Kingdom of Saudi Arabia ‫المملكة العربية السعودية‬

Ministry of Education
‫وزارة التعليم‬
Najran University
‫جامعة نجران‬
Applied Collage
Department of Computer ‫الكلية التطبيقية‬
‫قسم الحاسب‬

Questions
/ 20 marks

Q1. What are security architectural principles, and why are they important for organisations
like National Policing?

Security architectural principles are the base concepts and suggestions that organizations
apply to the planning, construction, and upkeep of the security of their systems and networks.
Such principles represent an organization’s security policy in practice, where the
implementation of these principles guarantees that any system or solution is protected against
threats, can resist adversaries, and be able to keep the secret, the integrity, and the availability
of information.

PRINCIPLE 1 Security Fundamentals (Core Security)

PRINCIPLE 2 Security by Design
PRINCIPLE 3 Segregation and Segmentation
PRINCIPLE 4: Virtualisation
PRINCIPLE 5: Application Security
PRINCIPLE 6: Protective Monitoring
PRINCIPLE 7: Automation and Orchestration
PRINCIPLE 8: Defend as One

Security Architectural Principles are very important for an organization such as National
Policing because they represent a defensible pattern to the protection of systems, networks,
and sensitive data. The National Policing not only deals with highly confidential data but also
with the personally identifiable information of the citizens, and the operations of law
enforcement, all of these must be protected from security breaches. Implementing these
principles reduces vulnerabilities and lowers the risk of cyber-attacks. This will give the
organization the guarantee that their operations are still going to be functional even when
they face such adversity and threats. Moreover, they also contribute to the maintenance of
security across all the networks, applications, and services that an organization has. This, in
turn, makes it possible that security is not breached here and there. Also, these principles
allow rapid, well-organized, and accurate reactions to emergencies, thus, different teams and
forces can exchange intelligence and act swiftly. against the new threats occurring.
Furthermore, Security Architectural Principles signify an observance of the law and internal
policies, which is a source of confidence to the public, partners, and staff. They are, in fact,
the foundation of the entire security steps taken by National Policing to operate securely,
keep public confidence and guarantee the smooth running of critical services.

Q2. Explain the principle of Security by Design. Why should security not be treated as an
afterthought?

Security by Design. is the concept that Security by Design is the concept that security
measures are integrated into a system from the very beginning, rather than added later as a
patch, from the very first step, and not be just a patch-up job. In essence, it means that the
security framework is the most actively implemented consideration in the system's lifecycle
stages, such as ideation, creation, throughout the system’s lifecycle, including
decommissioning.

For National Policing, the advantages of this type of thinking are that the systems will be
more solid, and even if affected by a threat, they will have the capability to recover. When
security has been regarded at the end of the work, it is possible that there are security holes in
critical areas, which in turn can lead to the risk of breaches, and also trust in the
organization’s ability to protect data may be reduced.

If the Security by Design philosophy is used, all the new systems will have secure
development practices as their base, will undergo security assessment against the principle,
and the whole process will be there with Information Asset and Risk Owners. Such a security
measure, which is employed in advance, lowers the risk, increases resilience, and, thus,
strengthens trust throughout the Policing community.
Q3. Describe the difference between Segregation and Segmentation. How do they help
protect systems?

Segregation and segmentation are two related terms that refer to different things in the field
of cybersecurity, but both are ways of protecting systems by limiting access and isolating
threats. Segregation separates systems, networks, or environments, restricting access so that a
problem in one area cannot easily spread. Thus, a problem or breach in one area cannot
spread to others easily. As opposed to this, segmentation means the process of breaking down
a system or network into small parts that are controlled, and strict rules are followed in terms
of how data and traffic flow between them. In this way, the movement of potential attackers
is limited, and the compromise remains in the specific segment only. By combining
segregation and segmentation, security is strengthened as these measures keep the most
sensitive systems and data far away, limit access and, in case of any identified threats, ensure
that they can be efficiently contained, thus National Policing can continue operating safely
while the impact of potential network intrusions is minimized.

Q4. What is the role of Protective Monitoring in cyber security? Give one example of how
it helps detect threats.

Protective Monitoring is a key part of cybersecurity that enables organizations to identify,

understand, and respond to potential threats. The process essentially involves building in
monitoring and logging capabilities, through Security by Design, thus, the security teams are
allowed to witness the normal activity pattern and identify the behavior that is either unusual
or suspicious, and such that it can be even an indication of a security incident. Continuous
auditing of devices, services, and network communications is the main function of Protective
Monitoring that keeps the system accountable, and, on the other hand, it gives the earliest
indication of a potential attack. For example, if a user account suddenly starts accessing
sensitive data at unusual hours, Protective Monitoring could discover this anomaly, tag it as a
possible breach, and allow an investigation to be initiated before the threat can cause any
harm. The proactive stance takes advantage of the early intervention and thus the National
Policing is assisted in ensuring safe and secure operations are employed in their locations.
The role of Protective Monitoring in cybersecurity is to ensure that systems are built with
protective identification and monitoring capabilities by design so that an organization
"cannot defend what they cannot see." It is a practice central to the identification and
detection of threats.

Example of Threat Detection

Protective Monitoring helps detect threats by identifying deviations from normal or

authorized activity.

Example: Detecting a Brute-Force Attack

 A baseline is established which shows that a typical user rarely attempts to log in
more than three times incorrectly within a 15-minute period.
 Protective Monitoring collects login audit logs from the Identity and Access
Management system.
 The monitoring system detects an anomaly where a single user account or IP address
attempts 100 failed login attempts in 60 seconds.
 This pattern is a clear indicator of compromise signaling a brute-force attack. The
system can then alert the National Management Centre (NMC) or automatically
trigger a response (e.g., locking the account or blocking the IP address) to stop the
threat before it succeeds.

Q5. The document introduces the principle Defend as One. What does this mean, and why is
collaboration important in defending against cyber threats?

The Defend as One principle signifies that National Policing on the whole takes a united and
integrated approach to cybersecurity, thus harnessing the skills, knowledge, and the threat
intelligence not only from one force but also from all the teams to fend off cyber threats more
effectively. Rather than functioning separately, units collaborate to share critical information,
coordinate responses, and apply consistent security measures across all systems. This is
crucial since cyber threats are constantly evolving and can target multiple parts of the
organization simultaneously. National Policing will be able to respond faster, manage the
threats effectively and make the best use of their resources, thus cutting down on costs by
working together. The collaboration keeps the forces that are not in direct contact with each
other up to date with the latest developments in the field and the defense strategies that have
been planned in coordination, thus strengthening the overall cybersecurity posture of the
organization.