Draw a concept map or annotated attack tree
Computer Network Security
– Information Security Mapping Case Study
1: Identify the importance of information to organisations and society in general;
2: Describe and apply concepts, principles and techniques relating to the security
of information; and
3: Demonstrate an understanding of the advantages, disadvantages, threats, and
vulnerabilities associated with various IT environments.
Background:
John Smith is the Community Liaison Officer for Kleen Communication & Media Ltd
based in Perth, Western Australia. Kleen Communication & Media Ltd is an inventive
company developing and selling social media marketing to small businesses. The
design and production of all products is handled electronically, directly with each
business. Kleen Communication & Media Ltd currently has 40% of the market in WA,
with the remaining 50% held by much larger advertising agencies, and the final 10%
by those developing mobile apps for social media marketing. John spends half of his
day on the road in the Perth metro area visiting small businesses who may wish to
purchase and social media marketing into their existing marketing activities.
Consequently, John carries a laptop, smart phone and Surface Pro 4 with him
everywhere he goes. The laptop encompasses an Intel i5 CPU, 8GB RAM, and is running
Windows 10 Professional with the last Windows update applied towards the end of
January, 2015. When in the office John connects his laptop and Surface Pro to the
company network.
John predominantly uses Microsoft Office Professional 2013 for all his business
needs. Microsoft Access and Microsoft Excel contain the information for all clients
within Western Australia, as well as client confidential business and financial
information. John is not well informed about information security although he uses
computing technology to support his job. As a result John does not use third party
firewalls, anti-virus software, encryption, or authentication mechanisms.
While on the road, John occasionally leaves his laptop in the car. He also
frequently visits Internet cafes for lunch where he utilises the Internet for up to
an hour each day. The confidentiality of information is important as any disclosure
could cause significant embarrassment to him and the company, as well as impact
client privacy and confidence. Also, John must provide correct, factual information
to all clients hence ensuring the integrity of information is vital. Lastly, should
any information not be available when needed, this may result in clients taking
their business to the new to market competitor.
Task: Utilising the background information, draw a concept map or annotated attack
tree which represents the context of John Kleen Communication & Media Ltd’s work
environment and also demonstrates:
the links the data John uses and keeps, and the aims of security (CIA) -i.e. what
information needs protecting, why and what aspect of CIA does this related to?;
the associated attacks which could breach each of these aims in this scenario;
the likelihood (risk) that any attack in this scenario poses;
the impact each attack may have;
the resultant countermeasures which could be applied in this scenario;
the relative cost of each countermeasure; and
the mitigation effect of the countermeasure.
