Information Security Management For Building 402 In Curtin University, Western Australia Is Crucial.

Discuss about the Information Security Management, The east side of the building is surrounded by the ground of the research institute that is meant for different type of sporting activities.

Detailed access control and physical security audit of the entrances, ground floor and workstations in Building 402

The Curtin University Office of Research and Development of West Australia is the building that is being discussed here. The building number 402 is surrounded by the building son both sides and the by a ground and road on the other two sides of the building. The address of the building provided is 402, Kent Street, Bentley, Perth 6102. Western Australia. The building has two adjacent building located on the north and the west of the research building. The east side of the building is surrounded by the ground of the research institute that is meant for different type of sporting activities. In addition to this the south of the building is surrounded by the Kent road. The inside of the building is consisting of the main entrance on the south and also the main entrance provides the access to the main road. In addition to this, the building consists of an emergency fire exit that is located on the north east end of the building. On the north east flank of the building is the stairway that provides the access to the upper floor of the building. The escalator is also present on the right flank of the building. In addition to all this, 6 rooms and a washroom is present on the ground floor of the building. There are three training rooms, two computer labs and a server room is present. Additional information about the server room is also provided. The server room is very important for the network components of the building. The training rooms of the building are used for the training purposes and the computer labs are used for the training and the purpose of research for the research Centre. Additionally, the server room is air conditioned and the temperature and the humidity level of the lab and the server room are monitored and kept in control. In addition to this the washroom is being accessed by all the staffs and the users that are present in the building.  The main security measures that are applicable for the building can be categories into three level.

Level-0:  The level 0 security is concerned with the security of the building is the fencing that is surrounding the building. It is outer layer of security for the building. The building is surrounded by a 5 m wall on three sides. The wall is 10 meters high and this makes it very difficult for any attacker to climb it. Hence, sufficient protection is provided to the building by the outer layer.

Detailed floorplan of the entrance level on Building 402

Level-1: The level 1 security is basically concerned with the interior security of the building. The main entrance is guarded by iron door followed by glass wall and is locked internally when the shift hours are over in the building. In addition to this there is the fire exit that is guarded by an iron wall. The door is also locked internally and also provided an exterior protection.

Level 2: The level 2 security of the building is associated with the protection of the different rooms and also with the level of protection in the different type of rooms that are present in the building. The server room door is locked by the use of biometric means. An alarm goes off if the intruder tries to get into the room without proper authentications. In addition to this, the doors of the other rooms are locked by the default locking techniques.

Level 3: The level 3 locking technique is used for the machines that are installed in the building. The machine is locked by means of biometrics and also an automated pin for every machine is generated by which the access to the machine is possible.

 Hence, the security of the building can be properly justified by these levels. The access to the buildings are very restricted by all the above mentioned method and the breach of security is very difficult for any type of intruder that tries to have access to the system.  

The above diagram provides the information about the location of the building and different type of aspects of the different type of aspects of the buildings that are the buildings that are surrounding the main building and also the different exits and the entrance to the building displayed aptly in the building. The stairways and the escalators are also displayed aptly in the building plan for the building number 402. The pathways to the different outlets form the building are also displayed in the diagram.

The path that can be taken by the intruder or the attacker is displayed in the diagram that is provided above. The red, blue and the yellow lines are used for displaying the different routes and processes that can be adopted by the intruder to enter into the building and access the system of the building. The red line indicates the route taken by the intruder that is starting from the main entrance. This route is very difficult as this way is guarded by the security guards and even if the intruder is able to get access to the main entrance he has to unlock a level two lock that is set in the main entrance. The intruder after entering into the building can however roam around freely, as the security cameras installed inside the building are not in a working state at that moment of time and no one would be present at night in the building to monitor the cameras. After the intruder gets in the building the he can enter into different rooms provided that he has the access to the systems and also the biometric data for the authentication should be available to the intruder for the access to the rooms so that he can easily get out of the rooms. In addition to this, the yellow line denotes a different path for the intruder that would allow the intruder the access to the building. The intruder would be able to get into the building via the fire exit. The intruder would have to travel the path on the side of the building and reach to the back door. Although the door is not guarded by any type of security guards the door is more complex to access. In addition to this, the blue line indicates the path that is taken by the intruder for access to the building via the terrace of the building. The intruder has to traverse through all the floors of the building and reach to the ground floor. The intruder can also access the escalator to reach to the ground floor.

Detailed plan of inside Room 230

The above diagram provides the information about the room number 230. The room consists of six workstations and six chairs. The room also has two doors both of which are accessible by the biometric data that is stored in the database of the server that is located in the building. In addition to this, there is a switch that helps in connecting the workstation to the main server.  

The technological assets that are present in the room are:

Workstation: There are six workstations in the room. These are developed by Acer. The model number of the workstations area Aspire E1, Aspire E2, Aspire E3, Aspire E4, Aspire E5 and Aspire E6.

The estimated value of the workstations is: $10,000 each

Switch: the switch present in the room is developed by TP link. The model number being T5098. The estimated value of the switch is $12,000.

The expected value of the SLE and ALE are:

SLE for the workstations: The chance of occurrence is very rare and hence the ARO is 40%. Hence, the ALE is 10000 x 40/100 = $4000.

ALE for the Workstations: 4000 x 40% = $1600

SLE for the Switch: The chance of occurrence is very rare and hence the ARO is 50%. Hence, the ALE is 12000 x 40/100 = $6000.

ALE for the Switch: $6000 x 50% = $3000

Security vulnerabilities are:

Injecting flaws: The attacker can inject flaws in the locking system or the monitoring system of the building so that he can rap fruitful benefits form it.

Broken Authentication: The attacker can break into the rooms by breaking the authentications that are set in the rooms.

Security Misconfiguration: The security can be misconfigured leaving the system vulnerable to outside intrusion.

Sensitive data exposure: The biometric data can be left exposed by the staffs in some instances. This would result in an easy access for the intruder.

Use of components without knowing the vulnerabilities associated with it: The use of components in the building without any proper information can result in situations that are vulnerable for the building.

Prevention

1. The security should be updated regularly.
2. Regular monitoring on the security should be done.
3. Advanced security techniques are to be used.
4. Data should be well protected and monitored regularly.
5. The components should be checked regularly.

Amoozadeh, Mani, Arun Raghuramu, Chen-Nee Chuah, Dipak Ghosal, H. Michael Zhang, Jeff Rowe, and Karl Levitt. "Security vulnerabilities of connected vehicle streams and their impact on cooperative driving." IEEE Communications Magazine 53, no. 6 (2015): 126-132.

Cifuentes, Y., L. Beltrán, and L. Ramírez. "Analysis of Security Vulnerabilities for Mobile Health Applications." In 2015 Seventh International Conference on Mobile Computing and Networking (ICMCN 2015). 2015.

Cifuentes, Y., L. Beltrán, and L. Ramírez. "Analysis of Security Vulnerabilities for Mobile Health Applications." In 2015 Seventh International Conference on Mobile Computing and Networking (ICMCN 2015). 2015.

Fonseca, Jose, Nuno Seixas, Marco Vieira, and Henrique Madeira. "Analysis of field data on web security vulnerabilities." IEEE transactions on dependable and secure computing 11, no. 2 (2014): 89-100.

Giaretta, Alberto, Sasitharan Balasubramaniam, and Mauro Conti. "Security Vulnerabilities and Countermeasures for Target Localization in Bio-NanoThings Communication Networks." IEEE Transactions on Information Forensics and Security 11, no. 4 (2016): 665-676.

Marsden, Terry, Ana Moragues Faus, and Roberta Sonnino. "Corporate Food Governance, Financialisation and the Reproduction of Food Security Vulnerabilities." Connecting local and global food for sustainable solutions in public food procurement 14 (2015): 414.

Ristov, Sasko, Marjan Gusev, and Aleksandar Donevski. "Openstack cloud security vulnerabilities from inside and outside." Cloud Computing (2013): 101-107.

Sadeghi A, Bagheri H, Malek S. Analysis of Android inter-app security vulnerabilities using COVERT. InSoftware Engineering (ICSE), 2015 IEEE/ACM 37th IEEE International Conference on 2015 May 16 (Vol. 2, pp. 725-728). IEEE.

Tamrawi, Ahmed, and Suresh Kothari. "Projected Control Graph for Accurate and Efficient Analysis of Safety and Security Vulnerabilities." In Software Engineering Conference (APSEC), 2016 23rd Asia-Pacific, pp. 113-120. IEEE, 2016.

Zuo, Chaoshun, Wubing Wang, Zhiqiang Lin, and Rui Wang. "Automatic Forgery of Cryptographically Consistent Messages to Identify Security Vulnerabilities in Mobile Services." In NDSS. 2016.