Homework SourseSection 26 in the Smith textbook elementary information sec
Section 2.6 in the Smith textbook ( elementary information security 2nd edition) offers a list of 6 high-level security controls. Pick two of them and describe how you personally experience those controls in use on personal, work, or school computer systems. Then describe which of the 6 controls you believe is the easiest for an attacker to defeat, and why.
Please respond with your discussion post of at least 300 words
Solution
The two security controls which I am going to explain is Logical Control and Functional Security Control. In my work place I experienced this two types.
In my company we have a portal which consists of all the information about the company and the employees. Every employee has access to this portal. But some people have to something and other people have access to some other features based on the level of employee i.e. if the person is manager level he can access to see the clients information and also can see employees who is working on which project and if the person is normal developer he only can access his own information and only can only see the desk numbers of other employees. This is nothing but the Logical security Control.
Whenever we want to access the website related to entertainment or sports or some other websites browsers will be automatically closed in my company. Functionality of the network is designed in that way that no one can access those websites.This is nothing but Functional Security Control.
I believe that the Functional Security control is the easiest one to defeat. Because as this is the procedure written in the software it is easy to breach this security procedures who is having good knowledge. Hackers generally have strong knowledge on this type of procedures or functionality or other ways to pass this hurdles. So according to my thought this is the easisest one for the hackers.
And the other one I choose is the Procedural Security Control is also the easier for the hackers because this is also binded with the softwares or hardware so it is easy to break all this procedures and do their work.
Generally this types of controls are very easy to break. In order to break this rules that need not to be a hacker the one who is having knowledge on that will be sufficient to break this rules. For ex I have mentioned about functional Security Control most of use VPN\'s in our company inorder to access the sports or entertainment information.
