Information Security Management - Assignment Example

Information Security Management Insert Insert Question Consider the diagram above from the Systems Security Engineering Capability Maturity Model (SSE-CMM) security management framework. a) Outline and explain how the GhostNet case study may have seen impacts affecting each one of the components in the framework diagram above. According to GhostNet case study, improper elucidation of the system requirements may impact on the design of the system significantly affecting the user interface. The result may lead to attackers using the interface to send input and receive results especially from systems that are compromised The GhostNet systems also facilitate downloading of a Trojan called Ghost Rat that enables attackers have control of the attacked systems on a real-time basis (Villenueve & Walton, 2009).

That makes monitoring and identification of security breaches a complicated process. The fact that it can operate the web cameras and microphones is just beyond. The system is not able to achieve the expected security in operation especially after an attack by GhostNet since it can send mail messages from the infected systems to other users alluding to be the authenticate persons. The detecting users become victims since these emails have malware spread-out to them. b)The detail in the headings below how might apply each of the SSE processes in the above diagram have helped the case study organisations to avoid their vulnerabilities being exploited?

PA02-5 Assess Impact; Security Risk; Threat; Vulnerability The result will be forming a foundation for security that will address requirements both in the organization, meet the needs of the policies and the legal. It helps achieve set security objectives in the system. PA10 Specify Security Needs It involves identification of particular security that affect the system in the case apart from the general threats. That will ensure that the solutions derived directly address the particular system.

PA09 Provide Security Input It ensures that the designing of the system and its architecting is based on the security needs initially identified. The purpose is to make sure that the interface used in inputting data does not leave room for erroneous data or allow attackers to penetrate the system. PA01 Administer Security Controls The purpose here is to have proper integration of the intended level of security into the novel system and ensure that the latter has to be visible when the system is running.

PA08 Monitor Security Posture The posture ensures reporting of attempted security attacks, likely to occur mistakes that may lead to breaches and breaches that have happened. It aims to relay the information to respective personnel for immediate attention thus safeguarding the system. PA07 Coordinate Security It seeks to bring together all the players in building of the system so as to identify security threats at each level of the system. The result is protecting the system from attacks not anticipated or originating from areas that were initially ignored.

References Villenueve, N., & Walton, G. (2009). Tracking GhostNet. Toronto, Ont.: Citizen Lab, Munk Centre for International Studies, University of Toronto.