Determining Threats and Assessing Vulnerabilities
Enterprises are organizations created with the purpose of doing business. Academic institutions such as colleges and schools, industries, and even government agencies are all examples of enterprises that need the enterprise network for them to run their operations in a smooth and effective manner. Enterprise networks depend on hardware, people, and software systems and require a medium of transmission to connect all the devices. Depending on the size of the organization, some enterprises make use of wide area networks (WAN), while others make use of local area networks (LAN) to connect their asset infrastructure together. According to Sengupta, Mazumdar, & Bagchi (2011) software assets are a component of hardware assets; information assets are a component of hardware assets; hardware assets are components of subnets; and subnets are components of an enterprise. The complete enterprise networks are vulnerable to cyber, internet, and intrusion if adequate security measures are not integrated into the numerous layers of development (Peltier, Peltier & Blackley, 2003). Consequently, identifying the vulnerabilities and threats is an important first step in ensuring complete survival of the information system`s life cycle (Sengupta, Mazumdar & Bagchi, 2011).
Strategies of Modeling Threats
Threat modeling involves the use of visual representations to capture the four core elements of a threat (IDDIL): threat assets within a system (I), the attack surface of the system (D); an explanation of how the system assets and components interact (D), and how an attack can occur (IL). Threat modeling has become significantly important, especially in the IT and computer industry. Many enterprises and government agencies use different types of threat modeling. Nonetheless, there is no uniform standard used in communicating and documenting these models. Each enterprise or government agency should choose the modeling techniques, taxonomy, and tools that best suits its needs, while applying the IDDIL as its primary methodology. The IDDIL approach offers greater flexibility and allows the enterprise to scale up or down in the process of undertaking threat analysis of its projects.
Threat models can assume different types of structures. The structures are determined by two factors: the context, scope, and objectives of the model`s output; and the tool applied in constructing the model. This section examines three types of threat models namely large-scale top-level threat model; system level threat model; and software application threat model. These three threat models appear unique; however, they have certain common characteristics: their assets are stipulated, the flow of sensitive assets or data shapes the structure of the model, and attack surfaces, trust boundaries, and attack vectors are expressly identified. These characteristics make these models to be the best strategies in modeling threats because they capture all important components of a threat. Through threat modeling, an organization is able to identify the interconnectedness among key system components and demonstrate where important data can and will exist in the system. By identifying the physical and functional interfaces of the system, listing the vectors becomes easier.
Smart Card Ecosystem threat Modeling
Figure 1 below represents a threat modeling for a smart card system. It includes a top diagram that is supported by various sub-level diagrams.
Source: (Muckin & Fitch, 2010).
Threat assessment results from this model lead to significant improvement in the infrastructure security controls of the environment. It also modifies major operational processes and triggers penetration-testing actions to determine the magnitude and presence of possible flaws or vulnerabilities in particular components. Apart from this, it permits informed decision making on risk management at the top management level relating to the man-in-the manufacturer” attack and threat vector.
Threat Modeling for a Financial Audit Firm (DFD threat Modeling)
Source: (Muckin & Fitch, 2010).
Figure 2 above represents a type of threat modeling that is used during system integration and development. It allows engineers to identify and tackle the most serious threats. The resulting threat-driven controls from this model include a combination of procedural and security controls. This particular modeling is scalable. For example, the same controls from an older system can be migrated into the new environment without reworking the model. In this regard, threat modeling is a significantly important historical artifact; it establishes an important baseline upon which all future analysis will be conducted. Such analysis includes changes to the environment, the system, or the nature of attacks and threats against the system.
Threat Modelling For A Web Application
Figure 3 below represents a type of modelling used in web applications software development.
Source: (Muckin & Fitch, 2010).
The diagram includes all components of the IDDIL mentioned earlier. Threat modeling in software development permits development teams to identify the specif location of major assets within the system and how these assets navigate through the system. This in turn allows for proper controls to be developed and deployed at the correct locations (Muckin & Fitch, 2010).
Assessment of vulnerabilities is an important component of the process of risk assessment. It entails examining the system components and layout and their likelihood of failing based on a specific set of threats. In conducting a vulnerability assessment, an enterprise addresses one important question: what may go wrong should the system be exposed to serious hazards or threats? To determine the risks an enterprise begins from the findings of vulnerability assessment and takes into account the possibility of threats and the resulting social, economic, and political consequences of a system failure (Baker, 2007). At end product of vulnerability assessment process is to make a decision on whether the organization can take action based on the level of risk identified during the assessment. Figure 4 below indicates how vulnerability assessment fits into the risk assessment process (Sengupta, Mazumdar & Bagchi, 2011).
Source: (Baker, 2007).
The Process of Conducting Vulnerability Assessment
Vulnerability assessment is undertaken to achieve four important objectives. Firstly, it permits the organization to have a better understanding of its mission and the systems and functions that support this mission. Secondly, it identifies the vulnerabilities associated with critical systems within the facility that are mission threatening. Thirdly, it allows for proper understanding on how the system is designed and how it operates as a way of determining failure modes and likelihoods. Finally, where possible, it identifies the consequences associated with system failure in terms of effects on people, system down time, and any other effects on other organizations and systems (Baker, 2007).
Hazard/ threat identification. The assessment is driven by a set of identified hazards and threats that could affect the system or the organization. Threats are broadly defined as malicious attacks including both physical and cyber-attacks or sabotage. For every type of attack, the severity of stress has to be identified. For example, a computer attack may happen daily and affect 20 computers (severity). Based on the experiences of similar organizations, threats and hazards that have happened in the past should be included in the list (Post, 2013). Moreover, local law enforcement agencies such as FBI can assist in the identification of activities and hostile groups that may pose a danger to an organization`s infrastructure. It is also important to examine the reasons why the organization may be an easy target. For example, it might be because of its high profile operations, high value equipment, or unique capabilities. Threat identification should involve both employees and managers because these stakeholders offer a valuable forum for defining, discussing and addressing the potential threats. Workers are an important source of information (Bidgoli, 2006). In particular, places within a system that include more than one critical system are of significant concern. For example, rooms that contain backup systems and manholes through which numerous system cables can be accessed. Such facilities are key targets and may adversely affect an organization if attacked (Baker, 2007).
System interdependencies. There is an increased interdependence among providers of infrastructure services, and this makes it difficult to achieve failure-free operations. Systems that are interdependent can only be relied upon if the risks associated with their weak links are mitigated. Although knowing the upstream and downstream vulnerabilities of other organizations is a difficult exercise, it is important to take into account the impacts of outrages from both downstream and upstream facilities. Therefore, there has to be a communication link between interdependent facilities to ensure robustness of the broad system (Cima, 2001).
When downstream dependencies exist, it means attacks on the organization`s facility will affect other organizations and facilities. As a result, such an organization should formulate a list of all organizations and facilities that depend on its mission. The enterprise has to understand the degree to which other external organizations rely on its products and services. Time considerations should also be taken into account. For this reason, an enterprise has to identify the duration through which the outrage will last and see whether it will paralyze its missions. Similarly, upstream dependencies imply that the organization/facility relies on services offered by other facilities. Again it is critical identify and list these dependencies. Consider the threats these dependencies may cause to the facility by projecting the duration of their downtime and the likely negative effects on the operations of the facility (Cima, 2001).
Employees and responsibilities. Without the workforce, a physical facility has no use. As such, an organization must review the compliment of its staff critical to its mission. The goal is to identify mission-critical employees required for normal operations and take into account how staff requirements may change when an attack or hazard occurs. Similarly, an organization should identify those functions that lack backup operations. Similarly, a facility should identify the personnel responsible for undertaking repairs and workaround procedures in case of an emergency. If the organization relies on off-site responders, it has to determine their distance from the facility and their response times (Cima, 2001).
The Impact of Threats and Vulnerabilities on Organizations
An organization is said to be vulnerable when its system has gaps, which exposes it to attacks from different sources. Although threats are always there, the existence of lapses opens up an organization to these threats making the organization an easy target. The best approach that can be used to render all types of threats impotent is to ensure that the lapses are sufficiently addressed through effective and elaborate security policies. In the words of Sengupta, et al (2011), vulnerability refers to an information system`s weakness that results in a harmful outcome either to the system itself or to its operations (Johnson, Mcguire & Willey, 2009).
One of the most significant cyber security vulnerability that many IT managers face today relates to the “people” dimension. Major security lapses often begin with an organization`s workers. In any organization, the people are the primary threat to an enterprise`s information system. An organization`s employees are a significant threat to its information security because they form the first line of defense yet many of them are not adequately trained on how to keep the organization`s computer systems safe. The lack of sufficient training can compromise the security of a company`s information through the activities that employees engage in. These activities are quite broad ranging from compromising intellectual property to human error, to deliberate acts of trespass or espionage, vandalism, information extortion, sabotage, and deliberate acts of theft. The main problem is that regardless of how much effort an organization devotes to protecting its information, it only requires one discontented employee to completely undo all these efforts (Sengupta, et al., 2011).
A worker can infect the whole company system by simply using a flash drive or a diskette that is infected. Carelessness on the part of a worker may provide hackers with an opportunity to access the aadministrator’s password. With this password, hackers can cause serious intrusion that can have far reaching adverse impacts on the organization`s entire network. A disgruntled worker can disrupt the whole computer network which can lead to loss of valuable information or cause a complete tragedy. Moreover, human error can equally play a significant role in exposing the company`s network. For example, an employee may mistakenly transfer confidential company folders during his/her peer to peer (P2P) file sharing session or worse still he/she may delete important folders from the company`s system (Johnson, Mcguire & Willey, 2009). P2P file sharing networks often provide opportunities for espionage and a host of other illegal activities. Worse still, P2P activities are significantly difficult to detect or block. It allows users to share different file types ranging from software to videos to music and even spreadsheets. Johnson, Mcguire & Willey (2009) contend that confidential documents and information that may be potentially damaging are quite prevalent in today`s networks and their popularity continues to grow. The researchers also demonstrate that cyber criminals search through P2P networks in search for opportunities that they can exploit to get important confidential information about people and companies (Johnson, Mcguire & Willey, 2009).
Addressing Potential Impacts
Through modeling threats and identifying vulnerabilities, an organization is able to identify alternatives for reducing or eliminating the negative impacts. There are two primary approaches that can be used: upgrading equipment and improving procedures. Improvements of procedures are the least costly option and are most effective for many of the identified problems. For instance, mere deletion of particular information from a company`s website may reduce the number of terrorists or cyber criminals visiting the site and affecting the facility`s operations (Post, 2013). Mitigation efforts should entail a careful assessment of the current protection systems including security personnel and procedures. Issues such as facility gate and perimeter should be taken into account. Small details such as vehicle barriers, communication, alarms, and parking lots should also be considered (Finau, Prasad & Samuwai, 2013). Upgrading access control protocols may be necessary. Equipment upgrades include adding new security systems including access control systems and sensors. For mission support systems, upgrades may include hardware and firewall isolation, and addition of backup capability for the system. For systems that can be interfered with using electromagnetic, electromagnetic protection can be added. Most importantly, to achieve overall improvements in procedures, all employees should be trained on threat awareness. This can be achieved through collaboration between the facility on one hand and security personnel and law enforcement agencies, and the FBI on the other hand. Finally, facilities should formulate contingency plans, including provision of training for technical staff and emergency personnel. This ensures that the right thing is done during a disaster and that the response happens in a timely manner (Sengupta, Mazumdar & Bagchi, 2011).
Organizations are exposed to different types of vulnerabilities. This paper has provided a detailed discussion of the types of three types of modeling (in web application, smartcard ecosystem, and financial audit firm). Additionally, the paper examined the procedures to be followed in conducting vulnerability assessment. Enterprises can reduce the potential negative impacts associated with vulnerabilities by creating awareness amongst their staff, improving their internal procedures and upgrading their equipment to safeguard against technological obsolesce. Furthermore, organizations should ensure that the people in charge of their IT security have the requisite experience and knowledge and collaborate with other law enforcement agencies to tackle threats before they paralyze operations.
Baker, G. (2007). A vulnerability assessment methodology for critical infrastructure facilities. Retrieved on 17 March 17, 2016 from, http://www.jmu.edu/iiia/wm_library/Vulnerability_Facility_Assessment_05-07.pdf
Bidgoli, H. (2006). Information warfare; social, legal, and international issues; and security foundations: internet versus intranet. New Jersey, NJ: John Wiley & Sons,
Cima, S. (2001). Vulnerability assessment. White Paper, SANS Institute. Retrieved on 17 March 2016 from, http://www.sans.org/reading-room/whitepapers/basics/vulnerability-assessment-421
Finau, G., Prasad, A., & Samuwai, J., (2013). Cyber crime and its implications to the Pacific.
The Fiji Accountant. Retrieved on 17 March 2016 from, http://repository.usp.ac.fj/6973/1/Cybercrime_and_its_implications_to_the_Pacific.pdf
Johnson, M., Mcguire, D., & Willey, D. (2009). Why file sharing networks are dangerous?. Communications of the ACM, 52(2), 134-138.
Muckin, M. & Fitch, C. (2010). A threat-driven approach to cyber security: Methodologies, practices and tools to enable a functionally integrated cyber security organization. Retrieved on 17 March 17, 2016 from, http://lockheedmartin.com/content/dam/lockheed/data/isgs/documents/Threat-Driven%20Approach%20whitepaper.pdf
Opara, E. U., & Etnyre, V. (2010). Enterprise systems network: SecurID solutions, the authentication to global security systems. Journal Of International Technology & Information Management, 19(4), 21-35.
Peltier, T., Peltier, J., & Blackley, J. (2003). Managing a network vulnerability assessment. Boca Raton, Fla.: Auerbach Publications.
Post, D., (2013). In Search of Jefferson’s Moose: Notes on the State of Cyberspace. Oxford, New York: Oxford University Press.
Sengupta, A., Mazumdar, C., & Bagchi, A. (2011). A formal methodology for detecting managerial vulnerabilities and threats in an enterprise information system. Journal Of Network & Systems Management, 19(3), 319-342.