bar on

the 20th floor and a bar cafe on the

guard in the garden of the roof I'm

guessing on the garden of roof in the

garden of the roof there are several

small retail units on the ground floor

there is a gym an art gallery and

meeting rooms on other floors a number

of different companies have office it

tells us straight away a number of

different companies are office based on

the building this is what I would

probably make a note of this first one

here everything else is not as relevant

because we can make the assumption that

if there are other companies in the same

building and even the floor above on the

floor below someone could get access to

your stuff at some point so you're the

19th floor for example right there's a

floor above you the 20th floor and

there's a 4 or below the 18th floor

someone might press 19 by accident right

my eyes are very bad when I go into a

lift I have to squint sometimes to look

at the numbers so if someone presses 19

they come to the 19th floor they might

be able to I don't know access a wall

socket a wall plug um the Wi-Fi that you

guys use whatever the case is other

companies use the space and because of

that other people could potentially get

access to your stuff either physically

as in plugging into one of your USB

ports plug it into your ethernet socket

or using the Wi-Fi

this is an oh a layout of the building I

don't actually remember what WC means

but bear with me I will go back and make

sure I explain everything control door

so we have doors going uh both

directions we have the stairs here we

have the lift in the middle and at the

end it says Services internet access

point patch panel fire alarm panel

electrical panel so to be fair someone

could I'm guessing I don't know if this

is actually how it works based on this

plan someone could potentially get

access to the internet access point here

and that's that could and most likely

will be detrimental to the company if

the person is there to be nefarious to

steal data to steal information

let's scroll down some more and see the

detail we have a plan of the 19th floor

to be released by bctaa is showing in

figure one most of the public areas are

open outside of normal office hours and

the restaurant and bar are popular in

the evening I would make a note of this

this tells you that when your office is

closed when you and your company are not

at work there are still people operating

in the building your Wi-Fi might still

be active someone might get onto the

19th floor and do some bad things so I

would make a note of this

the lift stairs WC's and all the area

around them are used by the public there

we go the remaining area is a single

open space that can be partitioned to

create rooms or workspaces so this again

tells us that those main areas up here

this stuff here is used by the public

let's see what else we have the 19th

Floor has many electrical points the

data Outlets have an optical fiber

internet access point the data Outlets

are connected by Cat6 cable this is just

the the rating of the cable which mainly

deals with the speed if memory serves me

right Cat6 probably goes up to one

gigabit per second but again don't quote

me on this I don't remember these

specific details

um where was I uh the data Outlets are

connected by Cat6 cable to a patch panel

near the internet access point bctaa

that's the name of the company again

will have to set up their own network

devices so this sounds as if they patch

into what's already there

and that's how they get their internet

access again that could potentially be

an issue because that means that they

might be sharing the basic or general

internet access with other companies in

the same building either

from the first floor all the way to 20

or at least the ones above and below the

private areas of the 19th Floor are

protected by a card reader door control

system this uses nfcs or near field

communication or proximity cards so the

cards that you simply tap on the door

and it opens similar to those using

contactless Payment Systems so you know

your iPhone and your Android phone you

can tap or bring it close to a payment

card reader and it pays for it a similar

system can be used to open and close

doors

the readers are already in place for

each door the eh management company

supplies cards a card programming device

and logging and Control software this

could potentially be an issue an issue

because

your security protocol your your door

card system is provided by another

company now there's no way to know if

everyone in this company is good or bad

just know that this could potentially be

an issue the doors can also be unlocked

From the Inside by means of a push

button so if you're already inside you

can push a button from the inside to

Simply open the door just as if you're

inside your house you probably have that

bolt on inside that if you turn it you

can close it if you turn it the opposite

way you can open it probably something

similar bctaa has asked you to advise on

setting up and securing its Network in

its new location your contract is

bulge in the sing and experienced

computer user who is responsible for the

current network is not a network

specialist

this is already a big red flag

the fact that you're a company moving

from a small area to a town center means

that business is probably going well the

fact that you need someone to set up

your network and a person you're asking

I'm not a network specialist I would not

recommend me setting up a complex

Network for anyone if it's simply a

router or Gateway I must switch a few

devices connected to the switch that

need configuring fine but if it's very

detailed Network especially stuff I

wouldn't do it so it says he's not a

network specialist and says that the

current system had stuff added when he

thought it was needed not great again

reason being a network specialist would

sit there and hopefully design for now

and they were designed for potential

additions for the future whereas this

guy simply thought you know what I think

I need a switch now because this this

room alone has 10 devices the one next

door has 10 devices I don't want to use

all the ports on my router so it would

make sense for me to have a switch in

this room for all the 10 devices I have

one next door for all those 10 devices

and so on and so forth whereas a network

engineer would have or a network

Specialists would have seen this as an

issue and done this straight away

Belgian that has produced the basic

Network design but wants you to review

his ideas and make sure the new system

is secure from the start all right let's

have a look at there's not much we can

do with this information no it's after

we finish reading everything that we can

come back and have a look at this and

say okay maybe then we can add this or

take this away so I'm just going to

briefly go over this electronic door

control system that's there that's also

connected to the switch it seems so the

switch the difference between a switch

and a relator a switch on a modem is the

modem or the router gives internet

access gives access to the rest of the

world so

when you want to connect to the internet

typically from your house you have a

virgin rotor

um ee talk talk Vodafone whatever the

case is right you connect through that

and you get access to the internet

what a switch does it connects stuff

inside your network okay I'm in my room

right now and I'm looking at my TV stand

area right I've got my Smart TV there

I've got my Xbox my PlayStation I have a

laptop something over there I have a

desktop somewhere I'm gonna have a

server I'm gonna I'm buying a server at

some point as well that's six devices

already if I want a nice easy simple way

of connecting all these devices together

yes I can use the router that comes from

Virgin because the way they've done

routers and now we can actually use them

as switches inside of our networks but

let's say I'm a small company ideally I

want to have a switch and I want to have

devices connected to my switch

and that allows me to speak to

everything inside my network I don't

need the internet to go from my PC when

I'm trying to print something to the

printer on the opposite side of the

office right I don't need the Internet

for that if it's set up properly I can

go or redo everything through the switch

next I have Wi-Fi router with optical

fiber and Cat6 connections optical fiber

internet access points so what this is

I'm connected to the main switch and for

the main switch to get access to the

outside world it uses the internet

access point oh I have a server here as

well at the bottom a server used to

store data files whatever files the

company DMS fit they'll store them on a

server website whatever the case is over

here we have staff Wi-Fi and mobile

devices so there's a specific Wi-Fi it

seems like for stuff and that's also

connected to the main switch

we have staff PCS as well that's

connected to the main switch we have

guest Wi-Fi and mobile devices so any

guests that come in that have a

smartphone a laptop a tablet and they

want to connect they have a guest Wi-Fi

this is a good idea

um I don't see any firewalls anywhere I

would have probably added a firewall in

a few places uh maybe after the internet

access point maybe before the main

switch but but in any case we're not

going to focus too much on this now this

is just us reading over the paper

so the development plan at a meeting

with bulgender you agree these points on

the development of the new bctaa network

the network will conform to the outline

Network diagram so whatever he said

should be in the network is going to be

there we might be able to add a few

things but overall it should have what

it says the network uses private classy

ip4 addresses we don't need to worry

about anything here other than maybe

private and ipv4 ipv4 and IPv6 are

typically what we have ipv4 is still

predominantly used in in like computer

networks so your laptop your your PC is

probably connected via ipv for your your

consoles and so on

IPv6 is mainly used for wireless devices

such as your mobile phones your 3G 4G 5G

because

IPv6 has so many more addresses I think

it's like 2 to the power of 128 if

memory serves right that's a lot of

addresses so we can essentially have

multiple people having multiple multiple

devices around the world connected to

the internet and there shouldn't be any

issues ipv4 is all the technology still

being used but it doesn't have as many

addresses private simply means it's

inside your network there are certain

amount of Ip V4 addresses that companies

use inside a network so if you guys if I

do see actually I can't do it here

because it will show all my details if

you go to your console and you type in

uh well press your start and type CMD

and for Windows does it come up one

second CMD command prompt

for Windows I believe if you do if

config this will actually bring up all

your internet or all your network

connection stuff and you might have your

your personal IP address on your laptop

as

192.168.1. whatever it is that's what

private addresses are is used inside the

network the Ed Excelsior internet access

system will be kept and will use a fiber

optic connection Point not uh that okay

maybe some something I can pick out from

here is that you're going to be using

someone else's internet access point

this is not something that you paid for

yourself for your specific company this

comes with the building most likely

they're using a fiber optic connection

which means that your data will travel

at the speed of light number four says

the door control system will not be

changed that's fine the bcta network

must be protected against intrusion

through the internet now this tells me

one or two things are two things I I

need a firewall and I need to have some

VPN access firewall is probably going to

be the most

likely thing to have here the router

must ink oh well it tells us right here

actually the router must include a

firewall and relevant cyber security

technology to protect the network so if

there's a server we're probably going to

have a firewall we're probably going to

have some form of DDOS protection we're

probably going to have some form of

backup locally externally on storage

Medias again I'm going overboard but I'm

just trying to give you context as to

what each thing means both staff and

visitors must be able to connect using

mobile devices that's fine because we

have if I scroll up quickly we have the

the staff Wi-Fi and we have the guest

Wi-Fi as well so we should be okay for

that one number eight some visitors will

be clients who may need access to

appropriate secure areas of the network

that's fine as well

so what we could do is maybe have a um

have a guest Wi-Fi thing or maybe just

put them on stuff Wi-Fi temporarily or

we create another Wi-Fi thing and we

call that one client Wi-Fi and client

Wi-Fi might give a bit more access than

it than the typical

um what's this one called guest Wi-Fi

okay and again this is just me

freestyling this is just me reading and

trying to understand the context of what

they want freelance trainers and

assessors will need access to

appropriate secure areas of the network

from home or work locations perfect this

is going to be VPN so I'm going to leave

that first one or these two uh so five

and six I'm going to leave those as

firewalls so we're gonna have a hardware

firewall and potentially a software

firewall as well let me just quickly

explain that our Hardware firewall is

going to be a physical device that's

maybe attached to your router your modem

or your switch that's a hardware

firewall a software file one is just

going to be some anti-malware software

some some firewall program that's

installed on the individual PCS you

could even

install them on the server so a file so

a server is just a massive big computer

maybe 128 gigabytes of RAM instead of

the typical 8 or 16 maybe 24 cores

instead of the typical four or eight so

a server is just a PC so I can still

install operating systems on here I can

still install a firewall on here as a

piece of software so we could do that as

well some staff will need access to

secure areas from home or client

locations again VPN this tells me

straight away VPN a virtual private

network will be used to facilitate items

okay perfect it actually tells us

everything we need so 9 and 10 that's

going to be VPN let's see what comes

next

now you must complete all activities in

the task read the set task brief

carefully before you begin and note that

reading time is included in the overall

assessment time uh baljinda is aware

that the bctaa network is vulnerable to

attack you must uh you have been hired

to advise on cyber security and Incident

Management you should only consider

threats of vulnerabilities risks and

protection measures that are implied or

specified in the set task brief so this

is probably something that we should

focus on here you should only consider

threats vulnerabilities risks and

protection measures so we don't really

care about stuff like fires and floods

and all of that now if you want to

highlight them as something that that is

a potential risk or that's something we

should try and protect against fine but

please don't spend too much time on it

and the first activity is going to be

Activity one risk assessment of the

networked system so this is all we care

about right now and we're told to

duplicate so copy and paste I'm gonna

stop here I'm Gonna Leave this part

Activity one is going to be my next

video where I open the Activity one

document I go over the exam paper again

I make my notes I start making my list

of threads that I've picked up on and

then show you what comes next now I'm

not going to do a massive list of every

single threat I'm going to maybe do

let's say three or four that is very

very obvious and you can pick out the

rest yourself three or four and from

there I'm just going to show you how you

go through and do the risk assessment

for each one and how you do your

severity Matrix

foreign

[Music]