- Internal Code :
- Subject Code : ISEC5006
- University : Curtin College
- Subject Name : IT Computer Science
Fundamental Concepts of Data Security - Question 1
Security goal compromised:
Availability security goal was compromised by this ransomware attack.
Reasons:
The information is held as a hostage until the owner of the information provides the requested "ransom" as well as the information is "released" at that time. Using social engineering technology or untrained users can click phishing messages, infected web ads, or visit malicious websites to release the ransomware software to the system. Then use encryption key technology to encrypt the hard drive as well as lock the target Information.
Technical preventive control example
Preventive control is intended to be executed before danger occasions to diminish or stay away from the potential just as potential effect of fruitful danger occasions. Instances of proactive administration incorporate approaches, principles, forms, methodology, encryption, firewalls, just as physical obstructions.
Many people are surprised at the idea that the dramatic impact of the Ransamware attack could be prevented by a simple patch released two months before the coordinated attack.
Technical detective control example
Technical detective is intended to distinguish when a danger occasion happens just as give help during examination just as review after the occasion happens. Instances of disclosure controls incorporate checking security occasion logs, recognizing host just as system interruption of danger occasions, just as antivirus distinguishing proof of malignant code. However, updating the version or patching is not as simple as you expected. "Typically, the lack of updates as well as patches is not because IT is too lazy, it may not be because we don't have the authority," Ford says. For example, in certain regulated industries, companies must obtain approval from systems running a specific version of software. You can also make any changes without the approval of the regulation
Administrative preventive control example
Administrative preventive are designed to reduce or limit potential impact as well as recover to normal operations when a threat event occurs. Instances of restorative controls incorporate mechanized expulsion of malignant code by antivirus programming, business coherence, recuperation plans; have interruption of danger occasions, just as system interruption counteraction.
Fundamental Concepts of Data Security - Question 2
Explanation:
The Clark Wilson model is for respectability. Like the Biba model, are both predictable? Not for privacy. That is the reason for the Bell-LaPadula model. What's more, it's not accessibility. These are for reinforcement, high accessibility firewalls, offsite capacity, hot destinations, cold locales, just as warm locales. Be that as it may, you know, these are not so much access control models like The Bell or Biba Model, yet are simply controls. At a significant level, both the Clark Wilson model just as the Biba model is attempting to complete two things:
First, unauthorized users in the system do not want to make changes. If the change is caused by a single character, number, or character, all integrity is lost. If you did not intend to change it, the integrity was lost. This is one of the core goals of the Biba as well as Clark Wilson access control models to prevent unauthorized changes to data.
Then, Biba as well as Clark Wilson Model maintain integrity by ensuring that authorized users have not made unauthorized changes. Similarly, users have permission to make changes, but they cannot make changes that change the integrity of files, objects, or resources.
In other words, there is no chance or intentional action to destroy system integrity (even if permitted). Even a good man can make mistakes as well as destroy the system.
Examples
Constrained Data Items (CDI)
The main data type for the Clark Wilson model is Constrained Data Items (CDI). The Consistency Verification Procedure (IVP) ensures that all CDIs in the system are enabled in a specific state. The transaction to which the consistency policy is applied is represented by the Translation Procedure (TP).
Unconstrained data items (UDIs)
An unconstrained data item (UDI) is all other data. Key input to the conversion procedure. If the subject is constrained as well as can only access the object through the specified conversion procedure, the conversion procedure can incorporate the logic required to restrict permissions as well as separate jobs. The transformation procedure itself can control access from the subject to the object at a more granular level than is available on the system.
Transformation Procedure (TP)
The transaction to which the consistency policy is applied is represented by the conversion procedure (TP). TP receives CDI or Unconstrained Data Item (UDI) as input as well as generates CDI. The TP must migrate the system from one valid state to another.
Integrity verification Procedure (IVP)
The Integrity verification Procedure (IVP) model indicates the separation of duties that must be performed as well as that the audience must access the data through the application. IVP scans the data items to ensure consistency. The Clark-Wilson model uses the following elements: You can only work with user-active agents, transform procedures (TPs), programmed abstract operations such as read, write, as well as change, constrained data items (CDI) TPs, as well as unconstrained data items. (UDI) users can be manipulated by users through primitive read as well as write operations, as well as through the Integrity verification Procedure (IVP). Check CDI consistency
Fundamental Concepts of Data Security - Question 3
Difference 1
Static Data Masking (SDM) permanently replaces sensitive data by modifying the stored data in the database copy provisioned in the DevOps environment, but Dynamic Data Masking (DDM) does not change the original stored data by temporarily hiding or replacing the sensitive data that is being transferred. There are use cases for both solutions, but comparing them as alternative options as well as/or calling both "masking" is obviously a sort error.
Difference 2
Static data masking not only supports the overall data security efforts, but also helps protect the security of the DevOps environment, but dynamic data masking is primarily used to apply role-based (object-level) security to production databases or applications. A means to apply this security to (legacy) applications that do not have a built-in role-based security model, or a means to perform job separation for access. It is not intended to permanently change sensitive data values for use with DevOps features such as static data masking.
Example static masking more suitable:
Static masking is ideal for other applications such as protecting data for analysis as well as training, as well as promoting compliance with standards as well as regulations (such as GDPR, PCI, as well as HIPAA) that require limitations on the use of personally identifiable data.
Example dynamic masking more suitable:
Dynamic masking is useful when sensitive data queried by an analyst remains in the report database. The SQL issued by the analyst traverses the DB Proxy, which examines each packet as well as determines which user is trying to access which database object. The SQL is modified by the proxy before it is published to the database, as well as masked data is returned to the analyst via the proxy.
Fundamental Concepts of Data Security - Question 4
Issue 1:
The students' first act on reporting the incident was ethical. Reporting a bug to an information security staff is a great way to help improve security, as developers or InfoSec teams may not know about it. This type of action allows you to route the problem as well as correct it at the appropriate level.
Issue 2:
It is unethical to continue to use the known Equates because you should know that you are not allowed access to the records of other students. It was an unethical decision for The Student if you don't need to access records rather than access them intentionally after discovering bugs.
Issue 3:
Intrusion testing should be known to your system administrator as well as the InfoSec team. The bug detection should be reported, but it is not part of the intrusion test.
Issue 4:
She seems to have been accessing other records, even though she knows it's unethical to do so. Checking whether an Export has been modified is not the same as accessing records that should not be modified. In addition, unless the IT department or InfoSec team asks the students to see if the problem has been fixed, the students are not responsible for the role of the students.
Suggestion 1:
Her behavior was not ethical because she continued to access the records through the loopholes in the computer security system until it was corrected. However, it is true that she told the system administrator about the loophole. In the given scenario, ethical behavior indicates that the system administrator is notified of the loopholes in the security system as well as does not interfere or access the records because he did not want others to identify the loopholes or harm the university records. Protecting data from potential unauthorized access by others is an option for her.
Suggestion 2:
I believe this individual's actions are both ethical as well as unethical. He told the system manager about it, as well as I think they were ethical, but I think it was unethical because I decided to examine other people's records until I corrected it.
Fundamental Concepts of Data Security - Question 5
Preventive layer
Preventive layer represent security measures designed to prevent unnecessary or unauthorized activities from occurring. Examples include physical controls such as fences, locks, as well as alarm systems. Technical controls such as antivirus software, firewalls, as well as IPS. Administrative controls such as separation of duties, classification of data, as well as auditing.
Detective layer
Detective layer describes security measures or solutions implemented to detect as well as alert against unnecessary or unauthorized activities in progress or after they occur. A physical example includes an alarm or notification from a physical sensor (door alarm, fire alarm) that alerts the guard, police, or system administrator. Honey pot as well as IDS is examples of technical detective management.
Corrective layer
Corrective layer include measures to repair damage, restore resources, or restore functionality after unauthorized or unnecessary activity. Technical remediation management examples include patching systems, virus isolation, process termination, or system restart. Moving an incident response plan to execution is an example of administrative remediation management.
Recovery layer
Recovery layer is intended to complement remediation efforts. It also attempts to bring the system back to normal state before an attack occurs.
Discussion 1:
Yes, I agree. This is because a set of defense mechanisms follow a tiered approach to cyber security to protect information as well as valuable data. If one mechanism fails, another mechanism immediately steps up to prevent the attack. This multi-layer approach with intentional redundancy not only improves system-wide security, but also addresses a variety of attack vectors. Because it reflects the multi-layer defense of medieval castles, it is generally called the "castle approach.”Before entering a castle, you will face moats, walls, drawbridges, towers, as well as parapets.
The digital world has revolutionized our lives, our work, as well as our way of play. However, because the world is always under attack as well as there are so many potential attackers, you need to ensure the appropriate security to prevent system as well as network breaches. Unfortunately, there is no single way to successfully defend all types of attacks. Here is multi-tier defense architecture.
Discussion 2:
No. Multi-layer protection includes a combination of security products (WAF, antivirus, anti-spam software, etc.) as well as training to block threats as well as protect critical data. Vendors that provide software to protect end users from cyber attacks can bundle multiple security products into the same product. For example, you package antivirus, firewall, antispam, as well as privacy controls together.
Fundamental Concepts of Data Security - Question 6
Current values
1. SLE - 0.66
2. ARO – 0.68
3. ALE – 0.55
Control A
1. SLE – 0.57
2. ARO – 0.55
3. ALE – 0.45
4. ACS - 0.22
5. CBA – 0.12
Control B
1. SLE – 0.55
2. ARO - 0.42
3. ALE - 0.22
4. ACS – 0.45
5. CBA – 0.22
Conclusion:
Control A cost is better than Control B cost.
Fundamental Concepts of Data Security - Question 7
Critical activities:
The BIA investigates the money related just as operational effect of damaging occasions on the business zone, just as the procedures of the association. It is critical to be adroitly clear about this announcement. A financial effect is a fiscal misfortune, for example, lost deals, loss of assets, or loss of income. Operational effect speaks to non-fiscal misfortunes related with activities, for the most part including a decrease in seriousness, poor client support, just as poor business notoriety.
The BIA's findings also make it important for organizations to understand the details of the roadmap for developing business continuity strategies as well as incident management plans as well as to determine the scope of overall efforts to recover from potential business disruption (IMP). The BIA enables organizations to identify critical processes as well as continuity requirements for the business that is a major issue in developing the IMP. One of the basic aspects of developing the BIA is that it helps you determine whether your existing business continuity strategy is meeting your recovery requirements.
Examples of critical activities:
Example 1:
The BIA focuses specifically on justifying business continuity requirements proposed by establishing business continuity requirements, identifying resource dependencies, as well as estimating the impact associated with downtime. Risk assessment is designed to focus on the potential as well as severity associated with loss of activity as well as understanding of resources, establish a priority list of risk handling, as well as reduce the likelihood that organizations will experience confusion in their ability to deliver products in addition to services.
Example 2:
A few associations just as some other hazard disciplines perform chance appraisals dependent on the evaluation of likely dangers (usually called peril just as helplessness examination - HVA). Be that as it may, business congruity performs chance appraisal dependent on disappointment mode (this methodology is once in a while alluded to as disappointment examination just as effect investigation). The explanation is straightforward. It's hard to distinguish all dangers that could upset your business. It is increasingly handy to see the center disappointment mode, explicitly the interference of assets expected to play out the movement.
Suggest how to determine RTO value:
RTOs are estimated in the timeframe that the business can endure a fiasco before the activity is effectively reestablished. At the point when the RTO is 24 hours, it implies that the business can keep up activities around then, regardless of whether the ordinary information just as foundation is not accessible. In the event that your information just as foundation is not recuperated inside 24 hours, your business may endure hopeless harm.
Discussion
Both RTOs as well as RTOs should be considered to ensure the survival of a business after a disaster as well as to create a cost effective disaster recovery plan. To effectively recover from a disaster, you must be able to ensure that both your RTO as well as RTO objectives are met. At the same time, to save money, you need to avoid excessive investment in RTOs as well as RTO guarantees. For example, your business RTO is 4 hours, as well as your IT infrastructure can meet two hours of recovery time. Because there is no current business need, it is unnecessary to invest heavily in hardware as well as software to reduce the minimum restore time to one hour.
Fundamental Concepts of Data Security - Question 8
Incident response plans are created to address cyber security incidents. A DoS or Denial of Service attack is a type of attack in which requests from clients do not reach the server. This prevents the resource or service from being rejected or available to the client. This is done by attacking the machine that provides the server or service. This will not only shut down the machine, but also make the service unavailable.
Example of response actions in Triage:
This step evaluates the problem. The guidelines are reviewed. Security measures are monitored as well as evaluated.
Example Action:
DoS attacks are more relevant to the network team than to the security team.
The up as well as downstream roles are established according to the network team roles. The role is assigned to contact the party in the procedure, to disconnect the wire, as well as to check the port.
Investigation:
This step monitors security events as well as checks the firewall. An incident ticket is generated as well as a report is created on the findings.
Example Action:
Monitor on-premises applications for traffic.
Traffic visibility helps you determine the type of data that moves across the network.
DoS can be caused by application performance or service issues. Both are checked for the same.
Containment:
This step shuts down the system as well as erases the device. The operating system is rebuilt.
Example Action:
The accounts affected by DoS are detected.
The password for all accounts will be changed.
A mitigation request is issued for all channels that move data out of the network.
Connections to such channels' domains are also blocked.
Analysis:
In this step, further analysis is performed to detect the threat indicator.
Example Action:
A malicious program runs on the virtual machine to monitor the results. Malicious programs are reverse engineered to identify complete functionality.
The event log is analyzed.
Tracking:
This step tracks attacks for each IP address of the system. In most cases, it is very difficult to track DoS attacks because the system's bandwidth is full of multiple system data.
Example Action:
You can use one of the tools available on the market to determine the IP address of a malicious attacker's computer.
Check all affected machines as well as catch the bot.
Collect the IP address of the bot.
When a hacker attempts to connect to a discovered bot, it can track the hacker's IP address.
Recovery:
This step returns the system as well as the organization to working properly.
Example Action:
Test the system again.
Uninstall all affected software.
Configure the firewall.
Only restricted open ports are configured.
Replace the full hard drive.
Rebuild the entire network.
Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Computer Science Assignment Help