Risk Assessment Overview
Risk assessment is a process for organizations to perform in order to determine the level of risk associated with a given system. The output of this process is the residual risk and a determination of what controls and standards should be addressed.
Risk is a function of the likelihood of a security event and the impact that event would have on the organization’s mission. To determine likelihood, organizations analyze threats to the system in conjunction with the vulnerabilities present. Organizations determine impact by considering the criticality of the system in supporting the organizational mission. This methodology is represented in Figure 1 (below).
Figure 1 - Risk Assessment Methodology
Texas Judicial Information Technology (IT) System Characterization
Texas State Courts include the following entities:
Appellate Courts – receive technology funding and support from the OCA
District, County, Justice of Peace, and Municipal Courts - receive technology funding and support from counties and cities.
Levels of automation vary widely among the courts. The courts may be using automated case management software (some still DOS-based), standard desktop applications (word processing, spreadsheets, etc.), Internet connectivity for e-mail and Web access, and accounting software. The following profiles were defined for the courts based on their technology environment:
- Stand-alone with no Internet access - this profile includes those courts that have only stand-alone PCs. No local area networking capability, remote access, or Internet access exists.
- Stand-alone with Internet access - this profile includes those courts that have only a stand-alone PC or PCs. No networking capability exists, although at least one of the computers has Internet access via dial-up, DSL, or cable connection.
- Local Area Network (LAN) with no Internet access - this profile includes those courts that have a LAN environment, which includes local file sharing and print services; however, no Internet access exists.
- Local Area Network (LAN) with Internet access - this profile includes those courts that have a LAN environment, which includes local file sharing and print services. The LAN has Internet connectivity and provides services such as e-mail and Web access.
5. Interconnected Wireless LAN with Internet access - this profile includes those courts that have a wireless LAN environment, which includes local file and print services. The LAN has Internet connectivity and provides services such as e-mail and Web access.
Although the courts are autonomous, they do have a common mission – the administration of justice, and a common function – public service. Justice of the Peace courts and municipal courts collect revenue in the form of court costs. Some courts are already making case information available on the Internet and may soon allow for the collection of fees via the Internet. As the courts expand the use of technology to improve services and court efficiency, the need for proper security expands accordingly.
The level of security related to sensitive case information, Internet connectivity, and financial information was noted as a concern with court personnel in the “Problems and Opportunities in the Administration of Texas Courts” report released in 1998 by the Graduate School of Library and Information Science at the University of Texas at Austin. Currently there is a lack of information systems security standards for judicial systems.
Portions of the information the OCA and courts handle are protected under State and Federal statute. For example, the Family Code Ch.58 protects information dealing with juveniles. Rule 12 governs access to judicial records (administrative records) and common law, statutory law, and court rules govern access to court case records (adjudicative records).
Threat Analysis
Threat is expressed as a function of the likelihood that a given threat source will successfully exploit a given vulnerability. A vulnerability is a weakness that can be accidentally triggered or intentionally exploited. Without a vulnerability that can be exercised, a threat source does not present a risk. In determining likelihood, one must consider threat-sources, vulnerabilities, and existing controls.
Threat Sources:
The following threats may impact the judicial systems:
· Natural/environmental threats – fire, tornado, flood, lightning, loss of power, water damage, hardware/software failure, and extreme temperature.
· Human threats – “hackers” (knowledgeable or recreational), criminals, terrorists, political activists, employees, contractors, and ex-employees.
Threats:
The following threats must be considered:
· Unauthorized access to computers resulting in data disclosure, modification, and/or loss
· Malicious software, such as a virus or “Trojan horse”, resulting in data destruction and/or system unavailability
· Website attacked and defaced resulting in lost time, unavailability, and/or negative public perception
· Denial of service attack resulting in unavailability of system and/or loss of personnel productivity
· Environmental threats resulting in loss of hardware, data, and/or system availability
· Interception of unencrypted data over the network resulting in data disclosure and/or modification
· Unauthorized physical access to computing equipment resulting in loss of data, system unavailability, and/or hardware theft or destruction
· Hardware or software failure resulting in loss of system availability and/or loss of data access or integrity
· Authorized user inadvertently destroys or modifies data and/or systems.
Vulnerability Analysis:
The following vulnerability assessment is based on potential vulnerabilities identified by numerous computer security sources and vendors. These vulnerabilities include:
· Failure to identify and apply vendor supplied security related patches to network devices (firewalls, routers, server, etc.) in a timely manner
· Failure to automatically log and periodically review information related to security events on network devices
· Failure to address security issues related to vendor supplied software
· Untrained or inadequately trained personnel responsible for network security
· Lack of computer security awareness throughout the organization
· Unencrypted data traversing public and/or private networks
· Lack of perimeter security between trusted networks and untrusted networks
· Lack of policies and procedures related to computer security
· Inadequate physical security of computer resources
· Inadequate backup, off-site rotation, and disaster recovery procedures
· Inadequate logical security protection of information resources
· Lack of adequate virus protection
Control
Analysis
The following controls provide a means to mitigate the threats identified above:
Technical
Controls
· Logical
access security and control mechanisms
· Antivirus
Plan
· Firewalls
· Encryption
Plan
· Audit
trails
· Intrusion detection systems and incident response
· Public Key Infrastructure (PKI) and/or Digital certificates
· Server security
Operational Controls
· Computer security policy
· Computer security awareness and training
· Backup, disaster recovery, contingency, and emergency planning
· Physical security of computing resources
Management Controls
· Security risk analysis and assessment
· Rules of behavior
· Management culture
· Data ownership and classification program
Likelihood Determination
The next step in the threat assessment is to derive an overall likelihood rating (i.e. the likelihood that a threat source will exercise a vulnerability). Factors that govern the threat likelihood include threat-source motivation and capability, the nature of the vulnerability, and the effectiveness of current countermeasures. A simple way to describe the likelihood that any vulnerability will be exercised by a given threat-source is high, moderate, or low. Table 1 (below) describes these three likelihood levels.
Table 1: Likelihood Definitions
|
Likelihood |
Threat |
|
High – 3 |
The threat-source is highly motivated and sufficiently capable, and countermeasures to prevent the vulnerability from being exercised are ineffective. |
|
Moderate - 2 |
The threat-source is motivated and sufficiently capable, but countermeasures are in place that will impede successful exercise of the vulnerability. or The threat-source lacks specific motivation or is only marginally capable of exercising the vulnerability. |
|
Low – 1 |
The threat-source lacks motivation or capability to exercise the vulnerability or controls are in place to prevent, or at least significantly impede, the vulnerability from being exercised. |
|
Not applicable – 0 |
The threat is not applicable based on the court technology profile. |
Impact Analysis
The next major step in the risk assessment process is to determine the mission impact resulting from the threats (i.e. exercise of a vulnerability by a threat-source). The impact of a security event can be described in terms of mission impacts attributed to loss or degradation of the five security goals – integrity, availability, confidentiality, accountability, and assurance. Below is a brief description of each security goal and the related consequence if they are not met:
§ Loss of Integrity. Integrity is lost if unauthorized changes are made to the data or system, whether these changes are intentional or accidental.
§ Loss of Availability. If
a system becomes partially or completely unavailable to its authorized users,
mission accomplishment may suffer.
§ Loss of Confidentiality. Confidentiality refers to the protection of data (both user and system) from unauthorized disclosure.
§ Loss of Accountability. Accountability refers to the ability to trace the actions of an individual user.
§
Loss of
Assurance. Assurance is the grounds
for confidence that the other four security goals (integrity, availability,
confidentiality, and accountability) have been adequately met by a specific
implementation.
Some impacts can be measured
quantitatively in lost revenue or cost of repairing exploited system. Other intangible impacts (e.g., loss in
public confidence, credibility) cannot be measured in specific units, but can
be measured using qualitative categories. Table 2 (below) describes the qualitative
magnitude of impact definitions.
Table 2 - Magnitude of
Impact Definitions
|
Impact |
Description |
|
Critical
Impact – 4 |
Threat results in unavailability, modification, disclosure, or destruction of valued data or other system assets or loss of system services that is unacceptable due to the resulting disastrous impact or likely deaths. |
|
High Impact –
3 |
Threat results in unavailability, modification, disclosure, or destruction of valued data or other system assets or a loss of system services that is unacceptable due to the resulting significant degradation of mission or possible injury to persons. |
|
Moderate
Impact - 2 |
Threat
results in discernible but recoverable unavailability, modification,
disclosure, or destruction of data or other system assets or loss of system
services, resulting in transitory, yet important mission impact but no injury
to persons. |
|
Low Impact – 1 |
Threat results in unavailability, modification, disclosure, or destruction of data or degradation of system services that does not cause a significant mission impact or injury to persons. |
Level of Risk
Determination
The following sample tables calculate the
overall risk to the courts based on the threat impact and threat
likelihood. Each court or organization
should, of course, conduct their own risk determination using its assessments
of likelihood and magnitude. Separate
risk determination tables are included for each of the defined environments.
1. Stand-alone with No Internet Access
|
|
Threat |
||
|
Description of Threats |
Impact |
Likelihood |
Overall Risk |
|
1. An outside human threat (hacker, criminal, terrorist, ex-employee, political activist, etc.) attacks and gains access to an externally accessible network component such as a Web server, mail server, Domain Name Server (DNS), router, firewall, or file transfer protocol (FTP) server. |
Medium – 2 |
N/A – 0 |
0 |
|
2. An outside human threat attacks and gains access to resources (case management system or accounting system) within the internal “trusted” network. |
High – 3 |
N/A – 0 |
0 |
|
3. An inside human threat (disgruntled employee, snooping employee, etc.) gains unauthorized access to information, which results in unauthorized access, modification, or disclosure of sensitive information. |
Medium – 2 |
High – 3 |
6 |
|
4. A virus infiltrates the court system and damages critical data. |
Medium – 2 |
Medium – 2 |
4 |
|
5. A natural threat (fire, tornado, lightning, floods, etc.) results in loss of data and unavailability of the system. |
High – 3 |
Medium – 2 |
6 |
|
6. An internal human threat intercepts network data, which results in unauthorized access to data. |
Medium – 2 |
N/A – 0 |
0 |
|
7. An internal human threat gains unauthorized physical access to critical network devices. |
Medium – 2 |
Medium – 2 |
4 |
|
8. An external human threat gains unauthorized physical access to critical network devices. |
Medium – 2 |
Low – 1 |
2 |
|
9. An internal user inadvertently damages critical court information. |
Medium – 2 |
Medium – 2 |
4 |
|
10. A hardware device malfunctions resulting in loss of data. |
Medium – 2 |
Medium – 2 |
4 |
2. Stand-alone with Internet Access
|
|
Threat |
||
|
Description of Threats |
Impact |
Likelihood |
Overall Risk |
|
1. An outside human threat (hacker, criminal, terrorist, ex-employee, political activist, etc.) attacks and gains access to an externally accessible network component such as a Web server, mail server, Domain Name Server (DNS), router, firewall, or file transfer protocol (FTP) server. |
Medium – 2 |
Low – 1 |
2 |
|
2. An outside human threat attacks and gains access to resources (case management system or accounting system) within the internal “trusted” network. |
High – 3 |
Medium – 2 |
6 |
|
3. An inside human threat (disgruntled employee, snooping employee, etc.) gains unauthorized access to information, which results in unauthorized access, modification, or disclosure of sensitive information. |
Medium – 2 |
High – 3 |
6 |
|
4. A virus infiltrates the court system and damages critical data. |
Medium – 2 |
Medium – 2 |
4 |
|
5. A natural threat (fire, lightning, tornado, floods, etc.) results in loss of data and unavailability of the system. |
High – 3 |
Medium – 2 |
6 |
|
6. An internal human threat intercepts network data, which results in unauthorized access to data. |
Medium – 2 |
N/A - 0 |
0 |
|
7. An internal human threat gains unauthorized physical access to critical network devices. |
Medium – 2 |
Medium – 2 |
4 |
|
8. An external human threat gains unauthorized physical access to critical network devices. |
Medium – 2 |
Low – 1 |
2 |
|
9. An internal user inadvertently damages critical information. |
Medium – 2 |
Medium – 2 |
4 |
|
10. A hardware device malfunctions resulting in loss of data. |
Medium – 2 |
Medium – 2 |
4 |
3. Local Area Network with No Internet Access
|
|
Threat |
||
|
Description of Threats |
Impact |
Likelihood |
Overall Risk |
|
1. An outside human threat (hacker, criminal, terrorist, ex-employee, political activist, etc.) attacks and gains access to an externally accessible network component such as a Web server, mail server, Domain Name Server (DNS), router, firewall, or file transfer protocol (FTP) server. |
Medium – 2 |
N/A – 0 |
0 |
|
2. An outside human threat attacks and gains access to resources (case management system or accounting system) within the internal “trusted” network. |
High – 3 |
Low – 1 |
3 |
|
3. An inside human threat (disgruntled employee, snooping employee, etc.) gains unauthorized access to information, which results in unauthorized access, modification, or disclosure of sensitive information. |
Medium – 2 |
High – 3 |
6 |
|
4. A virus infiltrates the court system and damages critical data. |
Medium – 2 |
Medium – 2 |
4 |
|
5. A natural threat (fire, tornado, lightning, floods, etc.) results in loss of data and unavailability of the system. |
High – 3 |
Medium – 2 |
6 |
|
6. An internal human threat intercepts network data, which results in unauthorized access to data. |
Medium – 2 |
Medium – 2 |
4 |
|
7. An internal human threat gains unauthorized physical access to critical network devices. |
Medium – 2 |
Medium – 2 |
4 |
|
8. An external human threat gains unauthorized physical access to critical network devices. |
Medium – 2 |
Medium – 2 |
4 |
|
9. An internal user inadvertently damages critical information. |
Medium – 2 |
Medium – 2 |
4 |
|
10. A hardware device malfunctions resulting in loss of data. |
Medium – 2 |
Medium – 2 |
4 |
4. Local Area Network with Internet Access
|
|
Threat |
||
|
Description of Threats |
Impact |
Likelihood |
Overall Risk |
|
1. An outside human threat (hacker, criminal, terrorist, ex-employee, political activist, etc.) attacks and gains access to an externally accessible network component such as a Web server, mail server, Domain Name Server (DNS), router, firewall, or file transfer protocol (FTP) server. |
Medium – 2 |
High – 3 |
6 |
|
2. An outside human threat attacks and gains access to resources (case management system or accounting system) within the internal “trusted” network. |
High – 3 |
Medium – 2 |
6 |
|
3. An inside human threat (disgruntled employee, snooping employee, etc.) gains unauthorized access to information, which results in unauthorized access, modification, or disclosure of sensitive information. |
Medium – 2 |
High – 3 |
6 |
|
4. A virus infiltrates the court system and damages critical data. |
Medium – 2 |
High – 3 |
6 |
|
5. A natural threat (fire, tornado, lightning, floods, etc.) results in loss of data and unavailability of the system. |
High – 3 |
Medium – 2 |
6 |
|
6. An internal human threat intercepts network data, which results in unauthorized access to data. |
Medium – 2 |
Medium – 2 |
4 |
|
7. An internal human threat gains unauthorized physical access to critical network devices. |
Medium – 2 |
Medium – 2 |
4 |
|
8. An external human threat gains unauthorized physical access to critical network devices. |
Medium – 2 |
Medium – 2 |
4 |
|
9. An internal user inadvertently damages critical information. |
Medium – 2 |
Medium – 2 |
4 |
|
10. A hardware device malfunctions resulting in loss of data. |
Medium – 2 |
Medium – 2 |
4 |
5. Wireless Network with Internet Connectivity
|
|
Threat |
||
|
Description of Threats |
Impact |
Likelihood |
Overall Risk |
|
1. An outside human threat (hacker, criminal, terrorist, ex-employee, political activist, etc.) attacks and gains access to an externally accessible network component such as a Web server, mail server, Domain Name Server (DNS), router, firewall, or file transfer protocol (FTP) server. |
Medium – 2 |
High – 3 |
6 |
|
2. An outside human threat attacks and gains access to resources (case management system or accounting system) within the internal “trusted” network. This could include intercepting wireless network traffic or “spoofing” a computer to interact with a rogue network. |
High – 3 |
Medium – 2 |
6 |
|
3. An inside human threat (disgruntled employee, snooping employee, etc.) gains unauthorized access to information, which results in unauthorized access, modification, or disclosure of sensitive information. |
Medium – 2 |
High – 3 |
6 |
|
4. A virus infiltrates the court system and damages critical data. |
Medium – 2 |
High – 3 |
6 |
|
5. A natural threat (fire, tornado, lightning, floods, etc.) results in loss of data and unavailability of the system. |
High – 3 |
Medium – 2 |
6 |
|
6. An internal human threat intercepts network data, which results in unauthorized access to data. |
Medium – 2 |
Medium –2 |
4 |
|
7. An internal human threat gains unauthorized physical access to critical network devices. |
Medium – 2 |
Medium – 2 |
4 |
|
8. An external human threat gains unauthorized physical access to critical network devices. |
Medium – 2 |
Medium – 2 |
4 |
|
9. An internal user inadvertently damages critical information. |
Medium – 2 |
Medium – 2 |
4 |
|
10. A hardware device malfunctions resulting in loss of data. |
Medium – 2 |
Medium – 2 |
4 |
Risk Mitigation:
To mitigate risk, organizations consider implementing a blend of the following three approaches:
§ Prevent: Eliminate the threat by removing the flaw or weakness or the ability to exercise it.
§ Limit: Implement controls that constrain the impact of a threat, without the need to then take additional actions.
§ Detect and Respond: Implement measures to detect the exercise of a vulnerability and take action to mitigate adverse outcomes.
In
implementing technical and administrative solutions for each risk mitigation approach,
it is important to keep in mind the goals and mission of the organization. All threats do not have to be
mitigated. Threats that would result in
little impact to the mission should be a low priority to mitigate. Threats that result in the potential for
significant mission impact will be given high priority for mitigation.
Risk Mitigation Overview
Diagram 2 (below) illustrates the Risk Mitigation process.
Diagram 2 – Risk Mitigation
Mitigation of risk can be accomplished at the following points:
§ Flaw exists—implement assurance techniques to reduce the likelihood of a flaw
§ Flaw is exploitable—apply layered protections, architectural designs, and administrative controls to prevent exploitability
§ Attacker’s cost is less than gain—apply protections to increase attacker’s cost or lower attacker’s gain
§ Loss too great—apply design principles, architectural designs, and administrative protections to limit extent of attack; thereby, reducing loss. Again note that administrative choices, such as limiting what is processed, may provide the most effective risk mitigation.
Risk Based Standards Recommendations:
In order to appropriately mitigate the risks identified, one of the following control standards should be adopted by the JCIT (see following page):
|
|
Option 1 – Minimum
Security |
Option 2 – Optimum
Security |
Option 3 – Maximum
Security |
|
III. Computer Security
Policy Threats
addressed: (1)
Outsider gains access to externally accessible network device (2)
Outsider gains unauthorized access to internal system resources (3)
Insider gaining unauthorized access to information (4)
Virus damages critical data and impacts availability of system (5)
Natural threat results in loss of data and unavailability of system (6)
Insider intercepts network data and gains unauthorized access to system (7)
Insider gains physical access to critical network devices resulting in loss
of data and equipment. (8)
Outsider gains physical access to network devices (9)
Insider inadvertently damages data (10)
Hardware malfunctions and damages data and/or systems |
Require
only high-level program-level policy.
|
Require
program level, system-specific, and issue-specific policy. |
Require
program level, system-specific, and issue-specific policy. Require annual testing of users’ knowledge
of the computer security policy and annual compliance assessments. |
|
IV. Security Awareness and
Awareness Training Threats
addressed: (1)
– (10) |
Require security awareness program tied to security
policy development and the court’s information security incident response
capability. |
Require
both security awareness program and on-going annual security awareness
training. |
Require
both security awareness program and annual security awareness training.
Annually test users on security training issues. |
|
V. Court Risk Analysis and
Assessment Threats
addressed: (1)
– (10) |
Perform
vulnerability assessment focusing on existing environment without regard to
value of assets. |
Require
annual formal risk assessment including inventory of assets, risk analysis,
and risk assessment. |
Require
formal risk assessment including inventory of assets, risk analysis, and risk
assessment. Update risk assessment
quarterly. |
|
VI. Access Control
Systems Threats
addressed: (1)
Outsider gains access to externally accessible network device (2)
Outsider gains unauthorized access to internal system resources (3)
Insider gains unauthorized access to information (9)
Insider inadvertently damages data |
Multipurpose
servers allowed; screen-saver timeout for keyboard inactivity; 6 character
passwords; minimal password construction requirements; manual requirement to
change passwords every 90 to 120 days; password sharing disallowed; protect
password file in secure directory. |
“Minimum
Security” plus: consider single purpose servers; separate network bridges,
firewalls, and routers; password protection of console; create/maintain user
security profiles; desk top system protection; 7 character password with
numeric digit; restrictive password construction; auto password prompt after
60-90 days; all default passwords changed; encrypt password file and
transmissions; history of 10-12 passwords; cracker software used to test new
passwords. |
“Optimum
Security” plus: required use of ‘strong authentication’ methods; required
single purpose server; segment networks; consoles physically secure; remote
system admin controls; secure centralized network connection points; transfer
sensitive info from desktop to server in secure area; erase old hard drives
data; delay logon prompt display; password protect laptops; eight character
passwords with numeric digit required; auto system password change prompt
every 30 days. |
VII. Firewall Threats
addressed: (1)
Outsider gains access to externally accessible network device (2)
Outsider gains unauthorized access to internal system resources (4)
Virus damages critical data and impacts availability of system |
No
stand-alone firewall required. Use
packet-filtering router or modem to control access. |
Requires
hardware or software based firewall. |
Requires
software-based “enterprise” firewall.
Mixture of hardware/software vendors prevents person with one vendor
expertise from easy access. |
|
VIII. Intrusion
Detection System
Threats
addressed: (1)
Outsider gains access to externally accessible network device (2)
Outsider gains unauthorized access to internal system resources 3)
Insider gains unauthorized access to information |
Turn
logging on all servers and network devices and manually review logs on a regular
basis. |
“Minimum
security” requirements plus require network-based IDS (for those courts that
have a LAN connected to the network).
|
“Optimum
security” requirements plus require use of integrated host-based IDS
software. Hardware/software & IDS vendor mixture helps to prevent
access. |
IX. Encryption Planning Threats
addressed: (1)
Outsider gains access to externally accessible network device (2)
Outsider gains unauthorized access to internal system resources (3)
Insider gains unauthorized access to information (6)
Insider intercepts network data and gains unauthorized access to system |
Use
approved encryption tools such as Secure Socket Layers (SSL) and IPSec to
encrypt sensitive data traversing an un-trusted network. |
Implement
a high-level encryption policy to define how the court will use encryption
technology. The policy will address
the encryption of data in storage and in transit. |
Implement
a high-level encryption policy to define how the court will use encryption
technology. The policy will address
the encryption of data in storage and transit. Implement a PKI (Public Key
Infrastructure). |
X. Virus Protection Threats
addressed: (4)
Virus damages critical data and impacts availability of system |
Policies
concentrate on educating users on their responsibilities for regularly
scanning for viruses. |
Policies
should dictate more frequent scanning for viruses, and the use of server and
email virus scanners. |
All
reasonable virus infection prevention methods. Extensive user awareness training.
Apply all current OS patches. |
XI. Web Server Security Threats
addressed: (1)
Outsider gains access to externally accessible network device (2)
Outsider gains unauthorized access to internal system resources 3)
Insider gains unauthorized access to information |
Implement
a Web server with the default security in place. |
Implement a
Web server in a DMZ and take steps to “harden” the Web server application and
operating system. |
Implement
a Web server in a DMZ and take steps to “harden” the Web server application
& operating system. Implement an
IDS monitor in the DMZ to monitor intrusion attempts. Mix of
hardware/software vendors prevents access by person with expertise of only
one vendor. |
XII. Physical Security Threats
addressed: (5)
Natural threat results in loss of data and unavailability of system (7)
Insider gains physical access to critical network devices resulting in loss
of data and equipment. (8)
Outsider gains physical access to network devices (10)
Hardware malfunctions and damages data and/or systems |
Place
computing equipment in a low visibility location. Train employees to challenge unfamiliar individuals in the
office area. Provide surge protection
against electric spikes and dips. |
Computing
equipment shall be placed in a controlled environment with access limited to
personnel who are responsible for administering the equipment. The room shall
be environmentally controlled. |
Computing
equipment shall be placed in a controlled environment with access limited to
personnel who are responsible for administering the equipment. The room shall
be environmentally controlled. In
addition, controls such as physical access logs and video cameras should be
implemented. |
|
XIII. Backup and Disaster
Recovery Planning Threats
addressed: (4)
Virus damages critical data and impacts availability of system (5)
Natural threat results in loss of data and unavailability of system (7)
Insider gains physical access to critical network devices resulting in loss
of data and equipment. (8)
Outsider gains physical access to network devices (9)
Insider inadvertently damages data (10)
Hardware malfunctions and damages data and/or system |
Backup: Critical data and systems copied weekly and moved
to a different area with adequate physical access, fire protection, and
environmental controls provided. Disaster
Recovery:
Stand-alone PC’s or LAN hardware is purchased at the time just after a
disaster and then loaded with backup copies of critical systems/data created
previously. |
Backup: Full backups of all systems &
data weekly. Incremental backups done
daily. Backups immediately moved to a physically secure, fire protected, and
environmentally secure off-site facility. Disaster Recovery: Stand-alone PC’s are purchased at the time just after the
disaster and loaded with backup copies of critical systems/data created
previously. LANs use contracted “cold
site” obtained prior to a disaster that is equipped with LAN hardware bought
only at the time just after a disaster occurs. Load LANs with copies of
systems and data created previously and stored at the off-site facility. |
Backup: Optimum Security Option plus: Backup tapes
verified after creation. Proper tape storage in labeled dust-free containers.
DRP, hardware & software inventories, insurance policies, documentation,
and special documents all put in off-site facility. Disaster Recovery: Stand-alone
PC’s that
are compatible are purchased prior to a disaster and stored or used at
alternate site. Just after a disaster, data and systems backups are loaded to
the PCs. LANs will require an alternate
“hot-site” facility equipped with compatible hardware & software. Backup
copy systems/data is loaded after a disaster. |
|
XIV. Remote
Access Control Threats
addressed: (1)
Outsider gains access to externally accessible network device (2)
Outsider gains unauthorized access to internal system resources (3)
Insider gains unauthorized access to information |
Remote
access part of overall security plan; user-name and password or “blind
password” is required; single RAS; central modem pool; reduce modem pool
controller time-out period; modem reset and clean termination at end of each
dial-in period; log-on banner contains an unfriendly warning. |
Dial-in callback
or caller-id required; segment RAS from internal network; security software
or firewall on home computers’ dial-ins; required encryption; IT supervision
of VPN/encryption. |
Integrate
multiple remote access security solutions; dynamic passwords required; find
all workstation PC and laptop PC modems to see if legitimately needed. |
References:
NIST
Special Publication 800-30, Computer Security Risk Management Guide,
June 2001