Scenario 1: The Very Busy Computer Media and Storage Administrator
John has been with Dynamic Software for five years. In that time, he has become the go-to person for system backups and computer media for the critical operating and application software for the company. He manages the computer media library and is responsible for making sure all system backups are completed accurately with at least three generations of backups at any one time. The library has about 700 items, and John is quick on responding to requests for software media or for backup media. John handles the whole operation himself and knows where everything is in the library. If you need something, just call John.
State five security principles or practices based upon the ISC2 Study modules that this operation violates and the possible consequences for the organization.
State five countermeasures that you would employ to improve the security of this operation and how those measures would be effective.
Scenario 2: What is in the closet?
Mary is an Information Security Officer at a USB drive manufacturing plant. In her first week on the job, she is doing a security survey of the plant. She notices that several utility closets do not have locks. The closets house telecommunications lines and power lines for the plant. She reports this situation to her CSO. He states that if the server and sever rack rooms have locks, things are fine. Maintenance people need easy access to the utility closets. Mary doesn’t agree and decides to write up a memo for discussion at the next plant Security Committee meeting.
How do the unlocked closets affect Confidentiality, Integrity, and Availability? Give a specific problem for each.
Besides supplying locks for the utility closets, identify two other physical security controls that you would recommend. How would they be effective?
Scenario 3: Who do you trust?
Review the Zero Trust section in Bob’s PowerPoint and compare it to the slide “Network Security – Types of Devices.” Explain measures you would take to enforce zero trust at each of the eight layers of the network.
Scenario 4: Data Handling
Carl the CSO of Diversified Data Analytics is holding an in-house conference on Data Handling methods for the Information Security Staff. His two main concerns are preventing proprietary data from leaving a secured zone without authorization and ensuring that there is a dependable method of reporting, storing, and disseminating security incidents among staff. Given that the Six Phases of Data Handling are:
Plan and Design
Collect and Create
Analyze and Collaborate
Evaluate and Archive
Share and Disseminate
Publish and Reuse
Explain what actions you recommend in each phase to achieve the two objectives.
Scenario 5: Incident Response
Devise an incident response plan for a power loss lasting more than one hour on the production line of the USB manufacturing plant. In your plan consider more than just getting power restored. What are some of the information security concerns that could occur with this loss of availability?
Full Answer Section
- Documentation and Inventory Control: The reliance on John's personal knowledge suggests a lack of formal documentation and inventory control for the media library. This makes it difficult to track media, verify backups, and recover data in John's absence.
- Security Awareness Training: John's practices suggest a potential lack of security awareness training, as he may not fully understand the risks associated with his current practices.
Possible Consequences:
- Data loss due to accidental or malicious actions.
- Business disruption due to inability to restore systems.
- Financial loss due to data breaches or regulatory fines.
- Reputational damage.
- Difficulty in auditing and compliance.
Five Countermeasures:
- Implement Separation of Duties: Divide the responsibilities of media management among multiple individuals. This ensures that no single person has complete control over the process.
- Implement Job Rotation: Rotate personnel in and out of the media management role periodically. This reduces the risk of fraud and brings in fresh perspectives on security practices.
- Enforce the Principle of Least Privilege: Grant individuals only the access rights they need to perform their specific job functions.
- Establish Formal Documentation and Inventory Control: Implement a system for tracking all media items, including their location, backup schedules, and retention policies. This will ensure accountability and facilitate recovery in case of disaster.
- Provide Regular Security Awareness Training: Educate all personnel on security best practices, including the importance of separation of duties, least privilege, and proper media handling procedures.
Scenario 2: What is in the closet?
Impact of Unlocked Closets on CIA:
- Confidentiality: Unauthorized access to telecommunications lines could allow individuals to eavesdrop on sensitive communications.
- Integrity: Tampering with power or telecommunications lines could disrupt service or introduce malicious code into the network.
- Availability: Damage to or sabotage of these lines could cause significant downtime for the plant.
Other Physical Security Controls:
- Intrusion Detection System (IDS): An IDS placed near the utility closets could detect unauthorized access attempts and alert security personnel.
- Video Surveillance: Installing cameras near the closets would provide a visual record of activity and deter potential intruders.
Scenario 3: Who do you trust?
Zero Trust Measures at Each Network Layer:
Zero trust assumes no implicit trust, even within the network perimeter. Measures at each layer could include:
- Physical: Secure access to physical infrastructure (servers, network devices) with locks, mantraps, and surveillance.
- Data Link: MAC address filtering and port security to prevent unauthorized devices from connecting.
- Network: Micro-segmentation to isolate different parts of the network, firewalls between segments, and intrusion detection/prevention systems.
- Transport: Encrypting all traffic in transit (TLS/SSL) and using VPNs for remote access.
- Session: Multi-factor authentication for all user sessions and time-based access controls.
- Presentation: Data encryption and tokenization to protect sensitive data.
- Application: Application whitelisting and sandboxing to prevent malicious software from running.
- User: Strong password policies, multi-factor authentication, and regular security awareness training.
Scenario 4: Data Handling
Actions for Data Handling Objectives:
Scenario 5: Incident Response Plan for Power Loss
Incident Response Plan for Power Loss > 1 Hour:
- Assessment: Determine the extent of the power outage and its impact on production systems.
- Notification: Notify key personnel (management, IT staff, security team) of the power loss and its potential impact.
- Containment: Implement procedures to safely shut down systems if necessary to prevent data corruption.
- Eradication: Once power is restored, verify the integrity of systems and data. Restore systems from backups if necessary.
- Recovery: Bring production lines back online in a controlled and phased manner.
- Post-Incident Activity: Review the incident, identify lessons learned, and update the incident response plan as needed.
Information Security Concerns:
- Data Corruption: Abrupt power loss can corrupt data on storage devices.
- System Damage: Power surges when power is restored can damage hardware.
- Loss of Audit Logs: If systems are not properly shut down, audit logs may be lost, hindering investigation of any malicious activity that may have occurred during the outage.
- Vulnerability Exploitation: While systems are down or being restored, they may be more vulnerable to attack.