Site Security Planning |
Next, the Exploration Air administrator pulled together a team, in order to determine the relative cost of securing the online assets needing protection (see Table B.2). The team looked for security solutions that were cost-effective, assigning a factor of “1” for the lowest relative cost and “10” for the highest. The team favored security solutions that were integrated into the network operating systems, or that were based on Internet community standards. They assigned the solutions relative cost factors of “1” or “2.” Assumptions were spelled out in the appropriate fields of Table B.2. These assumptions pointed to requirements that would help Exploration Air assess network operating systems, Web services software, and add-in security software that might be used to secure the site.
Finally, the team listed the areas of security that were directly involved in securing each asset. For example, securing asset number 3—Flyers Club IDs and passwords—would require effective authentication, authorization, integrity, privacy, availability, and nonrepudiation.
At this stage, the team faced an issue new to Exploration Air’s business model: how to secure user logon and transmission of sensitive, private information over the Internet. Customers would be allowed to submit forms that would trigger the creation and maintenance of their own accounts at the Flyers Club site. These accounts would receive and hold personal information about the club members, as well as keep track of their frequent flyer credits (as credits were added and subtracted by the reservation system). Members would be able to download all the information contained within their own club records over the Internet.
Table B.2 The Relative Costs of Security
Web Site Threat Assessment for Site:_____________ as of (Date):______
Asset/Access from |
Threat Loss |
Expected Maximum Damage |
Expected Minimum Security Cost |
Security Areas |
|
1 | Intranet user IDs | Acquired by malicious user | 10 | 1 Assumes adequate firewall and operating system-integrated security | Authentication Authorization Auditing |
Intranet, the Internet | Data loss, denial of service | “10” for net admin IDs | |||
2 | Back-end SQL Server | Corrupted by malicious user | 10 | 1 | Authentication Authorization Integrity Availability Auditing |
Intranet | Data loss | “10” for corrupt current and backup data | |||
3 | Flyers Club IDs and passwords |
Acquired by potential thief | 9 | 2 Assumes end-to-end Internet standard encryption and authentication | Authentication Authorization Integrity and privacy Availability Nonrepudiation |
Intranet, the Internet | Data loss | Customers lose money if thief uses frequent flyer miles | |||
4 | Other back-end customer data | Acquired by malicious user | 9 | 2 Assumes Internet standard encryption and authentication | Authentication Authorization Integrity and privacy Availability Nonrepudiation |
Intranet, the Internet | Data loss | ||||
5 | Web services | Brought down by malicious user | 6 | 4 | Authentication Authorization Availability |
Intranet | Denial of service | ||||
7 | Network operating system | Brought down by malicious user | 6 | 4 | Authentication Authorization Availability |
Intranet | Denial of service | ||||
8 | ASP page source | Acquired by malicious user | 5 | 2 | Authentication Authorization Availability |
Intranet, the Internet | Data loss |
The Exploration Air case is an example of how to assess threats and costs, before establishing security policies and practices for any Web site. Once you know the assets to be secured, the threats to those assets, the relative costs of security solutions, and the areas of security affected, you can begin to outline policy goals and objectives.