SEC-571 Week 4 Discussion Question 2: Security Architecture

Document Content and Description Below

SEC571 Week 4 Security Control Selection Table Content • Problem Statement • Alternative Security Controls • Qualitative Analysis • Security Control Selection • Risk Mat... rix Chart Problem Statement • A problem with cybersecurity at USAA is their mobile app or CVE-2015-1314 vulnerability. • The USAA Mobile Banking application before 7.10.1 for Android displays the most recently used screen before prompting the user for login, which might allow physically proximate users to obtain banking account numbers and balances. Alternative Security Controls • Administrative: Implement to security policies • Administrative: Provide data classifications • Technical: Implement Out of Band patch • Technical: Implement Security Information And Event Management (SIEM) • Physical: Disable app Administrative: Implement to security policies • Add procedures and other rules for accessing, monitoring and handling the application software • Security policies must evolve to reflect changes Administrative: Provide data classifications • Improperly categorizing data can lead to the exposure of valuable assets or resources expended protecting data that doesn't need to be protected. • Data use statement that lays out how data at any level should be handled • This includes specifying the data protection regulations, data backup requirements and network security standards for how data should be communicated, with encryption Technical: Implement Out of Band patch • OOB patch provide a more secure environment, very effective • Data is not easily accessible without pin • App stays is meeting compliance standards Technical: Implement Security Information And Event Management (SIEM) • Implement security controls as previously mentioned is to help reduce risks in an organization • Preventive controls attempt to prevent an incident from occurring • Deterrent controls attempt to discourage individuals from causing an incident. Physical: Disable app • Notify user and temporarily disable app • Fix needs to be asap before damage to organization name • Effective to stop vulnerability • High probability to effect cost to organization Security Control Selection • Technical: Implement Out of Band patch • Standard patching is already in place, creating a Out-of- Band (OOB) patch to fix vulnerability • Cost effective, team already in place to make OOB patch • Team is available to work OOB patch immediately Risk Matrix Chart CIA Attribute Data Value Threat Value Total Risk Confidentiali ty 5 3 50 Integrity 3 1 20 Availability 3 0 10 [Show More]

Last updated: 10 months ago

Preview 1 out of 11 pages