| 2.3 Risk
17. Threat Analysis | |
|---|
| 2.3.17. Threat Analysis | | ITIL 2.3 Risk Manager is responsible for threat analysis and risk controls. Security is delivered by fully understanding criminal threats and what controls are needed to always have one more layer of security than the criminal can crack. |
| Threat Analysis | | Every company no what its size will be attacked by Internet criminals on a daily basis. Some companies will know they are beign attacked while most will not be aware that they are leaking confidential business data. | | The nature of the business and reputation of the owner causes the treat to be increased as so many organisations around the world will treat the owners data as worthy of an attack. The reputational impact of any attack succeeding is so great that the majority of the budget must be devoted to making sure that data is never leaked. |
| Comparative Threats | | The owner owns data in bespoke application services and data in traditional client-server systems - threats can be compared. Data stored by bespoke application services is in encrypted database in physically purpose built secure data centers with redundant power supplies and multiple encrypted high speed communications. Data stored in client-server systems is not encrypted, is not housed in physically purpose built secure data centers with redundant power supplies and does not use encrypted high speed communications. | | Data Center system software is locked down in secure web servers that cannot be accessed by criminals - no application software is distributed to client computers. Client-server software is distributed to thousands of computers where it may be reverse engineered, changed and repackaged by criminals. | | Data Center dedicated web servers are energy efficient highly reliable and inherently stable machines that do not supoport any other service. Client-server system servers are interconnected to thousands of client computers that may be inflected with malware that is silently copying data and sending it to criminals. Client-server systems were designed before the era of state sponsored hacking and before client computers were connected to the Internet - client-server architecture is no longer secure. we enjoy the modern private cloud architecture that industry experts agree will eventually take over from all obsolete client-server systems. |
| Threatened Data | | We provide a set of individual application services that may be classified as: | | Import by branch holding valuable customer and shipment data including some financial proforma and accrual data. | | Gateway holding master air waybills and financial billing data. | | Quotation by branch holding customer and shipment data including rates by charge code. | | Concern holding company confidential information and corrective action plans. | | Skill Inventory holding course and personal confidential skill information. | | Assets including airports, airlines, bonded sheds, collection agents, countries, currencies, etc... | | Authentication holding tripple encrypted security information. |
| User Acceptance Trial | | We saw an unusual report where a UAT team stated that they were trying to test the software to destruction - it was very humerous. We do not provide any application software so the only software being tested as Microsoft Internet Explorer. We also support Google Chrome, Mozilla Firefox, Apple Safari and hundreds of other browsers - they could also have been tested to destruction, but to no avail. | | Bespoke application services do not have software, bespoke application services do not have program errors, bespoke application services does not create the Microsoft blue screen from a frozen program. We provide an application service with zero-defects in our system software. Where the bespoke business requirement specification does not match a users expectations, then the business requirement specification must be changed to cause it to do something differently. Bespoke business requirement specifications can have defects, user acceptance trials (UAT) exist to identify and correct those bespoke specification defects. | | No matter what testing a user performs, it is impossible for user actions to cause the system software running on any web, application or database server fail in any way. Testing to destruction is practical for an obsolete client-server system, but is impossible for a modern application service. |
| Reasons | | Security is built in by design based on policies and reasons that have been refined over decades. To be able to continually provide secure applications and protect data demands relentless architectual improvements. In general, the security layers implemented are a trade secret, but an indication of some of the key factors can be published without a technology transfer. |
| Life and Death | | Every person fully understands that their job totally depends on total security. As a security breach will cost jobs, a key motivation that is built into every job function is security. | | Reason: Every person is dedicated to make sure that a breach of security cannot happen. |
| No Physical Access | | Private dedicated servers are housed in multiple secure data centers that form the UK broadband backbone. These data centers include battery backup, diesel generators, dual power suppliers, multiple high speed network connections, 24*7 CCTV security and no physical access to equipment racks. | | Reason: No person is granted access to equipment racks to maximise physical security. |
| Learn from history | | To plan for the future, it is a requirement to learn from history. At the turn of the 1900 century, an evolution took place where steam engines that powered factories were replaced by electricity. At the turn of the 2000 century, an evolution is taking place where software and local client-server systems are replaced by application services and the Internet. While some people may imagine that the current evolution can be delayed, evidence of a 40% reduction in PC sales and software sales is matched with a 40% increase in cloud sales. | | Reason: Client-server systems will be replaced by application services because costs can be dramatically reduced. IT departments with software on client-server systems have an average cost of 6% of the company revenue. Application services over the Internet have an average cost of 3% of company revenue. Executives have a simple choice as to when to evolve to application services from client-server systems. |
| Eliminate Software | | Security on a client computer is very easy - simply stop downloading software and data. What was once a done with installed software should now be done with cloud-based application services. The old idea of downloading emails is far too dangerous and all emails should remain int he cloud where they can be viewed by any computer, tablet, smart phone or TV at any time. The only software needed is a browser such as Internet Explorer - one day that will be the only installed software on any computing device. | | In 2013, we still have two software exceptions as Adode Reader and Adobe Flash. Eventually these will be phased out, but it will take time for competing patents to resolve how HTML video standards will support TV on-demand. | | Office is now a cloud-based application service with Microsoft 365 at £75 per year or Google Docs free of charge. When your laptop is stolen or your smart phone is lost, confidential business documents will not be at risk because everything is in the cloud. | | Email is a cloud-based application service from Microsoft or Google or others. A benefit is that messages can be viewed at any time from any computing device. | | Music is a cloud-based application service with tens of millions of tracks available from providers such as Spotify for only £4.99 per month. Music tracks may be downloaded to a portable device, but copies are transient and everything remains in the cloud. | | Books are a cloud-based application service with thousands of free books and millions of books with a modest fee. Books may be downloaded while they are being read, but a copy is always kept in the cloud so a book cannot be lost or stolen. | | Photos are a cloud-based application service with pictures uploaded to a cloud service where they can be shared with friends and family. Photos will never be lost even when a computer is lost because any device, including your TV can view your photographs. | | Movies that were on DVD and blueray are obsolete and will be replace by TV on-demand as an Internet service. Patent wars have delayed the implementation of video standards, but TV will generally become an Internet subscription service in the next few yearts. |
| Download Risk | | All data is securely stored in encripted databases, but certain management information may be downloaded to unsecure computers that may be stolen. Each data ownere must take personal responsibility for data security where management information is downloaded. | | Reason: It is recommended that the traditional function of downloaded management information must be phased out because it is too dangerous. |
| Data Ownership | | Data is owned by its author or company who pays the author. Data is encrypted and stored in multiple locations to ensure that it cannot be lost, cannot be corrupted, cannot be stolen and will not be missappropriated in any way. | | Reason: Data stored in the application and communicated is inherently secure, but each time data is downloaded that becomes a potential securuty breach. |
| Encrypted Database | | Application data is stored in encrypted databases in each data center. This design decision has a high cost, but it ensures that not data can be copied and used by criminals or agencies. | | Reason: Attacks on the databse will never result in a data breach. |
| Encrypted Communications | | Applications deploy encrypted HTTPS communcations to ensure that data cannot be copied when it is flowing over the public Internet. Agencies and criminals will copy Internet traffic, but this is unreadable and has no value. | | Reason: Network traffic will be copied but what is copied is unreadable and will not be a breach of data security. |
| Three Tier Architecture | | Server hardware is configured in equipment racks using the International standard three tier architecture that separates and issolates; (1) web servers, (2) application servers and (3) database servers. Only web servers are connected to the Internet using a load-balancing firewall and Intrusion Detection and Prevention System (IDPS). Criminals cannot attach the application and database servers because they are not connected to the Internet. | | Reason: Three Tier Architecture is the foremost secure hardware architecture, but it more expensive than traditional blade and virtual servers. |
| Single Index Program | | The application stack that can be attacked by criminals and agencies is a single index program. By minimising the application stack to one security hardened index program, the security surface is minimised. It is easier to cause one program to be very secure in all web servers, than a traditional application stack that may have many thousands of programs to make secure. | | A traditional company must implement hundreds and thousands of programs as their web server application stack because each program is hand crafted by different people at different times. Each and every program could have vulnerabilities that were not detected by testing. As new methods of cracking programs are discovered, programs that have been running for many years may be found to be vulnerable. As extra applications are added, the security surface increases and vulnerability risks increase. Criminals and agencies understand large application stacks and with persistance will be able to find one program with a vulnerability. Just one program vulnerability can become a daily data leak that may persist for many years without any knowledge. | | Reason: The single Index Program (SIP) application stack is a significant security benefit that traditional providers are not able to match. |
|
|