Short Answers (10 points each)
- What is the principle of adequate protection? Do you agree with the principle? What difficulties are associated with implementing it?
As defined by Phleeger and Phleeger (2007), the principle of adequate protection implies that “Computer items must be protected only until they lose their value. They must be protected to a degree consistent with their value” (p. 16). The principle is rather straightforward and logical until it comes to determining the value of a computer item or data. Obviously, there is information whose importance expires within a few hours, thus the protection should be extended only for a limited period. Other examples of easily identifiable values are those consistent with the organization’s information security classification. Usually, such documents determine the timeframe during which the data are perceived as confidential. However, it is easy to overlook the security threat connected with, for example, the mailbox content of a former employee who resigned five years ago. While the majority of the data would be obsolete, some fragments could still constitute the information security threat.
- Describe the fundamental principles in both the Bell-LaPadula and Biba security models. For each, explain what sort of security the model is intended to provide, the two key properties of the model, and then explain in your own words why each of the properties makes sense from a security standpoint.
Both models are fragments of the CIA principles’ implementation. According to Phleeger and Phleeger (2007), the Bell-La Padula security model is designed to prevent the disclosure of the confidential information (p. 243). This model addresses the information security with regard to its secrecy levels. Another key property of the Bell-La Padula model is the identification and monitoring of all paths through which the data leak may occur. The Biba security model deals with the information integrity rather than its protection. In attempting to monitor and prevent the unauthorized data modification, the Biba model uses the integrity levels. The modification could be permitted if the integrity level of a subject is equal or exceeds the integrity level of the modification’s object. An extra verification is performed when it is known that the subject has the read access to a certain object. In this case, another object with at least the same integrity level could be accessed by the subject with write permission. From a security standpoint, both models have flaws as they address only certain security concerns. However, the information security policy could benefit from the combined use of both models.
- Describe the similarities and differences between a virus, a Trojan horse, and a worm. Explain controls or steps one can take to mitigate their threat.
A virus is a general term for any malicious code that performs any type of the unauthorized operations within a computer system. Most often, the viruses replicate attaching copies of themselves to other programs. The ultimate goal of a virus is to cause some type of damage to infected systems, including the compromising of the confidential information and the operating system disruption. While the intentions of a virus are clear, the Trojan horse has some unexpected and well-hidden objective (Phleeger & Phleeger, 2007, p. 111). Usually, this objective implies the confidential data interception and disclosure. The term worm generally refers to the way this type of a malicious code spreads itself. It propagates through the network on its own, unlike the common virus that infects the system usually by means of the file copying.
All three types of the malicious code could be countered by the specialized antivirus applications. A good security level could be achieved by using both centralized and individual virus protection. The centralized solution is usually responsible for the verification of files and emails exchanged within the organization, while the individual protection scans the internal and removable drives. Some firewalls have the ability to search certain bit patterns directly in the network traffic, thus it can be used as yet another virus protection mechanism.
- Explain multi-factor authentication and give one example for each authentication factor.
The multifactor authentication takes into account additional information with regard to the user’s work profile (Phleeger & Phleeger, 2007, p. 212). On top of the password and other means used to ensure the user’s authenticity, the access could be granted during the working hours only. In addition, the user can be allowed to access the system only from certain workstations. The multifactor authentication increases the overall security by preventing users from abusing their positions. On the other hand, such measures increase the inconvenience as many users might need an access to perform the urgent work from home or during the weekends. Thus, it is an option for the administrative decision that should evaluate the potential risk with regard to possible business complications.
5. Explain the difference between a vulnerability, threat, and control. Define each and please provide an example of each.
The vulnerability refers to the system’s weakness that might lead to the undesirable consequences. A threat is an attempt to cause the damage to the system in any way, including the vulnerabilities’ exploitation. The buffer overflow after certain SQL commands with consequent execution of the arbitrary code is vulnerability, even in absence of the direct threats. The attempt to exploit this vulnerability with a malicious purpose is a threat. Both issues are subject to the security control, which is responsible for the threats’ prevention and vulnerabilities’ mitigation. The control measures are intended to monitor threats and ensure timely system updates that fix the vulnerabilities.
Short Essay (30 points)
Information Security Plan
The purpose of this document is to develop a set of measures intended at improving the information security in GCI (Global Corporation, Inc.). While no major security incidents have occurred within the company so far, the numerous data breaches in a number of commercial and government organizations demonstrate the importance of the security threat prevention. The GCI top management feels that it is a right time to introduce more stringent security measures in order to mitigate vulnerabilities associated with the GCI employees’ routine work, especially with regard to the confidential information stored on their laptops and flash drives. This security plan explains the current situation in relation to the information security and sets requirements for its enhancement. The specific section is designated for the recommended controls and accountability of the information security issues. The plan concludes with the implementation timetable and proposed activities within the continued attention scope.
Currently, GCI employees often work at customer locations using their company-issued laptops and flash drives. All laptops belong to the GCI corporate domain and are subject to the routine security and antivirus checks. However, the employees use their laptops in an off-line mode while working at customer locations and therefore are exposed to a number of threats. First, the physical security is minimal during the off-site activities and the laptop might be lost or stolen. It can result in a confidential information disclosure followed by the severe reputational damage to the company. Second, the employees use their flash drives to exchange files with GCI clients who can intentionally or unintentionally infect these drives with a virus or Trojan horse. Moreover, the whole drive’s content can be copied to the client’s PC without the GCI employee noticing, which can lead to the damaging consequences.
Taking into account the current situation, the following information security requirements have to be introduced:
- Hard drives on all of the employees’ laptops must be encrypted. Regardless of certain performance downgrade, this measure will prevent criminals from accessing the confidential data from a stolen computer. The encryption mechanism should be sufficiently robust in order to guarantee the information confidentiality.
- The use of flash drives must be prohibited. The information security policy must ensure that all USB ports on the employees’ laptops are disabled.
- All employees working at customer locations must be provided with 3G network terminal. The information security policy must ensure that it is no more possible for employees to work in an off-line mode. All operations on laptops should be performed while logged into the corporate domain over the VPN (Virtual Private Network) link. All data exchange with the customers should be performed by means of e-mail only.
Recommended controls for these new requirements are to be included in the information security policy. As the new domain configuration will prevent users from working off-line, the automated control will be limited to the routine verification of any changes to the laptop’s hardware and software. The customers’ data will be subjected to centralized antivirus checks performed on the mail server prior to the mail delivery. All information security activities will be supervised by the IT Security Director and crosschecked by CIO.
The scope of the continued attention includes constant evaluation and improvement of the corporate information security. The security situation is a subject to monthly reviews by a designated information security committee under the CIO supervision. During the routine security evaluations, new requirements and controls could be defined in line with the new technologies adoption and consequent vulnerabilities. As a rule, the information security committee should review the new potential threats, reported incidents, and best practices in order to develop the corresponding action plans.