COIT20263 ass2 part 2-Final (2)
docx
keyboard_arrow_up
School
Central Queensland University *
*We aren’t endorsed by this school
Course
MISC
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
15
Uploaded by CaptainTeamFerret36
COIT20263
Information Security Management
Term 3, 2023
Assessment 2 Part Two
Tutor: Md Hossain
Prepared by:
Prabin Sharma (12207143)
Prashant Poudel (12213897)
Buland Shrestha (12204230)
Susan Bista (12216002)
Date: 26 January. 2024
a)
Based on week 8 workshop material/slides, identify two of the access control models that you
think are suitable for SyMeCa Software Solutions Pty Ltd (SSS). Your discussion should explain
the access control model and provide details of your proposal for SSS (your discussion should be
specific to SSS). Justify your choices. (
Work on it during Week 8 workshop
). Answer:
An access control model refers to a framework or system that regulates permissions and restrictions
for accessing resources within a computer system or network. It establishes the guidelines and
procedures for granting or declining access to users or entities based on their identity, roles,
attributes, or other relevant factors.
Access control models play a critical role in safeguarding an organization's data and effectively
managing and limiting access to resources. In the context of SyMeCa Software Solutions Pty Ltd
(SSS), a mid-sized software company operating in a dynamic and collaborative work environment
with three branches located across Australia. There are various types of access control models frequently employed in the field of information
security.
Mandatory Access Control (MAC)
Discretionary Access Control (DAC)
Role-Based Access Control (RBAC)
Attribute-Based Access Control (ABAC)
Rule-Based Access Control (RBAC)
After conducting a thorough evaluation of the requirements and ongoing challenges, we have
decided to select the following access control models that are best suited to address their unique
needs.
Attribute-Based Access Control:
Attribute-Based Access Control (ABAC) is a widely recognized model for access control in which
access control policies are defined based on various attributes related to users, resources, and the
environment (Hu. et. al. 2015). These attributes can include factors such as user roles, location, time
of access, and contextual information. In the context of SSS, ABAC can be effectively utilized to
formulate access policies that are tailored to specific attributes such as data sensitivity, project roles,
and location.
Proposal for SSS:
With SSS's flexible work arrangements and wide range of clients, implementing ABAC can provide
significant advantages in adjusting access control based on user attributes such as location, device,
and involvement in projects. Various projects may necessitate distinct access requirements
depending on the sensitivity of the data and the work context. For example, employees working
remotely may require different access permissions than those based in the office. ABAC enables the
company to establish policies based on contextual attributes, thus bolstering security in a dynamic
work environment.
Justification:
ABAC is a suitable solution for SSS due to its ability to adapt to changing environments. SSS serves a
wide range of clients, including financial institutions and government agencies. ABAC offers a robust
access control mechanism by considering factors like data sensitivity and client security
requirements. It enables SSS to implement a flexible access control approach by defining policies
based on contextual attributes such as location and time. For instance, access to specific resources
can be limited to certain branches or specific hours. ABAC promotes secure collaboration and data
sharing within SSS. By considering attributes like project roles and data classification, ABAC ensures
that only authorized individuals have access to confidential information.
Role-Based Access Control (RBAC):
Role-Based Access Control (RBAC) is a commonly utilized access control model in which access
permissions are allocated according to an individual's designated role within the organization. Each
employee is assigned specific roles, and each role is accompanied by predetermined permissions.
(Ferraiolo et. al. 1999
).
Proposal for SSS: In SSS, where different branches specialize in various areas (e.g., app development, financial
software, government contracts), RBAC can be implemented to streamline access control. For
example, employees in the Sydney branch focused on app development might have roles
specific to their expertise, and access permissions would be granted accordingly. RBAC ensures
that employees have the necessary access rights based on their roles, reducing the risk of
unauthorized access to sensitive information.
Justification:
SSS operates in various divisions, each focusing on different areas such as app development,
financial software, and government contracts. Role-Based Access Control (RBAC) can be
implemented to define specific roles for each division, including their corresponding responsibilities.
This approach ensures that employees can access necessary resources and information according to
their roles. RBAC is well-suited for SSS due to its clear structure and easy management, which is in
line with the company's diverse workforce and flexible work patterns. By implementing RBAC, the
company can minimize the risk of unauthorized access by allowing employees access only to
resources relevant to their roles. Furthermore, RBAC reduces the risk of access errors and the need
for manual adjustments by ensuring that individuals are granted access based on their designated
roles. By adopting Attribute-Based Access Control (ABAC) and Role-Based Access Control (RBAC), the
organization can establish a comprehensive and effective access control framework to meet their
specific needs. These models will improve security measures, reduce the likelihood of unauthorized
access, and promote secure collaboration and data sharing among team members within the
company.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
b)
Based on week 9 workshop material/slides recommend some security practices for SSS. Provide
a detailed discussion with justification on how your recommended security practices will
improve SSS’s security. (
Work on it during Week 9 workshop
). Answer:
In the current era of technology, businesses encounter escalating cybersecurity risks and the
necessity to safeguard their confidential data against unauthorized access, data breaches, and other
security incidents. SyMeCa Software Solutions Pty Ltd (SSS), a software company of moderate size
with various branches throughout Australia, shares this concern. Consequently, considering recent
cyber-attacks and security breaches, SSS acknowledges the significance of reviewing and improving
their practices in information security management.
Here are a few examples of well-known security practices that are commonly adopted by large
corporations. Each practice plays a vital role in improving an organization's security stance and
safeguarding its valuable information assets. It is imperative for organizations to evaluate their
unique needs and requirements and adopt a tailored combination of these practices to establish a
robust and efficient security framework.
Benchmarking:
Benchmarking is a strategic management technique that involves analysing an organization's
methods, results, or ways of doing things with those of similar businesses, known leaders in the
field, or rivals. The goal is to find places to improve, learn about the best ways to do things, and
make everything more efficient and effective. When it comes to information security,
benchmarking helps companies compare their security measures to current standards. This
shows them where they might be weak and helps them put in place strong security practices
(CIOACĂ, BRATU & ȘTEFĂNESCU 2017). Some of the benefits and improvements because of
benchmarking are listed below:
a.
Find Security Gaps:
Benefit: Benchmarking lets SSS check their security measures carefully by comparing them to normal
practices in the industry and finding any holes or weak spots.
Improvements: By seeing these gaps, SSS learns about areas that need instant attention. This proactive
method makes sure that security holes are fixed quickly, which improves overall security.
b.
Learn from Best Practices:
Benefit: Benchmarking lets SSS see the best security practices that companies with more experience
have taken.
Improvements: SSS can improve their security by learning about and using these best practices. By learning
from leaders in the field, SSS can put in place effective means and keep up with new threats.
c.
Set performance goals:
Benefit: Comparing security data to industry averages through benchmarking helps you set
performance goals that are reasonable and doable.
Improvements: SSS can set clear security improvement goals and deadlines. Keeping track of success against
these goals on a regular basis keeps the focus on improvement.
d.
Continuous Improvement:
Benefit: Benchmarking helps SSS's security programme have a habit of always getting better.
Improvements: Regular comparisons with benchmarks set up a feedback process that helps people keep
getting better. Keeping a proactive security stance, SSS can change and adapt its security
methods to deal with new threats.
The International Organisation for Standardisation (ISO):
The International Organisation for Standardisation (ISO) is a worldwide group that creates and
distributes international standards to make sure that goods, services, and systems in many fields are
safe, of high quality, and work well. It is important to follow ISO 27001 and ISO 27002 when it comes
to computer security (Tsohou et. al. 2010). ISO 27001 lays out the steps for creating, applying,
maintaining, and always making an information security management system (ISMS). ISO 27002, on
the other hand, gives advice on how to set up specific security controls within the ISMS. Companies
often try to get ISO approval to show that they care about keeping data safe and following standards
that are known around the world. Some of the benefits and improvements that can be gained from
implementing ISO are listed below:
a.
Complete Security Framework:
Benefit: ISO standards, like ISO 27001 and ISO 27002, give information security managers a complete
framework that covers all parts of their job.
Improvement: SSS can make sure that all parts of their security programme are properly handled, such as
risk management, access control, and incident response. This creates a complete and strong
information security management system (ISMS).
b.
Risk-Based Approach:
Benefit:
ISO standards stress a risk-based approach, which means that security steps are in
line with known risks.
Improvements:
Based on how bad risks could be, SSS can decide how to spend its time and
money. By focusing on the most important areas, this makes sure that security is focused
and effective.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
c.
Compliance and assurance:
Benefit: ISO approval shows that SSS is dedicated to protecting information and following global
rules.
Improvement: SSS's clients, partners, and other stakeholders can be sure that the company is committed to
strong security measures. Getting ISO certification can help SSS's image, build trust, and
bring in clients who care about security.
d.
Continuous Improvement:
Benefit: Regular monitoring and review of the ISMS is part of ISO standards, which encourage a cycle
of continuous improvement.
Improvement: SSS can review and update security policies, processes, and controls on a regular basis. This
ability to change means that the ISMS will still work even as threats and business needs
change.
By putting measurement and ISO practices together, SSS can make a security management method
that works better. Benchmarking gives you information from other companies in the same field, and
ISO standards give you an organised way to put security practices into place and keep making them
better. This approach helps to improves SSS's security and helps them deal with the constantly
changing cybersecurity situation.
However, in addition to the major practices mentioned, there are several minor practices that are
important in safeguarding against cyber threats, protecting sensitive information, ensuring
compliance with regulations, and maintaining trust. These practices are essential for ensuring the
continuity and integrity of operations. As stated by the CYBERSECURITY & INFRASTRUCTURE
SECURITY AGENCY (2018), they play a critical role in preventing unauthorized access, data breaches,
and potential harm to individuals, organizations, and their assets. Below are some additional security
practices that should be considered:
a.
Implement Regular Background Checks:
Conducting regular background checks on all employees with access to sensitive data is crucial for
identifying potential security risks. This practice ensures that individuals with a history of criminal
behaviour 0or other security concerns are not granted access to sensitive information. By conducting
thorough background checks, SSS can mitigate the risk of insider threats and maintain the integrity
of their security measures.
b.
Establish Security Baselines:
Establishing security baselines involves assessing the current security performance of SSS. This
process allows SSS to understand their current security posture and provides a basis for comparison
against future performance. By establishing baselines, SSS can identify areas that need improvement
and implement targeted security measures to enhance their overall security maturity.
c.
Regularly Update Security Policies:
Ensuring that enterprise security policies are updated annually, and employees are educated on
changes, is crucial for maintaining a robust security posture. Regular updates to security policies
allow SSS to adapt to evolving security threats and ensure that employees are aware of their
responsibilities. By keeping security policies up to date, SSS can effectively address emerging risks
and maintain a strong security culture within the organization.
d.
Enforce Least Privilege Principle:
Restricting access to sensitive data based on the principle of least privilege ensures that employees
have the minimum level of access necessary to perform their job functions. By implementing access
controls and granting employees only the privileges required for their specific roles, SSS can
minimize the risk of unauthorized access and reduce the potential impact of insider threats. This
practice helps protect critical data assets and maintain data confidentiality.
e.
Conduct Security Awareness Training:
Regular security awareness training for employees is essential in creating a security-conscious
workforce. By providing training on recognizing security issues, understanding how to report them,
and familiarizing employees with the organization's security policies, SSS can empower its workforce
to be a critical line of defence against social engineering attacks. Security awareness training ensures
that employees understand their role in maintaining a secure environment and helps foster a culture
of security within the organization.
f.
Regularly Monitor and Test Networks:
Continuous monitoring of network access and regular testing of security systems and processes are
crucial for identifying and addressing vulnerabilities promptly. By monitoring network activity, SSS
can detect suspicious behaviour or potential security incidents in real-time. Regular testing of
security systems and processes, such as penetration testing and vulnerability assessments, helps
identify weaknesses and allows SSS to proactively address them. This practice ensures that security
controls remain effective and helps SSS stay ahead of emerging threats.
g.
Implement Access Control Measures:
Restricting access to cardholder data or sensitive information based on the principle of least
privilege and employing strong authentication measures helps prevent unauthorized access. By
implementing access control measures, such as multi-factor authentication and role-based access
controls, SSS can ensure that only authorized individuals have access to critical data assets. Access
control is a fundamental aspect of protecting sensitive information and maintaining data
confidentiality.
h.
Follow Secure Coding Practices:
For software or applications developed by SSS, incorporating secure coding practices is essential. By
following secure coding practices, SSS can prevent common vulnerabilities and reduce the likelihood
of exploiting software flaws. This enhances the overall resilience of SSS's IT infrastructure and helps
protect against potential security breaches.
i.
Regularly Update and Patch Systems:
Maintaining a vulnerability management program that includes regular updates and patches is
crucial for addressing known security vulnerabilities. By promptly applying updates and patches to
software, operating systems, and other components of the IT infrastructure, SSS can mitigate the risk
of exploitation by malicious actors leveraging known vulnerabilities. Regular updates and patches
help ensure that SSS's systems remain secure and resilient.
In conclusion, implementing these security practices will contribute to strengthening SSS's overall
security posture. By adopting these recommendations, SSS can establish a proactive and resilient
security environment, better protecting its sensitive information and IT infrastructure. These
practices cover various aspects, including employee background checks, security baselines, industry
standards, security policy updates, access control, security awareness training, network monitoring,
secure coding, and regular system updates. By prioritizing these practices, SSS can enhance their
security measures and mitigate potential risks.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
c)
Identify an adverse event (incident) that could result in loss of SSS’s information asset. Device an
Incident response plan (IR plan) for SSS. Your discussion should include a detailed analysis. Your
plan should include action to be taken in the event of the incident that you mentioned before.
(
Work on it during Week 10 workshop
). Answer:
An incident response plan (IR plan) is a formal document that outlines the procedures and guidelines
an organization follows when addressing security incidents. This plan details the necessary steps to
detect, contain, mitigate, and recover from incidents like data breaches, cyber-attacks, or system
disruptions. The purpose of an incident response plan is to provide a structured and coordinated approach to
effectively manage incidents, minimize their impact on the organization's operations and
information assets, and ensure the swift restoration of normal business operations. The plan
includes predefined roles and responsibilities, communication protocols, incident detection and
reporting procedures, containment and mitigation strategies, recovery processes, and post-incident
analysis and improvement measures.
As SyMeCa Software Solution (SSS) has already encountered into ransomware attack due to an
internal breach and we can’t say it might not happen again so, Advanced ransomware attacks are
one potential adverse event that might lead to the loss of SyMeCa Software Solutions Pty Ltd's (SSS)
information assets. Malicious actors may use such an occurrence to take advantage of holes in the
organization's systems, encrypt important information, and demand a fee to unlock it. Operations
might be interfered with, client data could be compromised, and financial and reputational harm
could result from the assault. considering this adverse effect, we can plan some Incident Response
Incident Response Plan (IR Plan) for Ransomware Attack:
1.
Preparation:
Establish an Incident Response Team (IRT):
According to Whitman (2019), Assemble
a dedicated team, including IT security experts, legal advisors, communication
specialists, and relevant department heads. This will help in several sectors from
articulating the organization’s responses to various types of incidents and focusing
on cybersecurity infrastructure protection. This incident handling procedure mainly
focuses on Before the incident.
Regularly Back Up Data:
Implement a robust backup strategy to ensure critical data
can be restored if compromised. 2.
Identification:
Implement Intrusion Detection Systems (IDS):
Make use of cutting-edge threat
detection technologies to identify unusual activity and possible ransomware attack
indications. As soon as the handler suspects an event, they begin recording the
inquiry, obtaining evidence, and professionally handling the situation considering
relevant facts (Cichonski, Millar, Grance & Scarfone, 2012).
User Training and Awareness:
Provide frequent employee training sessions to
educate employees about the dangers of phishing emails and other social
engineering techniques. Creating certain scenarios where employees can learn this
type of attack in training sessions.
3.
Containment, Eradication, and Recovery:
Isolate Infected Systems:
Upon detection, isolate affected systems to prevent the
spread of ransomware throughout the network.
Deploy Antivirus and Anti-Malware Tools:
Use updated antivirus and anti-malware
tools to scan and remove the ransomware from infected systems.
Restore Data from Backups:
Initiate the restoration process from the latest backup
to ensure minimal data loss.
Patch Vulnerabilities:
Identify and patch vulnerabilities that were exploited by the
ransomware so that we can’t face the same type of problem in the future.
Conduct Post-Incident Analysis:
Analyse the incident to understand the attack
vectors, tactics, and vulnerabilities exploited, and apply lessons learned to improve
security measures.
Temporarily Disconnect from Network:
Disconnect affected systems from the
network to minimize further damage.
4.
Communication and Coordination:
Establish clear communication routes inside the company to keep all stakeholders aware of the crisis and recovery efforts. Create a communication plan for external stakeholders, such as clients, regulatory authorities, and the public, to ensure openness.
5.
Legal and Regulatory Compliance:
Engage Legal Advisors:
Working with legal specialists to handle legal issues, like as
compliance with data protection laws and regulations (Cichonski, Millar, Grance &
Scarfone, 2012). As SSS handles Government projects and should have proper legal
advisors to deal with certain situations that may arise.
Report to Authorities:
Comply with legal requirements for reporting the incident to
relevant authorities.
6.
Continuous Improvement:
Conduct a Post-Incident Review:
Evaluate the incident response process and
identify areas for improvement. Like IT Cyber team and involving Police to catch the
culprit for the incident and track them for the information leakage and Ransome
(Ilca, Lucian & Balan, 2023).
Update Security Policies:
Enhance security policies based on the lessons learned
from the incident.
However, Incident response strategy is intended to treat a ransomware assault completely. By
focusing on early discovery, containment, eradication, and recovery, with an emphasis on
communication, legal compliance, and ongoing improvement. The strategy demonstrates SSS's
dedication to resilience, risk management, and protecting its information assets. In addition,
continuous personnel training and the incorporation of cutting-edge threat detection systems reflect
a proactive attitude to security.
References:
Cichonski, P, Millar, T, Grance, T & Scarfone, K, 2012, ‘Computer security incident handling guide’,
NIST Special Publication
, vol. 800, no. 61, pp.1-147, DOI: 10.6028/NIST.SP.800-61r2
CIOACĂ, C, BRATU, A & ȘTEFĂNESCU, D 2017, ‘THE ANALYSIS OF BENCHMARKING APPLICATION IN -
CYBER SECURITY.’ Scientific Research and Education in the Air Force, pp. 57-62, DOI: 10.19062/2247-
3 173.2017.19.2.8
CYBERSECURITY & INFRASTRUCTURE SECURITY AGENCY 2018, Organization and Cyber Safety,
viewed 20 January 2024, https://www.cisa.gov/topics/cybersecurity-best-practices/organizations-
and-cyber-safety
Ferraiolo, D.F., Barkley, J.F. and Kuhn, D.R., 1999. A role-based access control model and reference
implementation within a corporate intranet. ACM Transactions on Information and System Security
(TISSEC)
, vol. 2, no. 1, pp.34-64. DOI: 10.1145/300830.300834
Hu, VC, Kuhn, DR, Ferraiolo, DF, & Voas, J, 2015, ‘Attribute-Based Access Control’, Computer (Long
Beach, Calif.)
, vol. 48, no. 2, pp. 85–88, DOI: 10.1109/MC.2015.33.
Ilca, L. F., Lucian, O. P., & Balan, T. C., 2023, ‘Enhancing Cyber-Resilience for Small and Medium-Sized
Organizations with Prescriptive Malware Analysis’, Detection and Response
. Sensors, 23(15), 6757.
Tsohou, A, Kokolakis, S, Lambrinoudakis, C & Gritzalis, S 2010, ‘Information systems security
management: a review and a classification of the ISO standards.’ Next Generation Society.
Technological and Legal Issues: Third International Conference
, pp. 220-235, DOI: 10.1007/978-3-
642-11631-5_21
Whitman, M. E. (2019). ‘Management of information security’ (H. J. Mattford, Ed.; 6th ed.). Boston,
MA, USA: Cengage Learning, pp.563-564.
Group Contributions:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Introduction:
While conducting our evaluation on issue detection and handling for SyMeCa Software Solutions Pty Ltd (SSS). our team collaborated closely to address the task at hand. This section is intended to emphasize the collaborative efforts and individual contributions of each team member. We acknowledge the significance of cooperation and teamwork in attaining our common objectives, and
this report serves as evidence of our collective endeavours.
Throughout the project, we delegated tasks among team members to promote an equitable distribution of workload and to capitalize on each person's strengths and specialized knowledge. Our
aim was to optimize efficiency and generate a thorough report that encompasses a wide range of perspectives.
Group Members:
Prabin Sharma
(12207143)
Prashant Poudel
(12213897)
Buland Shrestha
(12204230)
Susan Bista
(12216002)
Task Distribution:
In our group, we adopted a collaborative approach to distribute tasks and responsibilities for the assessment on issue detection and handling for SyMeCa Software Solutions Pty Ltd (SSS). Each group
member was assigned specific areas of focus based on their individual strengths, expertise, and interests. The task distribution was determined through open discussions and consensus-building within the group.
Here is an overview of the task distribution among our group members:
1. Susan Bista
- Task 1: Conducted extensive research on Access Control, Benchmark, and ISO.
- Task 2: Analysed relevant data and compiled statistical information.
- Task 3: Drafted the sections related to access Control and security policies.
2. Prabin Sharma
- Task 1: Conducted literature review and gathered scholarly resources.
- Task 2: Analysed case studies and real-world examples related to the assessment topic.
- Task 3: Drafted the sections related to Incident response plan and access control.
3. Prashant Poudel
- Task 1: Conducted meeting to gather primary data with team members
- Task 2: Analysed qualitative data and provided insights.
- Task 3: Drafted the sections related to benchmark, ISO, and incident response plan.
4. Buland Shrestha
- Task 1: help with the overview and overall comparison of the collected data.
- Task 2: Ensured consistent formatting and editing throughout the document.
- Task 3: Assisted in the integration of individual contributions and overall report coherence.
It is important to note that while these tasks were assigned to specific group members, we maintained open lines of communication and collaborated on various aspects of the assessment. Regular meetings and progress updates allowed us to provide feedback, share ideas, and ensure the seamless integration of our individual contributions into a cohesive final report.
We utilized Microsoft OneDrive to facilitate document sharing among group members. This enabled real-time collaboration, change tracking, and feedback provision. By sharing the document, we ensured that everyone had access to the most up-to-date version and could contribute effectively. This approach promoted seamless collaboration, as each member had the opportunity to review, edit, and suggest improvements to the document. In addition, we leveraged social media platforms such as Messenger and WhatsApp for productive conversations and discussions related to the assessment. These platforms offered a convenient and immediate means of communication, enabling us to swiftly address queries, clarify doubts, and share important updates. Group members actively engaged in discussions, exchanged relevant resources, and coordinated tasks through these platforms. The use of social media platforms assisted us in maintaining constant communication, even outside of scheduled meetings or face-to-face interactions.
Conclusion
In summary, our group successfully completed the assessment on issue detection and handling for SyMeCa Software Solutions Pty Ltd (SSS). through effective collaboration and individual contributions. By distributing tasks based on our strengths, utilizing document sharing platforms, and leveraging social media for communication, we produced a comprehensive report. Our collaborative efforts and open discussions ensured a cohesive outcome that integrated diverse perspectives. Moving forward, we will apply the lessons learned from this experience in future group
projects, recognizing the value of teamwork in achieving shared goals.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help