For each scenario below, imagine that you are in charge of security of the whole

Question

For each scenario below, imagine that you are in charge of security of the whole system. Apply the security mindset to answer these questions by following the Template listed later:

What assets are important for you to protect?

What security threats will you choose to defend against?

What countermeasures can you justify, in terms of costs and benefits?

Pick two of the following scenarios

(a) You run the weekly Michigan Powerball lottery.

(b) You oversee the football stadium at a Big Ten school.

(c) You run Chez Betty, the self-checkout convenience store.

(d) You manage the email server for a major presidential campaign.

(e) You are grading homework submissions for a class of 360+ students.

Template

# Problem 1

Scenario:

{Lottery|Stadium|Betty|Email|Grading}

Assumptions:

explain_your_assumptions

Assets:

- Asset - explanatory_paragraph

- Asset - explanatory_paragraph

...

Threats:

- Threat - explanatory_paragraph

- Threat - explanatory_paragraph

...

Countermeasures:

- Countermeasure - explanatory_paragraph

- Countermeasure - explanatory_paragraph

...

# Problem 2

(Use the same format as Problem 1 for a different scenario from the list.)

Explanation / Answer

# Problem 1
You manage the email server for a major presidential campaign.

Scenario:
{Email}

Assumptions:
-> Email is hosted on a public server
-> It contains all the confidential details about the campaign
-> No backup server
Assets:
-> Information
The information is one of the main assets that need to be protected against security attacks, thread, and vulnerabilities.

-> Server
A Server is available in a physical data center. It is a hardware device that needs to be protected against physical damage as well as against natural calamities.

-> Network Connectivity
Need to make sure there is no issue with data transmission due to network failure.

Threats:
-> It is hosted in a public server for easy accessibilty therefore susceptible to security attacks.

-> There is no backup server to protect the information, once the information is lost, then can't be retrieved.

-> There is a possibility of Phising and DDos Attack

Countermeasures:
-> Protocol Analyzer to find DDoS attacks.
-> Strong firewalls
-> Antivirus and Malware detectors
-> Suspicious activities finder
-> Blocking of harmful websites
-> Privilege mechanisms

# Problem 2
You are grading homework submissions for a class of 360+ students.

Scenario:
{Grading}

Assumptions:
-> There is no auditing of who modified information
-> Once grade submitted can't be changed
-> The website can be accessed locally.
-> It doesn't support 2-factor authentication

Assets:
-> Information
The information is one of the main assets that need to be protected against security attacks, thread, and vulnerabilities.

-> Server
A Server is available in a physical data center. It is a hardware device that needs to be protected against physical damage as well as against natural calamities.

-> Network Connectivity
Need to make sure there is no issue with data transmission due to network failure.

Threats:
-> It is hosted in a locally so it can be accessed within LAN network and more susceptible to internal security attacks.

-> It doesn't support 2-factor auth so password loss would gain unauthorized access

-> There is no auditing of who modified what information. There is a possibility that it can be changed by some other users.

-> Maintaining data integrity

Countermeasures:
-> Login details are changed frequently
-> Strong firewalls within LAN
-> Privilege mechanisms

Related Questions

Navigate

• Browse (All)
• Browse F
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.