Discretion

discretion

All Rights Reserved Chapter 7 Discretion Cyber Attacks Protecting National Infrastructure, 1st ed. 2 • Proprietary information will be exposed if discovered by hackers • National infrastructure protection initiatives most prevent leaks – Best approach: Avoid vulnerabilities in the first place – More practically: Include a customized program focused mainly on the most critical information All rights Reserved C h a p te r 7 – D is c re tio n Introduction 3 • A trusted computing base (TCB) is the totality of hardware, software, processes, and individuals considered essential to system security • A national infrastructure security protection program will include – Mandatory controls – Discretionary policy • A smaller, less complext TCB is easier to protect All rights Reserved C h a p te r 7 – D is c re tio n Trusted Computing Base 4 Fig. 7.1 – Size comparison issues in a trusted computing base All rights Reserved C h a p te r 7 – D is c re tio n 5 • Managing discretion is critical; questions about the following should be asked when information is being considered for disclosure – Assistance – Fixes – Limits – Legality – Damage – Need All rights Reserved C h a p te r 7 – D is c re tio n Trusted Computing Base 6 • Security through obscurity is often maligned and misunderstood by security experts – Long-term hiding of vulnerabilities – Long-term suppression of information • Security through obscurity is not recommended for long-term protection, but it is an excellent complementary control – E.g., there’s no need to publish a system’s architecture – E.g., revealing a flaw before it’s fixed can lead to rushed work and an unnecessary complication of the situation All rights Reserved C h a p te r 7 – D is c re tio n Security Through Obscurity 7 All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.2 – Knowledge lifecycle for security through obscurity 8 All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.3 – Vulnerability disclosure lifecycle 9 • Information sharing may be inadvertent, secretive, or willful • Government most aggressive promoting information sharing • Government requests information from industry for the following reasons – Government assistance to industry – Government situational awareness – Politics • Government and industry have conflicting motivations All rights Reserved C h a p te r 7 – D is c re tio n Information Sharing 10 All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.4 – Inverse value of information sharing for government and industry 11 • Adversaries regularly scout ahead and plan before an attack • Reconnaissance planning levels – Level #1: Broad, wide-reaching collection from a variety of sources – Level #2: Targeted collection, often involving automation – Level #3: Directly accessing the target All rights Reserved C h a p te r 7 – D is c re tio n Information Reconnaissance 12 All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.5 – Three stages of reconnaissance for cyber security 13 • At each stage of reconnaissance, security engineers can introduce information obscurity • The specific types of information that should be obscured are – Attributes – Protections – Vulnerabilities All rights Reserved C h a p te r 7 – D is c re tio n Information Reconnaissance 14 • Layering methods of obscurity and discretion adds depth to defensive security program • Even with layered obscurity, asset information can find a way out – Public speaking – Approved external site – Search for leakage All rights Reserved C h a p te r 7 – D is c re tio n Obscurity Layers 15 All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.6 – Obscurity layers to protect asset information 16 • Governments have been successful at protecting information by compartmentalizing information and individuals – Information is classified – Groups of individuals are granted clearance • Compartmentalization defines boundaries, which helps guides decisions • Private companies can benefit from this model All rights Reserved C h a p te r 7 – D is c re tio n Organizational Compartments 17 All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.7 – Using clearances and classifications to control information disclosure 18 All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.8 – Example commercial mapping of clearances and classifications 19 • To implement a national discretion program will require – TCB definition – Reduced emphasis on information sharing – Coexistence with hacking community – Obscurity layered model – Commercial information protection models All rights Reserved C h a p te r 7 – D is c re tio n National Discretion Program The Development of Adolescents and Young Adults 7 The Development of Adolescents and Young Adults Barbara Pina University of Houston Downtown Healthy Eating Habits and Sleep Introduction Healthy eating is defined as eating a variation of nourishments that gives people the nutrients needed to maintain healthy and feeling good. The types of nutrition needed in one’s body to stay healthy and focus are carbohydrates, protein, minerals, and plenty of water. Nourishment is important for the whole world specially adolescents, who are starting to grow and develop into adulthood. Eating a well-balanced meal does not only give an adolescent the energy needed, but it also helps the brain function better. Most adolescents eat foods that are increased with fat and are lower in fruits and vegetables, which also decreases their metabolism and increases their weight. High-fat diets are added to a lot of negative health consequences, which includes overweightness, heart disease and some cancers. References Marotz, L. R., & Kupzyk, S. (2018). Parenting today’s children: A developmental perspective . Australia: Cengage Learning. Essay Assignment Questions Each question’s content is worth 40 points. 20 points will be earned for proper grammar, punctuation, and technical writing abilities (i.e., citations and APA format). Each one of the 2 essays should between 2 and 3½ pages (each). Each essay must also include textbook information and at least 1 additional peer-reviewed source as support. The total assignment should be 4-7½ pages (not including the title page and reference page, which are required). A cover page and reference page are required (per APA format): • Discuss the importance of both healthy eating habits and the need for sleep for early adolescents. Explain how social-emotional factors can influence poor eating and/or sleep habits. Since young adolescents make more of their own decisions about eating and sleep, how can parents best guide them towards healthy choices in these two areas. (Note: no 1st person in APA). Be sure to support this essay with the textbook and at least 1 research article. • Discuss the reasons why young adults’ social and emotional development is occurring later and at a slower pace than for previous generations. How has society impacted their developmental changes? Specifically, explain how culture can influence their transition to adulthood and how parents are helping in this transition period. (Note: no 1st person in APA). Be sure to support this essay with the textbook and at least 1 research article.