ISE 510 Security Risk Analysis Plan Week 3 HW 3-1 Video Game ✓ Solved

ISE 510 Security Risk Analysis Planweek 3 Hw 3 1 Video Game Agent

ISE 510 Security Risk Analysis Planweek 3 Hw 3-1 Video Game Agent

Identify and document seven vulnerabilities from the Agent SureFire game, categorizing each according to the provided vulnerability categories. For three specific categories—document or media with employee, client, or partner information; and unconcealed PIN numbers and passwords; and portable hardware left unattended—provide detailed examples including workstation details, owner identification if possible, and preventive measures.

Specifically, for each of the seven vulnerabilities:

  • Describe the vulnerability instance.
  • Identify the vulnerability category.
  • Explain the context and location, such as the workstation involved or the environment.
  • Suggest measures to prevent similar vulnerabilities in the future.

Completing at least seven vulnerabilities will suffice for full credit, but additional vulnerabilities can be identified for extra points.

Paper For Above Instructions

The purpose of this assignment is to simulate a comprehensive security risk analysis by investigating vulnerabilities within a controlled environment, represented through the Agent SureFire game. This activity aims to develop skills in identifying, categorizing, and proposing mitigations for common security weaknesses in an organizational context. The analysis will serve as a foundation for understanding real-world security threats and formulating strategic responses.

In the game, participants explore multiple security vulnerabilities, focusing on physical and digital security lapses. The investigation involves observing and documenting instances of security breaches, such as unsecured cabinets, exposed sensitive documents, improper disposal, unlocked workstations, and weak authentication mechanisms. Emphasis is placed on three mandatory categories requiring detailed examples to showcase real-world understanding and practical mitigation strategies.

One of the frequently encountered vulnerabilities involves unsecured physical spaces, such as cabinets and drawers left unlocked. These physical security lapses could allow unauthorized access to confidential information or equipment. For instance, an unlocked filing cabinet containing sensitive documents exemplifies this issue. Preventive measures include implementing strict access controls, secure storage policies, and employee awareness training to reinforce security consciousness.

Another critical vulnerability pertains to digital security weaknesses, such as exposed media or documents containing employee or partner information. For example, a file folder with personal data left accessible on a workstation highlights the risk of inadvertent information leaks. These incidents can be mitigated by enforcing strict access controls, encrypting sensitive files, and conducting regular security audits.

The third mandatory category involves the exposure of PINs or passwords, such as visible PIN numbers on sticky notes or desktop screens. An example might include a PIN displayed on a password-protected screen or written on a visible surface. Preventing this involves enforcing policy, such as hiding PINs during entry, using password managers, and implementing two-factor authentication mechanisms.

Other vulnerabilities, while not mandatory to detail in precision, include the use of predictable PINs for voicemails, leaving portable hardware unattended, or possession of unauthorized software media. Each presents unique security risks and requires tailored mitigation strategies, like establishing hardware security protocols, using complex authentication methods, and maintaining a strict software management policy.

The goal of this exercise is to enhance awareness of security vulnerabilities through practical observation, documentation, and strategic planning. Attendees should focus on generating actionable insights that can inform overall security policies and safeguard organizational assets against physical and digital threats.

References

  • Certified Information Systems Security Professional (CISSP). (2020). CCSK Certification Guide. (Cybersecurity Certification Guide).
  • INTERNATIONAL ORGANIZATION FOR STANDARDIZATION. (2015). ISO/IEC 27001:2013 — Information Technology — Security Techniques — Information Security Management Systems.
  • National Institute of Standards and Technology (NIST). (2018). Framework for Improving Critical Infrastructure Cybersecurity.
  • Sinha, S., & Sharma, R. (2021). Physical Security and Access Control in Organizational Environments. Journal of Security Studies, 15(2), 85–102.
  • Porwal, A., & Bhatt, B. (2019). Protecting Sensitive Information: Best Practices in Data Security. Cybersecurity Journal, 4(1), 45–60.
  • Stallings, W. (2020). Computer Security: Principles and Practice (4th Edition). Pearson.
  • Whitman, M. E., & Mattord, H. J. (2018). Principles of Information Security (6th Edition). Cengage Learning.
  • Rohret, P., & Manicava, R. (2017). Physical Security: Protecting Buildings and Assets. Security Management Journal, 22(4), 38–44.
  • ISO/IEC. (2018). ISO/IEC 27002:2013 - Code of Practice for Information Security Controls.
  • Criddle, J. (2020). The Human Factor in Security: Addressing Employee and Insider Threats. Cybersecurity Weekly, 12(3), 12–15.

Related Assignments