Shawn's C843 Task Example (Paper Option)

pdf

School

Western Governors University *

*We aren’t endorsed by this school

Course

C843

Subject

Information Systems

Date

Dec 6, 2023

Type

pdf

Pages

5

Uploaded by LieutenantFire12897

Report
Shawn’s C843 Example: The King’s Gate Guard Case Study: A palace within the “Three Kingdoms” region experienced an attack recently. Yesterday (Friday), the palace ’s guards allowed untrained guards to man the gate while they played cards and drank ale as they do every Friday night. The guards-in-training accepted an unusually large package into the palace without inspecting the contents. This morning (Saturday), a young guard-in-training noticed an enemy helmet on the ground, the open, empty package crate w/ exiting footprints visible and the palace back gate open and unguarded. He wondered if what he was seeing was related to the commotion he heard coming from the palace armory during the night. Further investigation revealed; the King and several knights and guards were dead, the king's war council room had been accessed, maps, battle plans, the palace population’s calendar year 1491 income tax documents were missing, a royal lineage document had been craftily re-written and left behind, and the armory entrance had been destroyed preventing entry. The king’s guard at this particular palace is a known lax unit and it is known that many chamber door locks are broken and others just left unlocked inside the palace. A. Success of the Attack A group of enemy soldiers likely conducted surveillance on the palace to guestimate the front gate would be vulnerable to a breach on Friday night. The enemies likely exploited the vulnerability of absence of an inspection and in-processing policy for deliveries coupled with the lax guards to have a giant crate admitted unmolested and left inside. The soldiers likely smuggled themselves into the palace when the untrained guards allowed the crate inside. They then likely emerged from the crate later, overtook the lax night guards and opened the back gate to let other soldiers in. Once inside the soldiers likely took advantage of additional physical security vulnerabilities such as unlocked doors to stealthily access and kill the king and knights in their sleep, and access off- limits areas of the king’ s chambers and palace grounds to cause damage. B. CIA, PII, and Standard Framework Compliance The Three Kingdoms Palace Security Framework (TKPS) outlines guidelines for all kingdoms in this particular region to follow standard minimum palace security protocols and best practices. (BossKing, 1485). Some basic areas from the TKPS include provisions for palaces security personnel to (1) inspect all packages before permitting them inside the palace, (2) always having fully trained guards manning all palace entry points 24/7, (3) inspecting all palace door locks weekly to ensure functionality. All three of these provisions were ignored by the palace and ultimately resulted in compromise of confidentiality, integrity, availability, and PII during the attack. The following are instances of Confidentiality Once the soldiers infiltrated the palace, they exploited the vulnerabilities in p hysical security to access and view private information in the king’s chambers including battle plans and lineage documentation. Integrity The soldiers exploited vulnerabilities in package processing procedures to compromise the integrity of the palace wall. They also exploited vulnerabilities physical security to access and modify documents. Availability The soldiers likely made off with some of the palace’s armory contents . To add insult to injury, they blocked off access to the armory, temporarily prohibiting availability of Commented [DSL1]: A non-government organization operating under the auspices of a Federal Agency Commented [DSL2]: The Federal Government Commented [DSL3]: Vulnerability likened to an untrained user who indiscriminately clicks on email links Commented [DSL4]: Threat likened to a malware dropper introduced into the network by an unsuspecting user Commented [DSL5]: Evidence and remnants of an attack that can be used to deduce what happened Commented [DSL6]: Evidence of attack impact likened to missing/altered/inaccessible information Commented [DSL7]: Vulnerabilities likened to poor/nonexistent firewall implementations Commented [DSL8]: A plausible theory of what happened based on the circumstances outlined in the case study. Commented [DSL9]: Industry standard framework likened to FISMA FIPS 200, ISO 27002 etc. Commented [DSL10]: You will have to include APA style in-text citations
contents to remaining palace guards. The soldiers also stole the copy of the king’s maps and battle plans making them no longer available to the remaining palace personnel. PII The soldiers ga ined access to the palace’s Medieval IRS tax statements for all the palace residents which contained personal information about everyone. C. Regulations Two “Three Kingdoms” regulations were blatantly violated by the kingdom within the case study: The Three Kingdoms Privacy Document Act (PDA). The PDA makes it punishable by a fine of 1000 gold coins for failure to securely store and control access to documents containing private information of palace residents. The kingdom violated the PDA by failing to properly lock away copies of the files. The KGRA makes it punishable by imprisonment for allowing guards who have yet to complete their Medieval Computer- based training course entitled “How to be a Guard” to perform guard duties unsupervised by a fully trained guard. The palace guards violated the KGRA the night of the breach by allowing untrained guards to run the palace gate. D. Immediate Steps Although there are several long-term actions that will need to be taken to recover from and prevent future incidents related to the attack, there are also several that should be taken now to mitigate the impact of the attack. Below are several recommended immediate actions: Conduct a sweep of the kingdom walls and internal spaces to identify any residual malicious presence, new vulnerabilities, and additional findings to facilitate assessment of damage and impact to prioritize fix actions Secure the front and back palace gates (close, lock, ensure presence of fully trained guards, immediately start enforcing KGRA, implement standing procedure for package inspection until palace policy is released). This will prevent a similar reentry of unwanted malicious “packages” Replace/fix locks. Retrieve backup copies of stolen documents in order to adjust palace defenses and battle plans based on attacker knowledge Notify palace residents and Three Kingdoms higher echelon privacy administration of the PII leak Dig out Armory entrance to allow remaining guards to arm themselves to defend the kingdom Exercise order of succession to get a new decision maker in place to oversee policy development and implementation E. Incident Response Plan An incident response plan would have enabled palace security to perform identification, containment, eradication, and restoration activities in a more prompt, organized and efficient manner. Having a plan in place would provide a protocol to systematically guide responders through thought-out response actions vice off of emotion or non-action due to not knowing. A plan in place at the palace could have possibly expedited and/or stopped events from occurring, had proper initiation and notifications been made during the night when the guard-in training heard the non-normal commotion coming from the armory… Commented [DSL11]: Explanation of how CIA and PII was compromised. Clearly identify an instance of each (confidentiality, integrity, availability, and PII) with a specific example from the case study Commented [DSL12]: Likened to actual specific federal regulations. Examples include regulations such as Privacy Act 1974. Commented [DSL13]: Specific from the case study to serve as evidence of violation Commented [DSL14]: Steps recommended to be taken “now” to mitigate impact ( primarily the containment and eradication portions of incident response) Commented [DSL15]: For this section ask yourself the following questions and revolve your discussion around answers to them: If an incident response plan had been in place, what could have been different? What could have been prevented, what could have been protected?
F. Recommended Processes To bring the kingdom into compliance with the violated regulations and heighten information assurance levels, the following processes are recommend for implementation: To overcome the identified violations of the PDA the following actions are recommend Create, implement and enforce policy to - Designate custodian(s) of documents who will ensure privacy documentation is properly locked away in a designated room in the palace and also locked inside locked cabinets both with limited and controlled access. Enforce logging of access, keep backups offsite G. Recommended Technical Solutions Use custom cipher/scrambler mechanisms to “ encryp t” battle plans to prevent compromise in the event of loss, theft, or prying eyes. The guards should also implement [additional technical control here] to prevent XYZ from recurring H. Organizational Structure Head of palace security (HOPS) who reports directly to the king on all things involving palace security. Responsible for protecting the king, as well as development, implementation of and overall enforcement of palace security policy approved by the King. Manage the palace guard force including the gate guard team, emergency response team and document security team. Each team will have a team lead that will report to the HOPS on security items under their perspective purview. The HOPS and subordinate teams will work collectively to protect the king, palace boundaries, and palace grounds from intruders. Gate guard team will be responsible for implementing and enforcing policy and procedures directed by the HOPS. The guard team’s responsibilities will include properly manning and protecting the palace gates and walls with trained guards, properly inspecting personnel and packages entering/leaving the palace, initiating palace emergency response actions at the first sign of trouble according to security standard operating procedures. When called upon, the palace emergency response team (PERT) will augment the gate guard to stop to impending or ongoing intrusions. Duties of the PERT will include removing unwelcomed infiltrators, augmenting gate team to reinforce palace boundaries, manning palace armory, sweeping palace grounds for damage assessment, reporting findings to HOPS. The PERT will also interface with the document security team during palace sweep activities to verify safety and tact of important palace documents. The palace document security team will consist of data custodians and scribes who carry out functions to provide layered protections to important palace documents. Duties include… I. Risk Management Approach A risk management approach conducive to early, proactive engagement in handling risk is recommended for the palace security team to adopt. The actual risks that predicated the attack Commented [DSL16]: A common mistake in this section is students listing administrative solutions such as training and policy development and implementation for technical controls. You will need to list the actual “technical” solution recommendation Commented [DSL17]: Recommend your org structure. This can be role-to-actual names, teams, roles only etc. The key is to articulate relationship of the roles/teams to each other , what their individual functions are, and how collectively the functions will foster efficient discovery and mitigation of future incidents
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
coupled with best practices should drive development of the approach as a standard moving forward. The following bullet points outline the risks observed form the case study categorized in terms of likelihood, severity, and impact. Unauthorized entry at palace gate Likelihood: Medium untrained guards, social engineering vulnerabilities, lax security practices Severity: High a breach by an unauthorized individual could lead to theft, sabotage, injury, da Impact: High negates protections provided by the wall and moat, could cost life of the king Additional identified risk Likelihood Severity Impact Additional identified risk Likelihood Severity Impact Based on the above risks, the palace security team should incorporate best practices for risk management outlined in [your choice of risk management framework i.e. NIST 800-37] to provide a standard for managing existing and future risks. The approach should incorporate entail at a minimum, procedures for (1) identifying, (2) analyzing, (3) evaluating/assessing, (4) applying a solution to, and (5) monitoring risks. This would allow palace security to reduce risks to an acceptable level prior to them fully materializing, and also enable posturing to mitigate anticipated future risks. The Identification step of the approach would consist of XYZ The Analysis step of the approach would consist of XYZ The Evaluation/assessment step of the approach would consist of XYZ The solutions step of the approach would consist of XYZ The monitoring step of the approach would consist of XYZ With this approach in place before the attack, a risk such as the potential for a non-forced breach at the gate would have been identified, categorized, and received a solution that would have reduced the risk to level with the lowest possible likelihood of occurrence beforehand. This in turn would have likely prevented… References BossKing, J (1485) Three Kingdoms Palace Security Framework in a Nutshell Commented [DSL18]: Individually categorize the risks you observed and then discuss the risk management approach you recommend moving forward. Justify reasoning for your recommendation. Commented [DSL19]: You will have to include an APA- style reference page

Related Documents

SC_EX19_EOM1-1_MyraVahle_2.xlsx
LWPP Decsion Note.docx
image.jpg
3.7.10MZ Lab - Use Wireshark to View Network Traffic.docx
PS360 Unit 7 Seminar Lecture .docx
D431 Coursebook Resource[30].docx
Course Kick Start_C843.pdf
Shawns C843 Task outline Template.docx
BFN1_ BFN1 TASK 1_ INVESTIGATIVE PLAN OF ACTION.docx
pacing guide-full (2).docx
Lesson Kit Week 2.docx
Lesson Kit Week 5.docx