CYBER SECURITY CASE
IDS 520 Info Infrastructure Security
Submitted By
AKSHAT SANGAL
Question 1:- Based on the information in this case analysis, what are the types of threats DBR may be facing?
Solution 1:-
Case Information Summary
Dark Blue Robotics (DBR) is a technology and manufacturing firm that is situated in Australia. Until these numerous years, DBR was known just locally in the marine robotics market. As of late, they have entered the world business sector with another prototype that has gone way past the desires of the business experts. The experts have specified that it is the most progressive framework that will ever be created sooner rather than later. DBR has likewise marked two noteworthy contracts with remote state-run seaward oil operations. DBR is essentially a small organization that constructs self-governing submerged robots that are utilized as a part of examination and seaward oil operations with a head office and assembling site that is found near the workplace. These workplaces are connected utilizing a Virtual Private Network (VPN) over the fiber optic connections. The organization has a little server room at the head office which has every one of the servers including a web server, an email server, and a record server containing code and design specification. This is critical data which can't be traded off at any expense.
Possible Threats
• Intellectual properties are the most essential data for an association. It helps an organization in their development and gives them an aggressive edge over different organizations. In this case, the odds of getting these Intellectual Properties (IPs) traded off are high. By any chance, if the competitors are able to steal this extremely important information about the new prototype that they just developed, they will not only help their competitors save huge amount of investments in research, but it will also kill the competitive advantage they have as they will not be the only one using that prototype.
• As mentioned in the case, the company has a very small IT office with just 3 individuals working in it. Odds of security spillages are high. Since the majority of the communication is done utilizing web, dangers like Phishing can help any damaging infection to go into their frameworks which, thus, can prompt security ruptures.
• Another important threat can be there because of the fact that the systems just run a local virus scanner which may not be adequate to oppose programming assaults or malware, for example, infections, worms and script infusions.
Question 2:- How would you characterize the capabilities and intent of these threats?
Solution 2:-
CAPABILITIES
A threat can be caused by internal, external or both external and internal factors, but generally most of the security measures taken against threats including the ones in this case are mainly focussed on the external threats. We can identify the categories for various threats associated to this case.
a) Internal Threat
Internal threats are mainly caused when someone who is having all the permissions to access the internal system poses a threat for the organization. This type of threat generally occurs because of the employee actions or system failures. Example: – Since there are is a small IT team working for DBR security. If any of these limited employees tries to misuse the power given to them then this person becomes an internal threat to the organization.
b) External Threat
External threats are the ones occurring because of the individuals or organizations outside the company i.e. those who don’t have access to the system. The only way to have this type of threat is through shared networks, connected devices or partner organizations. Example: – In case of BDR, since the local virus scanner provides a very low level security, chances of viruses through internet (Shared network) becomes very high.
INTENT
Threat intent specifies the intent with which the threat has been caused. Intent of a threat can be identified using various categories: –
a) Intentional Threat
Intentional threats are caused with an intention of causing harm to an organization. Example: – In case of BDR, if the competitors try to steal the information about the new prototype then that will come under the category of intentional threats.
b) Unintentional Threat
Unintentional threats occur when someone accidently becomes a threat for a company. Example: – In case of BDR, if any of the partner company accidently drops a virus into BDR’s system just because of the shared network then that will be unintentional threat.
Question 3:- Which threat poses the most risk?
Solution 3:-
Steps to calculate Risk
• Identify the threats: – The first step is to identify the possible threats to the organization. To identify a threat in a system, we have to assess different shortcomings in the framework in order to make it clear that what exactly the threat attack prone regions of a particular organization are.
• Measure the impact of threats: -After a threat is identified, it is critical to quantify the seriousness of the effect of the recognized threats on the organization. A few threats may be of low seriousness, yet others can be of high effect. They can bring about some genuine harm to the imperative data of the organization.
• Prioritize the threats: – Now that the threats are identified and at the same time impact of each one of these threats has been calculated, it is vital to prioritize these threats as per the way of every risk. This will help the security group of the association to have appropriate planning to manage every risk. Likewise, such following and put away danger data will help the association to manage similar dangers in not so distant future.
Threats with most risk
• Although there are several threats, but the one having most risk involved is the one having the risk of compromising the intellectual properties (IPs) of the organization. As we know, Intellectual properties are the most essential data for an association. It helps an organization in their development and gives them an aggressive edge over different organizations.
• Recently, DMR has extended their range to the global business sector with another prototype and specialists have anticipated that there won't be any opposition for the following 5 years. If that this true than this new prototype can help DMR to dominate the market. However, if this information is somehow compromised or stolen then following would be the major losses for DMR:-
a) DMR probably contributed a considerable measure of assets for this new prototype and if this gets stolen then this funding will be wasted as there won’t be any innovation due to lack of originality.
b) DMR won’t get the first mover’s advantage with this new prototype as similar models will be available with competitors as well.
c) DMR will be having this prototype after investing a huge amount in the research, but the competitors copying this will get the same model for free thus making much more profits than DMR.
Question 4:- How would you approach the vulnerability assessment?
Solution 4:-
Every effective security practice is built on a strong foundation of policies and procedures, and the vulnerability assessment process should be no exception. Vulnerabilities are particular areas or loopholes that the threat operators can exploit to attack an organization’s data resource. There are several examples of vulnerability in this case. Some are as follows:-
Examples
• The systems just run a local virus scanner which may not be adequate to oppose programming assaults or malware, for example, infections, worms and script infusions. This causes a vulnerable spot in the organization.
• Since there is a small IT team with just 3 staff members in it, chances of information leak and more importantly phishing are very high thus making it very vulnerable.
It is a very important to do vulnerability assessment so that an organization can find out all the possible vulnerabilities and can plan accordingly to protect themselves from various threats. Vulnerability assessment consists of two main phases:-
1) Planning the vulnerability assessment
The planning component will involve gathering all relevant data, defining the scope of activities, defining roles and responsibilities, and creating awareness among the staff members through the improvement administration process.
2) Performing the vulnerability assessment
The method for performing the vulnerability assessment will include interviewing system administrators, reviewing appropriate policies and procedure relating to the systems being assessed and of course the security scanning.
Vulnerability Detection Methods
Vulnerability Scanners: – These are the tools intended to detect known software flaws and configurations. The scanners then produce a report that incorporates demonstrating the seriousness of vulnerability found.
Penetration Tests: – In penetration testing, the tester endeavours to hack into his own particular association's framework utilizing the same methods risk performer may use to assault the framework security. The tester then reports every one of these vulnerabilities and provides mitigation strategies to fix them.
Question 5:- What would be your suggestions based on the information in the case analysis?
Solution 5:-
DBR is entering into international markets with the new prototype which the company has recently developed. Since this advanced prototype is expected to kill competition for them for around next 5 years, it is crucial to have successful vulnerability assessment to identify any loophole in the security system.
Getting the most out of the vulnerability assessment requires an understanding of your organization’s mission-critical processes and underlying structure, and applying that understanding to the results. To get the best possible results, it should include the following steps: –
1) Identification and understanding your business processes
The first step is to identify and understand your organization’s business processes, focusing on those components that are critical and sensitive in terms of compliance, client security, and competitive positioning. Individuals from various offices set up together security methodology teams with delegates from every office, which cooperate for a few weeks to break down business processes and the information they depend on.
2) Understand the applications and data that underlie business processes
Once the business procedures are recognized and positioned as far as mission criticality, the next step is to identify the applications and data on which those mission-critical processes depend. This step is very important as it is required to distinguish that what precisely we need to shield from any outside danger. Again, this requires people from different domains to identify those applications that are much more critical than anticipated.
Example: – Email security is something that is critical for all the employees no matter which department they are from.
3) Determine what hardware underlies applications and data
Determine the data storage devices that are holding the mission-critical and sensitive data used by those applications.
Example: – For Web/database applications, you may be talking about three or more sets of servers—Web, application and database—per application.
4) Map the network infrastructure that connects the hardware
Understand the routers and other network devices that your applications and hardware depend on for fast, secure performance.
5) Identify which security controls are already in place
Next step should be to identify the security controls measures you have already implemented in your system including arrangements, firewalls, application firewalls, interruption recognition and counteractive action frameworks, virtual private systems (VPNs) and encryption—to protect every arrangement of servers and capacity gadgets facilitating mission-basic applications and information. This step helps us to find our current security status.
Example: – In this case, the offices are already connected via a virtual private network (VPN) over fiber optic connections. Also, all the systems have a local virus scanner to detect any external virus.
6) Run vulnerability scans
Now that you have understood your application flow with all the critical components and information to be secured, it is time to run your vulnerability scans. This step will help you to distinguish what additional efforts to establish safety should be taken other than the effectively existing security control measures embraced by the association.
7) Apply business and technology context to scanner results
Your scanner may create scores of host and different vulnerabilities with seriousness evaluations, however since results and scores depend on target measures, it's critical to decide your association's business and foundation setting. Deriving meaningful and actionable information about business risk from vulnerability data is a complex and difficult task. Whether doing this task internally or getting outside help from some other organization, your results need to be analyzed to determine which infrastructure vulnerabilities should be targeted first and most aggressively.
REFERENCES:-
a) T. G. (n.d.). Guide to Information Technology Security Services.
Retrieved from
http://csrc.nist.gov/publications/nistpubs/800-35/NIST-SP800-35.pdf
b) M. G. (n.d.). Http://www.qualified-audit-partners.be/user_files/QECB_GLC_COBIT_5_ISACA_s_new_framework_201303.pdf.
Retrieved from
http://www.qualified-audit-partners.be/user_files/QECB_GLC_COBIT_5_ISACA_s_new_framework_201303.pdf